Toute l'actualité de la Cybersécurité
WordPress King Addons Flaw Under Active Attack Lets Hackers Make Admin Accounts
2025-12-03 17:08:00
A critical security flaw impacting a WordPress plugin known as King Addons for Elementor has come under active exploitation in the wild.
The vulnerability, CVE-2025-8489 (CVSS score: 9.8), is a case of...
Pour le cloud de confiance, SFR Business s'allie à Cloud Temple
2025-12-03 17:07:55
A l'avant-poste des offres de cloud de confiance en France (aux côtés d'Orange avec Cloudwatt) en 2012 avec Numergy (qui a sombré (...)
Google expands Android scam protection feature to Chase, Cash App in U.S.
2025-12-03 17:00:00
Google is expanding support for its Android's in-call scam protection to multiple banks and financial applications in the United States. [...]
AI Safety Index 2025 : un bilan inquiétant de la sécurité de l'IA
2025-12-03 16:59:41
Le Future of Life Institute tire la sonnette d'alarme : aucune des huit grandes entreprises d'IA évaluées n'obtient une note satisfaisante en matière de sécurité.
The post AI Safety Index 2025 :...
HPE unifie ses forces réseau pour les usines IA
2025-12-03 16:58:21
Avec près de 5 000 personnes attendues (clients, partenaires et employés), l'événement HPE Discover Europe 2025, qui se tient (...)
Microsoft "mitigates" Windows LNK flaw exploited as zero-day
2025-12-03 16:45:30
Microsoft has silently "mitigated" a high-severity Windows LNK vulnerability exploited by multiple state-backed and cybercrime hacking groups in zero-day attacks. [...]
Hackers Exploit Critical Yearn Finance's yETH Pool Vulnerability to Steal Million in Ethereum
2025-12-03 16:41:41
The decentralized finance sector witnessed a devastating breach targeting Yearn Finance's yETH pool, resulting in the theft of approximately million on November 30, 2025. The attacker executed a...
Fonctions durables, instances managées… AWS Lambda devient plus flexible
2025-12-03 16:36:19
AWS donne davantage de latitude sur l'exécution des fonctions Lambda et sur le contrôle de l'infrastructure sous-jacente.
The post Fonctions durables, instances managées… AWS Lambda devient plus...
Code Review Anti-Patterns: How to Stop Nitpicking Syntax and Start Improving Architecture
2025-12-03 16:30:12
Code reviews are expensive. If your team is spending valuable senior engineering hours arguing about semicolon placement or variable casing, you are wasting money. High-impact code reviews delegate the...
Inside the Research Project Examining Hidden Bias in News Coverage
2025-12-03 16:30:06
A research group is conducting an anonymous survey to understand how readers perceive subtle linguistic bias in news articles. Participants answer demographic questions, learn the difference between bias...
Formalizing Generative Active Learning for Instance Segmentation
2025-12-03 16:15:03
Proposes BSGAL, a Generative Active Learning algorithm that uses gradient cache to filter unlimited synthetic data.
29.7 Tbps DDoS Attack Via Aisuru Botnet Breaks Internet With New World Record
2025-12-03 16:14:27
A new 29.7 Tbps distributed denial-of-service (DDoS) blast from the Aisuru botnet has set a new world record for attack volume, underscoring how fragile core internet infrastructure remains under extreme...
Hackers Using Calendly-Themed Phishing Attack to Steal Google Workspace Account
2025-12-03 16:13:59
A sophisticated phishing campaign has emerged targeting business professionals with Calendly-themed emails, combining social engineering with advanced credential theft techniques. The attack specifically...
The HackerNoon Newsletter: Porting Scientific Algorithms from MATLAB to JavaScript (12/3/2025)
2025-12-03 16:02:24
How are you, hacker?
🪐 What's happening in tech today, December 3, 2025?
The
HackerNoon Newsletter
brings the HackerNoon
...
Active Learning and Data Influence: Core Concepts and Evolution
2025-12-03 16:00:07
Highlights the novelty of applying these methods to generated data in complex instance segmentation.
Any and Some Keywords in Swift: A Guide to Understanding Both
2025-12-03 15:45:04
Learn how the any and some keywords enable flexible type handling and protocol usage in Swift, enhancing type safety and performance in your applications.
Attackers have a new way to slip past your MFA
2025-12-03 15:44:13
Attackers are using a tool called Evilginx to steal session cookies, letting them bypass the need for a multi-factor authentication (MFA) token.
Brazil Hit by Banking Trojan Spread via WhatsApp Worm and RelayNFC NFC Relay Fraud
2025-12-03 15:32:00
The threat actor known as Water Saci is actively evolving its tactics, switching to a sophisticated, highly layered infection chain that uses HTML Application (HTA) files and PDFs to propagate via WhatsApp...
The Deal Pipeline Illusion: How AI Projects Die Before They're Even Signed
2025-12-03 15:30:01
Most AI projects die in the pipeline under optimism, shifting scopes, and timelines that were never tied to physics. Kickoff only exposes the gap everyone pretended not to see. The only fix is to validate...
K7 Antivirus Vulnerability Allows Attackers Gain SYSTEM-level Privileges
2025-12-03 15:28:20
A serious privilege escalation vulnerability in K7 Ultimate Security, an antivirus product from K7 Computing, was found by abusing named pipes with overly permissive access control lists. This flaw enables...
Architecture Patterns That Enable Cycode alternatives at Scale
2025-12-03 15:26:36
Guide to scale ready code security with event driven scans unified data and API first design for large teams seeking strong growth aligned control.
Shai-Hulud 2.0 Malware Attack Compromised 30,000 Repositories and Stolen 500 GitHub Usernames and Tokens
2025-12-03 15:20:02
A significant supply chain security breach has emerged with the discovery of Shai-Hulud 2.0, a sophisticated malware that has compromised over 30,000 GitHub repositories since its emergence on November...
Deep dive into DragonForce ransomware and its Scattered Spider connection
2025-12-03 15:05:15
DragonForce expanded its ransomware operation in 2025 by working with English-speaking hackers known for advanced social engineering and initial access. Acronis explains how the "Scattered Spider" collaboration...
Eon lève 300 M$ pour transformer le back-up cloud
2025-12-03 14:52:58
Positionné comme une alternative cloud-native aux fournisseurs traditionnels de sauvegarde qui se concentrent d’abord sur la protection (...)
USN-7861-5: Linux kernel vulnerabilities
2025-12-03 14:52:04
Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered
that the Linux kernel contained insufficient branch predictor isolation
between a guest and a userspace hypervisor for certain...
Malicious Rust Evm-Units Mimic as EVM Version Silently Executes OS-specific Payloads
2025-12-03 14:51:05
The open-source software supply chain recently encountered a deceptive threat in the form of evm-units, a malicious Rust crate published by the author ablerust. Masquerading as a standard utility for...
Big Tech Wants to Trade Electricity. What Could Go Wrong?
2025-12-03 14:46:46
Big Tech is pushing deeper into the energy sector, from Meta and Microsoft seeking approval to trade electricity to markets betting on Tesla's expanding energy business. Poll results show strong public...
Why Binary Feedback May Be Enough to Train Better Media-Bias Classifiers
2025-12-03 14:30:07
The article evaluates NewsUnfold, a human-in-the-loop news reader that collects user feedback to detect media bias. Findings show that ordinary readers can reliably correct misclassified sentences, improve...
USN-7907-2: Linux kernel (FIPS) vulnerabilities
2025-12-03 14:18:57
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Cryptographic API;
...
Storm-0900 Hackers Leveraging Parking Ticket and Medical Test Themes in Massive Phishing Attack
2025-12-03 14:18:20
On Thanksgiving eve, a sophisticated threat actor known as Storm-0900 launched a high-volume phishing campaign targeting users across the United States. Microsoft Threat Intelligence security analysts...
