Toute l'actualité de la Cybersécurité
Suse lance la bêta de son serveur MCP pour Multi-Linux Manager
2025-11-27 18:01:26
Les administrateurs de systèmes Linux n'échapperont pas au déferlement de la vague des outils d'automatisation des processus IT par (...)
Un tribunal canadien somme OVH de fournir des données sur ses serveurs
2025-11-27 17:30:37
La question de l’extraterritorialité des lois n’est pas l’apanage des réglementations américaines (Cloud Act, Fisa,…), (...)
Report Names Teen in Scattered LAPSUS$ Hunters, Group Denies
2025-11-27 17:19:30
Scattered LAPSUS$ Hunters admin "Rey," allegedly a 15-year-old named Saif Khader from Jordan, has been named in a report linking him to the group. He denies the claim.
One Identity Safeguard Named a Visionary in the 2025 Gartner Magic Quadrant for PAM
2025-11-27 15:28:21
Alisa Viejo, CA, USA, 27th November 2025, CyberNewsWire
The Next Wave of Supply Chain Attacks: NPM, PyPI, and Docker Hub Incidents Set the Stage for 2026
2025-11-27 17:07:08
When npm was hit in September, it was tempting to see it as an isolated supply chain attack. A maintainer fell for a phish, popular packages were swapped out, and downstream projects scrambled. But npm...
Quttera Launches “Evidence-as-Code” API to Automate Security Compliance for SOC 2 and PCI DSS v4.0V
2025-11-27 17:03:06
New API capabilities and AI-powered Threat Encyclopedia eliminate manual audit preparation, providing real-time compliance evidence and instant threat intelligence Quttera today announced major enhancements...
Shai Hulud v2 Exploits GitHub Actions Workflows as Attack Vector to Steal Secrets
2025-11-27 16:30:40
The software supply chain is under siege from “Shai Hulud v2,” a sophisticated malware campaign that has compromised 834 packages across the npm and Maven ecosystems. This new wave specifically...
Après les datasets, Open-R1 cherche à reproduire le pipeline de DeepSeek
2025-11-27 16:06:25
Après la phase axée sur les datasets, le projet - qui vise une reproduction ouverte de DeepSeek-R1 - a basculé sur le pipeline d'apprentissage.
The post Après les datasets, Open-R1 cherche à reproduire...
L'Autorité de la concurrence rejette la plainte de Qwant contre Microsoft
2025-11-27 15:59:15
L'Autorité de la concurrence rejette la plainte de Qwant contre Microsoft, jugeant que les accusations d'abus de position dominante et de dépendance économique dans la recherche en ligne n'étaient...
Microsoft to Block Unauthorized Scripts in Entra ID Logins with 2026 CSP Update
2025-11-27 15:37:00
Microsoft has announced plans to improve the security of Entra ID authentication by blocking unauthorized script injection attacks starting a year from now.
The update to its Content Security Policy (CSP)...
OpenAI data may have been exposed after a cyberattack on analytics firm Mixpanel
2025-11-27 15:28:53
OpenAI warns some users that a cyberattack on analytics firm Mixpanel may have exposed their data. Mixpanel is a product analytics platform that companies use to understand how people interact with their...
Webinar: Learn to Spot Risks and Patch Safely with Community-Maintained Tools
2025-11-27 14:59:00
If you're using community tools like Chocolatey or Winget to keep systems updated, you're not alone. These platforms are fast, flexible, and easy to work with—making them favorites for IT teams. But...
Qilin RaaS Exposed 1 Million Files and 2 TB of Data Linked to Korean MSP Breach
2025-11-27 14:52:09
The “Korean Leaks” campaign has emerged as one of the most sophisticated supply chain attacks targeting South Korea’s financial sector in recent memory. This operation combined the capabilities...
Dead Man's Switch – Widespread npm Supply Chain Attack Driving Malware Attacks
2025-11-27 14:42:43
GitLab’s Vulnerability Research team has uncovered a large-scale supply chain attack spreading a destructive malware variant through the npm ecosystem. The malware, an evolved version of “Shai-Hulud,”...
Wallix mise sur l'IA de Malizen pour renforcer ses solutions
2025-11-27 14:41:44
Wallix acquiert la startup rennaise Malizen pour 1,6 million € afin d'intégrer l'analyse comportementale pilotée par l'intelligence artificielle dans ses solutions dès 2026.
