Toute l'actualité de la Cybersécurité

New SonicWall SonicOS flaw allows hackers to crash firewalls

2025-11-20 15:56:00
American cybersecurity company SonicWall urged customers today to patch a high-severity SonicOS SSLVPN security flaw that can allow attackers to crash vulnerable firewalls. [...]

D-Link warns of new RCE flaws in end-of-life DIR-878 routers

2025-11-20 15:38:56
D-Link is warning of three remotely exploitable command execution vulnerabilities that affect all models and hardware revisions of its DIR-878 router, which has reached end-of-service but is still available...

Turn your Windows 11 migration into a security opportunity

2025-11-20 15:05:15
Windows 11 migration is inevitable as Windows 10 support ends, and unsupported systems create major security and ransomware risks. Acronis explains how to use this migration to review backups, strengthen...

APIContext Introduces MCP Server Performance Monitoring to Ensure Fast and Reliable AI Workflows

2025-11-20 14:49:50
Today, APIContext, has launched its Model Context Protocol (MCP) Server Performance Monitoring tool, a new capability that ensures AI systems respond fast enough to meet customer expectations. Given...

Tsundere Botnet Abusing Popular Node.js and Cryptocurrency Packages to Attack Windows, Linux, and macOS Users

2025-11-20 14:29:05
Tsundere represents a significant shift in botnet tactics, leveraging the power of legitimate Node.js packages and blockchain technology to distribute malware across multiple operating systems. First...

Sturnus Banking Malware Steals Communications from Signal and WhatsApp, Gaining Full Control of The Device

2025-11-20 14:18:17
A new banking malware called Sturnus has emerged as a significant threat to mobile users across Europe. Security researchers have discovered that this sophisticated Android trojan can capture encrypted...

ESET Research : le groupe PlushDaemon aligné sur la Chine exploite des routeurs pour mener des attaques « man-in-the-middle »

2025-11-20 14:09:19
Les chercheurs d'ESET ont identifié une campagne d'attaque de type « man-in-the-middle » menée par PlushDaemon, un groupe de menace aligné sur les intérêts de la Chine. Cette campagne repose...

Samourai Wallet Cryptocurrency Mixing Founders Jailed for Laundering Over 7 Million

2025-11-20 14:06:56
The U.S. Attorney’s Office, Southern District of New York, has announced the sentencing of Keonne Rodriguez and William Lonergan Hill, co-founders of Samourai Wallet, a cryptocurrency mixing application...

WhatsApp 'Eternidade' Trojan Self-Propagates Through Brazil

2025-11-20 14:00:00
The infostealer specifically targets Brazilian Portuguese speakers and combines malware designed to phish banking credentials and steal data, a worm, and some uniquely Brazilian quirks.

Des chercheurs alertent : 3,5 milliards d'utilisateurs WhatsApp concernés par la « plus grande fuite de données de l'histoire » !

2025-11-20 13:58:00
Une équipe de chercheurs viennois a découvert qu'il est possible de collecter massivement les informations publiques de milliards de comptes WhatsApp, simplement en testant des numéros de téléphone....

Holiday scams 2025: These common shopping habits make you the easiest target

2025-11-20 13:50:00
Holiday deals are flooding your phone, and scammers are too. Watch for fake listings, phishing texts, and offers that seem just a little too good to be true.

Gmail can read your emails and attachments to train its AI, unless you opt out

2025-11-20 13:48:50
A new Gmail update may allow Google to use your private messages and attachments for AI training. Here's how to turn it off.

New Ransomware Variants Targeting Amazon S3 Services Leveraging Misconfigurations and Access Controls

2025-11-20 13:43:38
A new wave of ransomware attacks is targeting cloud storage environments, specifically focusing on Amazon Simple Storage Service (S3) buckets that contain critical business data. Unlike traditional ransomware...

New Eternidade Stealer Uses WhatsApp to Steal Banking Data

2025-11-20 13:40:30
Trustwave SpiderLabs warns of Eternidade Stealer, a new banking trojan spreading via personalised WhatsApp messages. Find out how this malicious software bypasses security checks and deploys fake login...

TamperedChef Hacking Campaign Leverages Common Apps to Deliver Payloads and Gain Remote Access

2025-11-20 13:35:19
A new global hacking campaign tracked as TamperedChef has emerged, exploiting everyday software names to trick users into installing malicious applications that deliver remote access tools. The campaign...

Everything You Always Wanted To Know About Security Audits But Were Afraid To Ask

2025-11-20 13:33:09
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Nov. 20, 2025 – Read the full story from Astra With the global cost of cybercrime predicted to reach .5...

TV streaming piracy service with 26M yearly visits shut down

2025-11-20 13:31:43
Photocall, a TV piracy streaming platform with over 26 million users annually, has ceased operations following a joint investigation by the Alliance for Creativity and Entertainment (ACE) and DAZN. [...]...

Retail : Plus de la moitié (58 %) des enseignes victimes d'une attaque de ransomware versent la rançon demandée

2025-11-20 13:23:38
Dans un contexte marqué par le doublement des demandes de rançon et l'augmentation des paiements, près de la moitié des entreprises du secteur attribuent les incidents liés aux ransomwares à des...

Lessons from Oracle E-Business Suite Hack That Allegedly Compromises Nearly 30 Organizations Worldwide

2025-11-20 13:20:27
A sophisticated cyberattack targeting Oracle E-Business Suite (EBS) customers has exposed critical vulnerabilities in enterprise resource planning systems, compromising an estimated 100 organizations...

Sécurité du cloud : les 7 grandes tendances à suivre pour 2026 !

2025-11-20 13:17:49
À mesure que les entreprises accélèrent leur migration vers le cloud et les architectures hybrides, la sécurité devient un enjeu stratégique. Les modèles historiques, centrés sur la protection...

New Malware Via WhatsApp Exfiltrate Contacts to Attack Server and Deploys Malware

2025-11-20 13:05:21
Trustwave SpiderLabs researchers have identified a sophisticated banking trojan called Eternidade Stealer that spreads through WhatsApp hijacking and social engineering tactics. The malware, written in...

Palo Alto reprend Chronosphere pour 3,35 milliards $

2025-11-20 12:49:35
Palo Alto Networks va racheter Chronosphere pour 3,35 milliards $ afin de renforcer ses capacités d'observabilité et d'IA appliquées. The post Palo Alto reprend Chronosphere pour 3,35 milliards...

GenAI Makes it Easier for Cybercriminals to Successfully Lure Victims into Scams

2025-11-20 12:47:50
Cybercriminals are rapidly embracing generative AI to transform the way they operate scams, making fraud operations faster, more convincing, and dramatically easier to scale. According to recent research,...

Comet Browser Flaw Lets Hidden API Run Commands on Users' Devices

2025-11-20 12:30:57
SquareX warns Perplexity's Comet AI browser contains a hidden MCP API that bypasses security, allowing attackers to install malware and seize full device control.

ThreatsDay Bulletin: 0-Days, LinkedIn Spies, Crypto Crimes, IoT Flaws and New Malware Waves

2025-11-20 12:29:00
This week has been crazy in the world of hacking and online security. From Thailand to London to the US, we've seen arrests, spies at work, and big power moves online. Hackers are getting caught. Spies...

Threat Actors Allegedly Selling Microsoft Office 0-Day RCE Vulnerability on Hacking Forums

2025-11-20 12:17:01
A threat actor known as Zeroplayer has reportedly listed a zero-day remote code execution (RCE) vulnerability, combined with a sandbox escape, targeting Microsoft Office and Windows systems for sale on...

Développement d'applications IA : une demande sectorielle pour l'heure insatisfaite

2025-11-20 12:14:36
En matière de développement d'apps IA, Gartner relève un décalage entre les besoins sectoriels et la capacité des offreurs à y répondre. The post Développement d’applications IA : une demande...

Threat Actors Pioneering a New Operational Model That Combines Digital and Physical Threats

2025-11-20 11:50:46
Nation-state actors are fundamentally changing how they conduct military operations. The boundary between digital attacks and physical warfare is disappearing rapidly. Instead of treating cybersecurity...

Inside the dark web job market

2025-11-20 11:37:00
This report examines how employment and recruitment function on the dark web, based on over 2,000 job-related posts collected from shadow forums between January 2023 and June 2025.

CTM360 Exposes a Global WhatsApp Hijacking Campaign: HackOnChat

2025-11-20 11:30:00
CTM360 has identified a rapidly expanding WhatsApp account-hacking campaign targeting users worldwide via a network of deceptive authentication portals and impersonation pages. The campaign, internally...

Mozilla Firefox 145 Rolls Out With Advanced Fingerprint Protection

2025-11-20 11:06:54
Taking another leap towards securing users' digital privacy, Mozilla rolls out Firefox 145 with enhanced… Mozilla Firefox 145 Rolls Out With Advanced Fingerprint Protection on Latest Hacking News...

New Sturnus Android Trojan Quietly Captures Encrypted Chats and Hijacks Devices

2025-11-20 11:04:00
Cybersecurity researchers have disclosed details of a new Android banking trojan called Sturnus that enables credential theft and full device takeover to conduct financial fraud. "A key differentiator...

Un copier-coller de code fragilise plusieurs frameworks d'inférence

2025-11-20 11:01:11
La sécurité de l’IA prend une place de plus en plus importante au fur et à mesure que la technologie se développe. Des (...)

Why the World's Vulnerability Index Cannot Keep Up

2025-11-20 11:00:02
The Common Vulnerabilities and Exposures (CVE) system has been called the backbone of modern cybersecurity. For decades, it's been the shared language connecting scanners, advisories, compliance...

Crypto mixer founders sent to prison for laundering over 7 million

2025-11-20 10:49:37
The founders of the Samourai Wallet (Samourai) cryptocurrency mixing service have been sent to prison for helping criminals launder over 7 million. [...]

Cyber-enabled kinetic targeting: Iran-linked actor uses cyber operations to support physical attacks

2025-11-20 10:28:13
Iran-linked actors mapped ship AIS data ahead of a missile strike attempt, highlighting the rise of cyber operations enabling real-world attacks. Iran-linked threat actors mapped ship Automatic Identification...

Avec Delos Cloud, SAP assure la continuité des services Azure en Europe

2025-11-20 10:23:22
A l’occasion du sommet franco-allemand sur la souveraineté numérique qui s’est déroulé à Berlin le 17 novembre, (...)

Blockchain and Node.js abused by Tsundere: an emerging botnet

2025-11-20 10:00:13
Kaspersky GReAT experts discovered a new campaign featuring the Tsundere botnet. Node.js-based bots abuse web3 smart contracts and are spread via MSI installers and PowerShell scripts.

ML Tool Spots 80% of Vulnerability-Inducing Commits Ahead of Time

2025-11-20 10:00:03
This article outlines a machine-learning approach that predicts vulnerable code changes before submission, demonstrates high precision on large open-source datasets, and calls for community-wide sharing...

Multi-threat Android malware Sturnus steals Signal, WhatsApp messages

2025-11-20 10:00:00
A new Android banking trojan named Sturnus can capture communication from end-to-end encrypted messaging platforms like Signal, WhatsApp, and Telegram, as well as take complete control of the device....

Le partenariat SAP-Mistral AI trouve un relais dans l'administration publique

2025-11-20 09:23:51
En partenariat depuis mi-2024, SAP et Mistral AI vont signer un accord-cadre avec Paris et Berlin pour servir les administrations publiques. The post Le partenariat SAP-Mistral AI trouve un relais dans...

How Developer Credential Theft Is Fueling the Next Wave of Cyberattacks

2025-11-20 09:00:03
This article reviews major research on software supply chain attacks, their rising reliance on developer credential compromise, existing mitigation techniques, and how new models aim to predict vulnerable...

Les pratiques cloud d'AWS et Microsoft dans le viseur de l'Europe

2025-11-20 08:55:46
A souveraineté, souveraineté et demie ! Le sommet franco-allemand sur la souveraineté numérique européenne, qui réunit (...)

SUSE: grub2 Moderate Use-After-Free Flaws SUSE-SU-2025:4143-1

2025-11-20 08:30:09
* bsc#1252931 * bsc#1252932 * bsc#1252933 * bsc#1252934 * bsc#1252935

openSUSE: grub2 Moderate Multiple Issues Vuln 2025:4143-1

2025-11-20 08:30:09
An update that solves five vulnerabilities can now be installed.

Les cybercriminels créent plus de 30 sites web frauduleux utilisant COP 30 comme appât pour tromper leurs victimes

2025-11-20 08:16:33
Kaspersky alerte sur l’émergence d’escroqueries exploitant l’engouement autour de la conférence pour dérober des données personnelles et des informations confidentielles. Tribune...

Iran-Linked Hackers Mapped Ship AIS Data Days Before Real-World Missile Strike Attempt

2025-11-20 07:35:00
Threat actors with ties to Iran engaged in cyber warfare as part of efforts to facilitate and enhance physical, real-world attacks, a trend that Amazon has called cyber-enabled kinetic targeting. The...

Agent 365 : après l'orchestration, Microsoft promet l'encadrement de l'IA agentique

2025-11-20 07:11:15
Sous la bannière Agent 365, Microsoft adapte son socle Entra-Purview-Defender pour constituer un plan de contrôle - mais pas d'orchestration - des agents IA. The post Agent 365 : après l’orchestration,...

The TechBeat: Can 25 Superhumans Run a 0M Freight Operation? T3RA's AI Visionary Mukesh Kumar Thinks So (11/20/2025)

2025-11-20 07:11:02
How are you, hacker? 🪐Want to know what's trending right now?: The Techbeat by HackerNoon has got you covered with fresh content from our trending stories of the day! Set email preference here. ...

The Digital Steroid – AI + HITL+ Process Mindset

2025-11-20 05:45:58
AI agents are advancing rapidly, but without strong processes, domain expertise, and human-in-the-loop oversight, they risk catastrophic errors. Using supply chain examples, this article shows why organizations...

Beckett Collectibles - 541,132 breached accounts

2025-11-20 05:41:12
In November 2025, Beckett Collectibles experienced a data breach accompanied by website content defacement. The stolen data was later advertised for sale on a prominent hacking forum, with portions subsequently...

Jonathane Ricci: Law, Perception, and Power – Why Reputation Is the New Currency

2025-11-20 05:36:27
Reputation now functions as a volatile global currency—shaping access to capital, trust, and opportunity. Legal expert Jonathane Ricci outlines how digital narratives outpace evidence, why traditional...

Anbarasu Arivoli Honored with TITAN Business Award and Distinguished IT Innovator of the Year

2025-11-20 05:32:40
Anbarasu Arivoli is recognized with the TITAN Business Award and Distinguished IT Innovator of the Year for advancing large-scale AI automation, microservice design, and enterprise chatbot frameworks....

How Arpita Soni Is Building the Future of Intelligent, Autonomous Enterprises

2025-11-20 05:25:16
Arpita Soni is a global transformation leader modernizing regulated industries through AI-driven automation, generative AI, quality engineering, and enterprise data systems. Her frameworks deliver up...

How TempAI's Copilot Supports Sales Teams in Real Time

2025-11-20 05:11:37
TempAI fills a major gap in sales tech by offering real-time call guidance instead of after-the-fact summaries. Built by CEO Tim Gunderson, Offline Studio, and James Hamilton, the platform acts like an...

TamperedChef Malware Spreads via Fake Software Installers in Ongoing Global Campaign

2025-11-20 04:06:00
Threat actors are leveraging bogus installers masquerading as popular software to trick users into installing malware as part of a global malvertising campaign dubbed TamperedChef. The end goal of the...

Eurofiber - 10,003 breached accounts

2025-11-20 02:44:14
In November 2025, Eurofiber France disclosed a data breach of its ticket management platform. Data containing 10k unique email addresses and a smaller number of names and phone numbers was subsequently...

Vultr - 187,872 breached accounts

2025-11-20 01:22:52
In March 2023, the "AI-first global cloud platform" Vultr disclosed a security incident at a third-party vendor. Dating back to the previous year, the incident was attributed to the ActiveCampaign email...

Understanding The GENIUS Act: What You Need to Know

2025-11-20 00:23:22
The GENIUS Act is an American law passed on July 18th, 2025 to create clear national rules for stablecoins. The Act clarifies who can issue stablecoins, how they must be backed and how consumers are protected....

OpenAI says its latest GPT-5.1 Codex can code independently for hours

2025-11-20 00:00:00
OpenAI has started rolling out GPT 5.1-Codex-Max on Codex with a better performance on coding tasks. [...]

Multiples vulnérabilités dans Wireshark (20 novembre 2025)

20/11/2025
De multiples vulnérabilités ont été découvertes dans Wireshark. Elles permettent à un attaquant de provoquer un déni de service à distance.

Multiples vulnérabilités dans les produits SonicWall (20 novembre 2025)

20/11/2025
De multiples vulnérabilités ont été découvertes dans les produits SonicWall. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte...

Vulnérabilité dans GnuTLS (20 novembre 2025)

20/11/2025
Une vulnérabilité a été découverte dans GnuTLS. Elle permet à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Vulnérabilité dans les produits Kaspersky (20 novembre 2025)

20/11/2025
Une vulnérabilité a été découverte dans les produits Kaspersky. Elle permet à un attaquant de provoquer une injection de code indirecte à distance (XSS).