Toute l'actualité de la Cybersécurité
Critical 0day flaw Exposes 70k XSpeeder Devices as Vendor Ignores Alert
2025-12-29 12:29:50
Researchers reveal CVE-2025-54322, a critical unpatched flaw in XSpeeder networking gear found by AI agents. 70,000 industrial and branch devices are exposed.
Microsoft Copilot is rolling out GPT 5.2 as "Smart Plus" mode
2025-12-29 12:23:35
Microsoft is rolling out GPT 5.2 to Copilot on the web, Windows, and mobile as a free upgrade, and it'll coexist with the GPT 5.1 model. [...]
MongoDB touché par une grave faille de sécurité
2025-12-29 11:59:51
Le fournisseur de bases de données open source documentaires MongoDB a prévenu d'une faille pouvant permettre à des utilisateurs (...)
Malware in 2025 spread far beyond Windows PCs
2025-12-29 11:48:34
Windows isn't the only target anymore. In 2025, malware increasingly targeted Android, macOS, and multiple platforms at once.
Fortinet warns of 5-year-old FortiOS 2FA bypass still exploited in attacks
2025-12-29 11:16:03
Fortinet has warned customers that threat actors are still actively exploiting a critical FortiOS vulnerability that allows them to bypass two-factor authentication (2FA) when targeting vulnerable FortiGate...
Windows LPE Vulnerabilities via Kernel Drivers and Named Pipes Allows Privilege Escalation
2025-12-29 10:37:11
Security researchers are increasingly focusing on privilege escalation attacks through two primary Windows attack surfaces: kernel drivers and named pipes. These vectors exploit fundamental trust boundary...
The HoneyMyte APT evolves with a kernel-mode rootkit and a ToneShell backdoor
2025-12-29 10:00:35
Kaspersky discloses a 2025 HoneyMyte (aka Mustang Panda or Bronze President) APT campaign, which uses a kernel-mode rootkit to deliver and protect a ToneShell backdoor.
Ingénierie sociale : HP alerte sur une nouvelle cyberattaque sophistiquée
2025-12-29 09:49:46
De nouvelles attaques exploitent la confiance des utilisateurs plutôt que des failles techniques. Dans son dernier rapport, HP alerte sur une campagne sophistiquée, capable de tromper même les plus...
MongoDB Vulnerability CVE-2025-14847 Under Active Exploitation Worldwide
2025-12-29 09:46:00
A recently disclosed security vulnerability in MongoDB has come under active exploitation in the wild, with over 87,000 potentially susceptible instances identified across the world.
The vulnerability...
27 Malicious npm Packages Used as Phishing Infrastructure to Steal Login Credentials
2025-12-29 09:44:00
Cybersecurity researchers have disclosed details of what has been described as a "sustained and targeted" spear-phishing campaign that has published over two dozen packages to the npm registry to facilitate...
Evasive Panda cyberespionage campaign uses DNS poisoning to install MgBot backdoor
2025-12-29 08:51:30
China-linked APT Evasive Panda used DNS poisoning to deliver the MgBot backdoor in targeted cyber-espionage attacks in Türkiye, China, and India. Kaspersky researchers spotted the China-linked APT group...
MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)
2025-12-29 08:24:05
An open-source detection tool to help organizations identify potential exploitation of MongoBleed (CVE-2025-14847), a critical memory disclosure vulnerability affecting MongoDB databases. The vulnerability...
A week in security (December 22 – December 28)
2025-12-29 08:02:00
A list of topics we covered in the week of December 22 to December 28 of 2025
OpenAI Hardened ChatGPT Atlas Against Prompt Injection Attacks
2025-12-29 07:56:15
OpenAI has rolled out a critical security update to ChatGPT Atlas, its browser-based AI agent, introducing advanced defenses against prompt injection attacks. The update marks a significant step in protecting...
The TechBeat: The Most Dangerous Person on Your Team is "Dave" (And He Just Quit) (12/29/2025)
2025-12-29 07:10:53
How are you, hacker?
🪐Want to know what's trending right now?:
The Techbeat by HackerNoon has got you covered with fresh content from our trending stories of the day! Set email preference here.
...
Traditional Security Frameworks Leave Organizations Exposed to AI-Specific Attack Vectors
2025-12-29 06:34:00
In December 2024, the popular Ultralytics AI library was compromised, installing malicious code that hijacked system resources for cryptocurrency mining. In August 2025, malicious Nx packages leaked 2,349...
Monitor Bug Bounty Targets in Real Time Using Certificate Transparency Logs
2025-12-29 06:11:22
Discover New Bug Bounty Subdomains the Moment They Are IssuedContinue reading on InfoSec Write-ups »
,400 Bounty: for Discovering Critical DoS Vulnerability in Rack (CVE-2022–30122)
2025-12-29 06:07:23
How a ReDoS Flaw in Rack’s Multipart Parser Put Ruby Web Applications at Risk of Easy Denial-of-Service AttacksContinue reading on InfoSec Write-ups »
SQLi → RCE: Exploiting PostgreSQLi
2025-12-29 06:05:18
In this blog, we will see types of sqli and how we can achieve RCE at lastI am here not going to explain SQLi and its types. There are plenty of resources out there that you can check hereLet's dive...
OSINT4Fun: Advent of OSINT 2025 (Day 1 - Day 4)
2025-12-29 06:04:18
OSINT ChallengesGet started with OSINT in 24 Days - Learn the basics by solving beginner-friendly challenge every day leading up to Christmas.Image Background by vector_corp on FreepikDay 1Advent of...
One Misplaced Header, Thousands of Leaked Sessions: A Bug Bounty Story
2025-12-29 06:03:23
Free Link 🎈Continue reading on InfoSec Write-ups »
The Internet Is Leaking Secrets in Public Repos
2025-12-29 06:03:08
How passwords, API keys, and cloud access quietly spill onto GitHub every dayContinue reading on InfoSec Write-ups »
CodePartTwo HTB Walkthrough
2025-12-29 06:01:45
CodePartTwo — HackTheBoxWalkthroughInitial ReconnaissanceI started with a standard service scan to map the attack surface:nmap -sC -sV 10.10.11.82Scan output :PORT STATE SERVICE VERSION22/tcp...
Ashen Lepus and the ASHTAG Malware Suite: Inside a Modern Militant Cyber Campaign
2025-12-29 06:01:33
Militant-aligned cyber operations are increasingly demonstrating levels of tradecraft once reserved for well-resourced nation-state actors…Continue reading on InfoSec Write-ups »
DOM XSS Using Web Messages and Javascript URL (window.postMessage → innerHTML Sink)
2025-12-29 05:59:07
DOM XSS via Web Messages: Exploits unsafe postMessage handling and innerHTML injection to execute arbitrary JavaScript.Continue reading on InfoSec Write-ups »
Why Small Websites Are the New Bug Bounty Goldmine
2025-12-29 05:58:56
Let me tell you a hard truth about bug bounty 👇Continue reading on InfoSec Write-ups »
3 Proven Strategies to Boost RAG Accuracy Beyond the Baseline
2025-12-29 05:39:00
Building a RAG (Retrieval-Augmented Generation) demo takes an afternoon. Building a system that doesn't hallucinate or miss obvious answers takes months of tuning. In this engineering guide, we are going...
Why Smaller AI Models Are Emerging as the Better Fit for Classrooms
2025-12-29 05:04:50
Small Language Models match near-LLM accuracy for structured educational tasks while offering faster responses, lower costs, better privacy, and greater classroom practicality.
AI - Should we Be Afraid? 3 Years Later
2025-12-29 04:48:02
The landscape has changed in the 3 years since ChatGPT amazed us. There's been spits and spurts in AI development but I think The AI labs; Google especially but also Anthropic and OpenAI and perhaps...
How to Set Goals for 2026 That Actually Stick
2025-12-29 04:42:25
In 2026, sheer effort won't get you far—goals must act as constraints, not checklists. Use them to focus, reduce decision fatigue, and compound progress even as reality shifts. This framework shows...
How the UK Budget Has Affected Salary Sacrifice Pension Schemes
2025-12-29 04:40:54
Salary sacrifice is a system that allows employees to voluntarily forgo part of their salary, which is then replaced by an employer-provided benefit.
What I Learned from Lee Kuan Yew - The Alpha Engineer Who Built a Nation
2025-12-29 04:38:48
While most of us engineer applications, APIs, or infrastructure, Lee Kuan Yew engineered a country.
Code Smell 318 - Wasting Time Refactoring Dirty Code
2025-12-29 04:37:51
Don't waste time refactoring code that never changes; focus on frequently modified problem areas.
Quantum Computing Fundamentals Part I: 10 Easy Pieces
2025-12-29 04:36:41
Quantum computing represents a fundamental reimagining of information processing. The advanced concepts driving the future of this transformative field are illustrated. The source code is also listed,...
Educational Byte: Smart Contracts vs. Autonomous Agents
2025-12-29 04:35:09
Smart contracts are digital agreements that run on code instead of paperwork. Obyte organizes two clear roles. Smart contracts handle agreements between people or organizations. Autonomous Agents act...
The Year of the Agent
2025-12-29 03:59:59
2025 was the year AI-assisted coding grew up. What started as a wave of "vibe coding" — rapid prototyping, prompt-driven experiments, and disposable applications — matured into something more disciplined:...
Exploring AI Agents' Influence on Linux Security Threats and Administration
2025-12-29 03:43:43
AI didn't invent hacking, and it didn't make attackers smarter. It removed friction. Tasks that once required patience, focus, and a fair amount of context now run unattended, looping quietly until something...
Hackers Claim Breach of WIRED Database Containing 2.3 million Subscriber Records
2025-12-29 02:48:14
Hackers have leaked a database containing over 2.3 million WIRED subscriber records, marking a major breach at Condé Nast, the parent company. The threat actor “Lovely” claims this is just...