📣 ANNOUNCEMENT: we have reached the 2,100+ scanned ports milestone, at Internet scale with a weekly refresh rate.
Next step: 5,000+ ports, weekly refresh. Then 10,000 by end of next year.
We will be the competitor number 1 to @censys.bsky.social in 2026.
#ASM #CTI #ASD
📣 We have added a new #vulnerability detection to our #ASM #AttackSurfaceManagement solution for #MongoDB product:
CVE-2025-14847: remote unauthenticated memory reading #MongoBleed
search.onyphe.io/search?q=cat...
Perl
RustScan est un outil de scan de ports écrit en Rust. Il mise tout sur la rapidité et se veut scanner l'ensemble des ports d'une machine en quelques secondes ⬇️
github.com/bee-san/Rust...
Cc @onyphe.io
A chart showing Internet scan data plots for three countries; Spain, Portugal and France. The three lines are stable, with minor variations from 09:00 to 12:30. At 12:30 the lines for Spain and Portugal drop almost vertically to roughly 50% of their original levels. The line for France continues as for the start of the day. The lines for Spain and Portugal have not returned to their original levels.
The electrical power outage in Spain and Portugal as seen from the Internet (France included for reference)
Patch management is a multi-decade failure.
The latest version of our cli tool has been released. Get v4.19.0 and find wrappers with sweet new APIs inside.
Available here ➡️
search.onyphe.io/docs/onyphe-...
or here 🐳 hub.docker.com/r/onyphe/ony...
or even here 🥷 metacpan.org/dist/Onyphe
🧙♀️Cc @fs0c131y.com @gazlacrymo.fr @hacker0x01.bsky.social @gandalfistari.bsky.social @jnocetti.bsky.social @korben.info @tariqkrim.bsky.social @reesmarc.bsky.social @jeromenotin.bsky.social @oliviertesquet.bsky.social @patriceauffret.bsky.social @untersin.gr ça devrait t’intéresser 🪄
Mais il a bien dormi.
Oui enfin, c'est comme un moustique qui s'écrase contre le pare-brise d'une voiture.
📣 We have added a new #vulnerability detection to our #ASM #AttackSurfaceManagement solution for #PaloAltoNetworks PA product:
CVE-2025-0108: authentication bypass on management interface
search.onyphe.io/search?q=cat...
Thanks to @assetnote.io for having shared the detection method.
Yet by performing an awkward legal waltz around the subject, Talos have helpfully supported my hypothesis that compromised IOS XE devices are part of an ORB network serving multiple APTs.
archive.hack.lu/hack-lu-2024...
Roughly same numbers as @onyphe.bsky.social
Back in the dayz the fake exploit did "rm -rf /" www.trendmicro.com/en_us/resear... #CTI
More than 50k *vulnerable* devices.
This one is pretty bad.
Don't expose DCERPC protocol on the Internet.
Je plussoie.
FreeBSD 14.2-RELEASE now includes OCI-compatible images, and the Podman toolkit is ready to use them, on both amd64 and arm64 systems - A brief Introduction by Dave Cottlehuber #FreeBSD #BSD
répondez à vos emails
putain dire que j'ai connu un temps où les gens répondaient à un FAX
2. **Truncated SHA-256 Hash Collisions**: The request hashing mechanism truncates SHA-256 hashes to only 12 characters. This significantly reduces entropy, making it feasible for an attacker to generate collisions. By exploiting this, a previously built malicious image can be served in place of a legitimate one, allowing the attacker to "poison" the artifact cache and deliver compromised images to unsuspecting users.
Stop. Truncating. Hashes.
www.phoronix.com/news/OpenWrt...
📣 We have added a new #vulnerability detection to our #ASM #AttackSurfaceManagement solution for #Mitel MiCollab product:
CVE-2024-35286: unauthenticated SQL injection on login page
CVE-2024-41713: unauthenticated arbitrary file read
www.onyphe.io/search?q=cat...
Certes. Mais un recruteur qui jette un CV parce qu'il fait plus d'une page ... Que peut-on en penser ?
#Cyberattaques : une étude dévoile la porte d'#entrée préférée des #ransomwares
www.01net.com/actualites/cyberattaques...
Cette "règle" est débile. 3 ou 4 pages, ça ne me choque pas, surtout après 20 ans d'XP.
Optimist: the cup is 1/2 full
Pessimist: the cup is 1/2 empty
Excel: the cup is January 2nd