AWS re:Invent : l'AI Factory, une grammaire désormais légitime ?
2025-12-03 14:13:41
La notion d'AI Factory devient une marque chez AWS, qui poursuit l'édification du socle technologique à l'occasion de la conférence re:Invent.
The post AWS re:Invent : l’AI Factory, une grammaire...
How attackers use real IT tools to take over your computer
2025-12-03 14:12:59
We've seen a new wave of attacks exploiting legitimate Remote Monitoring and Management (RMM) tools to remotely control victims' systems.
Microsoft Patched Windows LNK Vulnerability Exploited by Hackers in the Wild as 0-Day
2025-12-03 14:02:12
Microsoft has silently patched a Windows shortcut vulnerability that threat actors have been exploiting since 2017 to hide malicious commands from users inspecting file properties. The flaw, tracked as...
Aisuru botnet behind new record-breaking 29.7 Tbps DDoS attack
2025-12-03 14:01:04
In just three months, the massive Aisuru botnet launched more than 1,300 distributed denial-of-service attacks, one of them setting a new record with a peak at 29.7 terabits per second. [...]
USN-7908-1: PostgreSQL vulnerabilities
2025-12-03 14:00:49
Jelte Fennema-Nio discovered that the PostgreSQL CREATE STATISTICS command
did not correctly check for schema CREATE privileges. An authenticated
attacker could possibly use this issue to create a denial...
The Ransomware Holiday Bind: Burnout or Be Vulnerable
2025-12-03 13:52:29
Ransomware groups target enterprises during off-hours, weekends, and holidays when security teams are stretched thin and response times lag.
A Decade of Ransomware Chaos – How Much It Costs
2025-12-03 13:49:06
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Dec. 3, 2025 – Read the full story in IoT for all IoT for all reports that over the past decade, ransomware...
Apex Fusion Connects Three Blockchain Architectures: What This Means for DeFi's 0B Future
2025-12-03 13:45:22
Apex Fusion deployed bAP3X on Base through Skyline's Blade EVM infrastructure, connecting its tri-chain architecture (UTXO-based Vector, EVM-compatible Nexus, and Prime coordinator) to Coinbase's Layer...
Fileless protection explained: Blocking the invisible threat others miss
2025-12-03 13:33:07
Your antivirus scans files. But what about attacks that never create files? Here's how we catch the threats hiding on your family's computers.
Prédictions cybersécurité 2026 : l'IA et les réglementations changent la donne
2025-12-03 13:23:16
En cette fin d'année 2025, Rocket Software analyse l'importance que l'intelligence artificielle (IA) prend en matière de cybersécurité, mais aussi de cybermenaces. Alors que les entreprises...
University of Phoenix discloses data breach after Oracle hack
2025-12-03 13:23:10
The University of Phoenix (UoPX) has joined a growing list of U.S. universities breached in a Clop data theft campaign targeting vulnerable Oracle E-Business Suite instances in August 2025. [...]
Researchers spotted Lazarus's remote IT workers in action
2025-12-03 13:21:17
Researchers exposed a Lazarus scheme using remote IT workers tied to North Korea's Famous Chollima APT group in a joint investigation. Researchers filmed Lazarus APT group's remote-worker scheme in...
Zimperium dévoile ses prédictions 2026 : l'IA et les nouvelles régulations vont remodeler la sécurité mobile
2025-12-03 13:20:05
À l'approche de 2026, le paysage de la cybersécurité mobile s'apprête à franchir un nouveau cap. Entre l'évolution rapide des usages, l'accélération des capacités offertes par l'IA...
Researchers Explain How Delay–Doppler Spread Affects Interference in Discrete Channel Models
2025-12-03 13:00:03
This section examines how wireless channels are discretized across time and frequency, explaining how delay and Doppler spreads generate ISI/ICI, how bi-orthogonality breaks down, and why pulse shape...
CRA and AI Regulation: What's Next for Software Compliance?
