Toute l'actualité de la Cybersécurité
Decades-old ‘Finger' protocol abused in ClickFix malware attacks
2025-11-15 18:46:19
The decades-old "finger" command is making a comeback,, with threat actors using the protocol to retrieve remote commands to execute on Windows devices. [...]
DoorDash hit by data breach after an employee falls for social engineering scam
2025-11-15 18:35:09
Food delivery giant DoorDash confirms a data breach on Oct 25, 2025, where an employee fell for a social engineering scam. User names, emails, and home addresses were stolen.
RondoDox Exploits Unpatched XWiki Servers to Pull More Devices Into Its Botnet
2025-11-15 16:35:00
The botnet malware known as RondoDox has been observed targeting unpatched XWiki instances against a critical security flaw that could allow attackers to achieve arbitrary code execution.
The vulnerability...
The HackerNoon Newsletter: The Zero to Shipped Framework for New Developers (11/15/2025)
2025-11-15 16:01:50
How are you, hacker?
🪐 What's happening in tech today, November 15, 2025?
The
HackerNoon Newsletter
brings the HackerNoon
...
Jaguar Land Rover cyberattack cost the company over 0 million
2025-11-15 15:09:19
Jaguar Land Rover (JLR) published its financial results for July 1 to September 30, warning that the cost of a recent cyberattack totaled £196 million (0 million) in the quarter. [...]
Everything You Need to Know About XML Schema Validation 1.1 in Java
2025-11-15 15:00:15
The Java JDK uses a wrapped Xerces implementation for parsing. The implementation is stuck on XSD validation 1.1, which is not supported in XSD 1.0. The solution is to use the Xerces-J implementation...
Here's How You Can Cut Milliseconds Off Your Response Time Using Symfony
2025-11-15 15:00:08
In the era of high user expectations and SEO demands, every millisecond counts. A faster application translates directly into better user experience, higher conversion rates, and a lower carbon footprint....
Cisco Catalyst Center Vulnerability Let Attackers Escalate Priveleges
2025-11-15 14:48:55
A serious security flaw in Cisco Catalyst Center Virtual Appliance has been discovered that allows attackers with low-level access to gain full administrator control over affected systems. The vulnerability,...
PoC Exploit Tool Released for FortiWeb WAF Vulnerability Exploited in the Wild
2025-11-15 14:02:00
A proof-of-concept (PoC) exploit tool for CVE-2025-64446 has been publicly released on GitHub. This vulnerability, affecting FortiWeb devices from Fortinet, involves a critical path traversal flaw that...
Storing JSON and XML in SQL Databases: An Essential Guide
2025-11-15 14:00:06
In the era of big data and diverse data formats, the ability to store and query semi-structured data has become increasingly important. This article explores how to effectively store and manage JSON and...
Critical pgAdmin4 Vulnerability Lets Attackers Execute Remote Code on Servers
2025-11-15 13:12:39
A severe remote code execution (RCE) flaw has been uncovered in pgAdmin4, the popular open-source interface for PostgreSQL databases. Dubbed CVE-2025-12762, the vulnerability affects versions up to 9.9...
RONINGLOADER Weaponizes Signed Drivers to Disable Defender and Evade EDR Tools
2025-11-15 12:43:28
A new threat targeting Chinese users has appeared with a dangerous ability to shut down security tools. RONINGLOADER, a multi-stage loader spreading a modified version of the gh0st RAT, uses clever tricks...
Hackers are Weaponizing Invoices to Deliver XWorm That Steals Login Credentials
2025-11-15 10:54:35
Attackers are using fake invoice emails to spread XWorm, a remote-access trojan that quietly steals login credentials, passwords, and sensitive files from infected computers. When a user opens the attached...
First Large-scale Cyberattack Using AI Tools With Minimal Human Input
2025-11-15 10:45:42
Chinese government-backed hackers used Anthropic's Claude Code tool to carry out advanced spying on about thirty targets worldwide, successfully breaking into several major organizations. The first...
Five Plead Guilty in U.S. for Helping North Korean IT Workers Infiltrate 136 Companies
2025-11-15 10:21:00
The U.S. Department of Justice (DoJ) on Friday announced that five individuals have pleaded guilty to assisting North Korea's illicit revenue generation schemes by enabling information technology (IT)...
Highly Sophisticated macOS DigitStealer Employs Multi-Stage Attacks to Evade detection
2025-11-15 10:02:57
A new malware family targeting macOS systems has emerged with advanced detection evasion techniques and multi-stage attack chains. Named DigitStealer, this information stealer uses multiple payloads to...
