Toute l'actualité de la Cybersécurité
Pourquoi OpenAI doit trouver 207 milliards $ pour survivre, selon HSBC
2025-11-26 11:56:37
Le coût exorbitant des centres de données va forcer OpenAI à chercher 207 milliards $ de financement supplémentaires d'ici 2030, selon l'analyse de HSBC.
The post Pourquoi OpenAI doit trouver 207...
Indirect-Shellcode-Executor Tool Exploits Windows API Vulnerability to Evade AV and EDR
2025-11-26 11:56:05
A new offensive security tool developed in Rust is demonstrating a novel method for bypassing modern Endpoint Detection and Response (EDR) systems by exploiting an overlooked behavior in the Windows API....
ASUS warns of new critical auth bypass flaw in AiCloud routers
2025-11-26 11:41:00
ASUS has released new firmware to patch nine security vulnerabilities, including a critical authentication bypass flaw in routers with AiCloud enabled. [...]
Emergency alerts go dark after cyberattack on OnSolve CodeRED
2025-11-26 11:17:17
Cyberattack on OnSolve CodeRED disrupted emergency alert services for U.S. state, local, police, and fire agencies. A cyberattack on the OnSolve CodeRED alert platform disrupted emergency notification...
Fake Battlefield 6 Downloads Are Spreading Malware, Stealing Player Data
2025-11-26 11:14:13
Bitdefender Labs found fake Battlefield 6 pirated copies and trainers spreading aggressive malware, C2 agents, and infostealers, designed to steal player data and crypto-wallets.
Wallix acquiert Malizen, spécialiste de l'UBA
2025-11-26 11:12:58
Wallix vient d'acquérir Malizen, une start-up française spécialisée dans l'analyse du comportement des utilisateurs (User Behaviour (...)
Webinar: Learn to Spot Risks and Patch Safely with Community-Maintained Tools
2025-11-26 11:10:00
If you're using community tools like Chocolatey or Winget to keep systems updated, you're not alone. These platforms are fast, flexible, and easy to work with—making them favorites for IT teams. But...
Chrome Extension Caught Injecting Hidden Solana Transfer Fees Into Raydium Swaps
2025-11-26 11:10:00
Cybersecurity researchers have discovered a new malicious extension on the Chrome Web Store that's capable of injecting a stealthy Solana transfer into a swap transaction and transferring the funds to...
Dell dopé par la demande de serveurs IA
2025-11-26 11:08:45
Porté par une demande pour ses serveurs équipés de puces Nvidia, Dell relève ses perspectives annuelles malgré des tensions sur le coût des composants.
The post Dell dopé par la demande de serveurs...
Microsoft dévoile son SLM agentique Fara-7B pour PC locaux
2025-11-26 11:06:33
Microsoft intègre davantage l'IA agentique dans les PC grâce à Fara-7B, un modèle capable d'automatiser entièrement des (...)
The Golden Scale: 'Tis the Season for Unwanted Gifts
2025-11-26 11:00:30
Unit 42 shares further updates of cybercrime group Scattered LAPSUS$ Hunters. Secure your organization this holiday season.
The post The Golden Scale: 'Tis the Season for Unwanted Gifts appeared...
How the AI Supply Chain Evolved From Transistors to Frontier Models
2025-11-26 11:00:03
This article traces the evolution of the AI supply chain—from the invention of the transistor to today's GPU-driven frontier models—explaining the essential inputs, scaling laws, semiconductor ecosystem,...
Microsoft Details Security Risks of New Agentic AI Feature
2025-11-26 10:30:57
In recent weeks, discussions have centered on Microsoft’s experimental agentic AI feature, which has introduced both advanced task automation and significant security concerns. This agentic capability,...
Etat de la menace informatique sur les équipements mobiles
2025-11-26 10:11:28
Etat de la menace informatique sur les équipements mobiles
anssiadm
mer 26/11/2025 - 10:11
L'omniprésence, l'usage systématique des smartphones et la multiplication...
Developers Expose Passwords and API Keys via Online Tools like JSONFormatter
2025-11-26 10:06:06
Developers are unintentionally exposing passwords, API keys, and sensitive data in production information into online formatting tools such as JSONFormatter and CodeBeautify. New research from watchTowr...
Getronics se relance en misant sur la sécurité et le digital workplace
2025-11-26 10:05:07
Après des difficultés rencontrées il y a quelques années suite à une série d’acquisitions (Pomeroy aux (...)
How Big Tech Built the Modern AI Supply Chain
2025-11-26 10:00:05
This article maps the modern AI supply chain—from chips to cloud to foundation models—examining how market concentration, vertical integration, and strategic alliances shape frontier AI development,...
Old tech, new vulnerabilities: NTLM abuse, ongoing exploitation in 2025
2025-11-26 10:00:02
This article covers NTLM relay, credential forwarding, and other NTLM-related vulnerabilities and cyberattacks discovered in 2025.
USN-7889-3: Linux kernel (Real-time) vulnerabilities
2025-11-26 09:41:47
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Media drivers;
...
Dissecting a new malspam chain delivering Purelogs infostealer
2025-11-26 09:02:14
The AISI Research Center’s Cybersecurity Observatory publishes the report “Dissecting a new malspam chain delivering Purelogs infostealer” – November 25, 2025. Organizational and...
As AI Accelerates, Regulators Race to Understand a Rapidly Integrating Supply Chain
2025-11-26 09:00:05
This paper maps the modern AI supply chain, analyzing 25 leading companies, 300 relationships, major mergers, and antitrust actions to show how vertical integration, strategic partnerships, and government...
USN-7889-2: Linux kernel (FIPS) vulnerabilities
2025-11-26 08:54:05
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Media drivers;
...
USN-7879-3: Linux kernel vulnerabilities
2025-11-26 08:34:26
It was discovered that improper initialization of CPU cache memory could
allow a local attacker with hypervisor access to overwrite SEV-SNP guest
memory resulting in loss of data integrity. (CVE-2024-36331)
Several...
RomCom Uses SocGholish Fake Update Attacks to Deliver Mythic Agent Malware
2025-11-26 08:28:00
The threat actors behind a malware family known as RomCom targeted a U.S.-based civil engineering company via a JavaScript loader dubbed SocGholish to deliver the Mythic Agent.
"This is the first time...
HashJack: New Attack Technique Tricks AI Browsers Using a Simple ‘#'
2025-11-26 08:11:46
Security researchers at Cato CTRL have discovered a new indirect prompt injection technique called HashJack, which weaponises legitimate websites to manipulate AI browser assistants. The attack conceals...
NTLM Relaying to HTTPS
2025-11-26 08:00:00
NTLM is the legacy authentication protocol in Windows environment. In the past few years, I've had the opportunity to write on this blog about NTLM Relaying to DCOM (twice), to AD CS (ESC11) and to MSSQL....
Inside My ,000 Homelab: How I Rebuilt Big Tech Services in a Tiny Rack
2025-11-26 07:13:22
Homelab development is a hobby that people who are very much into IT and sometimes non-IT tinkerers take up. In the blog below, I will list out what exactly a homelab is. Why is it somewhat necessary...
The TechBeat: How TempAI's Copilot Supports Sales Teams in Real Time (11/26/2025)
2025-11-26 07:10:57
How are you, hacker?
🪐Want to know what's trending right now?:
The Techbeat by HackerNoon has got you covered with fresh content from our trending stories of the day! Set email preference here.
...
Tor Adopts Galois Onion Encryption to Strengthen Defense Against Online Attacks
2025-11-26 06:44:42
The Tor Project has announced a significant cryptographic overhaul, retiring its legacy relay encryption algorithm after decades of service and replacing it with Counter Galois Onion (CGO). This research-backed...
Microsoft Teams Introduces New Feature to Boost Performance and Startup Speed
2025-11-26 05:32:09
Microsoft has announced a significant update to the Teams Desktop Client for Windows that aims to enhance performance and reduce startup times for calling features. The update, detailed in the Message...
Building AxonerAI: A Rust Framework for Agentic Systems
2025-11-26 05:31:00
AxonerAI is a Rust-based agentic framework with blazing fast speed which comes with the below features: standalone binaries (4.0MB), embedded systems, and high-concurrency production workloads. It delivers...
We Built Dashboards for the Business. Then the Cloud Bill Built One for Us.
2025-11-26 05:30:31
We discovered our BI architecture was quietly burning money.
Two structural fixes - splitting giant 500M-row models into optimized pieces and replacing real-time DirectQuery with a 5-minute hybrid import...
Iran Exploits Cyber Domain to Aid Kinetic Strikes
2025-11-26 05:30:00
The country deploys "cyber-enabled kinetic targeting" prior to — and following — real-world missile attacks against ships and land-based targets.
Designing for Digital Twins: The Next Frontier of Product Paradigms
2025-11-26 05:26:33
With Google's new AP2 protocol enabling agent-driven payments, product leaders must rethink design beyond human interfaces. Building for this new era means prioritizing agent-readable systems, aligning...
Why SaaS Products Feel Harder to Use Every Year
2025-11-26 05:25:41
I logged in to add a task. Got 14 fields, 6 dropdowns, and a 'Quick add' button that opened 8 more options. Closed the tab. Opened a text file instead. Text files don't have product roadmaps – that's...
Prompt Engineering Will Always Matter (Just Not How You Think)
2025-11-26 05:23:35
LLMs aren't killing prompt engineering; they're making it deeper. The real game is context engineering: structuring goals, constraints, and knowledge to guide reasoning.
Stop Hacking SQL: How to Build a Scalable Query Automation System
2025-11-26 05:21:41
This article explains how to replace ad-hoc SQL jobs with a small, spec-driven system.
It outlines the common failure modes (UI-only jobs, copy-paste SQL, no validation/observability), defines the target...
Multi-Threading in Spring Boot with ExecutorService & CompletableFuture
2025-11-26 05:20:13
Most beginners understand “threads”, but they struggle to visualize how multithreading works in Spring Boot.
ASUS MyASUS Flaw Lets Hackers Escalate to SYSTEM-Level Access
2025-11-26 04:59:06
ASUS has disclosed a high security vulnerability in its MyASUS application that could allow local attackers to escalate their privileges to SYSTEM-level access on affected Windows devices. The flaw, tracked...
Ubuntu 25.04: MuPDF Critical Denial of Service Vulnerabilities USN-7888-1
2025-11-26 04:37:40
Several security issues were fixed in MuPDF.
FBI Reports 2M in ATO Fraud as Researchers Cite Growing AI Phishing and Holiday Scams
2025-11-26 04:29:00
The U.S. Federal Bureau of Investigation (FBI) has warned that cybercriminals are impersonating financial institutions with an aim to steal money or sensitive information to facilitate account takeover...
YAMAGoya – Real-Time Threat Monitoring Tool Using Sigma and YARA Rules
2025-11-26 03:39:44
Modern cybersecurity faces an escalating challenge: fileless malware and obfuscation techniques increasingly bypass traditional file-based detection methods. To address this growing threat, JPCERT/CC...
Cobalt Strike 4.12 Released With New Process Injection, UAC Bypasses and Malleable C2 Options
2025-11-26 03:38:32
New release brings significant improvements to the penetration testing framework, introducing enhanced GUI features, REST API support, and powerful new evasion techniques that security researchers can...
Apache Syncope Vulnerability Allows Attacker to Access Internal Database Content
2025-11-26 03:36:44
A significant issue has been disclosed that affects multiple versions of the identity and access management platform. The flaw stems from a hardcoded default encryption key used for password storage,...
Fedora 41: Chromium High Type Confusion Threats CVE-2025-13223
2025-11-26 01:22:21
Update to 142.0.7444.175 * High CVE-2025-13223: Type Confusion in V8 * High CVE-2025-13224: Type Confusion in V8
Fedora 41: Advisory for sudo-rs CVE-2025-64170 Moderate Auth Bypass
2025-11-26 01:22:20
Update to version 0.2.10. This release includes fixes for CVE-2025-64170 and CVE-2025-64517.
Fedora 42: docker-buildx Critical Update for Memory Exhaustion Issues
2025-11-26 01:06:10
Update to release v0.30.1 Upstream fix Update to release v0.30.0 Resolves: rhbz#2413270 Resolves: rhbz#2407614, rhbz#2407881, rhbz#2408158, rhbz#2409066
Fedora 42 sudo-rs Important Auth Bypass CVE-2025-64517 2025-4388808bbf
2025-11-26 01:06:08
Update to version 0.2.10. This release includes fixes for CVE-2025-64170 and CVE-2025-64517.
Fedora 43: Advisory 2025-264853458b for Moderate Unbounded Allocation Risk
2025-11-26 00:52:03
Update to release v0.26.1 Update to release v0.26.0 Resolves: rhbz#2412681, rhbz#2412761 Upstream new features and fixes dependency override for moby/policy-helper needed for license (default