2025-12-03 13:00:01
The days of postponing cyber regulations are over.
CISA Warns of Android 0-Day Vulnerability Exploited in Attacks
2025-12-03 12:42:28
CISA has added two critical Android Framework vulnerabilities to its Known Exploited Vulnerabilities catalog, signaling active exploitation in the wild. The vulnerabilities affect the Android OS and pose...
Zoom sur les outils collaboratifs Work et Meet d'Oodrive
2025-12-03 12:39:50
Face aux besoins croissants de sécurité et de conformité des données, les entreprises recherchent des solutions collaboratives (...)
Simplon forme des demandeurs d'emploi à la cybersécurité avec Metsys
2025-12-03 12:39:19
En France, le secteur de la cybersécurité manque toujours de profils qualifiés alors que les menaces ne cessent d’augmenter. (...)
MuddyWater Attacks Critical Infrastructure With Custom Malware and Improved Tactics
2025-12-03 12:33:10
MuddyWater, an Iran-aligned cyberespionage group also known as Mango Sandstorm, has launched a new, highly targeted campaign against critical infrastructure in Israel and Egypt. Active from September...
CoinAvatar Rolls Out Platform Optimizations Targeting Mainstream Web2 Adoption
2025-12-03 12:28:19
CoinAvatar has rolled out major platform optimizations across its multi-chain infrastructure. The updates focus on generation speed improvements, smart contract efficiency, and enhanced user experience....
USN-7907-1: Linux kernel vulnerabilities
2025-12-03 12:14:35
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Cryptographic API;
...
Fixing a Slow SOC: Top 3 Solutions that Actually Work
2025-12-03 12:07:43
Smarter SOC performance with faster triage, proactive defence, and a unified stack powered by instant alert context from ANY.RUN to cut MTTD and MTTR.
Discover the AI Tools Fueling the Next Cybercrime Wave — Watch the Webinar
2025-12-03 11:59:00
Remember when phishing emails were easy to spot? Bad grammar, weird formatting, and requests from a "Prince" in a distant country?
Those days are over.
Today, a 16-year-old with zero coding skills and...
AWS lance des agents IA pour le codage, la sécurité et le DevOps
2025-12-03 11:42:35
Progressivement, AWS se positionne sur l’IA agentique. Lors de son évènement Re :Invent à Las Vegas, le fournisseur a présenté (...)
USN-7906-1: Linux kernel vulnerabilities
2025-12-03 11:34:56
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- x86 architecture;
...
AI Bolsters Python Variant of Brazilian WhatsApp Attacks
2025-12-03 10:56:24
Water Saci has upgraded its self-propagating malware to compromise banks and cryptocurrency exchanges by targeting enterprise users of the popular chat app.
7 Year Long ShadyPanda Attack Spied on 4.3M Chrome and Edge Users
2025-12-03 10:44:31
Koi Security exposes ShadyPanda, a group that used trusted Chrome/Edge extensions to infect 4.3 million users over 7 years for deep surveillance and corporate espionage.
Exploits and vulnerabilities in Q3 2025
2025-12-03 10:00:59
This report provides statistical data on vulnerabilities published and exploits we researched during the third quarter of 2025. It also includes summary data on the use of C2 frameworks.
Chopping AI Down to Size: Turning Disruptive Technology into a Strategic Advantage
2025-12-03 09:56:00
Most people know the story of Paul Bunyan. A giant lumberjack, a trusted axe, and a challenge from a machine that promised to outpace him. Paul doubled down on his old way of working, swung harder, and...
USN-7905-1: KDE Connect vulnerability
2025-12-03 09:46:45
It was discovered that KDE Connect incorrectly handled device IDs. An
attacker could possibly use this issue to bypass authentication and connect
an unpaired device.
openSUSE Leap 16.0 Python-Cbor2 Important Issues Addressed 2025-20133-1
2025-12-03 09:36:01
An update that solves 2 vulnerabilities and has 2 bug fixes can now be installed.
