Toute l'actualité de la Cybersécurité
Mustang Panda Deploys SnakeDisk USB Worm to Deliver Yokai Backdoor on Thailand IPs
2025-09-15 18:45:00
The China-aligned threat actor known as Mustang Panda has been observed using an updated version of a backdoor called TONESHELL and a previously undocumented USB worm called SnakeDisk.
"The worm only...
FinWise insider breach impacts 689K American First Finance customers
2025-09-15 18:18:10
FinWise Bank is warning on behalf of corporate customers that it suffered a data breach after a former employee accessed sensitive files after the end of their employment. [...]
Fairmont Federal Credit Union 2023 data breach impacted 187K people
2025-09-15 18:10:25
Fairmont Federal Credit Union alerts 187K people that a 2023 breach exposed personal, financial, and medical data. Fairmont Federal Credit Union (FFCU) is a not-for-profit financial cooperative in West...
New Phoenix attack bypasses Rowhammer defenses in DDR5 memory
2025-09-15 18:01:24
Academic researchers have devised a new variant of Rowhammer attacks that bypass the latest protection mechanisms on DDR5 memory chips from SK Hynix. [...]
Microsoft: Exchange 2016 and 2019 reach end of support in 30 days
2025-09-15 17:04:05
Microsoft has reminded administrators again that Exchange 2016 and Exchange 2019 will reach the end of extended support next month and has provided guidance for decommissioning outdated servers. [...]...
Supporting Rowhammer research to protect the DRAM ecosystem
2025-09-15 17:01:00
Posted by Daniel MoghimiRowhammer is a complex class of vulnerabilities across the industry. It is a hardware vulnerability in DRAM where repeatedly accessing a row of memory can cause bit flips in adjacent...
More Mozilla User-Agents, Please: a Deep Dive into an Inadvertent Disclosure Scanner
2025-09-15 16:34:00
Sensor Intel Series: September 2025 Trends
North Korea's Kimsuky Group Uses AI-Generated Military IDs in New Attack
2025-09-15 16:33:04
North Korea's Kimsuky hackers use AI-generated fake military IDs in a new phishing campaign, GSC warns, marking a…
Sidewinder APT Hackers Leverage Nepal Protests to Push Mobile and Windows Malware
2025-09-15 16:15:51
The eruption of widespread protests across Nepal in early September 2025 provided fertile ground for a sophisticated campaign orchestrated by the Sidewinder APT group. As demonstrators mobilized against...
Microsoft to force install the Microsoft 365 Copilot app in October
2025-09-15 15:59:23
Next month, Microsoft will begin automatically installing the Microsoft 365 Copilot app on Windows devices outside of the EEA region that have the Microsoft 365 desktop client apps. [...]
Threat Actors Leverage Several RMM Tools in Phishing Attack to Maintain Remote Access
2025-09-15 15:58:54
Cybercriminals are increasingly exploiting legitimate remote monitoring and management (RMM) tools to establish persistent access to compromised systems through sophisticated phishing campaigns. Joint...
Pro-Russian Hackers Attacking Key Industries in Major Countries Around The World
2025-09-15 15:45:02
A sophisticated pro-Russian cybercriminal group known as SectorJ149 (also identified as UAC-0050) has emerged as a significant threat to critical infrastructure worldwide, conducting targeted attacks...
L'attaque VMScape casse l'isolation des VM sur les puces AMD et Intel
2025-09-15 15:35:20
La faille Spectre sur les processeurs Intel et AMD continue à faire parler d’elle. En effet, des chercheurs de l’ETH Zurich ont fait (...)
Meet N2W: HackerNoon Company of the week
2025-09-15 15:30:00
N2W is the pioneer of cloud-native backup and recovery, built for AWS and Azure. With instant recovery in under 60 seconds, immutable backups, ransomware protection, and seamless cost-saving lifecycle...
Securing Linux Systems in the Age of AI: Unified Security Strategies for Modern Enterprises
2025-09-15 15:00:22
Introduction In the rapidly evolving landscape of cybersecurity, the integration of Artificial Intelligence (AI) has emerged as a transformative advancement. This is particularly true in the realm of...
Need Web Data? Here Are the 3 Methods Everyone's Using
2025-09-15 15:00:07
Need web data? APIs, SDKs, and MCP provide flexible, scalable, and automated ways to access, scrape, and integrate web data for scripts, backends, web apps, pipelines, or AI agents.
A Tale of Two SDLCs: Rise of the AI-Powered SDLC
2025-09-15 15:00:00
"The future is already here — it's just not evenly distributed." — William Gibson
4 Sure Ways to Display PDFs in Oracle Forms
2025-09-15 14:59:59
Oracle Forms can display PDFs through several approaches: launching external viewers with WebUtil, embedding browser controls or Java Beans, using OLE2 with Acrobat on Windows, or serving BLOBs from the...
USN-7751-1: SQLite vulnerability
2025-09-15 14:45:19
It was discovered that the FTS5 SQLite extension incorrectly calculated
certain array lengths. An attacker could use this issue to cause SQLite to
crash, resulting in a denial of service, or possibly...
USN-7750-1: JSON-XS vulnerability
2025-09-15 14:30:37
It was discovered that JSON-XS incorrectly handled parsing certain JSON
data. An attacker could possibly use this issue to cause JSON-XS to crash,
resulting in a denial of service.
Microsoft Fixes Windows 11 24H2 Audio Issue that Stops Bluetooth Headsets and Speakers Working
2025-09-15 14:22:10
Microsoft has resolved a significant audio bug in Windows 11 version 24H2 that prevented Bluetooth headsets and speakers from functioning correctly on certain devices. The issue, which first appeared...
USN-7749-1: Cpanel-JSON-XS vulnerability
2025-09-15 14:17:42
It was discovered that Cpanel-JSON-XS incorrectly handled parsing certain
JSON data. An attacker could possibly use this issue to cause
Cpanel-JSON-XS to crash, resulting in a denial of service.
Burger King Uses DMCA Complaint to Take Down Blog Post Detailing Security Flaws on Drive-Thru Systems
2025-09-15 14:04:58
Burger King has invoked the U.S. Digital Millennium Copyright Act (DMCA) to force the removal of a security researcher's blog post that exposed critical vulnerabilities in its drive-thru “Assistant”...
Stop waiting on NVD — get real-time vulnerability alerts now
2025-09-15 14:01:11
Vulnerabilities are discovered daily—but not every alert matters. SecAlerts pulls from 100+ sources for faster, real-time vuln alerts, filtering the noise so teams can patch quicker and stay secure....
Building Resilient IT Infrastructure From the Start
2025-09-15 14:00:00
CISA's Secure by Design planted a flag. Now, it's on those who care about safeguarding systems to pick up the torch and take action to secure systems throughout the enterprise.
USN-7747-1: RubyGems vulnerability
2025-09-15 13:51:47
It was discovered that RubyGems incorrectly handled certain regular
expressions. An attacker could possibly use this issue to cause RubyGems to
consume resources, leading to a regular expression denial...
Hackers Using Generative AI ‘ChatGPT' to Evade Anti-virus Defenses
2025-09-15 13:50:30
In mid-July 2025, a novel campaign emerged in which cybercriminals weaponized generative AI to fabricate deepfake images of government IDs, embedding them within spear-phishing messages that bypassed...
Microsoft fixes Windows 11 audio issues confirmed in December
2025-09-15 13:48:05
Microsoft has removed a safeguard hold that prevented some users from upgrading their systems to Windows 11 24H2 due to compatibility issues that were causing Bluetooth headsets and speakers to malfunction....
Sidewinder Hackers Weaponize Nepal Protests to Spread Cross-Platform Malware
2025-09-15 13:31:20
Sidewinder, a well-known advanced persistent threat (APT) group, has adapted its tactics to exploit the ongoing protests in Nepal, deploying a coordinated campaign of mobile and Windows malware alongside...
USN-7748-1: Vim vulnerabilities
2025-09-15 13:18:35
It was discovered that Vim incorrectly handled file extraction when opening
maliciously crafted zip or tar archives. An attacker could possibly use
this issue to create or overwrite files on the system...
BlackNevas Ransomware Encrypts Files and Steals Sensitive Data From Affected Companies
2025-09-15 13:16:36
The BlackNevas ransomware group has emerged as a significant threat since November 2024, continuously launching devastating attacks against businesses and critical infrastructure organizations across...
Le groupe Akira s'attaque aux pare-feux SonicWall non corrigés
2025-09-15 13:13:36
Il y a plus d’un an, le fournisseur de solutions de sécurité SonicWall avait lancé une alerte concernant une faille (...)
Phishing Campaigns Exploit RMM Tools to Sustain Remote Access
2025-09-15 13:10:58
A sophisticated phishing operation in which attackers deploy remote monitoring and management (RMM) tools—ITarian (formerly Comodo), PDQ Connect, SimpleHelp, and Atera—to gain persistent remote access...
Preparing for the EU's DORA amidst Technical Controls Ambiguity
2025-09-15 13:00:20
The financial sector is bracing for a significant shift in its digital landscape as the EU's Digital Operational Resilience Act (DORA) prepares to take effect in January 2025. This new...
The post Preparing...
Microsoft says Windows September updates break SMBv1 shares
2025-09-15 12:48:23
Microsoft has confirmed that the September 2025 Windows security updates are causing connection issues to Server Message Block (SMB) v1 shares. [...]
CISO's Guide to Securing a Board Seat in the Boardroom
2025-09-15 12:33:20
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Sep. 15, 2025 – Watch the YouTube video CISOs belong in the Boardroom, according to CrowdStrike (NASDAQ: CRWD)...
Hackers Hide RMM Installs as Fake Chrome Updates and Teams Invites
2025-09-15 12:23:55
New research from Red Canary and Zscaler shows phishing lures now drop RMM tools like ITarian and Atera,…
Burger King Uses DMCA to Remove Blog Exposing Drive-Thru System Security Flaws
2025-09-15 12:10:03
Burger King has invoked the Digital Millennium Copyright Act to force the removal of a security researcher's blog post that disclosed serious vulnerabilities in its new drive-thru “Assistant” system....
Mustang Panda With SnakeDisk USB Worm and Toneshell Backdoor Seeking to Penetrate Air-Gap Systems
2025-09-15 12:05:19
The cybersecurity landscape witnessed a significant escalation in July 2025 when the China-aligned threat actor Hive0154, commonly known as Mustang Panda, deployed sophisticated new malware variants designed...
New Red Teaming Tool “Red AI Range” Discovers, Analyzes, and Mitigates AI Vulnerabilities
2025-09-15 12:03:02
Red AI Range (RAR), an open-source AI red teaming platform, is transforming the way security professionals assess and harden AI systems. Designed to simulate realistic attack scenarios, RAR streamlines...
6 Browser-Based Attacks Security Teams Need to Prepare For Right Now
2025-09-15 11:55:00
Attacks that target users in their web browsers have seen an unprecedented rise in recent years. In this article, we'll explore what a “browser-based attack” is, and why they're proving to be...
Ethereum Based Meme Coin Pepeto Presale Past .6 Million as Exchange Demo Launches
2025-09-15 11:44:26
Pepeto, the rising meme coin built on Ethereum, has now raised over .68 million in its presale. With billions of tokens already sold and interest growing across the best crypto project growing ahead...
IBM QRadar SIEM Vulnerability Allows Unauthorized Actions by Attackers
2025-09-15 11:27:11
A permissions issue in IBM QRadar SIEM could enable local privileged users to modify configuration files without proper authorization. Tracked as CVE-2025-0164, this flaw stems from incorrect permission...
Pro-Russian Hackers Target Critical Industries Across the Globe
2025-09-15 11:25:23
In 2024, as the Russia-Ukraine war prolongs and military and economic cooperation between North Korea and Russia deepens, cyberspace has emerged as a central battleground for international conflict. Russia...
New SEO Poisoning Attacking Windows Users With Weaponized Software Sites
2025-09-15 11:23:51
In August 2025, security researchers uncovered a sophisticated SEO poisoning campaign targeting Chinese-speaking Windows users. By manipulating search result rankings with tailored SEO plugins and registering...
⚡ Weekly Recap: Bootkit Malware, AI-Powered Attacks, Supply Chain Breaches, Zero-Days & More
2025-09-15 11:22:00
In a world where threats are persistent, the modern CISO's real job isn't just to secure technology—it's to preserve institutional trust and ensure business continuity.
This week, we saw a clear pattern:...
Bitcoin and the Uncoiling Spring: Defunding the State by Changing the Money.
2025-09-15 11:17:47
The modern State's existence, its perpetual growth, and its seemingly unchecked oversight are not accidents of history or the inevitable march of progress. The State has granted itself a power no ancient...
Red AI Range: Advanced AI Tool for Identifying and Mitigating Security Flaws
2025-09-15 11:14:24
Red AI Range (RAR) offers a turnkey platform for AI red teaming and vulnerability assessment, enabling security professionals to simulate realistic attack scenarios, uncover weaknesses, and deploy fixes...
Beyond the Ten Blue Links: How Generative AI Rewires Our Brains for Search
2025-09-15 11:08:32
Generative AI isn't just a new feature in search; it's a fundamental psychological shift. By providing direct, synthesized answers, it caters to our brain's deep-seated desire to reduce cognitive load...
Cisco Patched Multiple IOS XR Vulnerabilities
2025-09-15 10:53:06
Cisco recently addressed multiple vulnerabilities in IOS XR, one of which could allow image signature…
Cisco Patched Multiple IOS XR Vulnerabilities on Latest Hacking News | Cyber Security News,...
Avec l'IA, Box exploite les données non structurées
2025-09-15 10:50:45
Tirer avantage des fichiers peu exploités, voilà la tâche que Box s’est donné à l’occasion de son évènement (...)
Hackers using generative AI “ChatGPT” to evade anti-virus defenses
2025-09-15 10:05:31
The Kimsuky APT group has begun leveraging generative AI ChatGPT to craft deepfake South Korean military agency ID cards. Phishing lures deliver batch files and AutoIt scripts designed to evade anti-virus...
Shiny tools, shallow checks: how the AI hype opens the door to malicious MCP servers
2025-09-15 10:00:51
Kaspersky experts discuss the Model Context Protocol used for AI integration. We describe the MCP's architecture, attack vectors and follow a proof of concept to see how it can be abused.
Signal App Introduces Secure Cloud Backup For Chats
2025-09-15 09:37:50
The private messaging app Signal just announced the much-awaited feature for its users – secure…
Signal App Introduces Secure Cloud Backup For Chats on Latest Hacking News | Cyber Security News,...
Microsoft Fixed 2 Zero-Days Amid 80+ Patches With September 2025 Patch Tuesday
2025-09-15 09:36:35
Microsoft has released the scheduled Patch Tuesday updates for September 2025, addressing 81 security vulnerabilities…
Microsoft Fixed 2 Zero-Days Amid 80+ Patches With September 2025 Patch Tuesday...
BlackNevas Ransomware Encrypts Files, Exfiltrates Corporate Data
2025-09-15 09:12:58
Countries with most cyberattacks stopped highlighting global cyber defense efforts, including key regions in Asia-Pacific and North America. BlackNevas has released a comprehensive attack strategy spanning...
'Lies-in-the-Loop' Attack Defeats AI Coding Agents
2025-09-15 09:11:58
Researchers convince Anthropic's AI-assisted coding tool to engage in dangerous behavior by lying to it, paving the way for a supply chain attack.
Les RSSI interdits de s'exprimer sur les incidents de cybersécurité
2025-09-15 09:06:46
Les RSSI sont soumis à une pression croissante pour garder le silence sur les incidents de sécurité que connait leur organisation, (...)
LangChainGo Vulnerability Allows Malicious Prompt Injection to Access Sensitive Data
2025-09-15 08:55:13
A recently discovered flaw in LangChainGo, the Go implementation of the LangChain framework for large language models, permits attackers to read arbitrary files on a server by injecting malicious prompt...
FBI Releases IOCs on Cyber Threats Exploiting Salesforce for Data Theft
2025-09-15 08:49:40
The Federal Bureau of Investigation (FBI) has released a detailed flash advisory disclosing indicators of compromise (IOCs) and tactics used by two cybercrime groups—UNC6040 and UNC6395—to breach...
AI-Powered Villager Pen Testing Tool Hits 11,000 PyPI Downloads Amid Abuse Concerns
2025-09-15 07:12:00
A new artificial intelligence (AI)-powered penetration testing tool linked to a China-based company has attracted nearly 11,000 downloads on the Python Package Index (PyPI) repository, raising concerns...
A week in security (September 8 – September 14)
2025-09-15 07:03:00
A list of topics we covered in the week of September 8 to September 14 of 2025
New Censors and Old Decentralized Internet Dreams
2025-09-15 06:24:34
Decentralized Internet faces the most serious challenges of modern censorship: Balkanization, monetization, and age-verification.
Tracing Go's Garbage Collection Journey: Reference Counting, Tri-Color, and Beyond
2025-09-15 06:23:46
Garbage collection (GC) is one of the most critical components of any modern programming language runtime.
Cypherpunks Write Code: Zooko Wilcox & Zcash
2025-09-15 06:22:47
Bryce “Zooko” Wilcox is the founder of Zcash, a private and decentralized cryptocurrency. Wilcox grew up with a fascination with computers and the Internet. As a teenager, the fall of the Berlin Wall...
The Unraveling Stillness: Flux as the Hidden Pulse of the Universe
2025-09-15 06:20:10
Flux Wisdom Field Theory is a conceptual framework that stretches from the deepest questions in cosmology to the intimate nature of consciousness. It proposes that the universe is not a collection of...
The Mining Barrier is Breaking: How Liquid Staking Will Democratize Bitcoin's Next Big Thing
2025-09-15 06:18:11
Bitcoin is now embraced by governments and the IMF as a strategic financial asset. While this legitimizes Bitcoin, mining it remains out of reach for most. New liquid mining protocols, inspired by Ethereum's...
HiddenGh0st, Winos and kkRAT Exploit SEO, GitHub Pages in Chinese Malware Attacks
2025-09-15 05:47:00
Chinese-speaking users are the target of a search engine optimization (SEO) poisoning campaign that uses fake software sites to distribute malware.
"The attackers manipulated search rankings with SEO...
UK ICO finds students behind majority of school data breaches
2025-09-15 05:12:13
UK ICO reports students caused over half of school data breaches, showing kids are shaping cybersecurity in unexpected ways. The UK Information Commissioner's Office (ICO), students were responsible...
INC ransom group claimed the breach of Panama's Ministry of Economy and Finance
2025-09-15 05:08:24
Panama's Ministry of Economy and Finance disclosed a security breach impacting a computer in its infrastructure. Panama's Ministry of Economy and Finance (MEF) announced that threat actors likely...
List of 20 new domains
2025-09-15 00:00:00
.fr action-prime[.fr] (registrar: PDR Ltd. d/b/a PublicDomainRegistry.com)
aide-prime[.fr] (registrar: PDR Ltd. d/b/a PublicDomainRegistry.com)
apps-prime[.fr] (registrar: PDR Ltd. d/b/a PublicDomainRegistry.com)
assistance-localiser[.fr]...
Multiples vulnérabilités dans Liferay (15 septembre 2025)
15/09/2025
De multiples vulnérabilités ont été découvertes dans Liferay. Elles permettent à un attaquant de provoquer un déni de service à distance et une injection de code indirecte à distance (XSS).