OFFRE D'UNE DURÉE LIMITÉE | Obtenez 3 mois à 0.99 $ par mois

14.95 $/mois par la suite. Des conditions s'appliquent.
Page de couverture de RadioCSIRT - English Edition

RadioCSIRT - English Edition

RadioCSIRT - English Edition

Auteur(s): Marc Frédéric GOMEZ
Écouter gratuitement

À propos de cet audio

🎙 Marc Frédéric Gomez, cybersecurity expert, brings you daily insights into the latest threats, attacks, and defense strategies you need to know.

🔎 On the agenda:
✔️ Analysis of cyberattacks and critical vulnerabilities
✔️ Strategic intelligence for CSIRTs, CERTs, and cybersecurity professionals
✔️ Sources and references to dive deeper into each topic

💡 Why listen to RadioCSIRT?
🚀 Stay up to date in just a few minutes a day
🛡️ Anticipate threats with reliable, technical information
📢 An essential intelligence source for IT and security professionals

🔗 Listen, share, and secure your environment!
📲 Subscribe and leave a ⭐ rating on your favorite platform!

Marc Frédéric GOMEZ Politique
Épisodes
  • RadioCSIRT English Edition – Your Cybersecurity News for Sunday, January 11, 2026 (Ep. 67)

    RadioCSIRT English Edition – Your Cybersecurity News for Sunday, January 11, 2026 (Ep. 67)
    Jan 11 2026
    We open this episode with a new physical mail scam campaign targeting bank customers in France, according to Planet.fr. The modus operandi begins with the receipt of a letter bearing the letterhead of a financial institution and containing a fake bank card equipped with a chip. The document instructs the recipient to scan a QR code to activate the card. This technique, known as “quishing,” redirects the victim to a malicious website designed to exfiltrate personal data and banking details. The phenomenon, already observed in neighboring European countries, is gaining ground in France. The cards display a high level of counterfeiting, including accurate reproduction of banks’ visual identities. Verifying the URL displayed after scanning the QR code is the first indicator of legitimacy. If information is entered on a fraudulent website, the recommended procedure includes immediately blocking the bank card, changing all passwords, and reporting the incident via the French Interior Ministry’s Perceval platform.Microsoft published CVE-2026-0628 in its Security Update Guide, concerning a high-severity vulnerability affecting Chromium’s WebView tag component, according to Neowin. The technical flaw, classified as “Insufficient policy enforcement,” allows an attacker who has convinced a user to install a malicious extension to inject scripts or HTML into a privileged page. Researcher Gal Weizman reported the vulnerability to Google in late November. Chrome version 143.0.7499.192 contains the upstream fix, which was integrated by Microsoft into Edge on January 10, 2026. Microsoft records the CVE in its Security Update Guide to provide authoritative downstream status to Edge customers. Canonical vulnerability trackers confirm that the upstream remediation threshold was set in the Chrome 143 stable release. Inventory and remediation efforts must cover all embedded Chromium runtimes and Electron applications, as updating the host browser does not protect these applications.The BreachForums hacking forum suffered a data leak exposing its user database table, according to BleepingComputer. On January 9, 2026, a site named after the ShinyHunters extortion gang published a 7Zip archive named breachedforum.7z. The archive contains the file databoose.sql, a MyBB database table comprising 323,988 member records, including display names, registration dates, IP addresses, and other internal information. Analysis shows that the majority of IP addresses resolve to a local loopback address, but 70,296 records contain public IP addresses. The latest registration date corresponds to August 11, 2025, the day the previous BreachForums was shut down following the arrest of certain alleged operators. The current administrator, known under the pseudonym N/A, acknowledged the leak, stating that a backup of the MyBB users table was temporarily exposed in an unsecured directory and downloaded once.Finally, a major data leak compromised the personal information of approximately 17.5 million Instagram users, according to CyberPress. The leak, initially reported by cybersecurity researchers at Malwarebytes, exposes contact information, making millions of users vulnerable to identity theft and targeted phishing attacks. The dataset appeared this week on a hacking forum, published by a threat actor using the pseudonym “Solonik.” The listing titled “INSTAGRAM.COM 17M GLOBAL USERS — 2024 API LEAK” contains 17.5 million records formatted in JSON and TXT files. The data was collected in late 2024 via an API leak that bypassed standard security measures. The exposed database includes full names, usernames, verified email addresses, phone numbers, user identifiers, and partial location data. The leak is classified as scraping, meaning automated data collection via public interfaces. As of January 10, 2026, Meta has not issued a formal statement regarding this leak.SourcesPlanet.fr – Bank card scam https://www.planet.fr/societe-arnaque-a-la-fausse-carte-bancaire-par-courrier-le-mecanisme-du-quishing-qui-vise-vos-coordonnees.2992374.29336.htmlMicrosoft Security Update Guide – CVE-2026-0628 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-0628 BleepingComputer – BreachForums database leak https://www.bleepingcomputer.com/news/security/breachforums-hacking-forum-database-leaked-exposing-324-000-accounts/ CyberPress – Instagram data leak https://cyberpress.org/instagram-data-leak/Don’t think, patch!Your feedback is welcome.Email: radiocsirt@gmail.comWebsite: https://www.radiocsirt.comWeekly Newsletter: https://radiocsirtenglishedition.substack.com/
    Voir plus Voir moins
    6 min
  • RadioCSIRT – English Edition – Your Cybersecurity News for Saturday, January 10, 2026 (Ep. 66)

