Toute l'actualité de la Cybersécurité
USN-7928-3: Linux kernel (Real-time) vulnerabilities
2025-12-11 18:22:02
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Cryptographic API;
...
Google fixed a new actively exploited Chrome zero-day
2025-12-11 18:18:00
Google addressed three vulnerabilities in the Chrome browser, including a high-severity bug already exploited in the wild. Google released security updates to fix three vulnerabilities in the Chrome browser,...
USN-7928-2: Linux kernel (FIPS) vulnerabilities
2025-12-11 18:11:12
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Cryptographic API;
...
USN-7928-1: Linux kernel vulnerabilities
2025-12-11 17:50:36
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Cryptographic API;
...
Malicious Visual Studio Code Extensions Hide Trojan in Fake PNG Files
2025-12-11 17:12:15
VS Code developers beware: ReversingLabs found 19 malicious extensions hiding trojans inside a popular dependency, disguising the final malware payload as a standard PNG image file.
UK fines LastPass over 2022 data breach impacting 1.6 million users
2025-12-11 17:09:00
The UK Information Commissioner's Office (ICO) fined the LastPass password management firm £1.2 million for failing to implement security measures that allowed an attacker to steal personal information...
Imposter for hire: How fake people can gain very real access
2025-12-11 17:00:00
Fake employees are an emerging cybersecurity threat. Learn how they infiltrate organizations and what steps you can take to protect your business.
The post Imposter for hire: How fake people can gain...
DroidLock malware locks you out of your Android device and demands ransom
2025-12-11 16:57:58
Researchers have found Android malware that holds your files and your device hostage until you pay the ransom.
Outpost24 Acquires Infinipoint
2025-12-11 16:46:29
This week, Outpost24 announced the acquisition of Infinipoint, a specialist in device identity, posture validation, and secure workforce access. The acquisition marks Outpost24's entry into the Zero...
The Best Red Teaming Tools of 2026: What You Need to Know
2025-12-11 16:36:42
As AI-generated threats continue to rise, more organisations are turning to red teaming to turn the tide. Nothing provides a better understanding of your security posture like letting a red team...
USN-7922-2: Linux kernel (FIPS) vulnerabilities
2025-12-11 16:35:08
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Cryptographic API;
...
GitHub Down! Developers Frustrated by ‘No Server Available' Message
2025-12-11 16:28:38
GitHub is experiencing user-reported outages, with many developers greeted by a prominent error featuring the platform’s unicorn mascot and the message “No server is currently available to...
Blazor vs React: Why This .NET Architect Finally Picked a Side
2025-12-11 16:24:34
Blazor vs React is a question every .NET developer eventually asks. Blazor lets you build interactive web UIs with C# instead of JavaScript. If you're already a .NET developer, this means one language,...
Orange recrute Guillaume Poupard pour piloter sa stratégie de souveraineté numérique
2025-12-11 16:21:23
L'actuel DGA de Docaposte rejoint l'opérateur historique en tant que Chief Trust Officer.
The post Orange recrute Guillaume Poupard pour piloter sa stratégie de souveraineté numérique appeared first...
The HackerNoon Newsletter: Why Good Products Feel Broken (12/11/2025)
2025-12-11 16:01:56
How are you, hacker?
🪐 What's happening in tech today, December 11, 2025?
The
HackerNoon Newsletter
brings the HackerNoon
...
Microsoft bounty program now includes any flaw impacting its services
2025-12-11 16:00:46
Microsoft now pays security researchers for finding critical vulnerabilities in any of its online services, regardless of whether the code was written by Microsoft or a third party. [...]
Why Your Startup's Community Strategy Is Failing (And How to Build One That Actually Works)
2025-12-11 15:59:59
Real communities grow when you show up where your audience already is, provide long-lasting value, and make participation effortless. HackerNoon amplifies these efforts by giving startups credibility,...
Notepad++ Vulnerability Let Attackers Hijack Network Traffic to Install Malware via Updates
2025-12-11 15:43:15
The popular text editor Notepad++ has addressed a severe security weakness in its update mechanism that could allow attackers to hijack network traffic and push malicious executables to users under the...
USN-7927-1: urllib3 vulnerabilities
2025-12-11 15:15:13
Illia Volochii discovered that urllib3 did not limit the steps in a
decompression chain. An attacker could possibly use this issue to cause
urllib3 to use excessive resources, causing a denial of service.
(CVE-2025-66418)
Rui...
New ConsentFix attack hijacks Microsoft accounts via Azure CLI
2025-12-11 15:10:49
A new variation of the ClickFix attack dubbed 'ConsentFix' abuses the Azure CLI OAuth app to hijack Microsoft accounts without the need for a password or to bypass multi-factor authentication (MFA) verifications....
Gogs 0-Day Vulnerability Exploited in the Wild to Hack 700+ Instances
2025-12-11 15:07:39
A critical zero-day vulnerability in Gogs, a widely used self-hosted Git service, is currently being exploited in the wild. Designated as CVE-2025-8110, this flaw allows authenticated users to execute...
L'adoption de l'authentification multi-facteurs atteint 70 % tandis que l'authentification résistante au phishing bondit de 63 %
2025-12-11 15:07:15
Okta, Inc., l’un des spécialistes de la gestion des identités, publie son Secure Sign-in Trends Report 2025 — une analyse exclusive des modes de connexion au travail — qui révèle deux tendances...
AI is accelerating cyberattacks. Is your network prepared?
2025-12-11 15:05:15
AI-driven attacks now automate reconnaissance, generate malware variants, and evade detection at a speed that overwhelms traditional defenses. Corelight explains how network detection and response (NDR)...
Panne de Cloudflare : « Quels enseignements en retenir? » par JFrog
2025-12-11 15:04:05
La récente panne de Cloudflare semble être due au déploiement dans l'urgence d'un patch correctif pour se protéger de la faille React2Shell. Tribune – Shachar Menashe, VP Security Research...
Canonical Isomorphisms In More Advanced Mathematics
2025-12-11 15:00:20
The article examines why many “canonical” isomorphisms in advanced mathematics—especially in the Langlands program, class field theory, and homological algebra—are not uniquely determined. Instead,...
1inch Named Exclusive Swap Provider at Launch for Ledger Multisig
2025-12-11 14:00:41
Road Town, British Virgin Islands, 11th December 2025, CyberNewsWire
New DroidLock Malware Locks Android Devices and Demands a Ransom
2025-12-11 14:54:05
A dangerous new malware called DroidLock is targeting Android users, particularly in Spanish-speaking regions, through phishing websites. This threat combines ransomware tactics with remote-control capabilities,...
AI in OT Sparks Cascade of Complex Challenges
2025-12-11 14:50:59
Using artificial intelligence in operational technology environments could be a bumpy ride full of trust issues and security challenges.
New ‘DroidLock' Android Malware Locks Users Out, Spies via Front Camera
2025-12-11 14:37:59
Zimperium zLabs reveals DroidLock, a new Android malware acting like ransomware that can hijack Android devices, steal credentials via phishing, and stream your screen via VNC.
Microsoft refuse de corriger une faille de proxy http dans .NET
2025-12-11 14:37:52
A l’occasion de la Black Hat en Europe qui s’est tenue à Londres du 8 au 11 décembre, Piotr Bazydło un chercheur de (...)
The Odds Of Suffering A Data Breach
2025-12-11 14:36:29
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Dec. 11, 2025 –Read the full story in KBI Media According to research from Cybersecurity Ventures, cybercrime...
INE Highlights Enterprise Shift Toward Hands-On Training Amid Widening Skills Gaps
2025-12-11 12:43:15
Cary, North Carolina, USA, 11th December 2025, CyberNewsWire
Could This Compact Workstation Redefine Professional Computing Standards Against Dell and HP
2025-12-11 14:29:59
BOSGAME is challenging Dell and HP with compact workstations that rival full-size desktops in performance, driven by advanced thermal engineering, rapid prototyping, and early adoption of AI-optimized...
USN-7926-1: OpenStack Keystone vulnerabilities
2025-12-11 14:24:04
Kay discovered that OpenStack Keystone incorrectly handled the ec2tokens
and s3tokens APIs. A remote attacker could possibly use this issue to
obtain unauthorized access and escalate privileges. (CVE-2025-65073)
It...
Microsoft Teams to Introduce External Domains Anomalies Report for Enhanced Security
2025-12-11 13:55:41
Microsoft plans to enhance the administrative features of its Teams collaboration platform with a significant new security function to monitor external communications. Scheduled for rollout in February...
New ClickFix Attacks as macOS Infostealer Leverages Official ChatGPT Website by Piggybacking
2025-12-11 13:54:36
A new malicious campaign is targeting macOS users via a novel attack that exploits ChatGPT’s official website. The attackers are using a technique called ClickFix to spread the AMOS infostealer...
Malwarebytes for Mac now has smarter, deeper scans
2025-12-11 13:40:02
Say hello to the upgraded Malwarebytes for Mac, with stronger protection and more control.
ThreatsDay Bulletin: Spyware Alerts, Mirai Strikes, Docker Leaks, ValleyRAT Rootkit — and 20 More Stories
2025-12-11 13:40:00
This week's cyber stories show how fast the online world can turn risky. Hackers are sneaking malware into movie downloads, browser add-ons, and even software updates people trust. Tech giants and governments...
Plate-forme Data : comment la Matmut a fait son entrée chez S3NS
2025-12-11 13:26:25
La Matmut a migré sa plate-forme data d'un socle Spark-Hadoop on-prem à un environnement BigQuery chez S3NS. Elle partage ses perspectives.
The post Plate-forme Data : comment la Matmut a fait son entrée...
Hackers exploit unpatched Gogs zero-day to breach 700 servers
2025-12-11 13:19:50
An unpatched zero-day vulnerability in Gogs, a popular self-hosted Git service, has enabled attackers to gain remote code execution on Internet-facing instances and compromise hundreds of servers. [...]...
NANOREMOTE Malware Uses Google Drive API for Hidden Control on Windows Systems
2025-12-11 13:16:00
Cybersecurity researchers have disclosed details of a new fully-featured Windows backdoor called NANOREMOTE that uses the Google Drive API for command-and-control (C2) purposes.
According to a report...
Charming Kitten Leak Exposes Key Personnel, Front Companies, and Thousands of Compromised Systems
2025-12-11 13:09:25
Fresh leaks from the Iranian state‑backed group Charming Kitten, also tracked as APT35, have exposed key personnel, front companies, and thousands of compromised systems spread across five continents....
USN-7925-1: c-ares vulnerability
2025-12-11 13:07:40
It was discovered that c-ares incorrectly handled terminating certain
queries after a maximum number of attempts. An attacker could possibly use
this issue to cause c-ares to crash, resulting in a denial...
Reexamining Canonical Isomorphisms in Modern Algebraic Geometry
2025-12-11 13:00:17
The article examines how mathematicians casually label maps as “canonical,” why this obscures the constructive content of theorems like the first isomorphism theorem, and how formalizing algebraic...
Scammers Sent 40,000 E-Signature Phishing Emails to 6,000 Firms in Just 2 Weeks
2025-12-11 12:46:42
Phishing campaign: Scammers sent over 40,000 spoofed SharePoint, DocuSign and e-sign emails to companies, hiding malicious links behind trusted redirect services.
Aviz Networks lance une distribution Sonic pour les entreprises
2025-12-11 12:32:31
Comment faciliter le déploiement de Sonic auprès des entreprises. Aviz Networks a peut être trouvé la solution en lançant (...)
Hackers Leveraging LLM Shared Chats to Steal Your Passwords and Crypto
2025-12-11 12:14:42
A new malware campaign has emerged that exploits legitimate AI platforms to deliver malicious code directly to unsuspecting users. Threat actors are using sponsored Google search results to redirect users...
Hunting for Mythic in network traffic
2025-12-11 12:00:52
We analyze the network activity of the Mythic framework, focusing on agent-to-C2 communication, and use signature and behavioral analysis to create detection rules for Network Detection and Response (NDR)...
Another Chrome zero-day under attack: update now
2025-12-11 11:58:47
If we're lucky, this update will close out 2025's run of Chrome zero-days. This one is a V8 type-confusion issue already being exploited in the wild.
This New Cryptocurrency Surges 250% as Phase 6 Nears 99% Completion
2025-12-11 11:43:36
Mutuum Finance is developing a decentralized lending protocol designed to support structured borrowing and lending activity. The system allows users to supply assets such as ETH or USDT, and in return...
Debian 11: libsndfile DLA-4402-1 CVE-2021-4156 Out-of-Bounds Read Risk
2025-12-11 11:35:23
An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality. An attacker who is able to submit a specially crafted file (via tricking a user to open or otherwise) to an application linked...
The Impact of Robotic Process Automation (RPA) on Identity and Access Management
2025-12-11 11:30:00
As enterprises refine their strategies for handling Non-Human Identities (NHIs), Robotic Process Automation (RPA) has become a powerful tool for streamlining operations and enhancing security. However,...
BTSE Unveils Stable Staking: A Major Initiative Offering Up to 500% APR
2025-12-11 11:28:40
BTSE launches Stable Staking Initiative. Stakers will receive annualized interest at rates of 100%, 300%, or 500%. Highest APRs given on first come, first served basis to users who stake the most.
Google Cloud lance des serveurs MCP managés pour ses services
2025-12-11 11:26:03
Petit à petit, l’automatisation s’invite dans le développement des agents IA et, en particulier, dans leur manière d’interagir (...)
Coupang CEO Resigns Following Major Data Breach Exposing 34 Million Customers
2025-12-11 11:16:45
South Korea's largest online retailer, Coupang, has been rocked by a massive data breach that exposed the personal details of nearly 34 million customers, forcing CEO Park Dae-jun to resign amid mounting...
Ne tombez pas dans le Monde à l'envers : des escrocs tentent d'hameçonner les fans de Stranger Things
2025-12-11 11:14:01
Alors que la nouvelle saison de Stranger Things arrive sur les plateformes de streaming, les experts en cybersécurité de Kaspersky lancent un avertissement aux fans. Un pic d’escroqueries a été...
Cybersécurité en PME : Pourquoi la sécurité est l'affaire de tous
2025-12-11 11:07:53
Dans l'imaginaire collectif, la cybersécurité évoque encore des salles obscures remplies de serveurs, des lignes de code à perte de vue et des ingénieurs penchés sur des écrans clignotants. En...
Hamas-Affiliated Ashen Lepus Targets Middle Eastern Diplomatic Entities With New AshTag Malware Suite
2025-12-11 11:00:38
Hamas-affiliated threat actor Ashen Lepus (aka WIRTE) is conducting espionage with its new AshTag malware suite against Middle Eastern government entities.
The post Hamas-Affiliated Ashen Lepus Targets...
WIRTE Leverages AshenLoader Sideloading to Install the AshTag Espionage Backdoor
2025-12-11 11:00:00
An advanced persistent threat (APT) known as WIRTE has been attributed to attacks targeting government and diplomatic entities across the Middle East with a previously undocumented malware suite dubbed...
New Research: Multifunction Printer (MFP) Security Concerns within the Enterprise Business Environment
2025-12-11 10:57:28
Multifunction printers (MFPs) do far more than print. They scan, email, fax, store, and authenticate. That convenience comes with risk. Our latest report, Understanding Multifunction Printer (MFP) Security...
Unpatched Gogs Zero-Day Exploited Across 700+ Instances Amid Active Attacks
2025-12-11 10:30:00
A high-severity unpatched security vulnerability in Gogs has come under active exploitation, with more than 700 compromised instances accessible over the internet, according to new findings from Wiz.
The...
Top 10 Data Anonymization Solutions for 2026
2025-12-11 10:27:55
Every business today has to deal with private information – whether it is about customers, employees, or financial…
Adam M. Root: How to Architect Agentic AI Workflows That Scale Across the Enterprise
2025-12-11 10:14:59
Enterprises struggle to scale agentic AI because they chase tools instead of defining real problems. Adam M. Root argues that human expertise, strong questions, and strategic frameworks like PURSUIT—not...
Fedora 43: Critical Security Update for httpd CVE-2025-58098 Advisory
2025-12-11 10:10:05
version update security update
Fedora 44: python-HTTP-Server Urgent URL Manipulation Patch 2026-4eea126be4
2025-12-11 10:09:58
1.282 - Sanitize all user-supplied values before inserting into HTTP headers; Fixed CVE-2025-40927.
Microsoft fixes Windows Explorer white flashes in dark mode
2025-12-11 10:09:52
Microsoft has fixed a known issue that caused bright white flashes when launching File Explorer in dark mode on Windows 11 systems after installing the KB5070311 optional update. [...]
Geopolitics and Cyber Risk: How Global Tensions Shape the Attack Surface
2025-12-11 10:01:00
Geopolitics has become a significant risk factor for today's organizations, transforming cybersecurity into a technical and strategic challenge heavily influenced by state behavior. International tensions...
Debian 11: firefox-esr Important Security Fix DLA-4401-1 CVE-2025-14321
2025-12-11 10:00:06
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, sandbox escape, same-origin policy bypass or privilege escalation....
Copilot's No-Code AI Agents Liable to Leak Company Data
2025-12-11 10:00:00
Microsoft puts the power of AI in the hands of everyday non-technical Joes. It's a nice idea, and a surefire recipe for security issues.
CastleLoader Malware Now Uses Python Loader to Bypass Security
2025-12-11 09:28:08
Cybersecurity researchers at Blackpoint Cyber discovered a new, evasive CastleLoader malware variant using Python and ClickFix social engineering to deliver RATs and info-stealers directly from memory....
Avec SecNumCloud en perspective, Numspot voit au-delà d'OUTSCALE
2025-12-11 09:18:05
Numspot se positionne désormais en plate-forme « portable » et s'oriente vers des partenariats avec des fournisseurs européens de cloud d'infrastructure.
The post Avec SecNumCloud en perspective,...
Deutsche Börse se dote d'un centre dédié à l'IA responsable
2025-12-11 09:12:17
« Nous voulons garantir la transparence, la gouvernance et la conformité dans un environnement hautement réglementé, sans pour (...)
Evroc et Suse lancent une offre cloud européenne sur Kubernetes
2025-12-11 09:02:54
Suivant le regain d'intérêt pour des offres IT européennes, Evroc et Suse apportent leur pierre à l'édifice. Les (...)
Un pack Trend Micro pour sécuriser les développements IA
2025-12-11 08:49:22
A l'occasion de l'évènement d'AWS re: Invent 2025 qui s'est déroulé la semaine dernière, Trend Micro a annoncé (...)
ITS Integra absorbe QosGuard
2025-12-11 08:49:06
L'infogéreur et opérateur cloud ITS Integra, filiale d'ITS Group, enrichit son portefeuille de services autour de l'amélioration de (...)
Pro-Russia Hacktivist Support: Ukrainian Faces US Charges
2025-12-11 08:29:54
Ukrainian Victoria Dubranova, 33, faces US charges for aiding pro-Russia hacktivist groups CARR and NoName057(16) in global cyberattacks. A Ukrainian woman, Victoria Dubranova (33), has been charged in...
Google fixes eighth Chrome zero-day exploited in attacks in 2025
2025-12-11 08:01:21
Google has released emergency updates to fix another Chrome zero-day vulnerability exploited in the wild, marking the eighth such security flaw patched since the start of the year. [...]
Cyber deception trials: what we've learned so far
2025-12-11 07:55:27
An update on the NCSC's trials to test the real-world efficacy of cyber deception solutions.
Ubuntu 25.10: libpng Denial of Service Vulnerability USN-7924-1
2025-12-11 07:35:13
Several security issues were fixed in libpng.
It didn't take long: CVE-2025-55182 is now under active exploitation
2025-12-11 07:30:41
Threat actors are now exploiting CVE-2025-55182, and attacks are poised to grow. Here's what you need to know about the vulnerability, how our honeypots are being targeted, what malware is being deployed,...
Apple's Design Lightning Rod Just Joined Meta. What Now?
2025-12-11 07:21:40
Alan Dye, the man who has spent the last decade shaping how Apple's software looks and feels, is heading to Meta.
Ubuntu 22.04 LTS: Qt Critical Denial of Service Risk 2025:7923-1
2025-12-11 07:19:04
Qt could be made to crash or run programs as your login if it opened a specially crafted file.
The TechBeat: Exploiting EIP-7702 Delegation in the Ethernaut Cashback Challenge — A Step-by-Step Writeup (12/11/2025)
2025-12-11 07:10:52
How are you, hacker?
🪐Want to know what's trending right now?:
The Techbeat by HackerNoon has got you covered with fresh content from our trending stories of the day! Set email preference here.
...
Chrome Targeted by Active In-the-Wild Exploit Tied to Undisclosed High-Severity Flaw
2025-12-11 07:09:00
Google on Wednesday shipped security updates for its Chrome browser to address three security flaws, including one it said has come under active exploitation in the wild.
The vulnerability, rated high...
Swift's #Predicate Explained: How Type-Safe Filtering Works in SwiftData
2025-12-11 07:01:17
Swift's new #Predicate macro turns query filtering into a type-safe, compile-time-checked process for SwiftData, but it requires comparing scalar identifiers—not whole objects—to generate valid...
Active Attacks Exploit Gladinet's Hard-Coded Keys for Unauthorized Access and Code Execution
2025-12-11 05:56:00
Huntress is warning of a new actively exploited vulnerability in Gladinet's CentreStack and Triofox products stemming from the use of hard-coded cryptographic keys that have affected nine organizations...
USN-7924-1: libpng vulnerabilities
2025-12-11 05:26:40
It was discovered that libpng incorrectly handled memory when processing
certain PNG files, which could result in an out-of-bounds memory access.
If a user or automated system were tricked into opening...
USN-7923-1: Qt vulnerability
2025-12-11 04:18:33
It was discovered that Qt did not correctly handle certain memory
operations. If a user or automated system were tricked into opening a
specially crafted file, an attacker could possibly use this issue...
HTB Academy: Windows CMD and PowerShell
2025-12-11 03:06:01
I did say that I needed to work on my Windows sys admin skills and also my PowerShell-fu and so here I am. As per the usual when it comes to my Academy content, I will just be covering the skill assessment...
Multiples vulnérabilités dans GitLab (11 décembre 2025)
11/12/2025
De multiples vulnérabilités ont été découvertes dans GitLab. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des...
Multiples vulnérabilités dans Google Chrome (11 décembre 2025)
11/12/2025
De multiples vulnérabilités ont été découvertes dans Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Multiples vulnérabilités dans les produits Mitel (11 décembre 2025)
11/12/2025
De multiples vulnérabilités ont été découvertes dans les produits Mitel. Elles permettent à un attaquant de provoquer une injection de code indirecte à distance (XSS).
Vulnérabilité dans Broadcom Carbon Black Cloud (11 décembre 2025)
11/12/2025
Une vulnérabilité a été découverte dans Broadcom Carbon Black Cloud. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.
Multiples vulnérabilités dans les produits Mozilla (11 décembre 2025)
11/12/2025
De multiples vulnérabilités ont été découvertes dans les produits Mozilla. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation...