Toute l'actualité de la Cybersécurité
Advanced Security Isn't Stopping Ancient Phishing Tactics
2025-11-25 22:23:05
New research reveals that sophisticated phishing attacks consistently bypass traditional enterprise security measures.
Detego Global Launches Case Management Platform for Digital Forensics and Incident Response Teams
2025-11-25 16:05:38
Horsham, United Kingdom, 25th November 2025, CyberNewsWire
Salt Security Launches Salt MCP Finder Technology
2025-11-25 17:23:59
Salt Security has announced Salt MCP Finder technology, a dedicated discovery engine for Model Context Protocol (MCP) servers, the fast-proliferating infrastructure powering agentic AI. MCP Finder provides...
FBI: Cybercriminals stole 2M by impersonating bank support teams
2025-11-25 17:23:23
The FBI warns of a surge in account takeover (ATO) fraud schemes and says that cybercriminals impersonating various financial institutions have stolen over 2 million in ATO attacks since the start...
Everest ransomware claims breach at Spain's national airline Iberia with 596 GB data theft
2025-11-25 17:13:50
Everest claims large breaches at Iberia and Air Miles España with major data taken from both travel platforms placing millions of users at risk.
Gestion du SaaS : les outils autonomes se heurtent au SAM
2025-11-25 17:13:42
Les solutions autonomes de gestion du SaaS tendent à ne pas apparaître comme un choix évident face au SAM (gestion des actifs logiciels).
The post Gestion du SaaS : les outils autonomes se heurtent...
Tor switches to new Counter Galois Onion relay encryption algorithm
2025-11-25 17:09:19
Tor has announced improved encryption and security for the circuit traffic by replacing the old tor1 relay encryption algorithm with a new design called Counter Galois Onion (CGO). [...]
Retail Finance Giant SitusAMC Data Breach Exposes Accounting Records and Legal Agreements
2025-11-25 16:59:08
A major accounting and financial services provider disclosed a significant data breach affecting client business records and sensitive corporate documents. The incident occurred on or about November 12,...
Years of JSONFormatter and CodeBeautify Leaks Expose Thousands of Passwords and API Keys
2025-11-25 16:49:00
New research has found that organizations in various sensitive sectors, including governments, telecoms, and critical infrastructure, are pasting passwords and credentials into online tools like JSONformatter...
Delta Dental of Virginia Data Breach Exposes 146,000+ Customers Personal Details
2025-11-25 16:48:52
A non-profit dental insurance provider based in Roanoke, Virginia, disclosed a significant data breach affecting over 145,900 individuals. The external system breach exposed customers’ personal...
Microsoft: Exchange Online outage blocks access to Outlook mailboxes
2025-11-25 16:18:12
Microsoft is investigating an Exchange Online service outage that is preventing customers from accessing their mailboxes using the classic Outlook desktop client. [...]
#1 Gap in Your SOCs Is Probably Not What You Think
2025-11-25 16:13:27
Leading a Security Operations Center has never been more challenging. SOC managers today juggle expanding attack surfaces, remote workforces, cloud migrations, and an explosion of security tools. All...
How MOSA Principles Will Reshape the DoD RMF
2025-11-25 16:10:44
The Department of Defense (DoD) faces the dual imperative of accelerating technology adoption to maintain operational advantage while also hardening systems against increasingly sophisticated...
New ClickFix wave infects users with hidden malware in images and fake Windows updates
2025-11-25 16:08:03
ClickFix just got more convincing, hiding malware in PNG images and faking Windows updates to make users run dangerous commands.
USN-7889-1: Linux kernel vulnerabilities
2025-11-25 16:02:46
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Media drivers;
...
The HackerNoon Newsletter: Teaching Ethnography to Software Engineers (11/25/2025)
2025-11-25 16:02:08
How are you, hacker?
🪐 What's happening in tech today, November 25, 2025?
The
HackerNoon Newsletter
brings the HackerNoon
...
"Shai-Hulud" Worm Compromises npm Ecosystem in Supply Chain Attack (Updated November 25)
2025-11-25 16:00:14
Self-replicating worm “Shai-Hulud” has compromised hundreds of software packages in a supply chain attack targeting the npm ecosystem. We discuss scope and more.
The post "Shai-Hulud" Worm...
They Are Real, and They Are Here - Meet The HackerNoon Blogging Course Faculty
2025-11-25 16:00:07
The HackerNoon Blogging Fellowship is taught by active industry leaders and expert editors who live and breathe modern content creation. Participants gain hands-on skills, real-time feedback, and mentorship...
The Easiest Way to Integrate Coz.jp Into Your Workflows: Exploring the n8n Node
2025-11-25 15:59:59
With Friends Like These: China Spies on Russian IT Orgs
2025-11-25 15:59:04
State-linked hackers stayed under the radar by using a variety of commercial cloud services for command-and-control communications.
