Toute l'actualité de la Cybersécurité
New Android Malware Frogblight Mimics as Official Government Websites to Collect SMS and Device Details
2025-12-15 15:52:27
A sophisticated Android banking Trojan named Frogblight has emerged as a significant threat targeting Turkish users, employing deceptive tactics to steal banking credentials and personal data. Discovered...
Pig butchering is the next “humanitarian global crisis” (Lock and Code S06E25)
2025-12-15 15:39:34
This week on the Lock and Code podcast, we speak with Erin West about pig butchering scams and the efforts to stop this new, global crisis.
Flaw in Hacktivist Ransomware Lets Victims Decrypt Own Files
2025-12-15 15:33:15
A new version of VolkLocker, wielded by the pro-Russia RaaS group CyberVolk, has some key enhancements but one fatal flaw.
NVIDIA Merlin Vulnerabilities Let Attackers Execute Malicious Code and Trigger DoS Condition
2025-12-15 15:19:14
Security patches for the Merlin framework addressing two high-severity deserialization vulnerabilities. That could allow attackers to execute arbitrary code and launch denial-of-service attacks on affected...
Apache StreamPark Vulnerability Let Attackers Access Sensitive Data
2025-12-15 15:17:06
A critical security vulnerability has been discovered in Apache StreamPark that could allow attackers to decrypt sensitive information and gain unauthorized system access. The vulnerability stems from...
Critical pgAdmin Vulnerability Let Attackers Execute Shell Commands on the Host
2025-12-15 15:13:04
A severe security vulnerability has been uncovered in pgAdmin 4, the popular open-source PostgreSQL database management tool. Tracked as CVE-2025-13780, this critical flaw allows attackers to bypass security...
Microsoft Recent Update Breaks VPS Access for Windows Subsystem for Linux Users
2025-12-15 15:10:16
Microsoft’s October 2025 non-security update is disrupting virtual private server (VPS) access for Windows Subsystem for Linux (WSL) users, particularly those relying on third-party VPNs for enterprise...
USN-7932-1: libsoup vulnerability
2025-12-15 15:05:29
It was discovered libsoup incorrectly handled memory when handling specific
HTTP/2 read and cancel sequences. An attacker could possibly use this issue
to cause a denial of service.
2025's Top Phishing Trends and What They Mean for Your Security Strategy
2025-12-15 15:05:15
Phishing attacks in 2025 increasingly moved beyond email, with attackers using social platforms, search ads, and browser-based techniques to bypass MFA and steal sessions. Push Security outlines key phishing...
Atlassian fixed maximum severity flaw CVE-2025-66516 in Apache Tika
2025-12-15 15:03:44
Atlassian released security updates to address dozens of flaws, including multiple critical-severity vulnerabilities. Atlassian addressed dozens of vulnerabilities impacting its products, including multiple...
Bpifrance et Nuneum lancent un accélérateur pour les petites SSII
2025-12-15 15:03:18
Porté par la banque publique d’investissement Bpifrance et le syndicat des SSII et des éditeurs de logiciels Numeum, Accélérateur (...)
Top 25 des faiblesses logicielles : le casse-tête méthodologique de MITRE
2025-12-15 15:02:21
MITRE a à nouveau fait évoluer la méthodologie de son top des faiblesses logicielles pour limiter la remontée d'éléments de trop haut niveau.
The post Top 25 des faiblesses logicielles : le casse-tête...
La DGSI resigne avec Palantir pour 3 ans
2025-12-15 14:42:05
Depuis les attentats de 2015, la France a renforcé les capacités de surveillance terroriste de la Direction Générale de la (...)
Microsoft: Recent Windows updates break VPN access for WSL users
2025-12-15 14:34:31
Microsoft says that recent Windows 11 security updates are causing VPN networking failures for enterprise users running Windows Subsystem for Linux. [...]
FreePBX Patches Critical SQLi, File-Upload, and AUTHTYPE Bypass Flaws Enabling RCE
2025-12-15 14:32:00
Multiple security vulnerabilities have been disclosed in the open-source private branch exchange (PBX) platform FreePBX, including a critical flaw that could result in an authentication bypass under certain...
Wireshark 4.6.2 Released With Fix for Vulnerabilities, and Updated Protocol Support
2025-12-15 14:20:34
Wireshark 4.6.2, the latest version of the leading open-source network protocol analyzer, addresses critical crash vulnerabilities and plugin compatibility issues. This maintenance release prioritizes...
Unpacking VStarcam firmware for fun and profit
2025-12-15 14:19:22
One important player in the PPPP protocol business is VStarcam. At the very least they've already accumulated an impressive portfolio of security issues. Like exposing system configuration including...
New ARTEMIS AI Agent Outperformed 9 out of 10 Human Penetration Testers in Detecting Vulnerabilities
2025-12-15 13:58:31
Researchers from Stanford University, Carnegie Mellon University, and Gray Swan AI have unveiled ARTEMIS, a sophisticated AI agent framework that demonstrates remarkable competitive capabilities against...
Mastercard's Deputy Chief Security Officer Alissa (Dr Jay) Abdullah, PhD on AI & Cybersecurity
2025-12-15 13:47:01
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Dec. 15, 2025 –Watch the YouTube video Thanks to artificial intelligence (AI), cybercrime and, as a result, cybersecurity...
Next Gen Awareness Training: KnowBe4 Unveils Custom Deepfake Training
2025-12-15 13:43:30
In today’s world, it can be hard for awareness training to keep up with the modern threats that are constantly emerging. Today, KnowBe4 has announced a new custom deepfake training experience to...
PayPal closes loophole that let scammers send real emails with fake purchase notices
2025-12-15 13:41:57
Scammers exploited a PayPal subscriptions feature to send legitimate emails from service@paypal.com, using fake purchase notifications to push tech support scams.
16TB of MongoDB Database Exposes 4.3 Billion Lead Gen Records
2025-12-15 13:36:45
Cybersecurity researchers discovered an unsecured 16TB database exposing 4.3 billion professional records, including names, emails, and LinkedIn data. Learn what happened, why this massive data leak enables...
Des correctifs officieux réparent une faille critique dans RasMan de Windows
2025-12-15 13:21:49
Microsoft se dit conscient du problème, mais il estime que les clients ayant appliqué les correctifs de sécurité du mois d’octobre (...)
Mitigating malware and ransomware attacks
2025-12-15 13:04:57
How to defend organisations against malware or ransomware attacks.
New Android Malware Mimic as mParivahan and e-Challan Attacking Android Users to Steal Login Credentials
2025-12-15 12:58:32
A sophisticated Android malware campaign named NexusRoute is actively targeting Indian citizens by impersonating government services. The operation uses fake versions of the official mParivahan and e-Challan...
USN-7929-1: usbmuxd vulnerability
2025-12-15 12:54:55
It was discovered that usbmuxd incorrectly handled certain paths received
with the SavePairRecord command. A local attacker could possibly use this
issue to delete and write files named *.plist in arbitrary...
Hamas Linked Hackers Using AshTag Malware Against Diplomatic Offices
2025-12-15 12:51:10
New report by Unit 42 reveals the Hamas-linked Ashen Lepus (WIRTE) group is using the AshTag malware suite to target Middle Eastern diplomatic and government entities with advanced, hidden tactics.
Google links more Chinese hacking groups to React2Shell attacks
2025-12-15 12:46:50
Over the weekend, Google's threat intelligence team linked five more Chinese hacking groups to attacks exploiting the maximum-severity "React2Shell" remote code execution vulnerability. [...]
Critical Plesk Vulnerability Allows Plesk Users to Gain Root-Level Access
2025-12-15 12:44:35
A severe security vulnerability has been discovered in Plesk for Linux that could allow users to gain root access on affected servers. The flaw, tracked as CVE-2025-66430, exists within Plesk’s...
⚡ Weekly Recap: Apple 0-Days, WinRAR Exploit, LastPass Fines, .NET RCE, OAuth Scams & More
2025-12-15 12:24:00
If you use a smartphone, browse the web, or unzip files on your computer, you are in the crosshairs this week. Hackers are currently exploiting critical flaws in the daily software we all rely on—and...
Data breaches: guidance for individuals and families
2025-12-15 12:08:52
How to protect yourself from the impact of data breaches
A Browser Extension Risk Guide After the ShadyPanda Campaign
2025-12-15 11:55:00
In early December 2025, security researchers exposed a cybercrime campaign that had quietly hijacked popular Chrome and Edge browser extensions on a massive scale.
A threat group dubbed ShadyPanda spent...
New Clickfix Attack Exploits finger.exe Tool to Trick Users into Execute Malicious Code
2025-12-15 11:44:19
A novel social engineering campaign, dubbed ClickFix, has been identified, which cleverly employs an old Windows command-line tool, finger.exe, to install malware on victims’ systems. This attack...
Intégration de données : les hyperscalers s'imposent en vase clos
2025-12-15 11:35:12
AWS, Google et Microsoft se sont fait une place sur le marché de l'intégration de données... avec des offres largement centrées sur leurs écosystèmes respectifs.
The post Intégration de données...
U.S. fintech and data services firm 700Credit suffered a data breach impacting at least 5.6 million people
2025-12-15 11:23:02
A data breach at 700Credit exposed the names, addresses, dates of birth, and Social Security numbers of at least 5.6 million people. 700Credit is a U.S. fintech and data services company that provides...
Coupang CEO Steps Down After Data Breach Hits 33.7 Million Users
2025-12-15 11:22:06
South Korean e-commerce giant Coupang faces intense scrutiny after CEO Park Dae-jun resigns over a data breach that exposed 33.7 million customer accounts. Read about the police raids, US lawsuit, and...
French Interior Ministry confirms cyberattack on email servers
2025-12-15 11:06:10
The French Interior Minister confirmed on Friday that the country's Ministry of the Interior was breached in a cyberattack that compromised e-mail servers. [...]
ServiceNow en passe d'acquérir Armis pour 7 Md$
2025-12-15 10:49:59
La période de fin d’année est souvent propice aux emplettes. ServiceNow aurait, selon Bloomberg, jeté son dévolu (...)
The Paradox of the 3.4 Million: Why You Can't Find a Job in a “Desperate” Industry
2025-12-15 10:49:51
** Not a Member?? CLICK HERE to read Full-Story**Continue reading on InfoSec Write-ups »
How I Bypassed Voucher Limits Using a Race Condition Vulnerability
2025-12-15 10:49:46
So last night I played a CTF. Of course, it was free and with no prize. I know you are not here to listen my bla bla bla about my CTF…Continue reading on InfoSec Write-ups »
How a Simple SSTI Turned Into ,000 and RCE
2025-12-15 10:49:41
📌 Free LinkContinue reading on InfoSec Write-ups »
Why Monitoring Outbound Connections Is the Fastest Way to Detect a Compromised Linux Server
2025-12-15 10:49:38
Most Linux security monitoring focuses on inbound activity: SSH attempts, firewall rules, authentication failures, exposed services.That makes sense — until you investigate real-world compromises.In...
I Finally Accepted That I'm Not Everyone's Cup of Tea — And That Changed Everything ☕
2025-12-15 10:49:30
I Finally Accepted That I'm Not Everyone's Cup of Tea — And That Changed Everything ☕For a long time, I thought something was wrong with me.Why didn't everyone like me? Why did some people...
I Didn't Hack Anything — The App Gave Me Admin Access by Itself
2025-12-15 10:49:26
Hey there!😁Continue reading on InfoSec Write-ups »
Beyond Credentials: The Hidden Ecosystem of InfoStealers and the Log Economy
2025-12-15 10:49:22
Imagine a potential scenario that would keep security engineers up at night. An employee in your organization adheres to all the rules. The organization uses a 16-character complex password and multi-factor...
Command and Control & Tunnelling via DNS
2025-12-15 10:49:12
An attacker has compromised a server. They try to connect out, but every port is blocked by a restrictive firewall…Except one: Port 53 (DNS).For most networks, DNS is the one protocol that is always...
Command and Control & Tunnelling via ICMP
2025-12-15 10:49:09
ICMP tunneling is a technique that uses the ICMP (Internet Control Message Protocol) to send data between two computers in a way that hides the data inside regular network traffic, like ping requests...
Precious HTB Machine Walk-Though!
2025-12-15 10:49:09
Executive SummaryContinue reading on InfoSec Write-ups »
Gigamon présente 5 tendances de la cybersécurité pour 2026 : la visibilité devient un facteur critique
2025-12-15 10:44:06
La cybercriminalité ne dort jamais. Et il serait illusoire d'espérer une amélioration l'an prochain, d'autant que les attaques pilotées par l'IA continueront d'accentuer la pression. Dans...
Kaspersky ICS CERT, la branche de recherche en cybersécurité industrielle de Kaspersky, partage ses tendances et perspectives pour le secteur en 2026
2025-12-15 10:41:12
L’année 2025 a été marquée par une pression constante sur les environnements industriels, avec une complexification croissante des menaces mondiales. Le Kaspersky Security Bulletin révèle...
SHADOW IA : Comment sécuriser votre SI face à l'IA invisible
2025-12-15 10:36:18
68% des employés qui utilisent des outils comme ChatGPT ou d'autres IA génératives le font à l'insu de leurs responsables directs ou sans en informer leur DSI. Tout comme le shadow IT, le shadow...
Inside a Low-Cost, Serverless Data Lineage System Built on AWS
2025-12-15 10:18:29
A real-time data/ML platform builder builds a tool to help teams find out what's wrong with an attribute. The tool is serverless, low-maintenance, and queries terabytes in seconds. It's fast when it reads...
Comment une campagne de phishing utilise « Evilginx » pour cibler les universités américaines
2025-12-15 10:12:11
Une étude sur le DNS met en lumière plus de 70 domaines utilisés dans une campagne de contournement de l'authentification multifactorielle (MFA) qui a duré plusieurs mois et ciblé des établissements...
ICO Issues Post Office Public Reprimand Instead of Fine Over Data Breach
2025-12-15 10:06:36
The post office has once again come under scrutiny after avoiding a fine for a data breach. In the data breach, more than 500 former post office workers who were wrongfully convicted during the Horizon...
Automating Content Tagging in Laravel Using OpenAI Embeddings and Cron Jobs
2025-12-15 10:04:14
AI embeddings can automatically determine the topic of a blog post and assign the appropriate tags without the need for human intervention. This guide demonstrates how to create a complete Laravel AI...
SantaStealer is Coming to Town: A New, Ambitious Infostealer Advertised on Underground Forums
2025-12-15 10:02:50
SummaryRapid7 Labs has identified a new malware-as-a-service information stealer being actively promoted through Telegram channels and on underground hacker forums. The stealer is advertised under the...
CERT-FR recommends completely deactivate Wi-Fi whenever it's not in use
2025-12-15 10:01:01
The CERT-FR (French Computer Emergency Response Team) is advising iPhone and Android users to fully disable Wi-Fi to reduce risk. CERT-FR warns iPhone and Android users to fully disable Wi-Fi to reduce...
Critical React2Shell Vulnerability (CVE-2025-55182) Analysis: Surge in Attacks Targeting RSC-Enabled Services Worldwide
2025-12-15 09:44:38
Torrance, United States / California, December 12th, 2025, CyberNewsWire In December 2025, CVE-2025-55182 (React2Shell), a vulnerability in React…
From Generative AI to Agentic AI: A Reality Check
2025-12-15 09:35:17
Opens with a 3 AM failure in a “fully autonomous” deployment to show why agentic AI is hard in practice
Clarifies the difference between reactive generative AI and goal-driven agentic AI using the...
Phantom Stealer Spread by ISO Phishing Emails Hitting Russian Finance Sector
2025-12-15 09:24:00
Cybersecurity researchers have disclosed details of an active phishing campaign that's targeting a wide range of sectors in Russia with phishing emails that deliver Phantom Stealer via malicious ISO optical...
What I Learned from Scanning Dozens of Small Government Websites (and Why the Same Bugs Keep Coming)
2025-12-15 09:23:00
I built an open-source scanner and pointed it at small U.S. government websites. The same five security mistakes kept showing up: weak HTTPS, no CSP, leaky test files, insecure cookies and outdated JS...
The AI Agent Reality Check: What Actually Works in Production (And What Doesn't)
2025-12-15 09:16:39
Only 51% of companies have AI agents in production. 78% say they have "active plans" to deploy agents soon. The problem isn't capability, it's that building reliable agents is hard.
Why Your Product Is Scaling Faster Than Your Story Can Handle
2025-12-15 09:10:49
When a company scales, the product's narrative (its purpose, story and meaning) often lags behind its technical growth, creating narrative debt. This debt, like technical debt, compounds silently, leading...
Microsoft: December security updates cause Message Queuing failures
2025-12-15 09:04:59
Microsoft has confirmed that the December 2025 security updates are breaking Message Queuing (MSMQ) functionality, affecting enterprise applications and Internet Information Services (IIS) websites. [...]...
Cheops conjugue souveraineté, sécurité et IA
2025-12-15 09:04:24
« C'est la première fois que Cheops réalise un Tour de France dans 11 villes avec ses partenaires technologiques (ndlr : (...)
Google double la surveillance de Gemini dans Chrome
2025-12-15 08:55:31
Après avoir reconnu que son agent de navigation Chrome alimenté par Gemini pouvait être amené à effectuer des actions (...)
SASE Meets Edge AI: Why Security Will Be Decided in the First Millisecond
2025-12-15 08:44:11
Enterprise security is shifting to the edge, where the first millisecond of every connection determines trust, performance, and risk. Traditional SASE cannot keep pace with encrypted traffic, global latency,...
What I Learned from Giving People a Choice in Ride Types
2025-12-15 08:30:19
How I redesigned a ride-hailing order form for 360M users inside a 7-year-old monolith. Lessons on legacy code, user habits, and breaking production.
The Full-Stack Artist: How L.S. Toy Turns Economics, Law, and Surveillance into Creative Code
2025-12-15 08:29:59
L.S. Toy is a London-based conceptual artist who merges economics, legality, currency systems, and conflict architecture into procedural artworks. With a dual background in Economics (LSE) and Fine Art...
Cyber deception trials: what we've learned so far
2025-12-15 08:17:28
An update on the NCSC's trials to test the real-world efficacy of cyber deception solutions.
A week in security (December 8 – December 14)
2025-12-15 08:03:00
A list of topics we covered in the week of December 8 to December 14 of 2025
The TechBeat: How a Demo Page for my Abandoned Open Source SDK Accidentally Found Product Market Fit (12/15/2025)
2025-12-15 07:11:00
How are you, hacker?
🪐Want to know what's trending right now?:
The Techbeat by HackerNoon has got you covered with fresh content from our trending stories of the day! Set email preference here.
...
Frogblight threatens you with a court case: a new Android banker targets Turkish users
2025-12-15 07:00:57
Kaspersky researchers have discovered a new Android banking Trojan targeting Turkish users and posing as an app for accessing court case files via an official government webpage. The malware is being...
VolkLocker Ransomware Exposed by Hard-Coded Master Key Allowing Free Decryption
2025-12-15 05:33:00
The pro-Russian hacktivist group known as CyberVolk (aka GLORIAMIST) has resurfaced with a new ransomware-as-a-service (RaaS) offering called VolkLocker that suffers from implementation lapses in test...
25 Things to Leave Behind in 2025 for Investor Decks
2025-12-15 05:13:36
Venture capital rebounded in 2025, but the seed market is more selective than ever. After reviewing thousands of pitch decks, here are the top mistakes to avoid.
Experiment Log: Validating Echo-Stabilized Recursive Routing on IBM Heron
2025-12-15 05:11:05
This report documents the successful deployment of a quantum memory architecture that combines dynamical decoupling (Hahn Echo) with mid-circuit qubit recycling. The experiment was executed on the IBM...
Fedora 43: Firefox Update 2025-f20b9f321d - Aarch64 Crashes Fixed
2025-12-15 01:28:41
Fixed aarch64 crashes Updated to latest upstream (146.0)
Fedora 42: Firefox Aarch64 Crash Fix Advisory 2025-4984e74557
2025-12-15 01:10:47
Fixed aarch64 crashes Updated to latest upstream (146.0)
Chromium Medium Problems in Password Manager and Toolbar for Fedora 42
2025-12-15 01:10:47
Update to 143.0.7499.109 * High: Under coordination * Medium CVE-2025-14372: Use after free in Password Manager * Medium CVE-2025-14373: Inappropriate implementation in Toolbar
Debian 11: ruby-sidekiq DLA-4407-1 CVE-2021-30151 XSS Risk
2025-12-15 00:50:16
ruby-sidekiq, a simple, efficient background processing for Ruby, had a couple of vulnerabilities as follows: CVE-2021-30151 Sidekiq allows XSS via the queue name of the live-poll feature when Internet...
Debian 11: ruby-git Critical Command Injection Vulnerabilities DLA-4406-1
2025-12-15 00:46:04
A couple of vulnerabilities were reported against ruby-git, a Ruby interface to the Git revision control system, that could lead to a command injection and execution of an arbitrary ruby code by having...
Vulnérabilité dans strongSwan (15 décembre 2025)
15/12/2025
Une vulnérabilité a été découverte dans StrongSwan. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
Multiples vulnérabilités dans les produits Apple (15 décembre 2025)
15/12/2025
De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation...
Multiples vulnérabilités dans Roundcube (15 décembre 2025)
15/12/2025
De multiples vulnérabilités ont été découvertes dans Roundcube. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et une injection de code indirecte à...
Multiples vulnérabilités dans les produits Elastic (15 décembre 2025)
15/12/2025
De multiples vulnérabilités ont été découvertes dans les produits Elastic. Elles permettent à un attaquant de provoquer une injection de code indirecte à distance (XSS) et un contournement de la...