Picklescan Bugs Allow Malicious PyTorch Models to Evade Scans and Execute Code
2025-12-03 09:30:00
Three critical security flaws have been disclosed in an open-source utility called Picklescan that could allow malicious actors to execute arbitrary code by loading untrusted PyTorch models, effectively...
India mandates SIM-linked messaging apps to fight rising fraud
2025-12-03 09:20:36
India ordered messaging apps to work only with active SIM cards linked to users' phone numbers to curb fraud and misuse. India’s Department of Telecommunications (DoT) now requires providers of...
Malicious Rust Crate Delivers OS-Specific Malware to Web3 Developer Systems
2025-12-03 08:39:00
Cybersecurity researchers have discovered a malicious Rust package that's capable of targeting Windows, macOS, and Linux systems, and features malicious functionality to stealthily execute on developer...
USN-7904-1: Ghostscript vulnerabilities
2025-12-03 08:06:19
Piotr Kajda discovered that Ghostscript incorrectly handled writing certain
files. An attacker could possibly use this issue to cause Ghostscript to
crash, resulting in a denial of service.
Debian 11: Mako Important Denial of Service Fix DLA-4393-1 CVE-2022-40023
2025-12-03 04:04:14
It was found that Mako, a Python template library, was vulnerable to a denial of service attack via crafted regular expressions. For Debian 11 bullseye, this problem has been fixed in version
China Researches Ways to Disrupt Satellite Internet
2025-12-03 02:00:00
While satellite constellations — such as Starlink — are resilient, 2,000 drones could cut communications to a region the size of Taiwan, researchers find.
Fedora 41: openbao 2.4.4 Important Security Issues DoS 2025-45a7dd8f10
2025-12-03 01:40:15
update to upstream 2.4.4, which fixed CVE-2025-64761 Adds hsm tag. The fedora-41 build was done with golang-1.24.10 which fixed CVE-2025-58189, CVE-2025-61725, CVE-2025-61723, CVE-2025-58185, and CVE-2025-58183....
Fedora 41 Applies Critical Security Patch for NextCloud 32.0.3 Update
2025-12-03 01:40:14
32.0.2 release RHBZ#2416087 RHBZ#2415750 RHBZ#2415751 RHBZ#2415752 RHBZ#2415753
Fedora 41: restic 0.18.1 Advisory - Urgent Security Concerns Identified
2025-12-03 01:40:14
Update to 0.18.1
Fedora 42: openbao Critical CVE-2025-64761 Privileged Escalation Advisory
2025-12-03 01:12:18
update to upstream 2.4.4, which fixed CVE-2025-64761 Adds hsm tag. The fedora-42 build was done with golang-1.24.10 which fixed CVE-2025-58183.
The Browser Defense Playbook: Stopping the Attacks That Start on Your Screen
2025-12-03 00:00:04
85% of daily work occurs in the browser. Unit 42 outlines key security controls and strategies to make sure yours is secure.
The post The Browser Defense Playbook: Stopping the Attacks That Start on Your...
List of 24 new domains
2025-12-03 00:00:00
.fr app-pylib[.fr] (registrar: TLD Registrar Solutions Ltd)
asctsncf[.fr] (registrar: KEY-SYSTEMS GmbH)
betonredjouer[.fr] (registrar: NETIM)
casiniajouer[.fr] (registrar: NETIM)
felixspinjouer[.fr] (registrar:...
Multiples vulnérabilités dans Google Chrome (03 décembre 2025)
03/12/2025
De multiples vulnérabilités ont été découvertes dans Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Multiples vulnérabilités dans Google Pixel (03 décembre 2025)
03/12/2025
De multiples vulnérabilités ont été découvertes dans Google Pixel. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de...
Multiples vulnérabilités dans Python (03 décembre 2025)
03/12/2025
De multiples vulnérabilités ont été découvertes dans Python. Elles permettent à un attaquant de provoquer un déni de service à distance.