Toute l'actualité de la Cybersécurité
Chinese Hackers Exploiting WSUS Remote Code Execution Vulnerability to Deploy ShadowPad Malware
2025-11-21 16:15:27
Chinese-backed attackers have begun weaponizing a critical vulnerability in Microsoft Windows Server Update Services (WSUS) to distribute ShadowPad, a sophisticated backdoor malware linked to multiple...
Fortinet sous le feu des critiques pour ses correctifs discrets
2025-11-21 16:06:58
Les chercheurs en sécurité mettent en garde contre deux vulnérabilités critiques affectant les appliances FortiWeb de Fortinet. (...)
FCC rolls back cybersecurity rules for telcos, despite state-hacking risks
2025-11-21 16:01:41
The Federal Communications Commission (FCC) has rolled back a previous ruling that required U.S. telecom carriers to implement stricter cybersecurity measures following the massive hack from the Chinese...
USN-7880-1: Linux kernel (OEM) vulnerabilities
2025-11-21 15:57:32
It was discovered that improper initialization of CPU cache memory could
allow a local attacker with hypervisor access to overwrite SEV-SNP guest
memory resulting in loss of data integrity. (CVE-2024-36331)
Several...
USN-7879-2: Linux kernel (Real-time) vulnerabilities
2025-11-21 15:45:02
It was discovered that improper initialization of CPU cache memory could
allow a local attacker with hypervisor access to overwrite SEV-SNP guest
memory resulting in loss of data integrity. (CVE-2024-36331)
Several...
Avec la suite Hexagone, Interstis cible le public et les grands comptes
2025-11-21 15:41:50
Créé en 2014 par Thomas Balladur et Nicolas Huez, Interstis s’est d’abord imposée dans le partage de fichier auprès (...)
OVH abat ses atouts dans l'IA, le cloud et la sécurité
2025-11-21 15:41:28
« Quel excitant moment pour l'innovation. Me revoilà ». Octave Klaba, fondateur d’OVHcloud, a bien fait comprendre lors du Summit (...)
'Scattered Spider' teens plead not guilty to UK transport hack
2025-11-21 15:41:24
Two British teenagers have denied charges related to an investigation into the breach of Transport for London (TfL) in August 2024, which caused millions of pounds in damage and exposed customer data....
Grafana Patches CVSS 10.0 SCIM Flaw Enabling Impersonation and Privilege Escalation
2025-11-21 15:40:00
Grafana has released security updates to address a maximum severity security flaw that could allow privilege escalation or user impersonation under certain configurations.
The vulnerability, tracked as...
Ransomware Actors Primarily Targeting Retailers This Holiday Season to Deploy Malicious Payloads
2025-11-21 15:30:18
Retailers are facing a sharp rise in targeted ransomware activity as the holiday shopping season begins. Threat groups are timing their attacks to peak sales periods, when downtime is most painful and...
How MSPs Can Cut Response Time by 60% — and Stop Losing Alerts (While Keeping Backups Safe)
2025-11-21 15:30:03
For Managed Service Providers (MSPs), minutes may even define success or failure. Many a time…
How MSPs Can Cut Response Time by 60% — and Stop Losing Alerts (While Keeping Backups Safe) on Latest...
Fake calendar invites are spreading. Here's how to remove them and prevent more
2025-11-21 15:28:23
Calendar spam is a growing problem, often arriving as email attachments or as download links in messaging apps.
USN-7879-1: Linux kernel vulnerabilities
2025-11-21 15:26:39
It was discovered that improper initialization of CPU cache memory could
allow a local attacker with hypervisor access to overwrite SEV-SNP guest
memory resulting in loss of data integrity. (CVE-2024-36331)
Several...
ShinyHunters Breach Gainsight Apps on Salesforce, Claim Data from 1000 Firms
2025-11-21 15:24:13
ShinyHunters breached Gainsight apps integrated with Salesforce, claiming access to data from 1000 firms using stolen credentials and compromised tokens.
With AI Reshaping Entry-Level Cyber, What Happens to the Security Talent Pipeline?
2025-11-21 15:02:45
Automation is rewriting early-career cybersecurity work, raising urgent questions about how the next generation of security professionals will gain real-world expertise.
Avast Makes AI-Driven Scam Defense Available for Free Worldwide
2025-11-21 15:00:10
Avast is rolling out Scam Guardian, a free AI-powered protection layer that analyzes websites, messages, and links to detect rising scam threats. Powered by Gen Threat Labs data, it reveals hidden dangers...
La gestion de crise cyber consacrée dans le référentiel PRIS
2025-11-21 14:20:33
La gestion de crise cyber devient une activité à part entière dans le référentiel de qualification des prestataires de réponse à incident.
The post La gestion de crise cyber consacrée dans le...
SolarWinds addressed three critical flaws in Serv-U
2025-11-21 14:08:37
SolarWinds patched three critical vulnerabilities in its Serv-U file transfer solution that could allow remote code execution. SolarWinds addressed three critical vulnerabilities in its Serv-U file transfer...
Switching to Offense: US Makes Cyber Strategy Changes
2025-11-21 14:00:00
The US national cyber director describes the next cyber strategy as focusing "on shaping adversary behavior," adding consequences and aggressive response.
AI-Powered Cyberattacks & Social Engineering. How to Detect and Defend Against Them.
2025-11-21 13:33:28
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Nov. 21, 2025 – Watch the YouTube video Fortune 500 chief information security officer Adam Keown says that “when...
Le futur des malwares sera alimenté par les LLMs
2025-11-21 13:28:04
Les chercheurs du Threat Labs de Netskope ont publié une analyse d'une nouvelle recherche sur la capacité de créer un malware autonome composé uniquement de prompts des grands modèles de langage...
Google begins showing ads in AI Mode (AI answers)
2025-11-21 13:02:11
Google has started rolling out ads in AI mode, which is the company's "answer engine," not a search engine. [...]
Google Brings AirDrop Compatibility to Android's Quick Share Using Rust-Hardened Security
2025-11-21 13:00:00
In a surprise move, Google on Thursday announced that it has updated Quick Share, its peer-to-peer file transfer service, to work with Apple's equipment AirDrop, allowing users to more easily share files...
Massive data leak hits Italian railway operator Ferrovie dello Stato via Almaviva hack
2025-11-21 12:14:14
Ferrovie dello Stato Italiane (FS) data leaked after a breach at IT provider Almaviva. A hacker claims the theft of 2.3 TB of sensitive data. Data belonging to Italy’s national railway operator...
China-linked APT24 Hackers New BadAudio Compromised Legitimate Public Websites to Attack Users
2025-11-21 11:42:12
APT24, a sophisticated cyber espionage group linked to China’s People’s Republic, has launched a relentless three-year campaign delivering BadAudio, a highly obfuscated first-stage downloader...
Broadcom Allegedly Breached by Clop Ransomware via Oracle E-Business Suite 0-Day Hack
2025-11-21 11:05:20
The Cl0p ransomware group has claimed responsibility for infiltrating Broadcom’s internal systems as part of an ongoing exploitation campaign targeting Oracle E-Business Suite vulnerabilities. The...
Critical Grafana Vulnerability Let Attackers Escalate Privilege
2025-11-21 11:01:20
Grafana Labs has disclosed a critical security vulnerability affecting Grafana Enterprise that could allow attackers to escalate privileges and impersonate users. The flaw, tracked as CVE-2025-41115,...
Why IT Admins Choose Samsung for Mobile Security
2025-11-21 11:00:00
Ever wonder how some IT teams keep corporate data safe without slowing down employees? Of course you have.
Mobile devices are essential for modern work—but with mobility comes risk. IT admins, like...
Un avertissement sévère : sans cybersécurité robuste, l'industrie du futur devient un paradis pour pirates
2025-11-21 10:59:20
En interconnectant les machines, les systèmes de production et les réseaux d'information, l'usine du futur exposera ses infrastructures les plus critiques au risque cyber. C'est incontestablement...
Foxconn, Nvidia to Complete .4B AI Supercomputing Centre by 2026
2025-11-21 10:48:54
Foxconn and Nvidia are teaming up on a .4B supercomputing centre powered by GB300 chips, set to become Taiwan's largest GPU cluster and a major driver of Foxconn's AI growth strategy.
Twitch Joins Australia's List of Platforms Blocked for Minors
2025-11-21 10:43:59
Australia will bar users aged 16 and under from Twitch starting Dec. 10, expanding its sweeping social media ban for minors. Platforms must block underage accounts or risk heavy fines, with Reddit and...
APT24 Deploys BADAUDIO in Years-Long Espionage Hitting Taiwan and 1,000+ Domains
2025-11-21 10:42:00
A China-nexus threat actor known as APT24 has been observed using a previously undocumented malware dubbed BADAUDIO to establish persistent remote access to compromised networks as part of a nearly three-year...
APIs for Beginners: What They Are and How They Work
2025-11-21 10:09:05
This article demystifies APIs using everyday examples, showing how programs communicate, how endpoints work, and why APIs power everything from marketplaces to modern web apps.
Critical ASUSTOR Vulnerability Let Attackers Execute Malicious Code with Elevated Privileges
2025-11-21 10:04:59
A critical security vulnerability has been discovered in ASUSTOR backup and synchronization software, allowing attackers to execute malicious code with elevated system privileges. The flaw, tracked as...
Salesforce alerts users to potential data exposure via Gainsight OAuth apps
2025-11-21 10:04:40
Salesforce warns that unusual activity in Gainsight-linked OAuth apps may have enabled unauthorized access to some customers' Salesforce data. Salesforce warned of unusual activity involving Gainsight-linked...
