Toute l'actualité de la Cybersécurité
SAP Security Update – Patch for Critical Vulnerabilities Allowing Code Execution and Injection Attacks
2025-11-11 08:03:28
SAP released its monthly Security Patch Day updates, addressing 18 new security notes and providing two updates to existing ones, focusing on vulnerabilities that could enable remote code execution and...
Cyber Action Toolkit: breaking down the barriers to resilience
2025-11-11 07:59:36
How the NCSC's ‘Cyber Action Toolkit' is helping small businesses to improve their cyber security.
Hackers Exploiting Triofox 0-Day Vulnerability to Execute Malicious Payload Abusing Anti-Virus Feature
2025-11-11 07:53:07
Google Mandiant has disclosed active exploitation of CVE-2025-12480, a critical unauthenticated access vulnerability in Gladinet’s Triofox file-sharing platform. The threat cluster tracked as UNC6485 has...
Researchers Expose Deep Connections Between Maverick and Coyote Banking Malware
2025-11-11 07:52:40
Security researchers at CyberProof have uncovered critical connections between two sophisticated banking trojans Maverick and Coyote that are actively targeting Brazilian users through WhatsApp. The discovery...
Critical Triofox bug exploited to run malicious payloads via AV configuration
2025-11-11 07:28:05
Hackers exploited Triofox flaw CVE-2025-12480 to bypass auth and install remote access tools via the platform's antivirus feature. Google’s Mandiant researchers spotted threat actors exploiting...
65% of Top AI Firms Found Exposing Verified API Keys and Tokens on GitHub
2025-11-11 07:21:04
A comprehensive security analysis has uncovered a troubling reality: 65% of leading AI companies have leaked verified secrets on GitHub, exposing critical API keys, authentication tokens, and sensitive...
Beware of Security Alert-Themed Malicious Emails that Steal Your Email Logins
2025-11-11 07:19:35
A sophisticated phishing campaign is currently targeting email users with deceptive security alert notifications that appear to originate from their own organization’s domain. The phishing emails...
CISA Issues Alert on Samsung 0-Day RCE Flaw Actively Exploited in Attacks
2025-11-11 06:53:35
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical remote code execution vulnerability affecting Samsung mobile devices to its Known Exploited Vulnerabilities (KEV) catalog,...
Danabot Malware Reemerges with Version 669 After Operation Endgame
2025-11-11 06:39:17
The notorious Danabot banking malware has made a comeback with the release of version 669, marking a significant return after nearly six months of silence following the coordinated law enforcement takedown...
Lazarus Group Deploys Weaponized Documents Against Aerospace & Defense
2025-11-11 06:19:56
Security researchers at ENKI have uncovered a sophisticated espionage campaign targeting aerospace and defense organizations, in which the Lazarus Group is weaponizing a new variant of the Comebacker...
CISA Warns of Samsung Mobile Devices 0-Day RCE Vulnerability Exploited in Attacks
2025-11-11 06:07:37
CISA has added a critical zero-day vulnerability affecting Samsung mobile devices to its Known Exploited Vulnerabilities catalog. Warning that threat actors are actively exploiting the flaw in real-world...
Threat Actors Leverage RMM Tools to Deploy Medusa & DragonForce Ransomware
2025-11-11 06:01:57
A sophisticated wave of ransomware attacks targeting UK organizations has emerged in 2025, exploiting vulnerabilities in the widely-used SimpleHelp Remote Monitoring and Management platform. Two prominent...
Hackers Exploit Triofox 0-Day to Deploy Malicious Payloads Using Anti-Virus Feature
2025-11-11 05:48:45
Cybersecurity researchers from Mandiant Threat Defense have uncovered a critical zero-day vulnerability in Gladinet’s Triofox file-sharing platform that allowed attackers to bypass authentication...
Threat Report: xHunt Targets Microsoft Exchange and IIS with Custom Backdoors
2025-11-11 05:20:00
The xHunt advanced persistent threat group continues to pose a significant cybersecurity risk through sophisticated attacks targeting Microsoft Exchange and IIS web servers with custom-built backdoors....
OWASP Top 10 2025 Released: Major Revisions and Two New Security Classes Added
2025-11-11 05:15:54
The Open Web Application Security Project (OWASP) has officially unveiled the eighth edition of its influential Top 10 security risks list for 2025, introducing significant changes that reflect the evolving...
You Thought It Was Over? Authentication Coercion Keeps Evolving
2025-11-11 04:30:09
A new type of authentication coercion attack exploits an obscure and rarely monitored remote procedure call (RPC) interface.
The post You Thought It Was Over? Authentication Coercion Keeps Evolving appeared...
Fedora 42: dotnet 8.0 Release Notification FEDORA-2025-f74de9283d
2025-11-11 01:26:23
This is the October 2025 release of .NET 8. Release Notes: SDK: https://github.com/dotnet/core/blob/main/release- notes/8.0/8.0.21/8.0.121.md Runtime: https://github.com/dotnet/core/blob/main/release-
Fedora 42: cef High Updates for Multiple CVEs FEDORA-2025-313f6d7702
2025-11-11 01:26:22
Update to 141.0.7390.122 High CVE-2025-12036 chromium: Inappropriate implementation in V8 High CVE-2025-11756: Use after free in Safe Browsing High CVE-2025-11458: Heap buffer overflow in Sync High CVE-2025-11460:...
Fedora: dotnet8.0 Critical Update Denial of Service Risk 2025-9171c95e17
2025-11-11 00:50:16
This is the October 2025 release of .NET 8. Release Notes: SDK: https://github.com/dotnet/core/blob/main/release- notes/8.0/8.0.21/8.0.121.md Runtime: https://github.com/dotnet/core/blob/main/release-
Fedora 43: cef High CVE-2025-12036 Update 2025-6c9c483e21
2025-11-11 00:50:14
Update to 141.0.7390.122 High CVE-2025-12036 chromium: Inappropriate implementation in V8 High CVE-2025-11756: Use after free in Safe Browsing High CVE-2025-11458: Heap buffer overflow in Sync High CVE-2025-11460:...
APT37 hackers abuse Google Find Hub in Android data-wiping attacks
2025-11-11 00:46:40
North Korean hackers from the KONNI activity cluster are abusing Google's Find Hub tool to track their targets' GPS positions and trigger remote factory resets of Android devices. [...]
Ubuntu: Intel Microcode Critical Escalation Threat USN-7866-1
2025-11-11 00:08:31
Several security issues were fixed in Intel Microcode.