Toute l'actualité de la Cybersécurité
UK's ICO Fine LastPass £1.2 Million Over 2022 Security Breach
2025-12-13 15:35:18
UK's ICO fines LastPass £1.2M for the 2022 data breach that exposed 1.6 million users' data. Learn how a flaw in an employee's personal PC led to the massive security failure.
Google Warns Multiple Hacker Groups Are Exploiting React2Shell to Spread Malware
2025-12-13 13:49:03
Google Threat Intelligence Group (GTIG) has issued a warning regarding the widespread exploitation of a critical security flaw in React Server Components. Known as React2Shell (CVE-2025-55182), this...
Empire 6.3.0 Launches With New Features for Red Teams and Penetration Testers
2025-12-13 13:39:59
BC Security has announced the release of Empire 6.3.0, the latest iteration of the widely used post-exploitation and adversary emulation framework. This update reinforces Empire's position as a premier...
CISA Warns of Google Chromium 0-Day Vulnerability Exploited in Attacks
2025-12-13 13:00:57
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical zero-day vulnerability in Google Chromium’s ANGLE graphics engine to its Known Exploited Vulnerabilities (KEV)...
CISA Adds Actively Exploited Sierra Wireless Router Flaw Enabling RCE Attacks
2025-12-13 12:33:00
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a high-severity flaw impacting Sierra Wireless AirLink ALEOS routers to its Known Exploited Vulnerabilities (KEV) catalog,...
U.S. CISA adds Google Chromium and Sierra Wireless AirLink ALEOS flaws to its Known Exploited Vulnerabilities catalog
2025-12-13 10:48:52
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chromium and Sierra Wireless AirLink ALEOS flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure...
Cyberinfo de la semaine du 13 décembre 2025
2025-12-13 09:28:02
Cyberinfo de la semaine du 13 décembre 2025 - Cyberattaques, fuites massives & espionnage : l'actu cybersécurité de la semaine....
Rust-Based Luca Stealer Spreads Across Linux and Windows Systems
2025-12-13 08:33:23
Threat actors are increasingly abandoning traditional languages like C and C++ in favor of modern alternatives such as Golang, Rust, and Nim. This strategic shift enables developers to compile malicious...
Debian 11: Thunderbird Critical Code Execution Fix DLA-4405-1
2025-12-13 08:19:49
Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code. For Debian 11 bullseye, these problems have been fixed in version 1:140.6.0esr-1~deb11u1....
Beyond Authentication — Exploiting a Nasty IDOR in Profile Update Functionality
2025-12-13 07:57:06
Beyond Authentication — Exploiting a Nasty IDOR in Profile Update FunctionalityIt wasn't a complex SQL injection or a tricky deserialization flaw. It was a failure to ask one simple question:...
MITRE: TryHackMe Room Walkthrough
2025-12-13 07:54:10
This TryHackMe room walkthrough will discuss the various resources MITRE has made available for the cybersecurity community.Continue reading on InfoSec Write-ups »
Stored Cross-Site Scripting: HTML Context (Nothing Encoded)
2025-12-13 07:54:03
Stored XSS occurs when malicious input is saved on the server and executed every time a user loads the affected page.Continue reading on InfoSec Write-ups »
From Recon to RCE: Hunting React2Shell (CVE-2025–55182) for Bug Bounties
2025-12-13 07:53:14
A step-by-step walkthrough covering discovery, validation and real-world exploitation in React and Next.js applicationsContinue reading on InfoSec Write-ups »
The TechBeat: Leader or No Leader, That is the Question (12/13/2025)
2025-12-13 07:10:57
How are you, hacker?
🪐Want to know what's trending right now?:
The Techbeat by HackerNoon has got you covered with fresh content from our trending stories of the day! Set email preference here.
...
New Phantom Stealer Campaign Hits Windows Machines Through ISO Mounting
2025-12-13 06:23:29
Researchers have uncovered a sophisticated phishing campaign originating in Russia that deploys the Phantom information-stealing malware via malicious ISO files. The attack, dubbed “Operation MoneyMount-ISO,”...
Mageia 9: Golang Critical DNS Constraint Advisory MGASA-2025-0326
2025-12-13 05:46:10
MGASA-2025-0326 - Updated golang packages fix security vulnerabilities
Mageia 9: Codeblocks Receives Important Bugfix Update MGAA-2025-0104
2025-12-13 05:46:09
MGAA-2025-0104 - Updated codeblocks packages fix bug
Apple Issues Security Updates After Two WebKit Flaws Found Exploited in the Wild
2025-12-13 05:32:00
Apple on Friday released security updates for iOS, iPadOS, macOS, tvOS, watchOS, visionOS, and its Safari web browser to address two security flaws that it said have been exploited in the wild, one of...
React2Shell Remote Code Execution (RCE) Vulnerability
2025-12-13 02:46:40
What is the Vulnerability?
React2Shell is a critical unauthenticated RCE vulnerability impacting React Server Components (RSC) and frameworks that...
Apple 0-Day Vulnerabilities Exploited in Sophisticated Attacks Targeting iPhone Users
2025-12-13 02:44:13
Apple patches two WebKit zero-day flaws actively exploited in sophisticated attacks targeting specific iPhone users running iOS versions prior to 26. The iOS 26.2 and iPadOS 26.2 updates, released...
The Hidden Cost of “Free” Apps and the Battle for Your Attention
2025-12-13 01:41:42
The “free” model of popular apps often disguises data collection, behavioral profiling, and monetization of user attention. Features like infinite scroll, autoplay, and push notifications aren't about...
Why 'Crypto Games' Fail But 'Games With Crypto' Succeed
2025-12-13 01:28:34
Traditional "crypto games" fail because they prioritize tokens over fun, but "games with crypto" succeed by making blockchain optional or invisible. Three approaches work: hiding crypto entirely (Off...
Fedora 41: Apptainer CVE-2025-65105 Security Fix Advisory
2025-12-13 01:27:27
Apply fuse2fs patches that were accidentally empty Update to upstream 1.4.5, including a fix for CVE-2025-65105
Fedora 43: Apptainer 1.4.5 Important Fix CVE-2025-65105
2025-12-13 01:12:52
Apply fuse2fs patches that were accidentally empty Update to upstream 1.4.5, including a fix for CVE-2025-65105
Mistral Bets on Enterprise “Vibe Coding” With Devstral 2 and an Open-Source CLI Agent
2025-12-13 01:00:00
Mistral, the French frontier AI model lab most recently valued at €11.7 billion, has launched a duo of open-weight coding models.
Fedora 42: apptainer 1.4.5 Moderate Patch Adjustments for CVE-2025-65105
2025-12-13 00:50:49
Apply fuse2fs patches that were accidentally empty Update to upstream 1.4.5, including a fix for CVE-2025-65105
Fake Microsoft Teams and Google Meet Downloads Spread Oyster Backdoor
2025-12-13 00:17:14
The Oyster backdoor (also known as Broomstick) is targeting the financial world, using malicious search ads for PuTTY, Teams, and Google Meet.
Emergency fixes deployed by Google and Apple after targeted attacks
2025-12-13 00:08:15
Google and Apple issued emergency updates to address zero-day flaws exploited in attacks targeting an unknown number of users. Apple and Google have both pushed out urgent security updates after uncovering...
List of 14 new domains
2025-12-13 00:00:00
.fr alexandercasino-bet[.fr] (registrar: NETIM)
assistances-sg-intranet[.fr] (registrar: Hostinger operations UAB)
carplusfrance[.fr] (registrar: OVH)
carrefoursa[.fr] (registrar: EPAG Domainservices...