ToddyCat: your hidden email assistant. Part 1
2025-11-21 10:00:33
Kaspersky experts analyze the ToddyCat APT attacks targeting corporate email. We examine the new version of TomBerBil, the TCSectorCopy and XstReader tools, and methods for stealing access tokens from...
Nouveau vol de données Salesforce via une intégration SaaS
2025-11-21 09:30:27
Après le chatbot Salesloft Drift, une autre application a été mise à profit pour accéder à des instances Salesforce.
The post Nouveau vol de données Salesforce via une intégration SaaS appeared...
Windows 11 to Hide BSOD Crash Errors on Public Displays
2025-11-21 08:56:54
Microsoft has introduced a practical new feature in Windows 11 designed specifically for public-facing monitors and signage. This new mode ensures that the dreaded Blue Screen of Death (BSOD) and other...
Build a Custom ChatGPT App and Tap Into 800 Million Users
2025-11-21 08:22:24
OpenAI has introduced Apps for ChatGPT. Apps can be triggered either by an explicit mention, or when the model decides that the app is going to be useful. In this post, I will go over building a simple...
SEC Drops SolarWinds Case After Years of High-Stakes Cybersecurity Scrutiny
2025-11-21 08:05:00
The U.S. Securities and Exchange Commission (SEC) has abandoned its lawsuit against SolarWinds and its chief information security officer, alleging that the company had misled investors about the security...
The TechBeat: Solving 3D Segmentation's Biggest Bottleneck (11/21/2025)
2025-11-21 07:10:58
How are you, hacker?
🪐Want to know what's trending right now?:
The Techbeat by HackerNoon has got you covered with fresh content from our trending stories of the day! Set email preference here.
...
SonicOS SSLVPN Vulnerability Let Attackers Crash the Firewall Remotely
2025-11-21 06:36:13
SonicWall has disclosed a critical stack-based buffer overflow vulnerability in its SonicOS SSLVPN service. That allows remote unauthenticated attackers to crash firewalls through denial-of-service attacks....
OpenAI Releases GPT-5.1-Codex-Max that Performs Coding Tasks Independently
2025-11-21 06:33:44
OpenAI has launched GPT-5.1-Codex-Max, a specialized coding model designed to handle complex development tasks autonomously. The new system represents a significant leap in agentic AI capabilities,...
Authorities Sanctioned Russia-based Bulletproof Hosting Provider for Supporting Ransomware Operations
2025-11-21 06:26:50
The U.S. Department of the Treasury, Australia, and the United Kingdom have announced coordinated sanctions against Media Land. This Russia-based bulletproof hosting company provides infrastructure to...
Salesforce Flags Unauthorized Data Access via Gainsight-Linked OAuth Activity
2025-11-21 05:32:00
Salesforce has warned of detected "unusual activity" related to Gainsight-published applications connected to the platform.
"Our investigation indicates this activity may have enabled unauthorized access...
Inside Iran's Cyber Objectives: What Do They Want?
2025-11-21 05:02:00
The regime's cyber-espionage strategy employs dual-use targeting, collecting info that can support both military needs and broader political objectives.
Numerai Raises Million Series C Led by Top University Endowments at 0 Million Valuation
2025-11-21 03:57:35
Numerai, a San Francisco-based hedge fund and data science tournament uniting machine learning, decentralized finance, and cryptocurrency incentives, announced a million Series C. The round values...
Crypto Content Creator Campus (CCCC) 2025 Concludes in Lisbon
2025-11-21 03:47:16
CCCC 2025 wrapped up a successful, sold-out three-day event in Lisbon, Portugal, from November 14 to 16, 2025. Hosted at the iconic Carlos Lopes Pavilion, the campus united top creators and innovators...
Logos Unifies Under One Identity to Deliver a Private Tech Stack to Revitalise Civil Society
2025-11-21 00:54:09
Logos is a social movement and decentralised technology stack to revitalise civil society. Codex, Nomos, and Waku have been building essential pieces of decentralised tech. Unification under the Logos...
Slackware 15.0: gnutls Low Severity Stack Overflow Fix SSA:2025-324-01
2025-11-21 00:17:19
New gnutls packages are available for Slackware 15.0 and -current to fix security issues.
Vulnérabilité dans Microsoft Visual Studio Code (21 novembre 2025)
21/11/2025
Une vulnérabilité a été découverte dans Microsoft Visual Studio Code. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
Multiples vulnérabilités dans le noyau Linux d'Ubuntu (21 novembre 2025)
21/11/2025
De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, un contournement de la...
Multiples vulnérabilités dans le noyau Linux de SUSE (21 novembre 2025)
21/11/2025
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation...
Multiples vulnérabilités dans le noyau Linux de Red Hat (21 novembre 2025)
21/11/2025
De multiples vulnérabilités ont été découvertes dans le noyau Linux de Red Hat. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service...
Multiples vulnérabilités dans les produits IBM (21 novembre 2025)
21/11/2025
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte...