Toute l'actualité de la Cybersécurité
Exploitation of Critical Vulnerability in React Server Components (Updated December 12)
2025-12-12 21:40:55
We discuss the CVSS 10.0-rated RCE vulnerability in the Flight protocol used by React Server Components. This is tracked as CVE-2025-55182.
The post Exploitation of Critical Vulnerability in React Server...
The CISO-COO Partnership: Protecting Operational Excellence
2025-12-12 21:12:13
Digital transformation has made cybersecurity preparation part of operational resilience for most organizations. This calls for a new relationship between CISO and COO.
Metasploit Wrap-Up 12/12/2025
2025-12-12 20:38:50
React2shell ModuleAs you may have heard, on December 3, 2025, the React team announced a critical Remote Code Execution (RCE) vulnerability in servers using the React Server Components (RSC) Flight protocol....
React2Shell Exploits Flood the Internet as Attacks Continue
2025-12-12 20:11:43
As exploitation activity against CVE-2025-55182 ramps up, researchers are finding some proof-of-concept exploits contain bypasses for web application firewall (WAF) rules.
Vibe Coding: Innovation Demands Vigilance
2025-12-12 20:07:23
Unmanaged coding is indeed an alluring idea, but can introduce a host of significant cybersecurity dangers, Constantine warns.
Microsoft Will Bundle Security Copilot With M365 Enterprise Licenses
2025-12-12 19:32:42
The move aims to expand the use of Security Copilot and comes with the launch of 12 new agents from Microsoft at the company's Ignite conference last week.
Fake OSINT and GPT Utility GitHub Repos Spread PyStoreRAT Malware Payloads
2025-12-12 18:50:00
Cybersecurity researchers are calling attention to a new campaign that's leveraging GitHub-hosted Python repositories to distribute a previously undocumented JavaScript-based Remote Access Trojan (RAT)...
Three New React Vulnerabilities Surface on the Heels of React2Shell
2025-12-12 18:44:02
CVE-2025-55183, CVE-2025-55184, and CVE-2025-67779 require immediate attention
Supply Chain Attacks Targeting GitHub Actions Increased in 2025
2025-12-12 18:37:53
At this week's Black Hat Europe conference, two researchers urged developers to adopt a shared responsibility model for open source software and not leave it all up to GitHub to handle.
Coupang data breach traced to ex-employee who retained system access
2025-12-12 18:28:30
A data breach at Coupang that exposed the information of 33.7 million customers has been tied to a former employee who retained access to internal systems after leaving the company. [...]
The US digital doxxing of H-1B applicants is a massive privacy misstep
2025-12-12 18:19:09
By making social accounts public, the new policy exposes private data that attackers can use for targeting, impersonation, or extortion.
A look at an Android ITW DNG exploit
2025-12-12 18:01:00
Posted by Benoît Sevens, Google Threat Intelligence GroupIntroductionBetween July 2024 and February 2025, 6 suspicious image files were uploaded to VirusTotal. Thanks to a lead from Meta, these...
New PyStoreRAT Malware Targets OSINT Researchers Through GitHub
2025-12-12 17:54:19
A new malware called PyStoreRAT is being through fake OSINT tools on GitHub targeting IT and OSINT pros. Read Morphisec's report detailing how it uses AI and evades security.
Kali Linux 2025.4 Released With 3 New Hacking Tools and Wifipumpkin3
2025-12-12 17:30:02
Kali Linux 2025.4, released with substantial desktop environment improvements, full Wayland support across virtual machines, and three powerful new hacking tools, including the much-anticipated Wifipumpkin3....
Keeper Security Launches ServiceNow Integration to Improve Visibility and Response to Cyber Attacks
2025-12-12 17:29:10
Keeper Security has announced a new integration with ServiceNow® IT Service Management (ITSM) and the Security Incident Response (SIR) module. The integration allows organisations to securely ingest...
Fake ‘One Battle After Another' torrent hides malware in subtitles
2025-12-12 17:12:47
A fake torrent for Leonardo DiCaprio's 'One Battle After Another' hides malicious PowerShell malware loaders inside subtitle files that ultimately infect devices with the Agent Tesla RAT malware. [...]...
Disney investit 1 milliard $ dans OpenAI
2025-12-12 16:30:32
Disney conclue un partenariat historique de trois ans avec OpenAI. Mickey, Elsa et Dark Vador s'invitent dans ChatGPT.
The post Disney investit 1 milliard $ dans OpenAI appeared first on Silicon.fr.
The HackerNoon Newsletter: Rusts WASI Targets Are Changing: Heres Why (12/12/2025)
2025-12-12 16:01:50
How are you, hacker?
🪐 What's happening in tech today, December 12, 2025?
The
HackerNoon Newsletter
brings the HackerNoon
...
Microsoft ouvre son bug bounty au code tiers
2025-12-12 15:46:23
La découverte de vulnérabilités critiques pourra être récompensée indépendamment de la provenance du code concerné.
The post Microsoft ouvre son bug bounty au code tiers appeared first on Silicon.fr....
Critical React2Shell Vulnerability (CVE-2025-55182) Analysis: Surge in Attacks Targeting RSC-Enabled Services Worldwide
2025-12-12 15:42:17
Torrance, United States / California, December 12th, 2025, CyberNewsWire In December 2025, CVE-2025-55182 (React2Shell), a vulnerability in React Server Components (RSC) that enables remote code execution...
Kali Linux 2025.4 released with 3 new tools, desktop updates
2025-12-12 15:27:16
Kali Linux has released version 2025.4, its final update of the year, introducing three new hacking tools, desktop environment improvements, the preview of Wifipumpkin3 in NetHunter, and enhanced Wayland...
New JSCEAL Infostealer Malware Attacking Windows Systems to Steal Login Credentials
2025-12-12 15:24:05
JSCEAL has emerged as a serious threat to Windows users, specifically targeting those who work with cryptocurrency applications and valuable accounts. First reported by Check Point Research in July 2025,...
New Research Details on What Happens to Data Stolen in a Phishing Attack
2025-12-12 15:06:05
When users encounter a phishing email, the danger extends far beyond the initial click. A typical phishing attack begins when someone is deceived into entering their login credentials on a fake website....
Shadow spreadsheets: The security gap your tools can't see
2025-12-12 15:01:11
When official systems can't support everyday workflows, employees turn to spreadsheets — creating "shadow spreadsheets" that circulate unchecked. Grist shows how these spreadsheets expose sensitive...
What Happens Inside PDFAid in Seconds: From Upload to Download
2025-12-12 14:50:02
Disclosure: This article was submitted by PDFAid for publication.
Researchers Revive 2000s ‘Blinkenlights' Technique to Dump Smartwatch Firmware via Screen Pixels
2025-12-12 14:41:06
Security researchers have successfully extracted firmware from a budget smartwatch by bringing back a 20-year-old attack method originally used to steal data from network devices. The technique, known...
Google ads funnel Mac users to poisoned AI chats that spread the AMOS infostealer
2025-12-12 14:26:03
Criminals make malicious ChatGPT and Grok conversations appear at the top of common Google searches—leading users straight to the Atomic macOS Stealer.
Gartner alerte sur l'usage des navigateurs IA en entreprise
2025-12-12 14:14:09
Il vaut mieux prévenir que guérir. Fort de cet adage, Gartner enjoint les entreprises à bloquer l’usage des navigateurs IA comme (...)
New Advanced Phishing Kits Use AI and MFA Bypass Tactics to Steal Credentials at Scale
2025-12-12 14:04:00
Cybersecurity researchers have documented four new phishing kits named BlackForce, GhostFrame, InboxPrime AI, and Spiderman that are capable of facilitating credential theft at scale.
BlackForce, first...
True Hacking Story: From Teen Computer Whiz To Crypto Godfather
2025-12-12 14:02:26
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Dec. 12, 2025 –Watch the YouTube video In early 2025, self-proclaimed crypto Godfather Adam Iza pleaded...
Are Trade Concerns Trumping US Cybersecurity?
2025-12-12 14:00:00
The Trump administration appears to have dropped sanctions against Chinese actors for the Salt Typhoon attacks on US telecoms; but focusing on diplomacy alone misses the full picture, experts say.
New AiTM Attack Campaign That Bypasses MFA Targeting Microsoft 365 and Okta Users
2025-12-12 13:57:17
A sophisticated phishing campaign has emerged that successfully bypasses multi-factor authentication, protecting Microsoft 365 and Okta users, representing a serious threat to organizations relying on...
Ubuntu 18.04: USN-7907-5 Linux Kernel Important Security Flaws
2025-12-12 13:53:59
Several security issues were fixed in the Linux kernel.
{ Tribune Expert } – Agents IA : les grands bénéfices des petits modèles de langage
2025-12-12 13:45:34
Les SLM offrent des avantages remarquables et des applications concrètes pour les équipes terrain, notamment dans des secteurs comme celui de la distribution.
The post { Tribune Expert } – Agents...
VMware exclut l'UE de la marche forcée vers VCF
2025-12-12 13:44:56
VMware franchit un nouveau cap dans le resserrement de son offre autour de VCF, mais fait - jusqu'à nouvel ordre - une exception pour l'UE.
The post VMware exclut l’UE de la marche forcée vers...
USN-7907-5: Linux kernel kernel vulnerabilities
2025-12-12 13:44:24
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Cryptographic API;
...
Debian 11: Linux Critical Kernel Update DLA-4404-1 for Privilege Escalation
2025-12-12 13:38:50
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
Top 20 Most Exploited Vulnerabilities of 2025: A Comprehensive Analysis
2025-12-12 13:29:52
The cybersecurity landscape of 2025 has been marked by an unprecedented surge in vulnerability exploitation, with threat actors leveraging critical flaws across enterprise software, cloud infrastructure,...
Sorbonne Paris Nord confronte 200 étudiants à une cyberattaque
2025-12-12 13:18:51
Mettre en lice des profils juniors lors d’un exercice de gestion de crise informatique à grande échelle. C’est l’idée (...)
Your Frontend Framework is Technical Debt: Why I Deleted React for Rust
2025-12-12 13:12:48
The orthodoxy of the last decade was simple. JavaScript is the universal runtime. The browser is a hostile environment. Therefore, we need heavy abstractions (React, Vue, Angular) to manage the complexity....
SUSE: Container-SUSECONNECT Moderate Update Bypass 2025:4373-1
2025-12-12 12:30:39
Affected Products: * Containers Module 15-SP6 * Containers Module 15-SP7 * SUSE Enterprise Storage 7.1
SUSE: kubernetes-client Important Security Update 2025:4380-1
2025-12-12 12:30:03
Affected Products: * Containers Module 15-SP6 * Containers Module 15-SP7 * openSUSE Leap 15.6
openSUSE: kubernetes-client Important Patch for Security Issues 2025:4380-1
2025-12-12 12:30:03
An update that can now be installed.
openSUSE: kubernetes-client Important Security Update 2025:4381-1
2025-12-12 12:30:02
An update that can now be installed.
Crypto.com Targets Trillion-Dollar Prediction Market Opportunity With Regulatory-First Approach
2025-12-12 12:18:38
Travis McGhee is the Global Head of Predictions at [Crypto.com]. He says the company is positioning prediction markets as a tool for democratized information aggregation. He says Crypto.com is committed...
CyberVolk Hackers Group With New VolkLocker Payloads Attacks both Linux and Windows Systems
2025-12-12 12:15:29
CyberVolk, a pro-Russia hacktivist group, has reemerged with a new ransomware platform called VolkLocker following a period of dormancy in 2025. The group, first documented in late 2024 for conducting...
New ConsentFix Attack Let Attackers Hijack Microsoft Accounts by Leveraging Azure CLI
2025-12-12 11:55:43
A sophisticated new phishing attack technique called “ConsentFix” that combines OAuth consent phishing with ClickFix-style prompts to compromise Microsoft accounts without requiring passwords...
NANOREMOTE Malware Leverages Google Drive API for Command-and-Control (C2) to Attack Windows Systems
2025-12-12 11:34:47
A sophisticated new Windows backdoor named NANOREMOTE emerged in October 2025, presenting a significant threat to enterprise environments by leveraging legitimate cloud infrastructure for malicious purposes....
New Windows RasMan zero-day flaw gets free, unofficial patches
2025-12-12 11:28:06
Free unofficial patches are available for a new Windows zero-day vulnerability that allows attackers to crash the Remote Access Connection Manager (RasMan) service. [...]
Bloqués dans les aéroports ? Des experts en cybersécurité partagent 3 conseils de sécurité pour le Wi-Fi public
2025-12-12 11:24:48
Aéroports bondés et longs retards : les voyageurs sont des cibles faciles sur les réseaux Wi-Fi publics ; des experts en cybersécurité partagent 3 mesures de sécurité. Pour éviter d'être...
Elastic detects stealthy NANOREMOTE malware using Google Drive as C2
2025-12-12 11:11:36
Elastic found a new Windows backdoor, NANOREMOTE, similar to FINALDRAFT/REF7707, using the Google Drive API for C2. Elastic Security Labs researchers uncovered NANOREMOTE, a new Windows backdoor that...
From Breach Fatigue to Brand Loyalty: Winning Customer Confidence in an Era of Constant Threats
2025-12-12 10:27:10
The Trust Crisis No One's Talking About Every breach, leak, or phishing attack doesn't just affect the targeted company—it reverberates across the broader consumer landscape. Each new headline chips...
How private is your VPN?
2025-12-12 10:25:00
After years of trying VPNs for myself, privacy-minded family members, and a few mission-critical projects, here's what I wish everyone knew.
Securing GenAI in the Browser: Policy, Isolation, and Data Controls That Actually Work
2025-12-12 10:18:00
The browser has become the main interface to GenAI for most enterprises: from web-based LLMs and copilots, to GenAI‑powered extensions and agentic browsers like ChatGPT Atlas. Employees are leveraging...
15 millions de tentatives d'attaques déguisées en VPN : le risque caché derrière la quête de confidentialité de la Gen Z
2025-12-12 10:10:55
La Génération Z utilise bien plus d'outils de confidentialité que toutes les autres générations, mais cette tendance pourrait également en faire une cible privilégiée pour les cybercriminels....
Prédiction 2026 – Pourquoi la biométrie seule ne suffit plus
2025-12-12 10:08:03
Lovro Persen, Directeur Document Management & Fraud chez IDnow, a un parcours rare dans l'industrie : trente ans d'expérience en law enforcement, dont plus d'une décennie au sein d'INTERPOL....
Sécurité réseau : cloisonnement et protection en cybersécurité
2025-12-12 10:06:26
En cybersécurité, il ne suffit plus de protéger un poste de travail, d'installer un antivirus ou de déployer un firewall. Aujourd'hui, un seul clic sur un mail piégé peut suffire à compromettre...
Deux failles dans Forticloud SSO à corriger
2025-12-12 10:04:04
Encore une alerte pour les administrateurs systèmes qui se servent de SSO (single sign-on) Forticloud pour authentifier l’accès aux (...)
Following the digital trail: what happens to data stolen in a phishing attack
2025-12-12 10:00:39
Kaspersky experts detail the journey of the victims' data after a phishing attack. We break down the use of email-based phishing kits, Telegram bots, and customized administration panels.
CISA orders feds to patch actively exploited Geoserver flaw
2025-12-12 09:48:31
CISA has ordered U.S. federal agencies to patch a critical GeoServer vulnerability now actively exploited in XML External Entity (XXE) injection attacks. [...]
U.S. CISA adds an OSGeo GeoServer flaw to its Known Exploited Vulnerabilities catalog
2025-12-12 09:24:42
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds an OSGeo GeoServer flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an...
Fusion Broadcom-VMware : le CISPE muscle son recours en annulation
2025-12-12 09:09:27
Le CISPE estime que la dette et les promesses de croissance liées à l'opération auguraient de l'évolution de la politique commerciale.
The post Fusion Broadcom-VMware : le CISPE muscle son recours...
New React RSC Vulnerabilities Enable DoS and Source Code Exposure
2025-12-12 08:55:00
The React team has released fixes for two new types of flaws in React Server Components (RSC) that, if successfully exploited, could result in denial-of-service (DoS) or source code exposure.
The team...
MITRE shares 2025's top 25 most dangerous software weaknesses
2025-12-12 08:43:16
MITRE has shared this year's top 25 list of the most dangerous software weaknesses behind over 39,000 security vulnerabilities disclosed between June 2024 and June 2025. [...]
React2Shell Exploitation Escalates into Large-Scale Global Attacks, Forcing Emergency Mitigation
2025-12-12 08:41:00
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has urged federal agencies to patch the recent React2Shell vulnerability by December 12, 2025, amid reports of widespread exploitation.
The...
Turn me on, turn me off: Zigbee assessment in industrial environments
2025-12-12 08:00:17
Kaspersky expert describes the Zigbee wireless protocol and presents two application-level attack vectors that allow Zigbee endpoints to be turned on and off.
MKVCinemas streaming piracy service with 142M visits shuts down
2025-12-12 07:14:31
An anti-piracy coalition has dismantled one of India's most popular streaming piracy services, which has provided free access to movies and TV shows to millions over the past two years. [...]
The TechBeat: How AIStor's Prompt API Lets Healthcare Professionals “Talk” to Their Data (12/12/2025)
2025-12-12 07:11:01
How are you, hacker?
🪐Want to know what's trending right now?:
The Techbeat by HackerNoon has got you covered with fresh content from our trending stories of the day! Set email preference here.
...
Hamas-Linked Hackers Probe Middle Eastern Diplomats
2025-12-12 07:00:00
Hamas's best hackers have been maturing, building better malware, and spreading their attacks more widely across the region.
Obscura Brings Bulletproofs++ to the Beldex Mainnet for Sustainable Scaling
2025-12-12 06:01:28
Beldex introduced the Obscura hardfork, which went live on December 7, 2025, at block height 4939540.
The upgrade includes multiple refinements, but its core improvement is the integration of Bulletproofs++....
ScreenSafe: A Technical Chronicle of On-Device AI and Privacy-First Architecture
2025-12-12 06:00:31
The Problem: Cloud-based moderation violates privacy, but on-device AI hits hostile OS limits—specifically the iOS Share Extension memory ceiling (120MB) and Android's Binder IPC limit (1MB).
The Solution:...
Model.fit is More Complex Than it Looks
2025-12-12 06:00:31
Linear regression's closed-form solution looks simple, but computing inverse matrix is numerically dangerous. Ill-conditioned matrices, floating-point limits, and squaring the condition number in XᵀX...
Lessons From Hands-on Research on High-Velocity AI Development
2025-12-12 05:57:11
The main constraint on AI-assisted development was not model capability but how context was structured and exposed.
3 Common Misconceptions Fintech Founders Have About Engineering Teams
2025-12-12 05:50:05
Fintech founders often make assumptions about how software development works. Agile frameworks let you adjust plans after every iteration. As your product grows, so does the complexity of its functionality...
Designing AI-Ready Infrastructure: What Modern Data Centers Actually Need
2025-12-12 05:49:28
You can buy racks of accelerators, but unless the entire power, cooling, and networking stack is prepared, those boxes turn into very expensive space heaters.
How I Built a “Bicameral” AI Agent That Uses Australian Lasers to Make Decisions When Logic Fails
2025-12-12 05:39:23
Quantum chaos = random AIBy giving an AI a direct line to the quantum vacuum, we aren't just making a random number generator. We are building a machine that can break its own chains of causality.
How GenAI is Reshaping the Modern Data Architecture
2025-12-12 05:33:02
In today's world, most of the enterprises are building LLM based GenAI solutions with document and database vectors. This is the moment almost every enterprise reaches: the GenAI works, but the data...
CISA Flags Actively Exploited GeoServer XXE Flaw in Updated KEV Catalog
2025-12-12 05:01:00
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a high-severity security flaw impacting OSGeo GeoServer to its Known Exploited Vulnerabilities (KEV) catalog, based on...
List of 8 new domains
2025-12-12 00:00:00
.fr confirmationrdv-leboncoin[.fr] (registrar: Hostinger operations UAB)
credi-agricole[.fr] (registrar: Hostinger operations UAB)
diplomatiegov[.fr] (registrar: Hostinger operations UAB)
hunterboots-france[.fr]...
Multiples vulnérabilités dans les produits Atlassian (12 décembre 2025)
12/12/2025
De multiples vulnérabilités ont été découvertes dans les produits Atlassian. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni...
Multiples vulnérabilités dans les produits Netgate (12 décembre 2025)
12/12/2025
De multiples vulnérabilités ont été découvertes dans les produits Netgate. Elles permettent à un attaquant de provoquer un déni de service à distance et un contournement de la politique de sécurité....
Multiples vulnérabilités dans les produits NetApp (12 décembre 2025)
12/12/2025
De multiples vulnérabilités ont été découvertes dans les produits NetApp. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité...
Multiples vulnérabilités dans Microsoft Edge (12 décembre 2025)
12/12/2025
De multiples vulnérabilités ont été découvertes dans Microsoft Edge. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Vulnérabilité dans Microsoft Windows Admin Center (12 décembre 2025)
12/12/2025
Une vulnérabilité a été découverte dans Microsoft Windows Admin Center. Elle permet à un attaquant de provoquer une élévation de privilèges.
Multiples vulnérabilités dans le noyau Linux de Red Hat (12 décembre 2025)
12/12/2025
De multiples vulnérabilités ont été découvertes dans le noyau Linux de Red Hat. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, un déni de service...
Multiples vulnérabilités dans le noyau Linux d'Ubuntu (12 décembre 2025)
12/12/2025
De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité...
Multiples vulnérabilités dans le noyau Linux de SUSE (12 décembre 2025)
12/12/2025
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Elles permettent à un attaquant de provoquer un déni de service et un problème de sécurité non spécifié par l'éditeur....
Multiples vulnérabilités dans les produits IBM (12 décembre 2025)
12/12/2025
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité...