Toute l'actualité de la Cybersécurité
LangChain core vulnerability allows prompt injection and data exposure
2025-12-27 18:20:16
A critical flaw in LangChain Core could allow attackers to steal sensitive secrets and manipulate LLM responses via prompt injection. LangChain Core (langchain-core) is a key Python package in the LangChain...
Hacker Leaks 2.3M Wired.com Records, Claims 40M-User Condé Nast Breach
2025-12-27 18:09:26
A hacker using the alias “Lovely” has leaked what they claim is the personal data of over 2.3…
Mondial Relay et Colis Privé alertent sur un accès non autorisé aux données clients
2025-12-27 16:38:43
Mondial Relay et colis privé signalent un accès non autorisé : données de contact et suivi colis potentiellement exposés....
The HackerNoon Newsletter: The Power and Peril of Anthropomorphized AI (12/27/2025)
2025-12-27 16:02:21
How are you, hacker?
🪐 What's happening in tech today, December 27, 2025?
The
HackerNoon Newsletter
brings the HackerNoon
...
Mongobleed PoC Exploit Tool Released for MongoDB Flaw that Exposes Sensitive Data
2025-12-27 12:00:42
A proof-of-concept (PoC) exploit dubbed “mongobleed” for CVE-2025-14847, a critical unauthenticated memory leak vulnerability in MongoDB’s zlib decompression handling. Dubbed by its...
OpenAI's ChatGPT ads will allegedly prioritize sponsored content in answers
2025-12-27 09:46:54
OpenAI is reportedly mulling a new form of ads on ChatGPT called "sponsored content," which could influence your buying decisions. [...]
NPM package with 56,000 downloads compromises WhatsApp accounts
2025-12-27 09:40:47
An NPM package with over 56,000 downloads stole WhatsApp credentials, hid its activity, and installed a backdoor. Koi Security researchers warned that the NPM package ‘Lotusbail', a WhatsApp Web API...
New MongoDB Flaw Lets Unauthenticated Attackers Read Uninitialized Memory
2025-12-27 07:52:00
A high-severity security flaw has been disclosed in MongoDB that could allow unauthenticated users to read uninitialized heap memory.
The vulnerability, tracked as CVE-2025-14847 (CVSS score: 8.7), has...
The TechBeat: From Launch to Exit in 10 Months: Inside Neri Bluman's Bet on Answer Engine Optimization (12/27/2025)
2025-12-27 07:10:59
How are you, hacker?
🪐Want to know what's trending right now?:
The Techbeat by HackerNoon has got you covered with fresh content from our trending stories of the day! Set email preference here.
...
TeamViewer DEX Vulnerabilities Let Attackers Trigger DoS Attack and Expose Sensitive Data
2025-12-27 04:49:32
Multiple critical vulnerabilities in TeamViewer DEX Client’s Content Distribution Service (NomadBranch.exe), formerly part of 1E Client. Affecting Windows versions before 25.11 and select older...
0 bounty — XSS & Input Validation
2025-12-27 04:43:18
I discovered a private programme via google dork. It was a coding platform.Continue reading on InfoSec Write-ups »
I Didn't Hack You. You Posted Everything.
2025-12-27 04:40:03
Understanding OSINT — and why online privacy no longer existsContinue reading on InfoSec Write-ups »
BankGPT TryHackMe Writeup Walkthrough
2025-12-27 04:38:56
BankGPT TryHackMe WriteupIntroductionBankGPT is a compliance-focused TryHackMe room that revolves around interacting with a tightly monitored AI assistant inside a simulated banking environment. Direct...
How Data Travels: Packet Switching vs Circuit Switching
2025-12-27 04:37:10
Series: Computer Networking from Absolute Basics — Part 3Photo by Shubham Dhage on UnsplashNote: This is Part 3 of a series. Part 2 is currently under review and will be linked here once published.In...
From Login Form to Root Access: Chaining SQLi & SSTI for Total Compromise
2025-12-27 04:35:33
**Not a Member?? Click Here to Read Full-Story!**Continue reading on InfoSec Write-ups »
iOS apps security — Intercepting custom deeplinks for security testing.
2025-12-27 04:35:30
Custom links/Deep links are a great attack vector when analyzing mobile apps for security issues.With static analysis you can enumerate the custom links either using the .plist file or uploading the...
How to get pwned with — extra-index-url
2025-12-27 04:34:31
How to get pwned with — extra-index-urlPython's built-in pip package manager is unsafe when used with the --extra-index-url flag (there are other dangerous variants too). An attacker can publish...
M-Files Vulnerability Let Attacker Capture Session Tokens of Other Active Users
2025-12-27 02:33:54
An information disclosure vulnerability in M-Files Server enables authenticated attackers to capture and reuse session tokens from active users. Potentially gaining unauthorized access to sensitive document...
Fedora 42: singularity-ce 4.3.6 Upgrade Security Advisory 2025-3ff2f4efe3
2025-12-27 01:00:48
Upgrade to 4.3.6 upstream version.
Fedora 43: singularity-ce Upgrade for CVE-2025-67499 Security Issue
2025-12-27 00:42:16
Upgrade to 4.3.6 upstream version.
List of 10 new domains
2025-12-27 00:00:00
.fr conseiller-support[.fr] (registrar: IONOS SE)
eurolottocasino[.fr] (registrar: NETIM)
hot-slice-slot[.fr] (registrar: TLD Registrar Solutions Ltd)
hot-slide-casino[.fr] (registrar: TLD Registrar Solutions...