V1 Protocol Launch in Q4, New Crypto Mutuum Finance (MUTM) With a Confirmed Product Timeline
2025-11-25 15:29:14
Mutuum Finance (MUTM) is building a new digital lending infrastructure designed to maximize token utility. The platform will combine transparent mechanics with a working DeFi product in development. The...
As Gen Z Enters Cybersecurity, Jury Is Out on AI's Impact
2025-11-25 15:15:39
Despite possibly supplanting some young analysts, one Gen Z cybersecurity specialist sees AI helping teach those willing to learn and removing drudge work.
Morphisec warns StealC V2 malware spread through weaponized blender files
2025-11-25 15:15:00
StealC V2 spread via malicious Blender files on 3D model sites like CGTrader, abusing Blender's ability to run hidden Python scripts. Cybersecurity firm Morphisec reported that Russian threat actors...
Top Web Scraping Tools You Should Use in 2025
2025-11-25 14:59:59
This 2025 guide explores the top web scraping tools—no-code scrapers, developer frameworks, AI-powered extractors, and enterprise APIs. It breaks down key features, challenges, compliance concerns,...
Meet Hubstaff: HackerNoon Company of the Week
2025-11-25 14:55:01
This week, HackerNoon features Hubstaff, a comprehensive workforce management platform designed to empower remote and hybrid teams through precise time tracking, productivity monitoring, and automated...
inDrive's Approach to Measuring Engineering Performance
2025-11-25 14:41:34
InDrive's performance and productivity is one of the hottest debates in the software industry. The company has been experiencing rapid business and engineering growth - in both the number of engineers...
KawaiiGPT – New Black-Hat AI Tool Used by Hackers to Launch Cyberattacks
2025-11-25 14:37:01
KawaiiGPT, a free malicious large language model (LLM) first spotted in July 2025 and now at version 2.5, empowers novice cybercriminals with tools for phishing emails, ransomware notes, and attack scripts,...
Russian and North Korean Hackers Form Alliances to Attack Organizations Worldwide
2025-11-25 14:35:15
State-sponsored hacking groups have historically operated in isolation, each pursuing its own national agenda. However, new evidence reveals that two of the world’s most dangerous advanced persistent...
Microsoft is speeding up the Teams desktop client for Windows
2025-11-25 14:24:54
Microsoft says it will add a new Teams call handler beginning in January 2026 to reduce launch times and boost call performance for the Windows desktop client. [...]
JackFix Uses Fake Windows Update Pop-Ups on Adult Sites to Deliver Multiple Stealers
2025-11-25 14:18:00
Cybersecurity researchers are calling attention to a new campaign that's leveraging a combination of ClickFix lures and fake adult websites to deceive users into running malicious commands under the guise...
4 New AppSec Requirements in the Age of AI
2025-11-25 14:11:24
Get details on 4 new AppSec requirements in the AI-led software development era.
Educational Byte: How Fake CAPTCHAs Can Steal Your Crypto
2025-11-25 14:07:37
Fake CAPTCHAs are being used to trick users into installing malware or giving away private data. A fake CAPTCHA is crafted to look like a normal verification step, but behind the scenes, the attackers...
Year-end approaches: How to maximize your cyber spend
2025-11-25 14:03:20
Year-end budgeting is the perfect time to close real security gaps by strengthening identity controls, reducing redundant tools, and investing in outcome-driven engagements. The article highlights how...
Zero Trust Security Goes Mainstream as Breach Costs Hit Record Highs
2025-11-25 14:02:06
Zero Trust is a new way of managing security in the digital age. It's not a product, it's a mindset shift about how access is granted and risk is managed. In 2025, companies will spend far more recovering...
Baden Bower's AI System Underpins Its Market Leadership in PR Delivery
2025-11-25 13:59:59
Baden Bower has built its PR dominance through an AI system that predicts editorial acceptance, automates pitch workflows, and secures guaranteed placements. Serving 3,600 clients, the firm analyzes thousands...
Critical FluentBit Vulnerabilities Let Attackers to Cloud Environments Remotely
2025-11-25 13:58:25
A new chain of five critical vulnerabilities discovered in Fluent Bit has exposed billions of containerized environments to remote compromise. Fluent Bit, an open-source logging and telemetry agent deployed...
Cloning Environments on AWS Beanstalk: A Practical Fix for Zero-Downtime Patching
2025-11-25 13:49:58
AWS Elastic Beanstalk is a service for deploying web applications and services. It provides capacity provisioning, load balancing, autoscaling and health monitoring. It also has support for docker. Among...
Fake Battlefield 6 Pirated Versions and Game Trainers Used to Deploy Stealers and C2 Agents
2025-11-25 13:45:23
Bitdefender Labs has identified malware campaigns exploiting the popularity of EA's Battlefield 6 first-person shooter, distributed via supposedly pirated versions, game installers, and fake game trainers...
Plus asynchrone, plus interactif… Les évolutions en cours du protocole MCP
2025-11-25 13:40:14
Voilà un an qu'Anthropic a ouvert le protocole MCP. Une nouvelle version de la spécification est en cours de finalisation.
The post Plus asynchrone, plus interactif… Les évolutions en cours du...
Society Bears A Huge Cybercrime Burden
2025-11-25 13:35:45
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Nov. 25, 2025 – Read the full story from American Enterprise Institute The annual cost of cybercrime is expected...
CISA Warns of Threat Actors Leveraging Commercial Spyware to Target Users of Signal and WhatsApp
2025-11-25 13:27:40
Cybersecurity authorities have raised fresh alarms over the spread of advanced commercial spyware targeting secure messaging apps like Signal and WhatsApp. According to a recent CISA advisory, multiple...
Thinking Beyond Price: What Tech Teams Should Look for in a Hosting Provider
2025-11-25 13:24:10
Discover why reliability, scalability, and local support matter more than cost when choosing Australian web hosting for your tech stack.
Alerte – Le ver SSC « Shai-Hulud » revient avec 181 nouveaux packages compromis ciblant NPM/GitHub
2025-11-25 13:15:06
Une découverte exclusive émanant de JFrog Security Research concernant une importante attaque de chaîne d’approvisionnement logicielle provenant de packages npm déclenche une alerte. Avec 181...
La Mêlée Numérique sensibilise des juniors à l'IT à Toulouse
2025-11-25 13:07:29
Evènement phare de l’innovation en Occitanie, le festival de la Mêlée Numérique organise une session réservée (...)
Apple Confirms Sales Team Layoffs as It Refocuses on Customer Engagement
2025-11-25 13:02:57
Apple is reducing a small number of sales positions—including teams serving major institutions and U.S. government agencies—as part of a shift toward stronger customer engagement, while continuing...
'JackFix' Attack Circumvents ClickFix Mitigations
2025-11-25 13:00:00
A new ClickFix variant ratchets up the psychological pressure to 100 and addresses some technical mitigations to classic ClickFix attacks.
USN-7887-2: Linux kernel (Raspberry Pi) vulnerabilities
2025-11-25 12:54:50
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
...
Update Firefox to Patch CVE-2025-13016 Vulnerability Affecting 180 Million Users
2025-11-25 12:45:44
AI security firm AISLE revealed CVE-2025-13016, a critical Firefox Wasm bug that risked 180M users for six months. Learn how the memory flaw allowed code execution.
Threat Actors Leverage Blender Foundation Files to Deliver Notorious StealC V2 Infostealer
2025-11-25 12:37:25
Cybercriminals have discovered a new attack vector targeting the creative design community by exploiting Blender, a widely used open-source 3D modeling application. Threat actors are uploading malicious...
SUSE: Moderate Update for govulncheck-vulndb - 2025:4220-1 Released
2025-11-25 12:30:32
* jsc#PED-11136 Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6
Fedora: secfix-check-security Moderate Patch 2025:6789-1
2025-11-25 12:30:32
An update that contains one feature can now be installed.
openSUSE Leap 15.3: SUSE-SU-2025:4221-1 Low Threat Fix for python39
2025-11-25 12:30:29
* bsc#1251305 * bsc#1252974 Cross-References: * CVE-2025-6075
openSUSE 15.3/15.6: Python39 Low Severity Issues Resolved 2025:4221-1
2025-11-25 12:30:29
An update that solves two vulnerabilities can now be installed.
UBUNTU: Critical Spoofing Vulnerability Mitigation 2025:3333-2
2025-11-25 12:30:25
* bsc#1252379 * bsc#1252380 Cross-References: * CVE-2025-40778
SUSE: Grub2 Moderate Update 2025:4224-1 CVE-2025-54771 CVE-2025-61661
2025-11-25 12:30:20
* bsc#1252931 * bsc#1252932 * bsc#1252933 * bsc#1252934 * bsc#1252935
Code beautifiers expose credentials from banks, govt, tech orgs
2025-11-25 12:01:20
Thousands of credentials, authentication keys, and configuration data impacting organizations in sensitive sectors have been sitting in publicly accessible JSON snippets submitted to the JSONFormatter...
Avec Titan, Gluware coordonne les agents IA
2025-11-25 11:59:45
Lorsque Jeff Gray et Olivier Huynh Van, co-fondateurs de Gluware (occupant respectivement les postes de CEO et de directeur scientifique), ont présenté (...)
