Toute l'actualité de la Cybersécurité


Scammers Abuse WhatsApp Screen Sharing to Steal OTPs and Funds

2025-11-13 17:15:15
A fast-spreading threat, known as the screen-sharing scam, is using a simple feature on WhatsApp to steal money…

Lire la suite »

When Language Speaks Faster Than We Can Type: The Rise of Smart Speech-to-Text Tools

2025-11-13 17:10:27
If you pay attention to how people communicate now, it's pretty clear that talking has… When Language Speaks Faster Than We Can Type: The Rise of Smart Speech-to-Text Tools on Latest Hacking News...

Lire la suite »

Best Six Test Data Management Tools

2025-11-13 16:53:54
Test data management (TDM) is the process of handling and preparing the data used for… Best Six Test Data Management Tools on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration...

Lire la suite »

Orgs Move to SSO, Passkeys to Solve Bad Password Habits

2025-11-13 16:17:40
In 2025, employees are still using weak passwords. Instead of forcing an impossible change, security leaders are working around the problem.

Lire la suite »

Washington Post data breach impacts nearly 10K employees, contractors

2025-11-13 16:00:36
The Washington Post is notifying nearly 10,000 employees and contractors that some of their personal and financial data has been exposed in the Oracle data theft attack. [...]

Lire la suite »

Operation Endgame Hits Rhadamanthys, VenomRAT, Elysium Malware, seize 1025 servers

2025-11-13 15:58:46
Europol-led Operation Endgame seizes 1,025 servers and arrests a key suspect in Greece, disrupting three major global malware and hacking tools, including Rhadamanthys, VenomRAT and Elysium botnet.

Lire la suite »

MastaStealer Weaponizes Windows LNK Files, Executes PowerShell Command, and Evades Defender

2025-11-13 15:25:25
A newly documented malware campaign demonstrates how attackers are leveraging Windows LNK shortcuts to deliver the MastaStealer infostealer. The attack begins with spear-phishing emails containing ZIP...

Lire la suite »

A new round of Europol's Operation Endgame dismantled Rhadamanthys, Venom RAT, and Elysium botnet

2025-11-13 15:19:40
Europol's Operation Endgame dismantles Rhadamanthys, Venom RAT, and Elysium botnet in a global crackdown on cybercriminal infrastructures. Europol and Eurojust have launched a new phase of Operation...

Lire la suite »

Avec Cloud Unity, Commvault renforce la cyber-résilience des entreprises

2025-11-13 15:16:44
A l’occasion de son évènement Shift qui s’est déroulé à New York (du 11 au 12 novembre), Commvault a présenté (...)

Lire la suite »

Plusieurs failles affaiblissent les conteneurs Docker

2025-11-13 15:15:35
Aleska Sarai, ingénieur logiciel chez Suse et membre du conseil d’administration de l’OCI (open container initiative) a publié (...)

Lire la suite »

Kerberoasting in 2025: How to protect your service accounts

2025-11-13 15:02:12
Kerberoasting attacks let hackers steal service account passwords and escalate to domain admin, often without triggering alerts. Specops Software shares how auditing AD passwords, enforcing long unique...

Lire la suite »

Google Sues to Disrupt Chinese SMS Phishing Triad

2025-11-13 14:47:22
Google is suing more than two dozen unnamed individuals allegedly involved in peddling a popular China-based mobile phishing service that helps scammers impersonate hundreds of trusted brands, blast out...

Lire la suite »

USN-7862-3: Linux kernel (Xilinx ZynqMP) vulnerability

2025-11-13 14:47:04
Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain...

Lire la suite »

1 million victims, 17,500 fake sites: Google takes on toll-fee scammers

2025-11-13 14:43:06
Google's suing Lighthouse, a Chinese Phishing-as-a-Service platform that uses Google's branding on scam sites to trick victims.

Lire la suite »

USN-7861-3: Linux kernel vulnerabilities

2025-11-13 14:33:19
Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain...

Lire la suite »

Phishing Emails Alert: How Spam Filters Can Steal Your Email Logins in an Instant

2025-11-13 14:30:54
Cybercriminals have launched a sophisticated phishing campaign that exploits trust in internal security systems by spoofing email delivery notifications to appear as legitimate spam-filter alerts within...

Lire la suite »

Microsoft Teams New Premium Feature Blocks Screenshots and Recordings During Meeting

2025-11-13 14:27:42
Microsoft has launched a new security feature in Teams Premium called “Prevent screen capture,” designed to block screenshots and recordings during sensitive meetings, with general availability...

Lire la suite »

{ Tribune Expert } – Cloud computing : un choix technologique devenu un choix d'avenir

2025-11-13 14:19:32
Les DSI, les CTO et les CDO doivent être les garants du contrôle absolu des données au sein de l'entreprise, tant du point de vue budgétaire que de celui de la conformité. The post { Tribune Expert...

Lire la suite »

A Quimper, Femmes & Numérique de retour pour encourager la mixité IT

2025-11-13 14:12:21
Les initiatives visant à féminiser le secteur informatique continuent à se développer en France. Parmi elles, Femmes (...)

Lire la suite »

Malicious npm Package with 206K Downloads Targeting GitHub Repositories to Steal Tokens

2025-11-13 14:10:45
On Friday, November 7th, Veracode Threat Research discovered a dangerous typosquatting campaign targeting developers using GitHub Actions. The malicious npm package “@acitons/artifact” had...

Lire la suite »

Coyote, Maverick Banking Trojans Run Rampant in Brazil

2025-11-13 14:00:00
South America's largest country is notorious for banking malware attacks; Maverick self-terminates if its targeted user is based outside Brazil.

Lire la suite »

How NASPO Helps U.S. State & Local Governments Battle Cybercrime

2025-11-13 13:59:32
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Nov. 13, 2025 – Read the full story from Smart Cities Dive  According to Cybercrime Magazine, cybercrime...

Lire la suite »

Microsoft rolls out screen capture prevention for Teams users

2025-11-13 13:50:58
Microsoft is rolling out a new Teams feature for Premium customers that will automatically block screenshots and recordings during meetings. [...]

Lire la suite »

SmartApeSG Uses ClickFix to Deploy NetSupport RAT

2025-11-13 13:50:47
The SmartApeSG campaign, also known as ZPHP and HANEYMANEY, continues to evolve its infection tactics, pivoting to ClickFix-style attack vectors. Security researchers have documented the campaign’s...

Lire la suite »

NHS Investigating Oracle EBS Hack Following Cl0p Ransomware Group Claim

2025-11-13 13:49:44
The notorious Cl0p ransomware group has claimed responsibility for breaching the UK’s National Health Service (NHS), spotlighting vulnerabilities in Oracle’s E-Business Suite (EBS). The announcement,...

Lire la suite »

When Among Us Meets Academia: An OSINT Challenge That's Not Sus At All | v1t CTF OSINT Challenge

2025-11-13 13:39:32
Finding university acronyms in the most unexpected placesDifficulty: Beginner-Friendly | Category: OSINTHey again,I'm Chetan Chinchulkar (aka omnipresent), back with another challenge from the v1t CTF....

Lire la suite »

Privilege Escalation From Guest To Admin

2025-11-13 13:35:37
Privilege Escalation Guest user escalates To full project access after project visibility is switched to PublicHello HackersI'm Mohamed, also known as Mado, a dedicated Web Application Penetration...

Lire la suite »

CORS Vulnerability with Trusted Null Origin

2025-11-13 13:34:10
Discover how a simple CORS misconfiguration can leak sensitive data across origins.Continue reading on InfoSec Write-ups »

Lire la suite »

How I Cleared the CISSP and CISM in 6 Months — A Realistic Strategy That Actually Works

2025-11-13 13:34:03
The Opening: Why This MattersContinue reading on InfoSec Write-ups »

Lire la suite »

Threat Actors Use JSON Storage for Hosting and Delivering Malware via Trojanized Code

2025-11-13 13:32:55
A sophisticated campaign attributed to North Korean-aligned threat actors is weaponizing legitimate JSON storage services as an effective vector for deploying advanced malware to software developers worldwide....

Lire la suite »

CORS Vulnerability with Trusted Insecure Protocols

2025-11-13 13:27:49
Understanding how insecure CORS configurations can expose sensitive data across subdomains.Continue reading on InfoSec Write-ups »

Lire la suite »

Digital Forensics — Windows USB Artifacts [Insider Threat Case]

2025-11-13 13:27:47
Digital Forensics — Windows USB Artifacts [Insider Threat Case]Hey Digital Defenders! I notice this case on LinkedIn post and wanted to write about USB forensic artifacts, piecing together evidence...

Lire la suite »

How to Find P1 Bugs using Google in your Target — (Part-2)

2025-11-13 13:27:14
Earn rewards with this simple method.Continue reading on InfoSec Write-ups »

Lire la suite »

I Could Change Anyone's Email Preferences — Without Logging In

2025-11-13 13:20:57
I Could Change Anyone's Email Preferences — Without Logging In 😳How a single overlooked API made every user's inbox mine to control — and how a second endpoint let me confirm it instantly....

Lire la suite »

Hackers Infiltrate npm Registry with 43,000 Spam Packages, Linger for Nearly Two Years

2025-11-13 13:13:49
Security researcher Paul McCarty has uncovered a massive coordinated spam campaign targeting the npm ecosystem. The IndonesianFoods worm, comprising over 43,000 malicious packages published across at...

Lire la suite »

SAP Pushes Emergency Patch for 9.9 Rated CVE-2025-42887 After Full Takeover Risk

2025-11-13 13:10:24
CVE 2025 42887 vulnerability, rated 9.9, allows code injection through Solution Manager giving attackers full SAP control urgent patch needed to block system takeover.

Lire la suite »

OpenAI Sora 2 Vulnerability Allows Exposure of Hidden System Prompts from Audio Data

2025-11-13 13:07:33
Security researchers have successfully extracted the system prompt from OpenAI’s Sora 2 video generation model by exploiting cross-modal vulnerabilities, with audio transcription proving to be the...

Lire la suite »

Multiple GitLab Vulnerabilities Let Attackers Inject Malicious Prompts to Steal Sensitive Data

2025-11-13 13:04:17
GitLab has released urgent security patches addressing multiple vulnerabilities affecting both the Community Edition and the Enterprise Edition. The company released versions 18.5.2, 18.4.4, and 18.3.6...

Lire la suite »

Fake Chrome Extension “Safery” Steals Ethereum Wallet Seed Phrases Using Sui Blockchain

2025-11-13 13:04:00
Cybersecurity researchers have uncovered a malicious Chrome extension that poses as a legitimate Ethereum wallet but harbors functionality to exfiltrate users' seed phrases. The name of the extension...

Lire la suite »

Popular Android-based photo frames download malware on boot

2025-11-13 13:00:00
Uhale Android-based digital picture frames come with multiple critical security vulnerabilities and some of them download and execute malware at boot time. [...]

Lire la suite »

Multiple Kibana Vulnerabilities Enables SSRF and XSS Attacks

2025-11-13 12:55:48
Elastic Security has disclosed critical vulnerabilities affecting Kibana that could enable attackers to execute Server-Side Request Forgery (SSRF) and Cross-Site Scripting (XSS) attacks against vulnerable...

Lire la suite »

Are you paying more than other people? NY cracks down on surveillance pricing

2025-11-13 12:51:37
New York is calling out data-driven pricing, where algorithms use your clicks, location and search history to tweak what you pay.

Lire la suite »

Microsoft Defender for O365 New Feature Allows Security Teams to Trigger Automated Investigations

2025-11-13 12:44:11
Microsoft has rolled out enhanced remediation capabilities in Defender for Office 365 (O365), enabling security teams to initiate automated investigations and other actions directly from the Advanced...

Lire la suite »

CISA Warns of Active Exploitation of Windows Kernel 0-Day Enabling Privilege Escalation

2025-11-13 12:31:34
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about the active exploitation of a new zero-day vulnerability in Microsoft Windows. This security flaw, tracked...

Lire la suite »

BreachLock and Vanta Bridge the Gap Between Continuous Security Testing and Compliance with New Integration

2025-11-13 05:35:51
New York, New York, 13th November 2025, CyberNewsWire

Lire la suite »

Palo Alto PAN-OS Firewall Vulnerability Let Attackers Reboot Firewall by Sending Malicious Packet

2025-11-13 12:14:48
Palo Alto Networks has disclosed a critical denial-of-service vulnerability in its PAN-OS firewall software that allows unauthenticated attackers to remotely reboot firewalls by sending specially crafted...

Lire la suite »

CISA warns feds to fully patch actively exploited Cisco flaws

2025-11-13 12:05:55
CISA warned federal agencies to fully patch two actively exploited vulnerabilities in Cisco Adaptive Security Appliances (ASA) and Firepower devices. [...]

Lire la suite »

Top 3 Malware Families in Q4: How to Keep Your SOC Ready

2025-11-13 12:05:34
Q3 showed sharp growth in malware activity as Lumma AgentTesla and Xworm drove access and data theft forcing SOC teams toward quicker behavior checks

Lire la suite »

Le PRA se réinvente à l'heure du Cloud et de l'automatisation

2025-11-13 12:01:43
Face à la multiplication des cybermenaces, le Plan de Reprise d'Activité (PRA) se transforme. Porté par le Cloud, l'automatisation et la cybersécurité, il devient un pilier essentiel de la résilience...

Lire la suite »

Google relance un Cameyo plus intégré à l'écosystème Chrome

2025-11-13 12:00:34
Google relance sa solution de virtualisation d'applications et axe sa communication sur l'intégration avec l'écosystème Chrome. The post Google relance un Cameyo plus intégré à l’écosystème...

Lire la suite »

Lab 3#: Finding and exploiting an unused API endpoint | Api Testing

2025-11-13 11:44:15
PortSwigger LabH i my dear readers, API-based applications often have endpoints that are kept for development/testing use and then become “unused” or “forgotten”. These can lead to data leakage...

Lire la suite »

Reflected XSS in PUBG

2025-11-13 11:43:49
A single unsanitized parameter is all an attacker needsContinue reading on InfoSec Write-ups »

Lire la suite »

When Attacks Come Faster Than Patches: Why 2026 Will be the Year of Machine-Speed Security

2025-11-13 11:30:00
The Race for Every New CVE Based on multiple 2025 industry reports: roughly 50 to 61 percent of newly disclosed vulnerabilities saw exploit code weaponized within 48 hours. Using the CISA Known Exploited...

Lire la suite »

U.S. CISA adds WatchGuard Firebox, Microsoft Windows, and Gladinet Triofox flaws to its Known Exploited Vulnerabilities catalog

2025-11-13 11:29:10
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds WatchGuard Firebox, Microsoft Windows, and Gladinet Triofox flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity...

Lire la suite »

Operation Endgame Dismantles Rhadamanthys, Venom RAT, and Elysium Botnet in Global Crackdown

2025-11-13 11:16:00
Malware families like Rhadamanthys Stealer, Venom RAT, and the Elysium botnet have been disrupted as part of a coordinated law enforcement operation led by Europol and Eurojust. The activity, which is...

Lire la suite »

Police disrupts Rhadamanthys, VenomRAT, and Elysium malware operations

2025-11-13 10:53:39
Law enforcement authorities from 9 countries have taken down 1,025 servers used by the Rhadamanthys infolstealer, VenomRAT, and Elysium botnet malware operations in the latest phase of Operation Endgame,...

Lire la suite »

IA générative et cybersécurité offensive : quand les LLM tombent entre de mauvaises mains

2025-11-13 10:49:19
Les modèles de langage de grande taille (LLM, pour Large Language Models) comme ChatGPT, Claude ou encore Gemini, ont révolutionné l'accès à l'information et à l'assistance technique. Grâce...

Lire la suite »

English-Speaking Cybercriminal Ecosystem ‘The COM' Drives a Wide Spectrum of Cyberattacks

2025-11-13 10:45:57
The English-speaking cybercriminal ecosystem, commonly known as “The COM,” has transformed from a niche community of social media account traders into a sophisticated, organized operation...

Lire la suite »

Operation Endgame – 1,000+ Servers Used by Rhadamanthys, VenomRAT, and Elysium Dismantled

2025-11-13 10:42:10
Law enforcement agencies disrupted a vast network of cybercrime tools between November 10 and 14, 2025, coordinated from Europol’s headquarters in The Hague, Netherlands. Dubbed the latest phase...

Lire la suite »

Operation Endgame: Authorities Takedown 1,025 Servers Linked to Rhadamanthys, VenomRAT, and Elysium

2025-11-13 10:39:42
Between November 10 and 14, 2025, law enforcement agencies executed one of the most significant coordinated operations against cybercriminals in recent history. Operation Endgame, coordinated from Europol’s...

Lire la suite »

Operation Endgame 3.0 - 2,046,030 breached accounts

2025-11-13 10:23:12
Between 10 and 13 November 2025, the latest phase of Operation Endgame was coordinated from Europol's headquarters in The Hague. The actions targeted one of the biggest infostealer Rhadamanthys, the Remote...

Lire la suite »

We opened a fake invoice and fell down a retro XWorm-shaped wormhole

2025-11-13 10:15:22
In 2025, receiving a .vbs “invoice” is like finding a floppy disk in your mailbox. It's retro, suspicious, and definitely not something you should run.

Lire la suite »

ThreatsDay Bulletin: Cisco 0-Days, AI Bug Bounties, Crypto Heists, State-Linked Leaks and 20 More Stories

2025-11-13 10:10:00
Behind every click, there's a risk waiting to be tested. A simple ad, email, or link can now hide something dangerous. Hackers are getting smarter, using new tools to sneak past filters and turn trusted...

Lire la suite »

Kibana Vulnerabilities Expose Systems to SSRF and XSS Attacks

2025-11-13 10:04:51
Elastic has released a security advisory addressing an origin validation error in Kibana that could expose systems to Server-Side Request Forgery (SSRF) attacks. The vulnerability, tracked as CVE-2025-37734,...

Lire la suite »

CISA warns of WatchGuard firewall flaw exploited in attacks

2025-11-13 10:03:52
CISA has ordered federal agencies to patch an actively exploited vulnerability in WatchGuard Firebox firewalls, which allows attackers to gain remote code execution on compromised devices. [...]

Lire la suite »

ThreatBook Peer-Recognized as a Strong Performer In the 2025 Gartner Peer Insights

2025-11-13 09:46:38
ThreatBook has been recognized as a Strong Performer in the 2025 Gartner Peer Insights of the Customer for Network Detection and Response (NDR) This marks the third consecutive year that ThreatBook has...

Lire la suite »

Debian: Chromium Critical Exec Code Risk DSA-6055-1 CVE-2025-13042

2025-11-13 09:31:21
A security issue was discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.

Lire la suite »

EV2 Token Presale Launches as Funtico Targets Mainstream Gamers With ‘Earth Version 2'

2025-11-13 09:18:17
Funtico has opened the token presale for Earth Version 2 (EV2), the studio's forthcoming multiplayer sci-fi MMO. The sale offers early access to $EV2 – the token that drives the game's economy –...

Lire la suite »

Cisco lance deux certifications dédiées à l'IA

2025-11-13 09:16:54
L'acculturation de l'IA au sein des réseaux passe par le développement de formations et de certifications. Cisco vient d'en dévoiler (...)

Lire la suite »

Comment un ransomware s'est infiltré au CH Rueil-Malmaison

2025-11-13 09:00:42
En mars 2025, le centre hospitalier de Rueil-Malmaison était victime d'un ransomware. La réactivation d'un compte de test en est à l'origine. The post Comment un ransomware s’est infiltré au...

Lire la suite »

Amazon alerts: advanced threat actor exploits Cisco ISE & Citrix NetScaler zero-days

2025-11-13 08:42:58
Amazon warns that an advanced threat actor exploited zero-days in Cisco ISE and Citrix NetScaler to deploy custom malware. Amazon’s threat intelligence researchers spotted an advanced threat actor...

Lire la suite »

CISA Flags Critical WatchGuard Fireware Flaw Exposing 54,000 Fireboxes to No-Login Attacks

2025-11-13 07:23:00
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting WatchGuard Fireware to its Known Exploited Vulnerabilities (KEV) catalog, based on...

Lire la suite »

The TechBeat: Copilots Are the New Shadow IT: The Hidden Risks That Come With Them (11/13/2025)

2025-11-13 07:10:56
How are you, hacker? 🪐Want to know what's trending right now?: The Techbeat by HackerNoon has got you covered with fresh content from our trending stories of the day! Set email preference here. ...

Lire la suite »

Kenya Kicks Off 'Code Nation' With a Nod to Cybersecurity

2025-11-13 07:00:00
The African country aims to train 1 million workers in tech skills in the short term, with a focus on software engineering, cybersecurity, and data science.

Lire la suite »

Over 67,000 Fake npm Packages Flood Registry in Worm-Like Spam Attack

2025-11-13 04:58:00
Cybersecurity researchers are calling attention to a large-scale spam campaign that has flooded the npm registry with thousands of fake packages since early 2024 as part of a likely financially motivated...

Lire la suite »

Multiple Instance Learning: Review of Instance and Embedding Level Approaches

2025-11-13 02:51:19
This article presents a new approach to Multiple Instance Learning (MIL) MIVPG is a type of machine learning that uses multiple instances to learn. The study uses attention-based VPG and a bag-level embedding...

Lire la suite »

Why Crypto Could Outperform Stocks, Real Estate, and Gold in 2026

2025-11-13 02:46:10
Traditional assets like stocks, gold, and real estate offer slow, steady gains, while crypto continues to show rapid upside with past cycles delivering massive returns. With 2026 set for another major...

Lire la suite »

Could AI Create a New Layer in the OSI Model? The Rise of the “Intelligence Layer”

2025-11-13 02:43:00

Lire la suite »

Avici Raises .5 Million, Gives Back 90% of Capital via Futarchy Governance

2025-11-13 02:36:28
Avici secured .5M in funding while returning roughly 90% of committed capital to its community through a futarchy governance model. The fintech-crypto startup aims to build unified internet banking...

Lire la suite »

How Clause-Level Constraints Turn Training Choices Into Verifiable Policies for Generative Systems

2025-11-13 02:16:30
The image symbolizes how artificial intelligence systems translate neural computation into structured governance. Circuit lines represent data flow becoming formal clause patterns, mirroring the paper's...

Lire la suite »

VSYS Host Launches VSYS Name - an ICANN-Accredited Domain Registrar

2025-11-13 02:08:08
VSYS Host has launched VSYS Name, an ICANN-accredited domain registrar giving users full domain lifecycle control—registration, transfer, renewal, and DNS management—without intermediaries. With transparent...

Lire la suite »

Fedora 41: Critical Log Injection and DoS Risks in rubygem-rack 2.2.21

2025-11-13 01:23:33
Update to Rack 2.2.21

Lire la suite »

Fedora 42: Critical Audio Playback Issues in WebKitGTK Resolved Now

2025-11-13 01:10:51
Update to WebKitGTK 2.50.1: Improve text rendering performance. Fix audio playback broken on instagram. Fix rendering of layers with fractional transforms. Fix several crashes and rendering issues.

Lire la suite »

Fedora 42: rubygem-rack Critical Denial Of Service Fix 2025-eae2126736

2025-11-13 01:10:48
Update to Rack 2.2.21

Lire la suite »

Fedora 42: Skopeo Critical Security Issue CVE-2025-58189, CVE-2025-61725

2025-11-13 01:10:44
Security fix for CVE-2025-58189 and CVE-2025-61725

Lire la suite »

ThreatBook Peer-Recognized as a Strong Performer in the 2025 Gartner® Peer Insights™ Voice of the Customer for Network Detection and Response — for the Third Consecutive Year

2025-11-13 01:01:16
Singapore, Singapore, 13th November 2025, CyberNewsWire

Lire la suite »

Fedora 43: firefox 145.0 Important Update 2025-2d9e01e0fc

2025-11-13 00:51:49
Updated to latest upstream (145.0)

Lire la suite »

Vulnérabilité dans les produits Symfony (13 novembre 2025)

13/11/2025
Une vulnérabilité a été découverte dans les produits Symfony. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.

Lire la suite »

Multiples vulnérabilités dans les produits Splunk (13 novembre 2025)

13/11/2025
De multiples vulnérabilités ont été découvertes dans les produits Splunk. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité et un problème de sécurité...

Lire la suite »

Multiples vulnérabilités dans Elastic Kibana (13 novembre 2025)

13/11/2025
De multiples vulnérabilités ont été découvertes dans Elastic Kibana. Elles permettent à un attaquant de provoquer une falsification de requêtes côté serveur (SSRF) et une injection de code indirecte...

Lire la suite »

Multiples vulnérabilités dans GitLab (13 novembre 2025)

13/11/2025
De multiples vulnérabilités ont été découvertes dans GitLab. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des...

Lire la suite »

Multiples vulnérabilités dans Drupal (13 novembre 2025)

13/11/2025
De multiples vulnérabilités ont été découvertes dans Drupal. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à...

Lire la suite »

Multiples vulnérabilités dans les produits Palo Alto Networks (13 novembre 2025)

13/11/2025
De multiples vulnérabilités ont été découvertes dans les produits Palo Alto Networks. Elles permettent à un attaquant de provoquer un déni de service à distance et un problème de sécurité non...

Lire la suite »

Multiples vulnérabilités dans les produits Siemens (13 novembre 2025)

13/11/2025
De multiples vulnérabilités ont été découvertes dans les produits Siemens. Elles permettent à un attaquant de provoquer une injection de requêtes illégitimes par rebond (CSRF) et un contournement...

Lire la suite »