Non classé

As cloud security evolves in 2025 and beyond, organizations must adapt to both new and evolving realities, including the increasing reliance on cloud infrastructure for AI-driven workflows and the vast quantities of data being migrated to the cloud.
But there are other developments that could impact your organizations and drive the need for an even more robust security strategy. Let’s take a

As cloud security evolves in 2025 and beyond, organizations must adapt to both new and evolving realities, including the increasing reliance on cloud infrastructure for AI-driven workflows and the vast quantities of data being migrated to the cloud.
But there are other developments that could impact your organizations and drive the need for an even more robust security strategy. Let’s take a

Taiwan has become the latest country to ban government agencies from using Chinese startup DeepSeek’s Artificial Intelligence (AI) platform, citing security risks.
« Government agencies and critical infrastructure should not use DeepSeek, because it endangers national information security, » according to a statement released by Taiwan’s Ministry of Digital Affairs, per Radio Free Asia.
« DeepSeek

Taiwan has become the latest country to ban government agencies from using Chinese startup DeepSeek’s Artificial Intelligence (AI) platform, citing security risks.
« Government agencies and critical infrastructure should not use DeepSeek, because it endangers national information security, » according to a statement released by Taiwan’s Ministry of Digital Affairs, per Radio Free Asia.
« DeepSeek

A security vulnerability has been disclosed in AMD’s Secure Encrypted Virtualization (SEV) that could permit an attacker to load a malicious CPU microcode under specific conditions.
The flaw, tracked as CVE-2024-56161, carries a CVSS score of 7.2 out of 10.0, indicating high severity.
« Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local

A security vulnerability has been disclosed in AMD’s Secure Encrypted Virtualization (SEV) that could permit an attacker to load a malicious CPU microcode under specific conditions.
The flaw, tracked as CVE-2024-56161, carries a CVSS score of 7.2 out of 10.0, indicating high severity.
« Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local

Microsoft has released patches to address two Critical-rated security flaws impacting Azure AI Face Service and Microsoft Account that could allow a malicious actor to escalate their privileges under certain conditions.
The flaws are listed below –

CVE-2025-21396 (CVSS score: 7.5) – Microsoft Account Elevation of Privilege Vulnerability
CVE-2025-21415 (CVSS score: 9.9) – Azure AI Face Service

Microsoft has released patches to address two Critical-rated security flaws impacting Azure AI Face Service and Microsoft Account that could allow a malicious actor to escalate their privileges under certain conditions.
The flaws are listed below –

CVE-2025-21396 (CVSS score: 7.5) – Microsoft Account Elevation of Privilege Vulnerability
CVE-2025-21415 (CVSS score: 9.9) – Azure AI Face Service

Google has shipped patches to address 47 security flaws in its Android operating system, including one it said has come under active exploitation in the wild.
The vulnerability in question is CVE-2024-53104 (CVSS score: 7.8), which has been described as a case of privilege escalation in a kernel component known as the USB Video Class (UVC) driver.
Successful exploitation of the flaw could lead

Google has shipped patches to address 47 security flaws in its Android operating system, including one it said has come under active exploitation in the wild.
The vulnerability in question is CVE-2024-53104 (CVSS score: 7.8), which has been described as a case of privilege escalation in a kernel component known as the USB Video Class (UVC) driver.
Successful exploitation of the flaw could lead

Microsoft SharePoint Connector Flaw Could’ve Enabled Credential Theft Across Power Platform

Cybersecurity researchers have disclosed details of a now-patched vulnerability impacting the Microsoft SharePoint connector on Power Platform that, if successfully exploited, could allow threat actors to harvest a user’s credentials and stage follow-on attacks.
This could manifest in the form of post-exploitation actions that allow the attacker to send requests to the SharePoint API on behalf

Cybersecurity researchers have disclosed details of a now-patched vulnerability impacting the Microsoft SharePoint connector on Power Platform that, if successfully exploited, could allow threat actors to harvest a user’s credentials and stage follow-on attacks.
This could manifest in the form of post-exploitation actions that allow the attacker to send requests to the SharePoint API on behalf

As many as 768 vulnerabilities with designated CVE identifiers were reported as exploited in the wild in 2024, up from 639 CVEs in 2023, registering a 20% increase year-over-year.
Describing 2024 as « another banner year for threat actors targeting the exploitation of vulnerabilities, » VulnCheck said 23.6% of known exploited vulnerabilities (KEV) were known to be weaponized either on or before

As many as 768 vulnerabilities with designated CVE identifiers were reported as exploited in the wild in 2024, up from 639 CVEs in 2023, registering a 20% increase year-over-year.
Describing 2024 as « another banner year for threat actors targeting the exploitation of vulnerabilities, » VulnCheck said 23.6% of known exploited vulnerabilities (KEV) were known to be weaponized either on or before

The maintainers of the Python Package Index (PyPI) registry have announced a new feature that allows package developers to archive a project as part of efforts to improve supply chain security.
« Maintainers can now archive a project to let users know that the project is not expected to receive any more updates, » Facundo Tuesca, senior engineer at Trail of Bits, said.
In doing so, the idea is to

The maintainers of the Python Package Index (PyPI) registry have announced a new feature that allows package developers to archive a project as part of efforts to improve supply chain security.
« Maintainers can now archive a project to let users know that the project is not expected to receive any more updates, » Facundo Tuesca, senior engineer at Trail of Bits, said.
In doing so, the idea is to

This week, our news radar shows that every new tech idea comes with its own challenges. A hot AI tool is under close watch, law enforcement is shutting down online spots that help cybercriminals, and teams are busy fixing software bugs that could let attackers in. From better locks on our devices to stopping sneaky tricks online, simple steps are making a big difference. 
Let’s take a

This week, our news radar shows that every new tech idea comes with its own challenges. A hot AI tool is under close watch, law enforcement is shutting down online spots that help cybercriminals, and teams are busy fixing software bugs that could let attackers in. From better locks on our devices to stopping sneaky tricks online, simple steps are making a big difference. 
Let’s take a

Brazilian Windows users are the target of a campaign that delivers a banking malware known as Coyote.
« Once deployed, the Coyote Banking Trojan can carry out various malicious activities, including keylogging, capturing screenshots, and displaying phishing overlays to steal sensitive credentials, » Fortinet FortiGuard Labs researcher Cara Lin said in an analysis published last week.
The

Brazilian Windows users are the target of a campaign that delivers a banking malware known as Coyote.
« Once deployed, the Coyote Banking Trojan can carry out various malicious activities, including keylogging, capturing screenshots, and displaying phishing overlays to steal sensitive credentials, » Fortinet FortiGuard Labs researcher Cara Lin said in an analysis published last week.
The