Toute l'actualité de la Cybersécurité


Over 390 Abandoned iCalendar Sync Domains Could Expose ~4 Million Devices to Security Risks

2025-11-27 19:13:23
Digital calendars have become indispensable tools for managing personal and professional schedules. Users frequently subscribe to external calendars for public holidays, sports schedules, or community...

Lire la suite »

Devenir data analyst en 2025 : un métier qui attire de plus en plus de personnes en reconversion

2025-11-27 18:13:17
Au cours des dernières années, un mouvement discret mais puissant s'est installé dans le paysage de la formation professionnelle : de plus en plus d'adultes choisissent de réorienter leur carrière...

Lire la suite »

Bloody Wolf Expands Java-based NetSupport RAT Attacks in Kyrgyzstan and Uzbekistan

2025-11-27 18:13:00
The threat actor known as Bloody Wolf has been attributed to a cyber attack campaign that has targeted Kyrgyzstan since at least June 2025 with the goal of delivering NetSupport RAT. As of October 2025,...

Lire la suite »

Suse lance la bêta de son serveur MCP pour Multi-Linux Manager

2025-11-27 18:01:26
Les administrateurs de systèmes Linux n'échapperont pas au déferlement de la vague des outils d'automatisation des processus IT par (...)

Lire la suite »

Un tribunal canadien somme OVH de fournir des données stockées sur ses serveurs

2025-11-27 17:30:37
La question de l’extraterritorialité des lois n’est pas l’apanage des réglementations américaines (Cloud Act, Fisa,…), (...)

Lire la suite »

Report Names Teen in Scattered LAPSUS$ Hunters, Group Denies

2025-11-27 17:19:30
Scattered LAPSUS$ Hunters admin "Rey," allegedly a 15-year-old named Saif Khader from Jordan, has been named in a report linking him to the group. He denies the claim.

Lire la suite »

One Identity Safeguard Named a Visionary in the 2025 Gartner Magic Quadrant for PAM

2025-11-27 15:28:21
Alisa Viejo, CA, USA, 27th November 2025, CyberNewsWire

Lire la suite »

The Next Wave of Supply Chain Attacks: NPM, PyPI, and Docker Hub Incidents Set the Stage for 2026

2025-11-27 17:07:08
When npm was hit in September, it was tempting to see it as an isolated supply chain attack. A maintainer fell for a phish, popular packages were swapped out, and downstream projects scrambled. But npm...

Lire la suite »

Quttera Launches “Evidence-as-Code” API to Automate Security Compliance for SOC 2 and PCI DSS v4.0V

2025-11-27 17:03:06
New API capabilities and AI-powered Threat Encyclopedia eliminate manual audit preparation, providing real-time compliance evidence and instant threat intelligence Quttera today announced major enhancements...

Lire la suite »

What the Recent Amazon and Microsoft Cloud Outages Taught the UK Payments Industry

2025-11-27 16:53:34
October 2025's AWS and Azure outages showed how dependent the UK payments sector is on a small set of cloud providers. The piece unpacks the systemic risks, regulatory concerns, and lessons from blockchain—offering...

Lire la suite »

USN-7898-1: OpenVPN vulnerability

2025-11-27 16:34:52
Joshua Rogers discovered that OpenVPN incorrectly handled HMAC verification checks. A remote attacker could possibly use this issue to bypass source IP address validation.

Lire la suite »

Shai Hulud v2 Exploits GitHub Actions Workflows as Attack Vector to Steal Secrets

2025-11-27 16:30:40
The software supply chain is under siege from “Shai Hulud v2,” a sophisticated malware campaign that has compromised 834 packages across the npm and Maven ecosystems. This new wave specifically...

Lire la suite »

How Saurav Kant Kumar Is Using AI to Strengthen Industries—and the Workforce

2025-11-27 16:29:59
Saurav Kant Kumar drives large-scale impact across energy, manufacturing, logistics, and telecom through AI systems that predict failures, detect defects, optimize routes, and forecast demand. His projects...

Lire la suite »

Engineering Intelligence: Visionary of Autonomous Infrastructure and Fluid Digital Evolution

2025-11-27 16:14:59
Hardik Mahant is redefining digital infrastructure with autonomous, self-healing systems that cut manual intervention by 60% and prevent failures before they occur. His machine-learning frameworks unify...

Lire la suite »

Après les datasets, Open-R1 cherche à reproduire le pipeline de DeepSeek

2025-11-27 16:06:25
Après la phase axée sur les datasets, le projet - qui vise une reproduction ouverte de DeepSeek-R1 - a basculé sur le pipeline d'apprentissage. The post Après les datasets, Open-R1 cherche à reproduire...

Lire la suite »

The HackerNoon Newsletter: Everyones Using the Wrong Algebra in AI (11/27/2025)

2025-11-27 16:01:51
How are you, hacker? 🪐 What's happening in tech today, November 27, 2025? The HackerNoon Newsletter brings the HackerNoon ...

Lire la suite »

Why Over-Explaining Your Tech Is Killing Your Content Strategy

2025-11-27 16:00:08
Most users don't care how your product works—they care what it helps them achieve. This article breaks down how startups can translate features into human benefits, use demonstrations over explanations,...

Lire la suite »

USN-7897-1: CUPS vulnerability

2025-11-27 15:59:31
It was discovered that CUPS incorrectly handled input from users in the web configuration settings. An attacker could use this issue to insert malicious configuration options, causing a denial of service...

Lire la suite »

L'Autorité de la concurrence rejette la plainte de Qwant contre Microsoft

2025-11-27 15:59:15
L'Autorité de la concurrence rejette la plainte de Qwant contre Microsoft, jugeant que les accusations d'abus de position dominante et de dépendance économique dans la recherche en ligne n'étaient...

Lire la suite »

Node.js 24 LTS Is Here—Your Backend Has No Business Being Stuck in 2022

2025-11-27 15:58:49
Node.js 24 has officially entered LTS, bringing a modern runtime, new Web APIs, and long-term support through 2028. While the upgrade exposes outdated tooling and dependencies, it offers teams a chance...

Lire la suite »

What your firewall sees that your EDR doesn't

2025-11-27 15:52:17
The group known as Librarian Ghouls has infiltrated networks of technical universities and industrial organisations across Russia, Belarus and Kazakhstan, all without raising immediate alarms. They achieved...

Lire la suite »

Microsoft to Block Unauthorized Scripts in Entra ID Logins with 2026 CSP Update

2025-11-27 15:37:00
Microsoft has announced plans to improve the security of Entra ID authentication by blocking unauthorized script injection attacks starting a year from now. The update to its Content Security Policy (CSP)...

Lire la suite »

Proactive Risk Management in Marketing: How AI Can Anticipate the Next Brand Meltdown Before You Do

2025-11-27 15:31:06
AI-driven marketing now needs risk telemetry, systems that detect sentiment drift, simulate backlash, and measure reputation latency to prevent trust failures before they escalate into brand crises.

Lire la suite »

OpenAI data may have been exposed after a cyberattack on analytics firm Mixpanel

2025-11-27 15:28:53
OpenAI warns some users that a cyberattack on analytics firm Mixpanel may have exposed their data. Mixpanel is a product analytics platform that companies use to understand how people interact with their...

Lire la suite »

Scaling Your SaaS Stack with Convex and Clerk

2025-11-27 15:22:38
Convex and Clerk comfortably support hundreds of thousands to millions of users; the real question isn't capability but when costs, compliance, or control justify migrating to AWS—where lower bills...

Lire la suite »

How I Tracked and Retired Out-of-Support .NET Runtimes Across Legacy IIS Servers

2025-11-27 15:08:20
A security alert exposed multiple out-of-support .NET Core runtimes across legacy IIS apps. This article recounts the full audit—scanning runtimeconfig files, mapping them to IIS sites, prioritizing...

Lire la suite »

Making Voice Assistants Human Again: A Story of Purpose-Driven Innovation

2025-11-27 14:59:59
Navneet Magotra is reshaping voice tech by building AI-powered, human-centered assistants for hospitals, hotels, and senior living. His systems boost adoption, automate tasks, enhance care, and create...

Lire la suite »

Webinar: Learn to Spot Risks and Patch Safely with Community-Maintained Tools

2025-11-27 14:59:00
If you're using community tools like Chocolatey or Winget to keep systems updated, you're not alone. These platforms are fast, flexible, and easy to work with—making them favorites for IT teams. But...

Lire la suite »

Qilin RaaS Exposed 1 Million Files and 2 TB of Data Linked to Korean MSP Breach

2025-11-27 14:52:09
The “Korean Leaks” campaign has emerged as one of the most sophisticated supply chain attacks targeting South Korea’s financial sector in recent memory. This operation combined the capabilities...

Lire la suite »

Dead Man's Switch – Widespread npm Supply Chain Attack Driving Malware Attacks

2025-11-27 14:42:43
GitLab’s Vulnerability Research team has uncovered a large-scale supply chain attack spreading a destructive malware variant through the npm ecosystem. The malware, an evolved version of “Shai-Hulud,”...

Lire la suite »

Wallix mise sur l'IA de Malizen pour renforcer ses solutions

2025-11-27 14:41:44
Wallix acquiert la startup rennaise Malizen pour 1,6 million € afin d'intégrer l'analyse comportementale pilotée par l'intelligence artificielle dans ses solutions dès 2026. The post Wallix mise...

Lire la suite »

Black Friday, Cyber Monday : un marathon commercial… et un terrain de jeu idéal pour les cybercriminels

2025-11-27 14:41:13
Alors que les enseignes françaises sont en plein pic d'activité du Black Friday et du Cyber Monday, une autre course s'intensifie en coulisses : celle contre les cyberattaques. Les incidents majeurs...

Lire la suite »

Millions at risk after nationwide CodeRED alert system outage and data breach

2025-11-27 14:40:32
A ransomware attack against the CodeRED emergency alert platform has triggered warnings across the US.

Lire la suite »

NVIDIA DGX Spark Vulnerabilities Let Attackers Execute Malicious Code and DoS Attacks

2025-11-27 14:39:43
An urgent security update for its DGX Spark AI workstation after discovering 14 vulnerabilities in the system’s firmware that could allow attackers to execute malicious code and launch denial-of-service...

Lire la suite »

80% des entreprises prêtes à adopter la Threat Intelligence : un mouvement en faveur d'une modernisation de la cybersécurité en entreprise

2025-11-27 14:36:17
Alors que les entreprises renforcent de plus en plus leurs fondamentaux en matière de cybersécurité, l'adoption de solutions avancées reste minoritaire, créant un écart de maturité entre les...

Lire la suite »

USN-7896-1: libxml2 vulnerabilities

2025-11-27 14:21:02
It was discovered that the libxml2 Python bindings incorrectly handled certain return values. An attacker could possibly use this issue to cause libxml2 to crash, resulting in a denial of service. (CVE-2025-32414) It...

Lire la suite »

Cyberattack on Multiple London Councils Exposes Fragility of Shared Public-Sector Systems

2025-11-27 14:14:10
Several major London boroughs, including Westminster, Kensington and Chelsea, and Hammersmith & Fulham, are facing serious disruption after a cyberattack crippled key IT systems, preventing residents...

Lire la suite »

Cyberfraude Black Friday : Les E-commerçants Français renforcent leur défense, mais 42 % restent vulnérables

2025-11-27 14:12:51
Les sites e-commerce français progressent dans la sécurisation de leurs courriels, mais 42 % n’atteignent pas une protection complète, exposant les acheteurs durant la période des fêtes. Tribune...

Lire la suite »

USN-7852-2: libxml2 vulnerability

2025-11-27 14:12:04
USN-7582-1 fixed a vulnerability in libxml2. This update provides the corresponding fix for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Original advisory details: It was discovered that...

Lire la suite »

Kaspersky identifie des fraudes liées à la vente de produits dérivés lors de la tournée mondiale de BlackPink

2025-11-27 14:05:35
Alors que le groupe de K-pop BlackPink poursuit sa tournée mondiale, des cybercriminels profitent de l'enthousiasme des fans pour tirer profit de la situation. Les experts de Kaspersky ont identifié...

Lire la suite »

KawaiiGPT – Free WormGPT Variant Leveraging DeepSeek, Gemini, and Kimi-K2 AI Models

2025-11-27 14:03:17
KawaiiGPT emerges as an accessible, open-source tool that mimics the controversial WormGPT, providing unrestricted AI assistance via jailbroken large language models. Hosted on GitHub with over 188 stars...

Lire la suite »

Can Antitrust Regulations Keep Up With AI? Researchers Warn of Growing Structural Tensions

2025-11-27 14:00:08
The article examines how market structure—especially vertical integration—shapes AI safety, competition, regulatory oversight, and policy design. It highlights unresolved research questions around...

Lire la suite »

Réinventer la cybersécurité dans le Cloud : pourquoi l'IA agentique est incontournable ?

2025-11-27 13:49:33
Le paysage de la cybersécurité dans le Cloud a atteint un point d'inflexion. Face à des environnements Cloud, de conteneurs, d’API et de charges de travail éphémères, la surface d’attaque...

Lire la suite »

North Korean Hackers Exploiting npm, GitHub, and Vercel to Deliver OtterCookie Malware

2025-11-27 13:40:20
A major security threat has emerged targeting software developers worldwide. North Korean state-sponsored threat actors, operating under the “Contagious Interview” campaign, are systematically...

Lire la suite »

USN-7895-1: WebKitGTK vulnerabilities

2025-11-27 13:39:57
Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related...

Lire la suite »

Cronos Kicks Off K Global Hackathon Focused on AI-Powered On-Chain Payments

2025-11-27 13:39:16
Cronos launches x402 PayTech Hackathon with K prize pool to drive AI-powered on-chain payments using agent tech and Crypto.com tools.

Lire la suite »

Gitlab Patches Multiple Vulnerabilities that Enable Authentication Bypass and DoS Attacks

2025-11-27 13:37:01
GitLab has released critical security updates for its Community Edition (CE) and Enterprise Edition (EE) to address multiple high-severity vulnerabilities. The patches, rolled out in versions 18.6.1, 18.5.3,...

Lire la suite »

Holiday shoppers targeted as Amazon and FBI warn of surge in account takeover attacks

2025-11-27 13:18:34
Scammers are stepping up their game for the holidays, impersonating brands to trick people into handing over their accounts.

Lire la suite »

IA en santé : Inria et Doctolib s'associent

2025-11-27 12:58:52
Inria et Doctolib s'associent pour créer une équipe de recherche commune dédiée à la recherche allant du diagnostic assisté à l'accompagnement personnalisé des patients. The post IA en santé...

Lire la suite »

De nombreux identifiants exposés sur des sites de codage

2025-11-27 12:38:29
Identifiants, clés d’authentification, données de configuration, tokens et clés d’API sont potentiellement exposés (...)

Lire la suite »

Can AI Agents Pay Each Other? How Cronos Is Testing the Next Frontier with x402 PayTech Hackathon

2025-11-27 12:37:39
Cronos x402 Hackathon offers K for developers building AI agents with autonomous payment capabilities.

Lire la suite »

Gemini 3 Pro : à J+10, un enthousiasme plus tempéré

2025-11-27 12:21:13
L'enthousiasme suscité par le premier modèle de la famille Gemini 3 perdure, mais se révèle plus modéré qu'au lancement. The post Gemini 3 Pro : à J+10, un enthousiasme plus tempéré appeared...

Lire la suite »

OpenAI API User Data Exposed in Mixpanel Breach, ChatGPT Unaffected

2025-11-27 12:19:02
OpenAI confirmed a third-party data breach via Mixpanel, exposing limited API user metadata like names, emails and browser…

Lire la suite »

OpenAI discloses API customer data breach via Mixpanel vendor hack

2025-11-27 11:27:06
OpenAI is notifying some ChatGPT API customers that limited identifying information was exposed following a breach at its third-party analytics provider Mixpanel. [...]

