Toute l'actualité de la Cybersécurité
Multiple Cisco Unified CCX Vulnerabilities Enable Arbitrary Command Execution by Attackers
2025-11-14 13:36:02
Cisco has disclosed critical security vulnerabilities affecting Cisco Unified Contact Center Express (Unified CCX) that could enable unauthenticated, remote attackers to execute arbitrary commands, escalate...
RONINGLOADER Uses Signed Drivers to Disable Microsoft Defender and Bypass EDR
2025-11-14 13:18:12
Elastic Security Labs has uncovered a sophisticated campaign deploying a newly identified loader, dubbed RONINGLOADER, that weaponizes legitimately signed kernel drivers to systematically disable Microsoft...
Hackers Exploit Rogue MCP Server to Inject Malicious Code into Cursor's Built-In Browser
2025-11-14 13:16:08
Security researchers have uncovered a critical vulnerability in Cursor, the AI-powered code editor, that allows attackers to inject malicious code through rogue Model Context Protocol (MCP) servers. Unlike...
NVIDIA NeMo Flaw Enables Code Injection and Privilege Escalation Attacks
2025-11-14 12:59:14
NVIDIA has released critical security patches addressing two high-severity vulnerabilities in its NeMo Framework that could allow attackers to execute arbitrary code and escalate privileges on affected...
Cybercriminals Use Fake Invoices to Deploy XWorm and Steal Login Credentials
2025-11-14 12:54:26
Cybercriminals are deploying sophisticated phishing campaigns that weaponize seemingly legitimate invoice emails to distribute Backdoor.XWorm is a dangerous remote-access trojan (RAT) capable of stealing...
Critical FortiWeb flaw under attack, allowing complete compromise
2025-11-14 12:41:05
A Fortinet FortiWeb auth-bypass flaw is being actively exploited, allowing attackers to hijack admin accounts and fully compromise devices. Researchers warn of an authentication bypass flaw in Fortinet...
Advanced macOS DigitStealer Uses Multi-Stage Attack Chain to Evade Detection
2025-11-14 12:31:36
Jamf Threat Labs has identified a new family of malicious stealers tracked as DigitStealer, representing a significant evolution in macOS-targeted malware. Unlike traditional infostealers that follow...
Threat Actors Leverage JSON Storage Services to Host and Deliver Malware Via Trojanized Code Projects
2025-11-14 12:29:53
Cybersecurity researchers have uncovered a sophisticated campaign where threat actors abuse legitimate JSON storage services to deliver malware to software developers. The campaign, known as Contagious...
Agent 365 : vers un nouveau modèle économique chez Microsoft
2025-11-14 12:22:57
Microsoft s'apprêterait à ériger certains agents au rang d'utilisateurs inscrits dans l'organigramme d'entreprise et ayant chacun sa licence.
The post Agent 365 : vers un nouveau modèle économique...
Formbook Malware Campaign Uses Malicious ZIP Files and Layered Scripting Techniques
2025-11-14 12:07:35
A new campaign leveraging Formbook malware has emerged, showcasing sophisticated multi-stage infection tactics that underscore the importance of analyzing more than just executable files during malware...
L'UE examine les engagements de SAP pour clore une enquête antitrust
2025-11-14 11:58:37
L'Union européenne lance un test de marché sur les engagements proposés par SAP pour clore son enquête antitrust.
The post L’UE examine les engagements de SAP pour clore une enquête antitrust...
Google backpedals on new Android developer registration rules
2025-11-14 11:54:44
Google is backpedaling on its decision to introduce new identity verification rules for all developers, stating that it will also introduce accounts for limited app distribution and will allow users to...
Multiple vulnerabilities in Cisco Unified CCX Allow Attackers to Execute Arbitrary Commands
2025-11-14 11:38:48
Cisco has released security updates to address two critical vulnerabilities in Unified Contact Center Express (Unified CCX) that could allow unauthenticated attackers to execute arbitrary commands with...
Analysis of Multi-Stage Phishing Kits Leveraging Telegram for Credential Theft and Evasion Techniques
2025-11-14 11:28:17
Researchers at Group-IB have uncovered a sophisticated phishing framework that demonstrates how cybercriminals are industrializing credential theft through automation, evasion techniques, and Telegram-based...
Hackers Flooded npm Registry Over 43,000 Spam Packages Survived for Almost Two Years
2025-11-14 11:22:00
Security researcher Paul McCarty uncovered a significant coordinated spam campaign targeting the npm ecosystem. The IndonesianFoods worm, as it has been named, consists of more than 43,000 spam packages...
Microsoft annualise les mises à jour pour Configuration Manager
2025-11-14 11:04:14
Petit changement pour SCCM (system center configuration manager) de Microsoft. En effet, l'éditeur a annoncé qu'en 2026 le cycle des mises (...)
Kraken Ransomware Targets Windows, Linux, and VMware ESXi in Enterprise Environments
2025-11-14 10:47:22
Cisco Talos has identified an emerging threat from Kraken, a sophisticated cross-platform ransomware group that has emerged from the remnants of the HelloKitty ransomware cartel. In August 2025, the security...
GitHub piège Actions avec un paquet npm malveillant
2025-11-14 10:37:54
Les outils de développement deviennent une cible de plus en plus importante pour les cybercriminels. Dans le catalogue de vecteurs, les paquets (...)
Ransomware's Fragmentation Reaches a Breaking Point While LockBit Returns
2025-11-14 10:37:00
Key Takeaways:
85 active ransomware and extortion groups observed in Q3 2025, reflecting the most decentralized ransomware ecosystem to date.
1,590 victims disclosed across 85 leak sites, showing high,...
What Happens When Telegram's 1 Billion Users Get Access to Ethical AI? AlphaTON Has a Plan
2025-11-14 10:16:04
AlphaTON Capital has partnered with SingularityNET, CUDO Compute, and Vertical Data to deploy hydroelectric-powered GPU infrastructure in Sweden for Telegram's Cocoon AI network. The collaboration addresses...
How Sierra Protocol Plans to Reshape DeFi Yield Generation With Dynamic Rebalancing
2025-11-14 10:15:13
Sierra Protocol launched SIERRA, the first dynamically rebalanced Liquid Yield Token on Avalanche, combining investment-grade RWAs and DeFi protocols into a single, auto-rebalancing portfolio. Built on...
Washington Post Oracle E-Suite 0-Day Hack Impacts 9K+ Employees and Contractors
2025-11-14 10:12:12
The Washington Post has publicly disclosed a significant data breach involving external hacking of its Oracle E-Suite system, impacting over 9,700 employees and contractors worldwide. The breach notification,...
Concurrence dans l'IA : le procès Musk contre Apple et OpenAI aura lieu
2025-11-14 10:08:24
Un juge fédéral valide la plainte de X et xAI, obligeant Apple et OpenAI à répondre aux accusations d'entrave à la concurrence dans l'IA.
The post Concurrence dans l’IA : le procès Musk...
Chinese Hackers Use Anthropic's AI to Launch Automated Cyber Espionage Campaign
2025-11-14 09:53:00
State-sponsored threat actors from China used artificial intelligence (AI) technology developed by Anthropic to orchestrate automated cyber attacks as part of a "highly sophisticated espionage campaign"...
ASUS warns of critical auth bypass flaw in DSL series routers
2025-11-14 09:52:37
ASUS has released new firmware to patch a critical authentication bypass security flaw impacting several DSL series router models. [...]
Comment la virtualisation sur OpenShift a évolué depuis la fusion Broadcom-VMware
2025-11-14 09:42:04
Six versions mineures d'OpenShift sont sorties depuis l'acquisition de VMware par Broadcom. Focus sur l'évolution fonctionnelle de la brique de virtualisation.
The post Comment la virtualisation sur...
Le plan d'Octave Klaba pour remettre OVH sur les rails
2025-11-14 09:39:50
Jeudi 20 novembre prochain, OVH invite ses clients et partenaires à la maison de la Mutualité (Paris) pour la prochaine édition (...)
Germany's BSI issues guidelines to counter evasion attacks targeting LLMs
2025-11-14 09:32:50
Germany's BSI warns of rising evasion attacks on LLMs, issuing guidance to help developers and IT managers secure AI systems. Germany's BSI warns of rising evasion attacks on LLMs, issuing guidance...
Critical Imunify360 AV Vulnerability Exposes 56 Million+ Linux-hosted Websites to RCE Attacks
2025-11-14 09:30:39
A severe remote code execution (RCE) vulnerability has been discovered in Imunify360 AV, a widely used malware scanner protecting approximately 56 million websites. The security flaw, recently patched...
Les données nucléaires au coeur de l'accord EDF avec Bleu et S3NS
2025-11-14 09:14:42
En complément de ses hébergements internes, qui accueillent 80% de ses données selon le groupe, EDF vient de référencer (...)
Malicious Chrome Extension as Ethereum Wallet Enables Full Wallet Takeover
2025-11-14 09:00:55
A deceptive Chrome extension named Safery: Ethereum Wallet has emerged as a serious threat to cryptocurrency users. Published on the Chrome Web Store on November 12, 2024, this extension masquerades as...
Now-Patched Fortinet FortiWeb Flaw Exploited in Attacks to Create Admin Accounts
2025-11-14 09:00:00
Cybersecurity researchers are sounding the alert about an authentication bypass vulnerability in Fortinet Fortiweb WAF that could allow an attacker to take over admin accounts and completely compromise...
Critical Zoho Analytics Plus Flaw Allows Attackers to Run Arbitrary SQL Queries
2025-11-14 08:58:18
A critical unauthenticated SQL injection vulnerability has been discovered in Zoho Analytics Plus on-premise, posing a severe risk to organizations running affected versions. Tracked as CVE-2025-8324,...
Washington Post notifies 10,000 individuals affected in Oracle-linked data theft
2025-11-14 08:30:05
The Washington Post alerts nearly 10,000 employees and contractors that personal and financial data was exposed in the Oracle breach. The Washington Post warns nearly 10,000 staff and contractors that...
Cl0P Ransomware Group Allegedly Claims Breach of Entrust in Oracle 0-Day EBS Hack
2025-11-14 08:12:21
The notorious Cl0P ransomware group has claimed responsibility for breaching digital security firm Entrust, exploiting a critical zero-day vulnerability in Oracle E-Business Suite (EBS). The attack, tied...
Linux Security: Mitigating Model Inversion Attack Risks
2025-11-14 07:59:43
Machine learning now runs deep inside Linux security workflows, from containerized inference services to open-source model pipelines. These systems look harmless at first glance. You hand them data, they...
Kraken Cross-Platform Ransomware Attacking Windows, Linux, and VMware ESXi Systems in Enterprise Environments
2025-11-14 07:51:13
In August 2025, a new ransomware threat emerged with capabilities that fundamentally changed how organizations should approach enterprise security. Kraken, a Russian-speaking cybercriminal group, began...
V1 Protocol Launch Approaching, As MUTM Raises Over .7 Million in Presale
2025-11-14 07:35:55
Mutuum Finance (MUTM) will have a total supply of 4B tokens. The project has raised approximately .7 million and over 18,000 holders have already participated across presale phases. MUTM will operate...
Ethereum-Based Protocol Mutuum Finance (MUTM) Crosses .5 Million in Funding as V1 Launch Nears
2025-11-14 07:24:00
Mutuum Finance has raised more than .5 million in its presale. The project is transitioning from pure development to the final testing phase before mainnet release. Mutuum Finance is designed to bring...
The TechBeat: Can 25 Superhumans Run a 0M Freight Operation? T3RA's AI Visionary Mukesh Kumar Thinks So (11/14/2025)
2025-11-14 07:10:55
How are you, hacker?
🪐Want to know what's trending right now?:
The Techbeat by HackerNoon has got you covered with fresh content from our trending stories of the day! Set email preference here.
...
New ClickFix Attack Targeting Windows and macOS Users to Deploy Infostealer Malware
2025-11-14 07:00:42
A growing social engineering technique called ClickFix has emerged as one of the most successful methods for distributing malware in recent months. This attack tricks users into copying and running commands...
IBM vise l'avantage quantique en tandem avec le HPC
2025-11-14 06:58:05
La connexion avec les environnements HPC prend de l'importance dans le discours d'IBM sur l'informatique quantique.
The post IBM vise l’avantage quantique en tandem avec le HPC appeared first on...
Android Photo Frames App Downloads Malware, Giving Hackers Control of The Device Without User Interaction
2025-11-14 06:37:52
Digital photo frames have become a standard household device for displaying family memories, and most users assume these simple gadgets prioritize simplicity over complexity. However, a troubling discovery...
DoorDash hit by new data breach in October exposing user information
2025-11-14 04:38:44
DoorDash has disclosed a data breach that hit the food delivery platform this October. Beginning yesterday evening, DoorDash, which serves millions of customers across the U.S., Canada, Australia,...
MIL Perspective: Analyzing Q-Former as a Multi-Head Mechanism
2025-11-14 02:52:49
Proves Q-Former is a Multi-Head MIL module due to permutation invariance in its cross-attention. Notes its limitation: it assumes i.i.d. instances, overlooking crucial instance correlation.
Visual Prompt Generators (VPGs): Encoding Images to LLM Tokens
2025-11-14 02:49:38
Explains how MLLMs use VPGs and cross-attention with learnable query embeddings to extract essential visual tokens from image patches for LLM input
Fortinet FortiWeb flaw with public PoC exploited to create admin users
2025-11-14 02:41:28
A Fortinet FortiWeb path traversal vulnerability is being actively exploited to create new administrative users on exposed devices without requiring authentication [...]
The ROI of Play: Why Investing in Community Spaces Benefits Business and Brand
2025-11-14 02:18:08
Businesses can invest in community spaces to improve quality of life and ROI. Community spaces can also help businesses build a positive brand perception. PlaygroundEquipment.com is a great example of...
Fedora 43: SeaMonkey 2.53.22 Update FEDORA-2025-5f24a0c1ba
2025-11-14 01:28:56
Update to 2.53.22
Fedora 43: docker-buildkit Critical DoS Memory Exhaustion CVE-2025-58185
2025-11-14 01:28:55
Update to v0.25.2 CVE-2025-58183; Resolves: rhbz#2412529 CVE-2025-58188; Resolves: rhbz#2412380, rhbz#2411476, rhbz#2410945 CVE-2025-58185; Resolves: rhbz#2410578, rhbz#2410299, rhbz#2410013 CVE-2025-61723;...
Fedora 43: runc High Risk Security Fix 2025-ebd4913540 CVE-2025-31133
2025-11-14 01:28:54
Update to release v1.3.3
Fedora 43: gh Update Advisory Critical CVE-2025-58189 and CVE-2025-61725
2025-11-14 01:28:50
Update to 2.83.0
Fedora 41: Lasso 2.9.0 Critical Buffer Overflow Fix CVE-2025-46705
2025-11-14 01:09:20
Update to 2.9.0 Fixes CVE-2025-46705
Fedora 41: SeaMonkey 2.53.22 Advisory FEDORA-2025-e49d776723
2025-11-14 01:09:19
Update to 2.53.22