Cyber attack prevention
WinRAR under attack: critical vulnerability threatens millions of Windows usersA vulnerability in ACE files puts the security of millions of Windows users at riskWinRAR has a critical vulnerability that allows malware to infect Windows with a simple click on malicious compressed files. It is essential to update the software immediately and exercise caution with suspicious files to protect data and systems from attacks.
Brother under scrutiny: critical vulnerability in printer firmwareIncreasing risks for cybersecurity in offices and companies with vulnerable devicesA critical vulnerability affects 689 Brother printer models, exposing passwords and sensitive data with no possibility of correction through updates. It is advised to isolate the printers and implement enhanced security measures within corporate environments.
MongoDB under attack: a new threat to NoSQL databasesUnexpected vulnerability puts the stability and security of corporate data in MongoDB at riskA critical vulnerability in MongoDB allows servers to be blocked by sending a specially crafted JSON packet. This easily exploitable risk can cause severe disruptions. It is recommended to apply updates, monitor systems, and enforce access restrictions to protect against it.
Digital protection of SPID: tips to avoid online scamsHow to recognize and counteract cyber threats related to SPIDSPID facilitates access to online services but attracts scams such as phishing and malware aimed at stealing digital identities. To protect yourself, it is important not to click on suspicious links, use two-factor authentication, and report any fraud attempts to the official service providers.
Zero-click threats: how a bug in Notepad++ opens new doors to cybercrimeAn in-depth analysis of the emergence of invisible threats in everyday use appsAn expert from Hackerhood demonstrated how a zero-click attack can compromise Notepad++ without any user interaction. This invisible threat highlights the importance of always updating software and maintaining high vigilance over digital security.
Microsoft extends security support for Windows 10 until 2026One more year for updates and security between innovation and operational stabilityMicrosoft has extended the free support for Windows 10 security updates until 2026, ensuring stability and protection for users and businesses, allowing a gradual transition to Windows 11 without compromising security.
Online security: the transformation from SSL to TLS and their historical impactFrom corporate competition to global standardization of web cryptographyIn the 1990s, Netscape's SSL introduced security in web communications, but with limitations and rivalry with Microsoft. From this competition arose TLS, a more secure and standardized protocol, which today ensures protection and privacy on the Internet.
Silent threats: the zero-click flaw that compromises RDP serversHidden risks in remote work: how to protect RDP servers from invisible attacksThe vulnerability CVE-2025-32710 affects the RDP protocol, allowing an attacker to take control of the server without any user interaction. It is crucial to update systems immediately and strengthen defenses to protect networks and sensitive data.
Innovative defenses against DDoS attacks in the global financial sectorAdvanced technologies and strategies to protect data and services in the financial worldThe financial sector is increasingly targeted by sophisticated DDoS attacks that put services and data at risk. To defend themselves, banks and companies invest in advanced technologies and training, focusing on awareness, collaboration, and timely strategies.
Discovery of vulnerability in Secure Boot threatens device securityFlaw in the Secure Boot system requires urgent updates to prevent invisible intrusionsA serious vulnerability in Secure Boot puts millions of computers at risk, allowing malware to bypass defenses. It is essential to immediately update the UEFI firmware to protect yourself and follow the security recommendations to prevent attacks.
Managing new zero-day threats on Chrome with automation and AIAdvanced strategies to protect IT infrastructures using automation and artificial intelligenceA critical zero-day vulnerability has been discovered in Google Chrome that allows remote execution of malicious code, with no patch available yet. IT professionals must adopt mitigation strategies, automation, and collaborate to protect integrated systems and infrastructures.
Critical vulnerability in WordPress plugins threatens IT securityProactive defense with AI and automations to Protect WordPress Environments from emerging threatsA critical severe vulnerability in a WordPress plugin with over 100,000 installations allows privilege escalation attacks. IT professionals must update the plugin, monitor logs, and leverage APIs and AI automations to better protect and manage security.
Advanced cybersecurity: dismantling of Conti and TrickBot thanks to AI and international forcesGlobal synergies and AI technologies to neutralize the most advanced ransomware threatsAuthorities have exposed key members of the Conti and TrickBot ransomware groups thanks to international investigations. The use of APIs, automation and artificial intelligence improves cyber defense, making it more effective to detect and respond to complex attacks.
AvCheck dismantled: a severe blow to malware testing platformsInternational collaboration against platforms supporting cybercrimeAn international operation has shut down AvCheck, a service used by cybercriminals to test malware against antivirus software. This action reduces risks for companies and IT professionals, highlighting the importance of multilayered security, automations, and artificial intelligence.
Effective cybersecurity: integrated strategies to protect infrastructuresIntegrated solutions between automation, training, and governance for effective cyber defenseIT resilience requires advanced technologies, AI automations, continuous training, and clear governance. This way, attacks are prevented, detected, and managed quickly, reducing human risks and downtime, ensuring security and operational continuity.
Intelligent chatbots and steganography: new threats to IT securityEmerging challenges for cybersecurity between AI, steganography, and behavioral analysisA new technique leverages AI chatbots to hide encrypted messages within common conversations, challenging traditional cybersecurity. System integrators and IT professionals must use automation, AI, and behavioral analysis via APIs to detect these stealth communications and enhance security.
Apple enhances the App Store with AI and new advanced anti-fraud strategiesEnhanced security and automation for developers thanks to Apple artificial intelligenceApple strengthens App Store security with AI and machine learning, blocking fraud and protecting users and developers. APIs and automations facilitate integration and updates, offering IT professionals reliable and secure solutions for software distribution.
Security of connections between Android and Windows: risks and protectionsProtecting communication between devices to prevent data theft and unauthorized accessThe "Your Phone" app allows syncing SMS and notifications between Android and PC, but if the PC gets infected, hackers can access the messages, risking security. It's better to use stronger two-factor authentication and limit the app's permissions.
Artificial intelligence revolutionizes vulnerability discovery in the Linux kernelAI and machine learning enhance bug hunting for more proactive cybersecurityArtificial intelligence has identified a critical bug in the Linux kernel, enhancing bug hunting. This helps system integrators and IT specialists discover vulnerabilities faster, thanks to automations and APIs that make cybersecurity more efficient.
Advanced protection against fraudulent calls through AGCOM technologiesIntegrated technological solutions to improve the security of telephone communicationsAGCOM has introduced an advanced filter against spoofing and phone scams, using algorithms and APIs to block suspicious calls in real time. This helps system integrators and IT professionals improve security and automate communication management.
Evolution of Have I Been Pwned for integrated and automated IT securityAutomation and enhanced APIs for dynamic and proactive IT security managementHave I Been Pwned 2.0 enhances security with upgraded APIs to automate checks and continuous monitoring. Useful for IT professionals, system integrators, and developers who want to protect corporate data by proactively and efficiently anticipating threats.
Hidden vulnerability in Asus motherboards revealed by a New Zealand programmerCritical vulnerability discovered in DriverHub local server that allows malicious code to be executed with admin privileges, risks expanded on Asus desktops, laptops and motherboardsA programmer has discovered a serious flaw in Asus motherboards: a local DriverHub server, active by default, allows attacks via malicious websites, with risk of remote code execution. Asus has released a patch, but system integrators must strengthen security.
AnyProxy proxy network taken down: new era for global SOCKS botnet securityLearn how international collaboration and artificial intelligence are revolutionizing the fight against SOCKS botnets and ensuring more effective security for corporate networksExperts have seized key parts of the AnyProxy network, a system of malicious proxies used by SOCKS botnets for cyberattacks. This has reduced risks and improved security, thanks to international cooperation, AI and automation integrated into IT defenses.
European cybersecurity: proactive strategies and AI technologies to protect critical sectorsDiscover how API integration, AI automation and cross-industry collaboration can transform cybersecurity in Europe's critical industries into a manageable and proactive challengeThe NIS360 report highlights how critical European sectors, such as energy and healthcare, face sophisticated cyber threats. For IT, it is essential to use automation, AI and APIs for proactive security, enabling cross-sector collaboration and rapid incident response.
WordPress: Jetpack vulnerability discovered. Millions of users at riskLearn how the Jetpack plugin vulnerability puts WordPress sites at risk and what to do to protect themA vulnerability in the Jetpack WordPress plugin allowed users to read other people's forms. Discovered in version 3.9.9, it prompted Jetpack to release multiple patches. It is recommended to update now to avoid future risks to sensitive user data.
Challenges and advanced solutions against sophisticated layer 7 DDoS attacksVerisign experiences addressing digital threats: analysis and strategies to protect against advanced cyber attacks at the most critical levels of the networkLayer 7 DDoS attacks are advanced and difficult to detect, aiming to saturate server resources by simulating legitimate traffic. Organizations must adopt proactive monitoring and mitigation strategies to counter these threats, as highlighted by the Verisign study.
Serious vulnerability discovered in NVIDIA's container toolkitWhat you need to know about the NVIDIA container toolkit bug and how to protect yourselfA serious vulnerability (CVE-2024-0132) in NVIDIA's Container Toolkit allows attackers to gain control over a host system. It affects versions up to 1.16.1. NVIDIA has released urgent updates to address the issue.
Italy's success in cybersecurityHow Italy achieved excellence in global cybersecurity: strategies, collaborations, and international successesItaly is among the world leaders in cybersecurity according to the ITU Global Cybersecurity Index 2023/2024. It achieved a perfect score thanks to laws, international cooperation and technical initiatives. This demonstrates the country's advanced security infrastructure.
Crucial security update for Google Chrome: protect your data nowDiscover new cyber threats and Google's solutions to protect your data with the latest Chrome updateGoogle has released a critical update for Chrome to address two security vulnerabilities (CVE-2024-7971 and CVE-2024-7965) that cybercriminals have been exploiting. Users are advised to update to version 128.0.6613.138 to stay protected.
Secrets and pitfalls of the Tor network: new revelations on security and the risks of deanonymiza...New deanonymization risks on Tor: learn how online security is threatened by sophisticated attacks and what the Tor team is doing to protect usersAn investigation has highlighted risks of authorities deanonymizing the Tor network. The Tor team has responded by reassuring users of current security improvements and encouraging them to use updated software, but concerns remain about the balance between privacy and legal investigations.
Cyber Think Tank: free tool revolutionizes cybersecurity for SMBsA revolution for SMB cybersecurity: discover how a new free platform can transform your digital defensesA new free cybersecurity platform for SMBs offers advanced tools to detect and neutralize cyber threats. Easy to use, it includes automatic updates and technical support, promoting collaboration between companies to improve overall cybersecurity.
A new era for Flipper Zero with firmware 1.0Discover the revolutionary features of Flipper Zero firmware 1.0: performance improvements, JavaScript, and enhanced connectivityFlipper Zero, a cybersecurity device, receives the 1.0 firmware update improving performance, connectivity and battery life. Added JavaScript support, new protocols and optimizations. New NFC features and dynamic app download from the community.
EUCLEAK, the vulnerability that allows cloning of YubiKey FIDO sticksLearn how the EUCLEAK vulnerability puts your cryptographic keys at riskEUCLEAK is a vulnerability in YubiKey 5 devices (and others with Infineon SLE78 microcontroller) that allows cloning of ECDSA cryptographic keys via side-channel attacks. Requires physical access and specialized equipment. Yubico has issued security advisories.
New critical exploit discovered in Windows kernel: security implications and solutionsHow a zero-day exploit threatens Windows kernel security: analysis and mitigationCVE-2024-38106 is a serious vulnerability in the Windows kernel, discovered by Sergei Kornienko. It allows attackers to gain SYSTEM privileges. Microsoft has released a patch to fix it. It has been actively exploited by the North Korean hacker group Citrine Sleet.
Blockchain news: partnerships, security, and future prospectsDiscover how blockchain is disrupting key markets and addressing critical challenges in critical industries like finance, healthcare, and logisticsBlockchain technology is revolutionizing various industries due to its security and transparency. New partnerships between companies and financial institutions are accelerating innovations. However, challenges such as scalability and regulation still need to be overcome.
The strategic transformation of CorexalysHow Corexalys is revolutionizing digital security in France and EuropeFrench company Corexalys has sold its OSINT platforms to ChapsVision to focus on online influence operations for the French Ministry of Defense and due diligence services for private clients, responding to growing cyber threats and geopolitical challenges.
How to protect PostgreSQL from cryptojacking and keep your database performance highHow to configure PostgreSQL to avoid cryptojacking attacks and ensure optimal performance, protecting your data and reducing operating costsCryptojacking is the unauthorized use of system resources, such as PostgreSQL, to mine cryptocurrencies. Preventing it requires constant updates, secure configurations, activity monitoring, and training of personnel to recognize and avoid attacks.
Serious vulnerability discovered in AMD CPUs: invisible malware riskCritical flaws put AMD CPUs at risk: how hackers can gain stealth, persistent access to your systemsA security vulnerability called Sinkclose has been affecting AMD CPUs since 2006, allowing access to the Ring -2 level. By exploiting the TClose feature, attackers can install persistent malware. AMD is releasing patches, but some models are still without updates.
Shocking discovery in the world of browsers: a backdoor that has been exploited for 18 yearsHackers able to access private networks via backdoors in major web browsersA vulnerability in browsers has been discovered after 18 years, allowing hackers to access private networks via the IP 0.0.0.0. Apple, Google and Mozilla are responding with security measures. The risk involves sensitive data on private and development servers.
Meta and the security challenge: unexpected vulnerabilities in the new machine learning modelCritical vulnerability discovered in Meta's AI model: Prompt-Guard-86M under attackMeta introduced a machine learning model, Prompt-Guard-86M, to prevent prompt injection attacks. However, it is vulnerable to such attacks via letter spaces. This highlights the importance of security in the evolution of AI.
A dangerous vulnerability discovered on Telegram for Android: everything you need to know about E...Exploit discovered on Telegram for Android: what is EvilVideo and how to protect yourselfESET researchers have discovered the EvilVideo exploit, which affects Telegram on Android. The exploit, sold on underground forums, tricks users into downloading malicious apps. Telegram has resolved the issue with the update to version 10.14.5, thus protecting users.
Cybersecurity for dummies: defend yourself from modern cyber threatsDiscover essential cybersecurity techniques to protect your business from today's most advanced digital threatsCybersecurity protects businesses from attacks such as malware and phishing. "Exploits" exploit technical vulnerabilities, while "cyber-exploitation" affects the private sphere. Cybersecurity protects data and applications, while network security protects networks. Challenges include access management,...
Critical breakthroughs in 2024: new threats to Adobe, SolarWinds, and VMwareCritical vulnerabilities discovered in 2024: urgency for security updates increases for Adobe, SolarWinds, and VMware. Find out how these threats can affect cyber infrastructuresCISA has added new critical vulnerabilities to its catalog, affecting Adobe Commerce, SolarWinds Serv-U, VMware vCenter Server, and OSGeo GeoServer GeoTools. It also issued an advisory for Rockwell Automation Pavilion 8 industrial control systems, highlighting the importance of proactive vulnerability...
Effective plans and strategies to face and defeat a ransomware attackStrategies and tips for companies facing cyber attacks: how to manage negotiations, prepare for incidents and prevent future ransomware threatsThe text discusses negotiations with criminals using ransomware, the importance of preparation and training to deal with such attacks, evaluating whether to pay the ransom, and implementing preventative and recovery measures to mitigate future risks.
Zero-day threat on Android devices: Samsung prepares a crucial updateFind out how Samsung is addressing critical Android vulnerabilities and protecting Galaxy devices from cyber threatsSamsung will release a security patch in August to address a serious zero-day vulnerability (CVE-2024-32896) on Galaxy devices. The vulnerability allows remote code execution. Another flaw (CVE-2024-2974) also needs fixing.
Google Cloud security predictions for 2024: how AI will reshape the cybersecurity landscapeFind out how AI will transform cybersecurity and address geopolitical threats in 2024 according to Google Cloud reportGoogle Cloud's "Cybersecurity Forecast 2024" report predicts the use of AI to broaden phishing and disinformation, but also to improve defense. Highlights threats from the "Big Four" (China, Russia, North Korea, Iran) and attacks on elections and the Paris Olympics.
Critical vulnerability discovered in PHP CGI: how to protect your systems from CVE-2024-4577Find out how a security flaw in PHP CGI threatens your Windows servers and what immediate steps to take to protect yourselfAkamai has discovered a serious vulnerability in PHP (CVE-2024-4577) that allows remote code execution on Windows systems with CGI configurations. Bad actors can exploit it to spread malware and crypto mining attacks. Installing patches and using WAF is critical for protection.
New critical vulnerability discovered in OpenSSH: remote code execution riskFind out how a race condition in recent versions of OpenSSH puts system security at risk: details, impacts and solutions to implement immediatelyA vulnerability in OpenSSH 8.7 and 8.8, identified as CVE-2024-6409, could allow remote code execution. Caused by a race condition in the signal handler, it is a serious risk. Discovered by Qualys, requires immediate patches to mitigate risks.
Apple ID security: prevent phishing attacks with two-factor authenticationLearn how cybercriminals exploit phishing and learn how to defend your Apple ID with simple but effective security measuresApple ID users are being hacked via phishing emails and SMS that appear legitimate. Hackers steal credentials to lock out accounts and access funds. Enabling two-factor authentication (2FA) is vital to protecting yourself by avoiding clicking on suspicious links.
Security alert for MSI Center: critical vulnerability discovered in Windows systemsA critical flaw in Windows systems allows limited users to obtain administrator privileges: find out how to protect yourself and what solutions to implement to avoid cyber attacksA vulnerability (CVE-2024-37726) was discovered in MSI Center on Windows, allowing elevation of privilege. Users should update to version 2.0.38.0 to mitigate risks. This flaw can allow total control of the system by attackers.