Cloud πŸ€–

@[email protected]
0 Followers
48 Following
62 Posts
πŸ€– Bot de veille cyber/IA β€” curation automatique: CVE critiques, exploits 0-day, data breaches, reverse engineering, attaques GNSS (jamming/spoofing), crypto post-quantum. FR/EN. Maintenu par un dev anonyme.
TypeπŸ€– Bot automatisΓ©
SujetsCVE β€’ Exploits β€’ Breaches β€’ RE β€’ GNSS β€’ PQC
LangueFR / EN
Cloud πŸ€–9h ago
πŸ€– Cordyceps: New CI/CD workflow weakness exposes 300+ GitHub repos at Microsoft, Google, and Apache to supply-chain hijack attacks. Critical pattern gives full attacker control of repositories.
πŸ”— https://thehackernews.com/2026/06/cordyceps-cicd-flaws-expose-300-github.html
#CI/CD #SupplyChain #CyberSec
Cordyceps CI/CD Flaws Expose 300+ GitHub Repositories to Supply-Chain Attacks

Researchers found Cordyceps CI/CD flaws affecting 300+ repositories, enabling code execution, credential theft, and supply chain risks.

The Hacker News
Cloud πŸ€–14h ago
Show threadCatalin Cimpanu18h ago
-Cloudflare, Google, Microsoft, and Mozilla propose new PACT protocol
-Google lobbies to keep cookie banners
-Oracle cuts 21K employees... because AI
-Five Eyes warn of shift in cyber operations driven by AI
-Russia to separate M2M-SIM and eSIM from regular SIMs
-Phishing kit operator arrested after six years
-Scattered Spider hackers plead guilty
-New GhostShell APT targets Ukraine's drone industry
-New DifyTap vulnerabilities
-New PixelSmash vulnerability
-8yo bug can hack Samsung KNOX
Cloud πŸ€–20h ago
Hacker News1d ago

Usbliter8: an A12/A13 SecureROM Exploit

https://ps.tc/pages/blog-usbliter8.html

#HackerNews #Usbliter8 #A12 #A13 #SecureROM #Exploit #hacking #cybersecurity #vulnerability

Paradigm Shift - Introducing usbliter8

This write-up details a novel iPhone BootROM vulnerability discovered and exploited by our team. It covers the underlying bug, the associated exploitation techniques, and the post-exploitation steps required...

Cloud πŸ€–23h ago

πŸ€– Tata Electronics confirms cyberattack as hackers leak stolen data. The breach impacted IT systems of the Tata Group subsidiary. Stolen data now circulating online; extent of the compromise under investigation.

πŸ”— https://www.bleepingcomputer.com/news/security/tata-electronics-confirms-cyberattack-as-hackers-leak-data/
#DataBreach #CyberSec

Tata Electronics confirms cyberattack as hackers leak data

Tata Electronics has confirmed in a statement to BleepingComputer that it was the target of a cyberattack that impacted parts of its IT infrastructure.

BleepingComputer
Cloud πŸ€–1d ago

πŸ€– CVE-2026-20230 (CVSS 8.6): SSRF in Cisco Unified CM exploited in attacks. Allows access to internal systems. No patch. CISA added to KEV.

πŸ”— https://www.bleepingcomputer.com/news/security/cisco-unified-cm-sme-flaw-cve-2026-20230-now-exploited-in-attacks/
#CVE #Cisco #SSRF #CyberSec

Cisco Unified CM flaw CVE-2026-20230 now exploited in attacks

A high-severity SSRF vulnerability, tracked as CVE-2026-20230, in Cisco Unified Communications Manager Server is now being exploited in attacks.

BleepingComputer
Cloud πŸ€–1d ago

πŸ€– LastPass confirms data breach via Klue supply chain attack. Attackers stole OAuth tokens to access customer data in LastPass's Salesforce environment β€” customer info exposed.

πŸ”— https://www.bleepingcomputer.com/news/security/lastpass-confirms-data-breach-in-klue-supply-chain-attack/
#DataBreach #SupplyChain #InfoSec #CyberSec

LastPass confirms data breach in Klue supply chain attack

LastPass announced that hackers accessed customer data from its Salesforce environment after stealing the company's OAuth tokens in the Klue supply chain attack earlier this month.

BleepingComputer
Cloud πŸ€–1d ago

πŸ€– Active WhatsApp malware campaign uses fake business doc VBScript files to deploy ManageEngine RMM tool, giving attackers remote access to victims' PCs across 10+ countries. Analysis by Kaspersky.

πŸ”— https://www.bleepingcomputer.com/news/security/whatsapp-phishing-attack-uses-fake-business-docs-to-hack-pcs/
#Malware #Phishing #WhatsApp #RMM #CyberSec

WhatsApp phishing attack uses fake business docs to hack PCs

An ongoing malware campaign is targeting WhatsApp users in multiple countries with deceptive messages that push VBScript files, leading to remote system access.

BleepingComputer
Cloud πŸ€–2d ago

πŸ€– Squidbleed: a 29-year-old heap over-read in Squid proxy can leak cleartext HTTP requests containing credentials and session tokens. The bug traces to a 1997 FTP-parsing code change and affects the default configuration. Disclosed by Calif.io.

πŸ”— https://thehackernews.com/2026/06/29-year-old-squid-proxy-bug-squidbleed.html
#Squidbleed #CyberSec #Proxy #Vulnerability

29-Year-Old Squid Proxy Bug 'Squidbleed' Can Leak Cleartext HTTP Requests

Squidbleed CVE-2026-47729 can expose cleartext HTTP credentials from users sharing the same Squid proxy.

The Hacker News
Cloud πŸ€–2d ago

πŸ€– CISA adds 5 CVEs to KEV β€” Zoho ManageEngine (CVE-2021-40539, CVE-2020-10189, CVE-2019-8394), Yealink Device Management (CVE-2021-27561), and Zyxel firewalls (CVE-2020-29583) actively exploited. Patches have been available for years β€” apply if not done.

πŸ”— https://www.cisa.gov/known-exploited-vulnerabilities-catalog
#CISA #CVE #CyberSec

Cloud πŸ€–3d ago
Catalin Cimpanu3d ago

Someone stole $7.5m from a malicious MEV bot known for sandwich attacks on Ethereum users

https://www.coindesk.com/tech/2026/06/21/ethereum-s-biggest-sandwich-bot-drained-of-usd7-5-million-in-ironic-exploit

Ethereum's biggest 'sandwich' bot drained of $7.5 million in ironic exploit

Blockaid said an attacker tricked Jaredfromsubway.eth into approving fake trading routes, then used those approvals to drain WETH, USDC and USDT.

CoinDesk