Toute l'actualité de la Cybersécurité
Chinese Hackers Using Custom ShadowPad IIS Listener Module to Turn Compromised Servers into Active Nodes
2025-12-17 12:42:22
The group employs a custom ShadowPad IIS Listener module to transform compromised servers into a resilient, distributed relay network. This approach allows attackers to route malicious traffic through...
Microsoft asks IT admins to reach out for Windows IIS failures fix
2025-12-17 12:30:32
Microsoft has asked businesses to reach out for advice on how to temporarily mitigate a Message Queuing (MSMQ) issue causing enterprise apps and Internet Information Services (IIS) sites to fail....
Askul data breach exposed over 700,000 records after ransomware attack
2025-12-17 12:19:31
Askul disclosed that an October RansomHouse ransomware attack compromised over 700,000 records at the Japanese e-commerce and logistics firm. Askul is a Japanese e-commerce and logistics company best...
Singularity Linux Kernel Rootkit with New Feature Prevents Detection
2025-12-17 12:19:17
Singularity, a sophisticated Linux kernel rootkit designed for Linux kernel versions 6.x, has gained significant attention from the cybersecurity community for its advanced stealth mechanisms and powerful...
Hackers Claim Stealing 94GB of Pornhub Premium User Watch Histories
2025-12-17 12:13:51
Cybercriminal group ShinyHunters targets former Pornhub Premium users in a massive 94GB data extortion campaign. Learn about the stolen data details, the involvement of a smishing attack, and the conflicting...
Après la cyberattaque, le ministre de l'Intérieur reconnait un vol de données
2025-12-17 12:04:10
L’affaire de la cyberattaque de la place Beauvau prend une autre tournure après l’interview du ministre de l’Intérieur (...)
CISA Adds Fortinet Vulnerability to KEV Catalog After Active Exploitation
2025-12-17 11:46:00
CISA has officially added CVE-2025-59718 to its Known Exploited Vulnerabilities (KEV) catalog on December 16, 2025. Designating a critical deadline of December 23, 2025, for organizations to apply necessary...
New Moonwalk++ PoC Shows How Malware Can Spoof Windows Call Stacks and Evade Elastic-Inspired Rules
2025-12-17 11:40:21
A sophisticated proof-of-concept demonstrating how malware can bypass advanced call stack detection mechanisms increasingly adopted by enterprise security vendors like Elastic. The new Moonwalk++ technique...
New Research Reveals 90% of Parked Domains Now Deliver Malware, Scams, and Phishing Attacks
2025-12-17 11:37:42
The cybersecurity threat landscape has shifted dramatically, and parked domains have become a primary weapon for delivering malware, scams, and phishing attacks to unsuspecting internet users. What was...
Fix SOC Blind Spots: See Threats to Your Industry & Country in Real Time
2025-12-17 11:30:00
Modern security teams often feel like they're driving through fog with failing headlights. Threats accelerate, alerts multiply, and SOCs struggle to understand which dangers matter right now for their...
Russian state hackers targeted Western critical infrastructure for years, Amazon says
2025-12-17 11:27:02
Amazon disclosed a years-long Russian state-backed cyber campaign targeting Western critical infrastructure from 2021 to 2025. Amazon Threat Intelligence reports a long-running Russian state-backed campaign...
CISA Warns of Gladinet CentreStack and Triofox Vulnerability Exploited in Attacks
2025-12-17 11:26:32
CISA issued a critical warning regarding a hardcoded cryptographic key vulnerability affecting Gladinet CentreStack and Triofox file management solutions. The vulnerability, tracked as CVE-2025-14611,...
LMI 28 Personnalité IT de l'année 2025 : Martine Gouriet d'EDF
2025-12-17 11:17:25
Dans ce douzième numéro du Monde Informatique, nous vous proposons des retours d’expérience de DSI et décideurs IT (...)
China-Linked Ink Dragon Hacks Governments Using ShadowPad and FINALDRAFT Malware
2025-12-17 11:12:00
The threat actor known as Jewelbug has been increasingly focusing on government targets in Europe since July 2025, even as it continues to attack entities located in Southeast Asia and South America.
Check...
From Linear to Complex: An Upgrade in RansomHouse Encryption
2025-12-17 11:00:54
Operators behind RansomHouse, a ransomware-as-a-service (RaaS) group, have upgraded their encryption methods from single-phase to complex and layered.
The post From Linear to Complex: An Upgrade in RansomHouse...
A Decade of Modern Code Review Research Shows Gaps in Industry Priorities
2025-12-17 11:00:06
This study systematically maps over a decade of modern code review research, evaluates its methodological quality, and compares academic focus areas with how practitioners perceive their importance. Using...
New ClickFix ‘Word Online' Message Tricks Users into Installing DarkGate Malware
2025-12-17 10:35:01
A sophisticated social engineering campaign dubbed “ClickFix” has emerged, targeting users with deceptive “Word Online” error messages to distribute the formidable DarkGate malware....
Chrome Zero-Day Vulnerabilities Exploited in 2025 – A Comprehensive Analysis
2025-12-17 10:10:55
Throughout 2025, Google addressed a significant wave of actively exploited zero-day vulnerabilities affecting its Chrome browser, patching a total of eight critical flaws that threatened billions of users...
Operation ForumTroll continues: Russian political scientists targeted using plagiarism reports
2025-12-17 10:00:51
Kaspersky's GReAT experts have uncovered a new wave of cyberattacks by the ForumTroll APT group, targeting Russian political scientists and delivering the Tuoni framework to their devices.
Piratage chez SFR : encore un accés non autorisé !
2025-12-17 09:44:59
Alerte SFR : accès non autorisé à un outil fixe, données clients possiblement exposées, CNIL saisie, plainte déposée....
Cellik Android Malware with One-Click APK Builder Let Attackers Wrap its Payload Inside with Google Play Store Apps
2025-12-17 09:40:33
Cellik represents a significant evolution in Android Remote Access Trojan capabilities, introducing sophisticated device control and surveillance features previously reserved for advanced spyware. This...
Avec le verre, Ewigbyte veut figer les données pour toujours
2025-12-17 09:02:58
Ewigbyte ambitionne de rebattre les cartes de l’archivage avec son stockage sur verre, visant directement le domaine (...)
NVIDIA Isaac Lab Vulnerability Let Attackers Execute Malicious Code
2025-12-17 09:01:19
A critical security update addressing a dangerous deserialization vulnerability in NVIDIA Isaac Lab, a component of the NVIDIA Isaac Sim framework. The flaw could allow attackers to execute arbitrary...
What We Know (and Don't) About Modern Code Reviews
2025-12-17 09:00:03
This article traces the evolution of modern code review from formal inspections to tool-driven workflows, maps key research themes, and highlights a critical gap: how practitioners actually perceive and...
U.S. CISA adds a flaw in multiple Fortinet products to its Known Exploited Vulnerabilities catalog
2025-12-17 08:17:07
U.S. CISA adds a vulnerability impacting multiple products to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Fortinet Multiple Products...
GhostPoster Malware Found in 17 Firefox Add-ons with 50,000+ Downloads
2025-12-17 08:14:00
A new campaign named GhostPoster has leveraged logo files associated with 17 Mozilla Firefox browser add-ons to embed malicious JavaScript code designed to hijack affiliate links, inject tracking code,...
How SCOR Plans to Rescue Thousands of Dormant Sports NFTs from Digital Graveyards
2025-12-17 07:17:52
Soccerverse secures licensing rights for 65,000+ professional footballers through FIFPRO partnership, bringing unprecedented authenticity to blockchain gaming.
The TechBeat: Code Review Anti-Patterns: How to Stop Nitpicking Syntax and Start Improving Architecture (12/17/2025)
2025-12-17 07:10:57
How are you, hacker?
🪐Want to know what's trending right now?:
The Techbeat by HackerNoon has got you covered with fresh content from our trending stories of the day! Set email preference here.
...
Afripol Focuses on Regional Cyber Challenges, Deepening Cooperation
2025-12-17 07:00:00
Rapid digitization, uneven cybersecurity know-how, and growing cybercriminal syndicates in the region have challenged law enforcement and prosecutors.
Subdomain Roulette: How Forgotten Hosts Became My Golden Ticket to Admin Panels
2025-12-17 06:32:16
Free link 🎈Continue reading on InfoSec Write-ups »
Agentic AI Red Teaming: The Hottest Cybersecurity Career of 2026 (Beginner-Friendly Guide)
2025-12-17 06:32:05
How to Start a Career in Agentic AI Red Teaming (New 2026 Path)Continue reading on InfoSec Write-ups »
React2Shell: CVE-2025–55182 | TryHackMe Write-Up
2025-12-17 06:31:54
Non-members are welcome to access the full story here.Continue reading on InfoSec Write-ups »
How I Hacked an Entrepreneur
2025-12-17 06:30:58
I was searching for a bug bounty programme using google dorks when I found a private vdp. It was a bit old but I thought why not give it a…Continue reading on InfoSec Write-ups »
The Return of The Luhn Algorithm
2025-12-17 06:29:48
A deep dive into how BIN ranges, Luhn, and a design flaw revealed cardholder PIIs.SummaryWhen testing a bank's assets, I noticed something in a request that no one else had noticed, which disclosed...
Known-Plaintext Attack on PHP-Proxy: From Broken Encryption to FastCGI RCE
2025-12-17 06:28:34
How a Caesar cipher implementation turned URL encryption into a complete server compromise through known-plaintext attack and FastCGI protocol exploitationIntroductionI discovered PHP-Proxy while researching...
HackSmarter Arasaka AD Lab Writeup
2025-12-17 06:27:42
By: Vedant Bhalgama (@ActiveXSploit)HackSmarter is a new cybersecurity learning platform created by Tyler Ramsbey. It offers courses, hands-on labs, and more — an excellent place to sharpen your...
Call/Message anyone on Facebook directly, bypassing the message requests ($$$$+$$$$$)
2025-12-17 06:24:50
An Interesting bug on a not-so-interesting Meta Platform — Messenger KidsThis is me, Samip Aryal from Nepal writing about one of my more unusual bug discoveries, this specifically found in BountyCon...
Discovering Cloud Misconfigurations with Google Dorks
2025-12-17 06:22:34
Picture Created by Sora AIFind exposed sensitive data in AWS, Google Cloud, and other platforms when private information becomes searchable on Google.A. Exposed Cloud StorageCloud storage services...
The Unconventional OSINT: How Dark Web Tools Gave Me the Edge to Find a $ Bug ️♂️
2025-12-17 06:19:07
Free Link🎈Continue reading on InfoSec Write-ups »
Gladinet CentreStack & Triofox Insecure Cryptography Vulnerability
2025-12-17 06:11:46
What is the Vulnerability?
CVE-2025-14611 is a high-severity insecure cryptography vulnerability affecting Gladinet CentreStack and Triofox products...
RIP Chatbots: Why Claude's New 'Tasks' Mode is the Agent We've Been Waiting For
2025-12-17 05:57:00
Anthropic is quietly testing a new "Tasks" Mode for Claude. The mode fundamentally changes how we interact with LLMs. It's no longer about talking to the machine, it's about assigning work to it.
NE2NE's PDFFlex Eliminates Data Paralysis by Automating PDF Extraction
2025-12-17 05:28:04
PDFFlex automates the extraction of complex business data trapped in PDFs, eliminating manual entry, reducing errors, and enabling secure, compliant, high-accuracy workflows. It delivers immediate efficiency...
The Curse of Rumination—and How We Unknowingly Reinforce It
2025-12-17 05:27:13
Mental fatigue creates the perfect conditions for rampant rumination. A tired brain is more likely to create and become fixated on the worst-case scenario. Rumination is a negative, repetitive thought...
Stop Guessing AI Metrics: Regression Explained with MSE, RMSE, MAE, R² & MAPE
2025-12-17 05:26:17
Regression in machine learning predicts numbers, not categories.
To evaluate such models, common metrics are used: MSE and RMSE penalize large errors, MAE shows the average absolute error, R-squared explains...
The Battle for the Borders: How AI and Cyber Intelligence Are Reshaping Statecraft
2025-12-17 05:25:07
From Tel Aviv to Silicon Valley, a new generation of AI-driven intelligence platforms is redefining how states secure their borders.
AEO (Answer Engine Optimization): The New Entry Point of the eCommerce Buying Funnel
2025-12-17 05:21:34
See why answer engines are becoming the new funnel entry in eCommerce.
Production Environment: Where AI Agent Demos Go To Die
2025-12-17 05:20:17
The demo environment and production reality are fundamentally different beasts. The root cause stems from the deployment environment and what I call the **framework of trust**
Stop Parsing Nightmares: Prompting LLMs to Return Clean, Parseable JSON
2025-12-17 05:19:40
- Natural-language LLM outputs are great for humans but painful for code; you need strict JSON to automate anything reliably.
- You can “force” JSON by combining four elements in your prompt: hard...
Fedora 42: Fix for mod_md Bug Related to CVE-2025-55753 Advisory
2025-12-17 01:32:38
This update includes the latest upstream release of mod_md, with various bug fixes and enhancements. See https://github.com/icing/mod_md/releases for more information. A fix for the security vulnerability...
Fedora 42: conda-build 25.4.0 Critical Code Execution 2025-eb0eab6793
2025-12-17 01:32:35
Update to 25.4.0
Critical Update for Fedora 42: WebKitGTK Fixes Crashes and CVE-2025-13947
2025-12-17 01:32:34
Fix seeking and looping of media elements that set the loop property. Fix several crashes and rendering issues. Fix CVE-2025-13947, CVE-2025-43458, CVE-2025-66287
Fedora 43: util-linux Update 2.41.4 Urgent CVE-2025-14105
2025-12-17 01:14:16
upstream stable upgrade from 2.41.1 to 2.41.3 (CVE-2025-14104 and other issues)
Fedora 43: assimp Library Critical CVE-2025-11277 Update
2025-12-17 01:14:11
Backport fix for CVE-2025-11277
Fedora 43: mod_md Important Apache HTTP Server Fix CVE-2025-55753
2025-12-17 01:14:09
This update includes the latest upstream release of mod_md, with various bug fixes and enhancements. See https://github.com/icing/mod_md/releases for more information. A fix for the security vulnerability...
Stay Secure: Why Cyber Hygiene Should Be Part of Your Personal Hygiene
2025-12-17 00:00:57
Cyber hygiene is just as vital as personal hygiene. Unit 42 shares tips for people of all experience levels to keep their digital lives secure.
The post Stay Secure: Why Cyber Hygiene Should Be Part...