Blog - Page 20 sur 796 - Kortex Consulting

16Jan 2026 by Webmaster

Multiples vulnérabilités dans GLPI (16 janvier 2026) (CERT-FR)

Sécurité

De multiples vulnérabilités ont été découvertes dans GLPI. Elles permettent à un attaquant de provoquer une injection SQL (SQLi) et un contournement de la politique de sécurité.

16Jan 2026 by Webmaster

Five Malicious Chrome Extensions Impersonate Workday and NetSuite to Hijack Accounts

Actualités

Cybersecurity researchers have discovered five new malicious Google Chrome web browser extensions that masquerade as human resources (HR) and enterprise resource planning (ERP) platforms like Workday, NetSuite, and SuccessFactors to take control of victim accounts. "The extensions work in concert to steal authentication tokens, block incident response capabilities, and enable complete account

16Jan 2026 by Webmaster

LOTUSLITE Backdoor Targets U.S. Policy Entities Using Venezuela-Themed Spear Phishing

Actualités

Security experts have disclosed details of a new campaign that has targeted U.S. government and policy entities using politically themed lures to deliver a backdoor known as LOTUSLITE. The targeted malware campaign leverages decoys related to the recent geopolitical developments between the U.S. and Venezuela to distribute a ZIP archive ("US now deciding what's next for Venezuela.zip")

16Jan 2026 by Webmaster

Your Digital Footprint Can Lead Right to Your Front Door

Actualités

You lock your doors at night. You avoid sketchy phone calls. You’re careful about what you post on social media. But what about the information about you that’s already out there—without your permission? Your name. Home address. Phone number. Past jobs. Family members. Old usernames. It’s all still online, and it’s a lot easier to find than you think. The hidden safety threat lurking online Most

16Jan 2026 by Webmaster

China-Linked APT Exploits Sitecore Zero-Day in Attacks on American Critical Infrastructure

Actualités

A threat actor likely aligned with China has been observed targeting critical infrastructure sectors in North America since at least last year. Cisco Talos, which is tracking the activity under the name UAT-8837, assessed it to be a China-nexus advanced persistent threat (APT) actor with medium confidence based on tactical overlaps with other campaigns mounted by threat actors from the region.

16Jan 2026 by Webmaster

Cisco Patches Zero-Day RCE Exploited by China-Linked APT in Secure Email Gateways

Actualités

Cisco on Thursday released security updates for a maximum-severity security flaw impacting Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager, nearly a month after the company disclosed that it had been exploited as a zero-day by a China-nexus advanced persistent threat (APT) actor codenamed UAT-9686. The vulnerability, tracked as CVE-2025-20393 (CVSS

15Jan 2026 by Webmaster

AWS CodeBuild Misconfiguration Exposed GitHub Repos to Potential Supply Chain Attacks

Actualités

A critical misconfiguration in Amazon Web Services (AWS) CodeBuild could have allowed complete takeover of the cloud service provider's own GitHub repositories, including its AWS JavaScript SDK, putting every AWS environment at risk. The vulnerability has been codenamed CodeBreach by cloud security company Wiz. The issue was fixed by AWS in September 2025 following responsible disclosure on

15Jan 2026 by Webmaster

Multiples vulnérabilités dans les produits Siemens (14 janvier 2026) (CERT-FR)

Sécurité

De multiples vulnérabilités ont été découvertes dans les produits Siemens. Elles permettent à un attaquant de provoquer un déni de service à distance et un contournement de la politique de sécurité.

15Jan 2026 by Webmaster

Multiples vulnérabilités dans les produits Microsoft (14 janvier 2026) (CERT-FR)

Sécurité

De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.

15Jan 2026 by Webmaster

Multiples vulnérabilités dans les produits Palo Alto Networks (15 janvier 2026) (CERT-FR)

Sécurité

De multiples vulnérabilités ont été découvertes dans les produits Palo Alto Networks. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, un déni de service à distance et un contournement de la politique de sécurité. Palo Alto Networks a connaissance d'une...