    RadioCSIRT – English Edition – Your Cybersecurity News for Saturday, January 10, 2026 (Ep. 66)
    Jan 10 2026
    We open this edition with a global overview of the current cyber threat landscape.The year twenty twenty five confirms a high and persistent level of cyber pressure on organizations, characterized by the convergence of critical technical vulnerabilities, structural dependencies on suppliers, and growing geopolitical tensions. Sector-wide analyses highlight a continuous expansion of attack surfaces, increased exploitation of digital supply chains, and sustained professionalization of malicious actors, whether criminal or state-sponsored.We then move on to an in-depth analysis of the financial sector, facing a dual structural threat.Reports from Kaspersky, ENISA, FS-ISAC, and KnowBe4 converge on a clear conclusion: nearly all major financial institutions have been affected by incidents involving third-party providers. This systemic exposure is accompanied by an intensification of geopolitically motivated attacks and APT operations targeting international banking infrastructures, notably for state financing or intelligence collection purposes.We also revisit several documented incidents illustrating this dynamic.The compromise of the banking vendor SitusAMC highlights the cascading effects of supply chain attacks.The attack claimed by the pro-Russian group NoName057(16) against La Poste fits into a logic of symbolic disruption linked to geopolitical tensions.Other recent cases reported by specialized media confirm the sustained exposure of the financial sector to attacks combining organized cybercrime and state-level objectives.Finally, we address the regulatory and organizational response to these threats.The DORA regulation represents a structuring step for the operational resilience of the European financial sector, but feedback shows that compliance alone is not sufficient to counter determined adversaries. Mastery of digital dependencies, visibility over third and fourth parties, and the strengthening of detection and response capabilities remain central challenges to limit systemic impact.ations.Sources:Sectoral Reports and Threat Analyses:Kaspersky Security Bulletin 2025 - Financial Sector: https://www.kaspersky.com/about/press-releases/2025_kaspersky-financial-sector-faced-ai-blockchain-and-organized-crime-threats-in-2025ENISA Threat Landscape 2025 - Finance Sector: https://www.enisa.europa.eu/publications/enisa-threat-landscape-2025FS-ISAC - Navigating Cyber 2025: https://www.fsisac.com/knowledge/annual-navigating-cyber-2025-reportKnowBe4 - Financial Sector Threats: The Shifting Landscape: https://www.knowbe4.com/hubfs/Financial-Sector-Threats-The-Shifting-Landscape.pdfDocumented Incidents and Compromises:Cybersecurity Dive - SitusAMC Banking Vendor Breach: https://www.cybersecuritydive.com/news/hackers-steal-sensitive-data-major-banking-industry-vendor-situsamc/The Record (Recorded Future) - NoName057(16) Attack on La Poste: https://therecord.media/pro-russian-hackers-claim-attack-french-postal-service-la-posteAmerican Banker - Marquis Breach (Carter Pape): https://www.muckrack.com/carter-pape/articlesAttribution and State Threat Actors:Security Affairs - France Links APT28 to Government Attacks: https://securityaffairs.com/171234/apt/france-links-russian-apt28-attacks.htmlCompliance and Regulation:RESCO Courtage - Complete DORA Guide 2025: https://www.resco-courtage.com/dora-reglementation-guide-complet-2025L'Usine Digitale - 2025 Cyberattacks and Lessons Learned: https://www.usine-digitale.fr/article/les-cyberattaques-qui-ont-marque-l-annee-2025-et-les-lecons-a-en-tirer.htmlDon’t think, patch!Your feedback is welcome.Email: radiocsirt@gmail.comWebsite:https://www.radiocsirt.comWeekly Newsletter:https://radiocsirtenglishedition.substack.com/
    Voir plus Voir moins
    21 min
  • RadioCSIRT English Edition – Your Cybersecurity News for Tuesday, January 6, 2026 (Ep. 65)