Lire la suite »

Debian LTS: libssh Critical Issues Addressed in DLA-4385-1

2025-11-27 10:26:47
Several vulnerabilities have been found in libssh, a tiny C SSH library. CVE-2025-4877

Lire la suite »

ThreatsDay Bulletin: AI Malware, Voice Bot Flaws, Crypto Laundering, IoT Attacks — and 20 More Stories

2025-11-27 10:03:00
Hackers have been busy again this week. From fake voice calls and AI-powered malware to huge money-laundering busts and new scams, there's a lot happening in the cyber world. Criminals are getting creative...

Lire la suite »

openSUSE: Kernel Important Update for CVEs 2025-20091-1

2025-11-27 09:35:58
An update that solves 83 vulnerabilities and has 101 bug fixes can now be installed.

Lire la suite »

openSUSE: Important Security Fix for mysql-connector-java CVE-2025-20089-1

2025-11-27 09:35:58
An update that solves one vulnerability and has one bug fix can now be installed.

Lire la suite »

NCSC handing over the baton of smart meter security: a decade of progress

2025-11-27 08:54:47
Why transferring the Commercial Product Assurance scheme to industry ownership marks an important milestone.

Lire la suite »

Ubuntu 16.04: FFmpeg Important Denial Of Service Crash USN-7890-1

2025-11-27 08:49:33
FFmpeg could be made to crash if it opened a specially crafted file.

Lire la suite »

New ASUS firmware patches critical AiCloud vulnerability

2025-11-27 08:33:32
ASUS released new firmware to address multiple vulnerabilities, including a critical authentication bypass flaw in routers with AiCloud enabled. ASUS has issued new firmware addressing nine security vulnerabilities,...

Lire la suite »

Critical Kernel Update for CVE-2025-4269-1 in openSUSE Available Now

2025-11-27 08:30:11
An update that solves two vulnerabilities can now be installed.

Lire la suite »

SUSE: Kernel Important Security Update CVE-2025-38500 2025:4269-1

2025-11-27 08:30:10
* bsc#1248672 * bsc#1249537 Cross-References: * CVE-2025-38500

Lire la suite »

Gainsight Expands Impacted Customer List Following Salesforce Security Alert

2025-11-27 07:03:00
Gainsight has disclosed that the recent suspicious activity targeting its applications has affected more customers than previously thought. The company said Salesforce initially provided a list of 3 impacted...

Lire la suite »

China Software Developer Network - 6,414,990 breached accounts

2025-11-27 05:49:56
In 2011, the China Software Developer Network (CSDN) suffered a data breach that exposed over 6M user records. The data included email addresses alongside usernames and plain text passwords.

Lire la suite »

UNC2891 Hackers Use Linux Malware in Major Banking Security Heists

2025-11-27 02:47:22
UNC2891 has been working its way through gaps in ATM security and broader banking security by slipping small hardware implants into places most teams assume are locked down. Investigators found Raspberry...

Lire la suite »

List of 35 new domains

2025-11-27 00:00:00
.fr baxterbet-fr[.fr] (registrar: NETIM) betbona[.fr] (registrar: NETIM) browiner[.fr] (registrar: NETIM) browinner-fr[.fr] (registrar: NETIM) caissedepot[.fr] (registrar: Dreamscape Networks International...

Lire la suite »

Multiples vulnérabilités dans GitLab (27 novembre 2025)

27/11/2025
De multiples vulnérabilités ont été découvertes dans GitLab. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et un...

Lire la suite »

Multiples vulnérabilités dans les produits Splunk (27 novembre 2025)

27/11/2025
De multiples vulnérabilités ont été découvertes dans les produits Splunk. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une atteinte à la confidentialité...

Lire la suite »

Vulnérabilité dans Mattermost Server (27 novembre 2025)

27/11/2025
Une vulnérabilité a été découverte dans Mattermost Server. Elle permet à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Lire la suite »

Vulnérabilité dans MISP (27 novembre 2025)

27/11/2025
Une vulnérabilité a été découverte dans MISP. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.

Lire la suite »