Mageia 9: Critical Cleartext Vulnerability in Stardict CVE-2025-55014
2025-11-15 08:12:22
MGASA-2025-0298 - Updated stardict packages fix security vulnerability
Mageia: yelp Important Remote Code Exec CVE-2025-3155 Advisory 2025-0297
2025-11-15 08:12:21
MGASA-2025-0297 - Updated yelp & yelp-xsl packages fix security vulnerability
Mageia: Apache Commons FileUpload Important DoS Advisory MGASA-2025-0296
2025-11-15 08:12:20
MGASA-2025-0296 - Updated apache-commons-fileupload packages fix security vulnerability
Mageia 9: Notice on Botan2 CVE-2024-50384 Denial of Service MGASA-2025-0296
2025-11-15 08:12:19
MGASA-2025-0295 - Updated botan2 packages fix security vulnerabilitiy
Mageia 9: Fix for spdlog Resource Usage MGASA-2025-0294 CVE-2025-6140
2025-11-15 08:12:18
MGASA-2025-0294 - Updated spdlog packages fix security vulnerability
Mageia 9: apache-commons-lang3 Important Stack Overflow Bug MGASA-2025-0293
2025-11-15 08:12:17
MGASA-2025-0293 - Updated apache-commons-lang3 & apache-commons-lang packages fix security vulnerability
Formbook Malware Delivered Using Weaponized Zip Files and Multiple Scripts
2025-11-15 07:43:09
A new wave of Formbook malware attacks has appeared, using weaponized ZIP archives and multiple script layers to bypass security controls. The attacks begin with phishing emails containing ZIP files that...
The TechBeat: Stop the Slop. Start Coding Smarter with AI (11/15/2025)
2025-11-15 07:10:59
How are you, hacker?
🪐Want to know what's trending right now?:
The Techbeat by HackerNoon has got you covered with fresh content from our trending stories of the day! Set email preference here.
...
A Multi-Stage Phishing Kit Using Telegram to Harvest Credentials and Bypass Automated Detection
2025-11-15 07:06:13
Phishing attacks continue to be one of the most persistent threats targeting organizations worldwide. Cybercriminals are constantly improving their methods to steal sensitive information, and a recently...
U.S. CISA adds Fortinet FortiWeb flaw to its Known Exploited Vulnerabilities catalog
2025-11-15 06:58:38
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Fortinet FortiWeb flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added...
Akira Ransomware Targets Over 250 Organizations, Extracts Million in Ransom Payments – New CISA Report
2025-11-15 06:09:37
A new advisory from the Cybersecurity and Infrastructure Security Agency reveals that Akira ransomware has become one of the most active threats targeting businesses worldwide. Since March 2023, this...
When Reading the Source Code Is the Real Hack: A Web Challenge Story | v1t CTF
2025-11-15 05:57:48
Sometimes the best hacking tool is just… reading comprehensionDifficulty: Beginner-Friendly | Category: Web ExploitationHello everyoneI'm Chetan Chinchulkar (aka omnipresent), and we're switching gears!...
Reflected XSS → DVWA Walkthrough: Learn How User Input Can Trigger a Script Execution
2025-11-15 05:56:06
🕵Hey! I'm Adwaith, an aspiring offensive security enthusiast, and I'm excited to walk you through the Reflected XSS lab in DVWA, where we'll see how a simple input field can lead to script execution.Click...
SQL Injection: Listing Database Contents on Non-Oracle Databases
2025-11-15 05:55:12
UNION-based SQL injection used to enumerate database tables, extract credential columns, dump usernames and passwords, and log in as the…Continue reading on InfoSec Write-ups »
Evaluating Visual Adapters: MIVPG Performance on Single and Multi-Image Inputs
2025-11-15 03:12:01
Details MIVPG experiments across single- and multi-image scenarios. Model uses frozen LLM and Visual Encoder, updating only the MIVPG for efficiency.
MIVPG and Instance Correlation: Enhanced Multi-Instance Learning
2025-11-15 03:00:13
MIVPG uses a Correlated Self-Attention (CSA) module to unveil instance correlation, fulfilling all MIL properties while outperforming Q-Former. CSA improves aggregation and reduces time complexity.
Multimodal Fusion: MIVPG's Hierarchical MIL Approach for Multi-Image Samples
2025-11-15 02:28:16
Details MIVPG's hierarchical approach to MIL for multi-image samples. It treats both image patches and whole images as 'instances' for feature aggregation via cross-attention.