    RadioCSIRT English Edition – Your Cybersecurity News for Tuesday, January 6, 2026 (Ep. 65)
    Jan 6 2026

    We open this episode with a critical vulnerability in n8n reported by Security Online. CVE-2025-68668, with a CVSS score of 9.9, allows an authenticated user to escape the Python sandbox of the automation platform to execute arbitrary system commands, turning the Code Node into a vector for complete host system compromise.

    CVEfeed.io reports an uncontrolled DLL loading flaw in AsusSoftwareManagerAgent. CVE-2025-12793, rated 8.5 in CVSS 4.0, exploits an untrusted search path allowing a local attacker to execute arbitrary code through DLL Namespace manipulation.

    Clubic covers the disappearance of Anna's Archive's primary domain. The registry placed annas-archive.org under serverHold status two weeks after uploading 300 terabytes of Spotify data, suggesting legal action by the Public Interest Registry following OCLC's lawsuit for extracting 2.2 terabytes of WorldCat data.

    Phoronix reports a critical situation for the Debian project: the three delegated members of the Data Protection Team resigned simultaneously, leaving the project without an active team to manage GDPR obligations. Project leader Andreas Tille now handles this role ad-hoc while awaiting new volunteers.

    Finally, CERT-FR issued advisory CERTFR-2026-AVI-0004 concerning CVE-2025-13699 affecting multiple MariaDB branches. The vendor has not specified the exact nature of the security issue but recommends updating to versions 10.11.15, 10.6.24, 11.4.9, or 11.8.4.

    Sources:

    • Security Online – n8n CVE-2025-68668: https://securityonline.info/n8n-sandbox-escape-how-cve-2025-68668-turns-workflows-into-weapons/
    • CVEfeed.io – CVE-2025-12793 ASUS: https://cvefeed.io/vuln/detail/CVE-2025-12793
    • Clubic – Anna's Archive domain: https://www.clubic.com/actualite-593797-le-site-qui-avait-pirate-spotify-perd-son-nom-de-domaine.html
    • Phoronix – Debian Data Protection Team: https://www.phoronix.com/news/No-Debian-Data-Protection-Team
    • CERT-FR – MariaDB Vulnerability: https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0004/

    Don’t think, patch!

    Your feedback is welcome.
    Email: radiocsirt@gmail.com
    Website: https://www.radiocsirt.com
    Weekly Newsletter: https://radiocsirtenglishedition.substack.com/
    Voir plus Voir moins
    10 min
Pas encore de commentaire