Toute l'actualité de la Cybersécurité
Yanluowang initial access broker to plead guilty to ransomware attacks
2025-11-10 19:12:51
A Russian national will plead guilty to acting as an initial access broker (IAB) for Yanluowang ransomware attacks that targeted at least eight U.S. companies between July 2021 and November 2022. [...]...
Threat Actors Actively Hacking Websites to Inject Malicious Links and Boost their SEO
2025-11-10 18:46:43
Cybercriminals are increasingly targeting websites to inject malicious links and boost their search engine optimization rankings through sophisticated blackhat SEO tactics. This campaign primarily focuses...
Popular JavaScript library expr-eval vulnerable to RCE flaw
2025-11-10 18:32:29
A critical vulnerability in the popular expr-eval JavaScript library, with over 800,000 weekly downloads on NPM, can be exploited to execute code remotely through maliciously crafted input. [...]
Intel Sues Ex-Engineer for Stealing 18,000 ‘Top Secret' Files
2025-11-10 18:10:41
Intel, the leading computer chip maker, has filed a lawsuit seeking at least 0,000 in damages from a…
Italian Adviser Becomes Latest Target in Expanding Paragon Graphite Spyware Surveillance Case
2025-11-10 08:01:20
An extract from “The Enemy Inside, the Paragon Case, Spies and Regime Methods in Giorgia Meloni’s Italy” by Francesco Cancellato, published by Rizzoli on November 11, 2025. This surveillance...
La refonte du RGPD par l'UE inquiète
2025-11-10 17:21:02
Le 19 novembre prochain, la Commission européenne compte modifier certains textes à travers un paquet de mesures nommées « Digital (...)
Securing our future: November 2025 progress report on Microsoft's Secure Future Initiative
2025-11-10 17:00:00
When we launched the Secure Future Initiative, our mission was clear: accelerate innovation, strengthen resilience, and lead the industry toward a safer digital future. Today, we're sharing our latest...
LANDFALL Spyware Targeted Samsung Galaxy Phones via Malicious Images
2025-11-10 16:41:13
Unit 42 discovered LANDFALL, commercial-grade Android spyware, which used a hidden image vulnerability (CVE-2025-21042) to remotely spy on Samsung Galaxy users via WhatsApp. Update your phone now.
The Spacecoin Writing Contest by Spacecoin and HackerNoon: Final Round Results 🎉
2025-11-10 16:39:16
The Spacecoin Writing Contest, presented by Spacecoin and HackerNoon, concludes its third and final round with over 100 new entries and 15,000 USDT in prizes. Writers explored how blockchain and space...
APT Groups Attacking Construction Industry Networks to Steal RDP, SSH and Citrix Logins
2025-11-10 16:35:54
The construction industry has emerged as a lucrative target for advanced persistent threat groups and organized cybercriminal networks seeking unauthorized access to corporate systems. State-sponsored...
Meet Mailbird: HackerNoon Company of the Week
2025-11-10 16:20:27
HackerNoon shares its favorite tech companies from our database. This week, we're talking about Mailbird, the communication platform that ends email chaos. The AI can “generate natural-sounding, human-like...
Why Organizations Can't Ignore Vendor Risk Assessment in Today's Cyber-Threat Landscape
2025-11-10 16:11:44
In an era where digital ecosystems extend far beyond a company's internal network, enterprise cybersecurity is no longer…
The HackerNoon Newsletter: Can ChatGPT Outperform the Market? Week 15 (11/10/2025)
2025-11-10 16:02:08
How are you, hacker?
🪐 What's happening in tech today, November 10, 2025?
The
HackerNoon Newsletter
brings the HackerNoon
...
Chinese Cybersecurity Firm Data Breach Exposes State-Sponsored Hackers Cyber Weapons and Target List
2025-11-10 15:43:22
In early November 2025, Knownsec, one of China’s largest cybersecurity firms with direct government ties, experienced a catastrophic data breach that exposed over 12,000 classified documents. The...
ClickFix Campaign Targets Hotels, Spurs Secondary Customer Attacks
2025-11-10 15:16:58
Attackers compromise hospitality providers with an infostealer and RAT malware and then use stolen data to launch phishing attacks against customers via both email and WhatsApp.
5 reasons why attackers are phishing over LinkedIn
2025-11-10 15:01:11
Attackers are increasingly phishing over LinkedIn to reach executives and bypass email security tools. Push Security explains how real-time browser protection detects and blocks phishing across apps and...
Can ChatGPT Outperform the Market? Week 15
2025-11-10 15:00:01
Survives Friday's selloff...
Denmark and Norway investigate Yutong bus security flaw amid rising tech fears
2025-11-10 14:47:53
Denmark and Norway probe a security flaw in Chinese-made Yutong buses, deepening European fears over reliance on Chinese tech and potential cyber risks. Bus operators in Denmark and Norway are urgently...
Incident Response Team (ShieldForce) Partners with AccuKnox for Zero Trust CNAPP in Latin America
2025-11-10 14:00:44
Menlo Park, CA, USA, 10th November 2025, CyberNewsWire
OWASP Top 10 2025 – Revised Version Released With Two New Categories
2025-11-10 14:41:47
The Open Web Application Security Project (OWASP) has unveiled the 2025 edition of its flagship OWASP Top 10 2025, marking the eighth installment and introducing significant updates to address evolving...
Stop Treating Compliance Like a Speed Bump
2025-11-10 14:38:04
compliance is a design input, same tier as throughput, cost, and fixity. If your 3-2-1 policy isn't operational, it's a slogan. At PB scale, that gap burns years and budgets. You need more than a...
How to Set Up Session-Level Database Migrations in Python
2025-11-10 14:16:27
How to set up session-level database fixtures for testing in a Python application. It runs migrations once per session to improve efficiency. It demonstrates how to truncate all tables between tests using...
How to Use the HTML
2025-11-10 14:04:33
The tag is a powerful yet misunderstood part of HTML.
It's not a container — it's a pixel-based drawing surface that lets you render shapes, images, animations, and even games directly in the browser.
In...
6 Caching Strategies and Their Latency vs. Complexity Tradeoffs
2025-11-10 13:59:59
Caching speeds up applications, but each method has tradeoffs. Pekka Enberg's caching guide breaks down six core strategies—cache-aside, read-through, write-through, write-behind, client-side, and...
The New Anatomy of Customer Experience - Part 1
2025-11-10 13:59:50
From the first recorded customer complaint in 1750 BC to today's AI-powered service desks, one truth endures: customer experience defines trust. This article explores how Generative AI—especially...
How The Whole Of The Internet And Every Digital Device In The World Is Under Surveillance
2025-11-10 13:43:03
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Nov. 10, 2025 – Listen to the podcast For the past five years—ever since a chance encounter at a dinner party—Byron...
Android Users Hit by Malware Disguised as Relaxation Programs
2025-11-10 13:35:27
A sophisticated new cyberattack targeting Android devices in South Korea has been uncovered, leveraging Google’s asset-tracking feature, Find Hub, to remotely wipe sensitive user data. Threat actors...
Why Traditional IAM Systems Fail in the Age of AI Agents
2025-11-10 13:30:20
Traditional Identity and Access Management (IAM) is fundamentally broken for AI agents because it relies on human interaction (like MFA) or static credentials, which cannot manage autonomous, non-interactive,...
Fantasy Hub is spyware for rent—complete with fake app kits and support
2025-11-10 13:26:52
Fantasy Hub RAT-for-rent hides in fake Android apps, stealing logins, PINs, and messages—all with a single SMS permission.
Staying Safe After a Cyber Attack
2025-11-10 13:26:19
One minute, everything's fine. The next? Something feels off. Maybe there's an unfamiliar charge on your bank account, or an email says your password has been changed, except you didn't do it. Or...
Microsoft dupé par une simple extension VSCode
2025-11-10 13:25:14
La marketplace VSCode de Microsoft est-elle sécurisée ? La question se pose après la découverte d'une étrange extension (...)
Critical Vulnerability in Popular NPM Library Exposes AI and NLP Apps to Remote Code Execution
2025-11-10 13:14:30
A critical security flaw has been discovered in the widely used npm package expr-eval, potentially exposing AI and natural language processing applications to remote code execution attacks. The vulnerability,...
LangGraph Vulnerability Allows Malicious Python Code Execution During Deserialization
2025-11-10 13:10:42
A critical remote code execution vulnerability has been discovered in LangGraph’s checkpoint serialization system. The flaw CVE-2025-64439 affects versions of langgraph-checkpoint before 3.0. It...
NuGet Supply-Chain Exploit Uses Timed Destructive Payloads Against ICS
2025-11-10 13:07:52
A sophisticated supply chain attack has compromised critical industrial control systems through nine malicious NuGet packages designed to inject time-delayed destructive payloads into database operations...
MAD-CAT “Meow” Tool Sparks Real-World Data Corruption Attacks
2025-11-10 12:56:13
The infamous Meow attack, which devastated unsecured databases since 2020, has resurfaced with renewed force through MAD-CAT (Meow Attack Data Corruption Automation Tool). This custom-built adversarial...
⚡ Weekly Recap: Hyper-V Malware, Malicious AI Bots, RDP Exploits, WhatsApp Lockdown and More
2025-11-10 12:51:00
Cyber threats didn't slow down last week—and attackers are getting smarter. We're seeing malware hidden in virtual machines, side-channel leaks exposing AI chats, and spyware quietly targeting Android...
Automate Tasks in .NET 8 Using Quartz and Cron Triggers
2025-11-10 12:33:03
This tutorial walks developers through automating recurring tasks in .NET 8 using Quartz Scheduler and Cron Triggers. You'll learn how to define jobs and triggers in XML, schedule file-reading tasks...
Popular npm Library Used in AI and NLP Projects Exposes Systems to RCE
2025-11-10 12:31:11
A critical remote code execution vulnerability has been discovered in the widely used JavaScript library expr-eval, affecting thousands of projects that rely on it for mathematical expression evaluation...
SUSE: MozillaThunderbird Important Fix DoS Memory Leak 2025:4006-1
2025-11-10 12:30:37
* bsc#1251263 Cross-References: * CVE-2025-11708 * CVE-2025-11709
openSUSE: MozillaThunderbird Important Security Update 2025:4006-1
2025-11-10 12:30:37
An update that solves eight vulnerabilities can now be installed.
openSUSE Leap: govulncheck-vulndb Moderate Update SUSE-SU-2025:4025-1
2025-11-10 12:30:34
* jsc#PED-11136 Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6
openSUSE Leap 15.6: govulncheck-vulndb Moderate 2025:4025-1
2025-11-10 12:30:34
An update that contains one feature can now be installed.
SUSE: squid Important Info Disclosure CVE-2025-62168 Patch 2025:4026-1
2025-11-10 12:30:32
* bsc#1252281 Cross-References: * CVE-2025-62168
openSUSE: squid Vulnerability CVE-2025-62168 Advisory 2025:4026-1 Details
2025-11-10 12:30:32
An update that solves one vulnerability can now be installed.
How Multiple Valtio Instances Broke My React Native App
2025-11-10 12:23:29
While debugging a crash in @reown/appkit-react-native, the author uncovered that valtio proxies were breaking due to multiple library instances created by pnpm's node-linker=hoisted setting. This caused...
Fired Intel Engineer Stolen 18,000 Files, Many of which Were Classified as “Top Secret”
2025-11-10 12:17:51
Intel has filed a federal lawsuit against a former employee accused of downloading thousands of classified documents shortly after being terminated, raising serious concerns about corporate data security...
Agentic AI in Cybersecurity: Beyond Triage to Strategic Threat Hunting
2025-11-10 12:17:10
With a 4M cybersecurity worker shortage, agentic AI helps SOCs move beyond triage, enabling proactive security once thought impossible. With a deficit of 4 million cybersecurity workers worldwide, it's...
USN-7865-1: Linux kernel (FIPS) vulnerabilities
2025-11-10 12:06:59
Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered
that the Linux kernel contained insufficient branch predictor isolation
between a guest and a userspace hypervisor for certain...
New Browser Security Report Reveals Emerging Threats for Enterprises
2025-11-10 11:58:06
According to the new Browser Security Report 2025, security leaders are discovering that most identity, SaaS, and AI-related risks converge in a single place, the user's browser. Yet traditional controls...
Watch out for Walmart gift card scams
2025-11-10 11:41:54
The only thing you're winning here is a spot on marketing lists you never asked to join.
Threat Actors Attacking Outlook and Google Bypassing Traditional Email Defenses
2025-11-10 11:35:36
Threat actors are systematically compromising Outlook and Google mailboxes with alarming success, leveraging sophisticated techniques that sidestep traditional email defenses entirely. According to VIPRE’s...
New Report Warns of Threat Actors Actively Adopting AI Platforms to Attack Manufacturing Companies
2025-11-10 11:33:32
The manufacturing sector faces an escalating threat landscape as cybercriminals increasingly exploit cloud-based platforms and artificial intelligence services to conduct sophisticated attacks. A comprehensive...
Avec Fastnet, AWS contrôle la connectivité transatlantique de ses services
2025-11-10 11:02:40
Amazon Web Services a annoncé le lancement de Fastnet, son dernier câble sous-marin à fibre optique transatlantique qui va relier le (...)
Monsta FTP Vulnerability Exposed Thousands of Servers to Full Takeover
2025-11-10 10:53:49
Monsta FTP users must update now! A critical pre-authentication flaw (CVE-2025-34299) allows hackers to fully take over web servers. Patch to version 2.11.3 immediately.
HackGPT Launches as AI-Driven Penetration Testing Suite Using GPT-4 and Other Models
2025-11-10 10:13:28
HackGPT Enterprise has officially launched as a production-ready, cloud-native AI-powered penetration testing platform designed specifically for enterprise security teams. Created by Yashab Alam, Founder...
Ransomware Operators Exploit RMM Tools to Deploy Medusa and DragonForce
2025-11-10 09:57:48
Cybersecurity researchers at Zensec have exposed a sophisticated supply-chain attack campaign that weaponised trusted Remote Monitoring and Management (RMM) infrastructure to deploy ransomware across...
USN-7862-2: Linux kernel vulnerability
2025-11-10 09:54:46
Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered
that the Linux kernel contained insufficient branch predictor isolation
between a guest and a userspace hypervisor for certain...
USN-7860-5: Linux kernel (HWE) vulnerability
2025-11-10 09:40:01
Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered
that the Linux kernel contained insufficient branch predictor isolation
between a guest and a userspace hypervisor for certain...
Defender Application Guard pour Office abandonné d'ici 2027
2025-11-10 09:26:08
La fin de vie de Defender Application Guard de Microsoft (MDAG) se précise. Cette fonction, qui protège les documents Office de logiciels (...)
Nine NuGet packages disrupt DBs and industrial systems with time-delayed payloads
2025-11-10 09:19:15
Nine NuGet packages by “shanhai666” can deploy delayed payloads to disrupt databases and industrial systems. Socket’s Threat Research Team discovered nine malicious NuGet packages, published...
Large-Scale ClickFix Phishing Attacks Target Hotel Systems with PureRAT Malware
2025-11-10 09:11:00
Cybersecurity researchers have called attention to a massive phishing campaign targeting the hospitality industry that lures hotel managers to ClickFix-style pages and harvest their credentials by deploying...
Google Cloud greffe de l'observabilité dans Vertex AI Agent Builder
2025-11-10 09:06:53
Petit à petit, Google Cloud enrichit Vertex AI Agent Builder avec des tableaux de bord d'observabilité inédits, des outils de création (...)
L'ANSSI vous donne rendez-vous à la ECW 2025
2025-11-10 08:57:41
L'ANSSI vous donne rendez-vous à la ECW 2025
anssiadm
lun 10/11/2025 - 08:57
Du 17 au 20 novembre 2025, l'ANSSI participera à la 10e édition de l'European Cyber...
GlassWorm Malware Discovered in Three VS Code Extensions with Thousands of Installs
2025-11-10 08:51:00
Cybersecurity researchers have disclosed a new set of three extensions associated with the GlassWorm campaign, indicating continued attempts on part of threat actors to target the Visual Studio Code (VS...
Hackers Exploit Websites to Inject Malicious Links for SEO Manipulation
2025-11-10 08:49:03
A surge in online casino spam is reshaping the dark corners of the internet, with threat actors increasingly hacking websites to embed malicious SEO-boosting links. This evolving tactic aims to promote...
A week in security (November 3 – November 9)
2025-11-10 08:02:00
A list of topics we covered in the week of November 3 to November 9 of 2025
QNAP fixed multiple zero-days in its software demonstrated at Pwn2Own 2025
2025-11-10 00:01:33
QNAP patched seven zero-days used at Pwn2Own 2025 affecting QTS, QuTS hero, Hyper Data Protector, Malware Remover, and HBS 3. Taiwanese vendor QNAP patched seven zero-day vulnerabilities exploited at...
Multiples vulnérabilités dans les produits Qnap (10 novembre 2025)
10/11/2025
De multiples vulnérabilités ont été découvertes dans les produits Qnap. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, un déni de service à distance...