Comment une cyberattaque a paralysé 23 000 professionnels de santé
2025-11-25 11:53:20
Une intrusion informatique a paralysé Weda, l'un des principaux logiciels médicaux français en mode SaaS, pendant quatre jours, forçant des milliers de praticiens à revenir au papier et au crayon.
The...
Snowflake rachète Select Star, spécialiste de la traçabilité des données
2025-11-25 11:43:13
Les projets IA nécessitent d'avoir les bonnes données. Dans ce cadre, Snowflake renforce encore les capacités d’Horizon Catalog, (...)
Threat Actors Exploiting Black Friday Shopping Hype – 2+ Million Attacks Recorded
2025-11-25 11:38:49
The 2025 Black Friday shopping season has become a prime hunting ground for cybercriminals, with threat actors recording over 2 million phishing attacks targeting online gamers and shoppers worldwide....
ToddyCat's New Hacking Tools Steal Outlook Emails and Microsoft 365 Access Tokens
2025-11-25 11:36:00
The threat actor known as ToddyCat has been observed adopting new methods to obtain access to corporate email data belonging to target companies, including using a custom tool dubbed TCSectorCopy.
"This...
WhatsApp closes loophole that let researchers collect data on 3.5B accounts
2025-11-25 11:30:10
A weak spot in WhatsApp's API allowed researchers to scrape data linked to 3.5 billion registered accounts, including profile photos and “about” text.
3 SOC Challenges You Need to Solve Before 2026
2025-11-25 11:30:00
2026 will mark a pivotal shift in cybersecurity. Threat actors are moving from experimenting with AI to making it their primary weapon, using it to scale attacks, automate reconnaissance, and craft hyper-realistic...
Hackers Hijack Blender 3D Assets to Deploy StealC V2 Data-Stealing Malware
2025-11-25 11:28:00
Cybersecurity researchers have disclosed details of a new campaign that has leveraged Blender Foundation files to deliver an information stealer known as StealC V2.
"This ongoing operation, active for...
Nominations Open For The Most Inspiring Women in Cyber Awards 2026
2025-11-25 11:22:56
Nominations are now open for the 2026 Most Inspiring Women in Cyber Awards! The deadline for entry is the 9th January 2026. We’re proud to be media supporters once again. The 2026 event is hosted...
Dartmouth College confirms data breach after Clop extortion attack
2025-11-25 11:12:19
Dartmouth College has disclosed a data breach after the Clop extortion gang leaked data allegedly stolen from the school's Oracle E-Business Suite servers on its dark web leak site. [...]
The Dual-Use Dilemma of AI: Malicious LLMs
2025-11-25 11:00:26
The line between research tool and threat creation engine is thin. We examine the capabilities of WormGPT 4 and KawaiiGPT, two malicious LLMs.
The post The Dual-Use Dilemma of AI: Malicious LLMs appeared...
CISA: Spyware and RATs used to target WhatsApp and Signal Users
2025-11-25 10:39:40
CISA warns that threat actors are actively using commercial spyware and RATs to target users of mobile messaging apps WhatsApp and Signal. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)...
Règlement DORA : la liste des prestataires IT critiques
2025-11-25 09:05:58
Une liste de 19 prestataires informatiques critiques a été annexée au règlement DORA. Orange et Capgemini en font partie.
The post Règlement DORA : la liste des prestataires IT critiques appeared...
BPCE oriente sa stratégie IA sur l'agentique
2025-11-25 08:58:39
Dix-huit mois après le lancement de son programme IA dans le cadre du projet stratégique Vision 2030 du groupe, BPCE fait un point d'étape (...)
SitusAMC confirms data breach affecting customer information
2025-11-25 08:26:21
SitusAMC says a recent breach exposed customer data; the real-estate financing firm provides back-office services for banks and lenders. SitusAMC, a leading real-estate financing services provider for...
CISA Warns of Active Spyware Campaigns Hijacking High-Value Signal and WhatsApp Users
2025-11-25 06:42:00
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday issued an alert warning of bad actors actively leveraging commercial spyware and remote access trojans (RATs) to target users...
Multiples vulnérabilités dans Progress MOVEit Transfer (25 novembre 2025)
25/11/2025
De multiples vulnérabilités ont été découvertes dans Progress MOVEit Transfer. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une falsification...
Vulnérabilité dans les produits PrimX (25 novembre 2025)
25/11/2025
Une vulnérabilité a été découverte dans les produits PrimX. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.
Vulnérabilité dans Kaspersky Security Center (25 novembre 2025)
25/11/2025
Une vulnérabilité a été découverte dans Kaspersky Security Center. Elle permet à un attaquant de provoquer une atteinte à l'intégrité des données.