The post Wallix mise...
Black Friday, Cyber Monday : un marathon commercial… et un terrain de jeu idéal pour les cybercriminels
2025-11-27 14:41:13
Alors que les enseignes françaises sont en plein pic d'activité du Black Friday et du Cyber Monday, une autre course s'intensifie en coulisses : celle contre les cyberattaques. Les incidents majeurs...
Millions at risk after nationwide CodeRED alert system outage and data breach
2025-11-27 14:40:32
A ransomware attack against the CodeRED emergency alert platform has triggered warnings across the US.
NVIDIA DGX Spark Vulnerabilities Let Attackers Execute Malicious Code and DoS Attacks
2025-11-27 14:39:43
An urgent security update for its DGX Spark AI workstation after discovering 14 vulnerabilities in the system’s firmware that could allow attackers to execute malicious code and launch denial-of-service...
80% des entreprises prêtes à adopter la Threat Intelligence : un mouvement en faveur d'une modernisation de la cybersécurité en entreprise
2025-11-27 14:36:17
Alors que les entreprises renforcent de plus en plus leurs fondamentaux en matière de cybersécurité, l'adoption de solutions avancées reste minoritaire, créant un écart de maturité entre les...
USN-7896-1: libxml2 vulnerabilities
2025-11-27 14:21:02
It was discovered that the libxml2 Python bindings incorrectly handled
certain return values. An attacker could possibly use this issue to cause
libxml2 to crash, resulting in a denial of service. (CVE-2025-32414)
It...
Cyberattack on Multiple London Councils Exposes Fragility of Shared Public-Sector Systems
2025-11-27 14:14:10
Several major London boroughs, including Westminster, Kensington and Chelsea, and Hammersmith & Fulham, are facing serious disruption after a cyberattack crippled key IT systems, preventing residents...
Cyberfraude Black Friday : Les E-commerçants Français renforcent leur défense, mais 42 % restent vulnérables
2025-11-27 14:12:51
Les sites e-commerce français progressent dans la sécurisation de leurs courriels, mais 42 % n’atteignent pas une protection complète, exposant les acheteurs durant la période des fêtes. Tribune...
USN-7852-2: libxml2 vulnerability
2025-11-27 14:12:04
USN-7582-1 fixed a vulnerability in libxml2. This update provides the
corresponding fix for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS.
Original advisory details:
It was discovered that...
Kaspersky identifie des fraudes liées à la vente de produits dérivés lors de la tournée mondiale de BlackPink
2025-11-27 14:05:35
Alors que le groupe de K-pop BlackPink poursuit sa tournée mondiale, des cybercriminels profitent de l'enthousiasme des fans pour tirer profit de la situation. Les experts de Kaspersky ont identifié...
KawaiiGPT – Free WormGPT Variant Leveraging DeepSeek, Gemini, and Kimi-K2 AI Models
2025-11-27 14:03:17
KawaiiGPT emerges as an accessible, open-source tool that mimics the controversial WormGPT, providing unrestricted AI assistance via jailbroken large language models. Hosted on GitHub with over 188 stars...
Réinventer la cybersécurité dans le Cloud : pourquoi l'IA agentique est incontournable ?
2025-11-27 13:49:33
Le paysage de la cybersécurité dans le Cloud a atteint un point d'inflexion. Face à des environnements Cloud, de conteneurs, d’API et de charges de travail éphémères, la surface d’attaque...
North Korean Hackers Exploiting npm, GitHub, and Vercel to Deliver OtterCookie Malware
2025-11-27 13:40:20
A major security threat has emerged targeting software developers worldwide. North Korean state-sponsored threat actors, operating under the “Contagious Interview” campaign, are systematically...
USN-7895-1: WebKitGTK vulnerabilities
2025-11-27 13:39:57
Several security issues were discovered in the WebKitGTK Web and JavaScript
engines. If a user were tricked into viewing a malicious website, a remote
attacker could exploit a variety of issues related...
Cronos Kicks Off K Global Hackathon Focused on AI-Powered On-Chain Payments
2025-11-27 13:39:16
Cronos launches x402 PayTech Hackathon with K prize pool to drive AI-powered on-chain payments using agent tech and Crypto.com tools.
Gitlab Patches Multiple Vulnerabilities that Enable Authentication Bypass and DoS Attacks
2025-11-27 13:37:01
GitLab has released critical security updates for its Community Edition (CE) and Enterprise Edition (EE) to address multiple high-severity vulnerabilities. The patches, rolled out in versions 18.6.1, 18.5.3,...
Holiday shoppers targeted as Amazon and FBI warn of surge in account takeover attacks
2025-11-27 13:18:34
Scammers are stepping up their game for the holidays, impersonating brands to trick people into handing over their accounts.
Hackers Actively Exploiting IoT Vulnerabilities to Deploy New ShadowV2 Malware
2025-11-27 13:08:23
During late October 2025, a new malware campaign dubbed ShadowV2 emerged, coinciding with a global AWS disruption. This sophisticated threat actively exploits vulnerabilities in IoT devices to assemble...
IA en santé : Inria et Doctolib s'associent
2025-11-27 12:58:52
Inria et Doctolib s'associent pour créer une équipe de recherche commune dédiée à la recherche allant du diagnostic assisté à l'accompagnement personnalisé des patients.
The post IA en santé...
De nombreux identifiants exposés sur des sites de codage
2025-11-27 12:38:29
Identifiants, clés d’authentification, données de configuration, tokens et clés d’API sont potentiellement exposés (...)
Gemini 3 Pro : à J+10, un enthousiasme plus tempéré
2025-11-27 12:21:13
L'enthousiasme suscité par le premier modèle de la famille Gemini 3 perdure, mais se révèle plus modéré qu'au lancement.
The post Gemini 3 Pro : à J+10, un enthousiasme plus tempéré appeared...
OpenAI API User Data Exposed in Mixpanel Breach, ChatGPT Unaffected
2025-11-27 12:19:02
OpenAI confirmed a third-party data breach via Mixpanel, exposing limited API user metadata like names, emails and browser…
OpenAI discloses API customer data breach via Mixpanel vendor hack
2025-11-27 11:27:06
OpenAI is notifying some ChatGPT API customers that limited identifying information was exposed following a breach at its third-party analytics provider Mixpanel. [...]
Meet TOON, the Format Helping LLMs Shed JSON's Extra Weight
2025-11-27 10:54:11
TOON is a token-optimized, lossless alternative to JSON that reduces prompt size, boosts retrieval accuracy, and streamlines how structured data is fed to LLMs. This guide explains what it is, why it...
Debian LTS: libssh Critical Issues Addressed in DLA-4385-1
2025-11-27 10:26:47
Several vulnerabilities have been found in libssh, a tiny C SSH library. CVE-2025-4877
ThreatsDay Bulletin: AI Malware, Voice Bot Flaws, Crypto Laundering, IoT Attacks — and 20 More Stories
2025-11-27 10:03:00
Hackers have been busy again this week. From fake voice calls and AI-powered malware to huge money-laundering busts and new scams, there's a lot happening in the cyber world.
Criminals are getting creative...
Antitrust Pressure Builds Across the AI Chip Supply Chain
2025-11-27 10:00:02
This article traces how antitrust scrutiny is expanding across the AI supply chain—covering semiconductor mergers, GPU dominance, price-fixing scandals, cloud oversight, and the geopolitical policies...
openSUSE: Kernel Important Update for CVEs 2025-20091-1
2025-11-27 09:35:58
An update that solves 83 vulnerabilities and has 101 bug fixes can now be installed.
openSUSE: Important Security Fix for mysql-connector-java CVE-2025-20089-1
2025-11-27 09:35:58
An update that solves one vulnerability and has one bug fix can now be installed.
Designing Reliable API Systems: Exception Handling with Spring Boot's ControllerAdvice
2025-11-27 09:06:31
This article shows how centralized exception handling in Spring Boot—using @ControllerAdvice, custom exceptions, and a unified error model—creates cleaner, more reliable REST APIs while eliminating...
How Big Tech Is Locking In the Frontier AI Supply Chain
2025-11-27 09:00:15
This section maps the integration landscape of the frontier AI supply chain, defining relevant product markets for AI labs, cloud providers, chip designers, fabricators and lithography firms, and distinguishing...
NCSC handing over the baton of smart meter security: a decade of progress
2025-11-27 08:54:47
Why transferring the Commercial Product Assurance scheme to industry ownership marks an important milestone.
Ubuntu 16.04: FFmpeg Important Denial Of Service Crash USN-7890-1
2025-11-27 08:49:33
FFmpeg could be made to crash if it opened a specially crafted file.
New ASUS firmware patches critical AiCloud vulnerability
2025-11-27 08:33:32
ASUS released new firmware to address multiple vulnerabilities, including a critical authentication bypass flaw in routers with AiCloud enabled. ASUS has issued new firmware addressing nine security vulnerabilities,...
Critical Kernel Update for CVE-2025-4269-1 in openSUSE Available Now
2025-11-27 08:30:11
An update that solves two vulnerabilities can now be installed.
SUSE: Kernel Important Security Update CVE-2025-38500 2025:4269-1
2025-11-27 08:30:10
* bsc#1248672 * bsc#1249537 Cross-References: * CVE-2025-38500
The TechBeat: The Fatal Math Error Killing Every AI Architecture - Including The New Ones (11/27/2025)
2025-11-27 07:10:54
How are you, hacker?
🪐Want to know what's trending right now?:
The Techbeat by HackerNoon has got you covered with fresh content from our trending stories of the day! Set email preference here.
...
Gainsight Expands Impacted Customer List Following Salesforce Security Alert
2025-11-27 07:03:00
Gainsight has disclosed that the recent suspicious activity targeting its applications has affected more customers than previously thought.
The company said Salesforce initially provided a list of 3 impacted...
The DIY 5G Router Hack That Turns a Raspberry Pi Into a Pocket-Sized Powerhouse
2025-11-27 06:26:36
Build a powerful 5G router using a Raspberry Pi 5 and OpenWRT. This step-by-step guide shows you how to add mobile connectivity and create a pocket-sized network powerhouse.
Solving Aurora DSQL's IAM Token Problem: A New SeaTunnel Sink Connector for Seamless Data Migration
2025-11-27 06:25:18
High-performance, secure, real-time sync made simple.
AI for Developers: What Works, What Doesn't, and Why On-Prem Still Matters
2025-11-27 06:13:33
In 2025, AI in software engineering has officially moved past the hype cycle. 84% of respondents now use or intend to use AI in their development process. 51% of professional developers rely on such tools...
Building Scalable SaaS: My Real-World Journey Using spatie/laravel-multitenancy for Multi-Tenant Arc
2025-11-27 06:12:52
This article breaks down how I've used this package in real production systems, what worked, what didn't, and the lessons I learned.
GPUs Trade Complexity for Massive Parallelism: What Every Machine Learning Engineer Should Know
2025-11-27 05:54:50
The goal of this article is to show the fundamental differences between CPU threads and GPU threads. It will also show how GPUs deliberately simplify per-thread control to pack in far more parallelism....
Why the Next Wave of AI Value Will Come from “Boring” Operations Work
2025-11-27 05:53:08
According to Karl Pinto, a veteran enterprise leader who has spent nearly two decades in incident management and digital operations, the true transformation is unfolding quietly in the background.
From Hypotheses to High-Value Calls: How Juan Solares Scales Customer Insights at Essential
2025-11-27 05:51:22
Solares's playbook suggests that systematic approaches to customer development function less as bureaucratic overhead and more as competitive advantages for lean teams.
China Software Developer Network - 6,414,990 breached accounts
2025-11-27 05:49:56
In 2011, the China Software Developer Network (CSDN) suffered a data breach that exposed over 6M user records. The data included email addresses alongside usernames and plain text passwords.
UNC2891 Hackers Use Linux Malware in Major Banking Security Heists
2025-11-27 02:47:22
UNC2891 has been working its way through gaps in ATM security and broader banking security by slipping small hardware implants into places most teams assume are locked down. Investigators found Raspberry...
Multiples vulnérabilités dans GitLab (27 novembre 2025)
27/11/2025
De multiples vulnérabilités ont été découvertes dans GitLab. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et un...
Multiples vulnérabilités dans les produits Splunk (27 novembre 2025)
27/11/2025
De multiples vulnérabilités ont été découvertes dans les produits Splunk. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une atteinte à la confidentialité...
Vulnérabilité dans Mattermost Server (27 novembre 2025)
27/11/2025
Une vulnérabilité a été découverte dans Mattermost Server. Elle permet à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Vulnérabilité dans MISP (27 novembre 2025)
27/11/2025
Une vulnérabilité a été découverte dans MISP. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.