Toute l'actualité de la Cybersécurité
Predator spyware uses new infection vector for zero-click attacks
2025-12-04 20:47:42
The Predator spyware from surveillance company Intellexa has been using a zero-click infection mechanism dubbed "Aladdin" that compromised specific targets when simply viewing a malicious advertisement....
CISA Publishes Security Guidance for Using AI in OT
2025-12-04 20:46:27
Global cybersecurity agencies published guidance regarding AI deployments in operational technology, a backbone of critical infrastructure.
Critical Vulnerabilities in React Server Components and Next.js
2025-12-04 20:30:55
We discuss the CVSS 10.0-rated RCE vulnerabilities in the Flight protocol used by React Server Components. These are tracked as CVE-2025-55182 and CVE-2025-55182-66478.
The post Critical Vulnerabilities...
LummaC2 Infects North Korean Hacker Device Linked to Bybit Heist
2025-12-04 19:55:04
LummaC2 infostealer infects North Korean hacker's device, exposing ties to .4B Bybit heist and revealing tools, infrastructure and OPSEC failures.
Russia blocks FaceTime and Snapchat for alleged use by terrorists
2025-12-04 19:12:18
Russian telecommunications watchdog Roskomnadzor has blocked access to Apple's FaceTime video conferencing platform and the Snapchat instant messaging service, claiming they're being used to coordinate...
Marquis data breach impacted more than 780,000 individuals
2025-12-04 18:42:31
Hackers breached fintech firm Marquis, stealing personal and financial data, the security breach impacted over 780,000 people. Hackers breached fintech firm Marquis and stole personal and financial data,...
USN-7912-2: CUPS vulnerability
2025-12-04 18:22:26
USN-7912-1 fixed vulnerabilities in CUPS. This update provides the
corresponding update for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu
20.04 LTS.
Original advisory details:
Johannes Meixner and...
CISA warns of Chinese "BrickStorm" malware attacks on VMware servers
2025-12-04 18:19:55
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned network defenders of Chinese hackers backdooring VMware vSphere servers with Brickstorm malware. [...]
USN-7913-1: MAME vulnerabilities
2025-12-04 18:10:48
It was discovered that the stb library, included in MAME, had a heap-based
buffer overflow. An attacker could possibly use this issue to crash the
program or execute arbitrary code. (CVE-2018-16981)
It...
CISA and NSA Warns of BRICKSTORM Malware Attacking VMware ESXi and Windows Environments
2025-12-04 18:03:24
The Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Canadian Centre for Cyber Security (Cyber Centre) issued a joint advisory today, warning of a sophisticated...
How scammers use fake insurance texts to steal your identity
2025-12-04 17:55:09
We follow the trail of a simple insurance text scam to show how it can spiral into full-blown identity theft.
USN-7874-3: Linux kernel (IoT) vulnerabilities
2025-12-04 17:49:28
Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered
that the Linux kernel contained insufficient branch predictor isolation
between a guest and a userspace hypervisor for certain...
Prompt Injection Flaw in GitHub Actions Hits Fortune 500 Firms
2025-12-04 17:41:30
A new class of prompt injection vulnerabilities, dubbed “PromptPwnd,” has been uncovered by cybersecurity firm Aikido Security. The flaws affect GitHub Actions and GitLab CI/CD pipelines that...
Silver Fox Uses Fake Microsoft Teams Installer to Spread ValleyRAT Malware in China
2025-12-04 17:25:00
The threat actor known as Silver Fox has been spotted orchestrating a false flag operation to mimic a Russian threat group in attacks targeting organizations in China.
The search engine optimization (SEO)...
React2Shell: RCE Vulnerabilities Require Immediate Attention
2025-12-04 17:16:06
CVE-2025-55182 and CVE-2025-66478 — Critical Deserialization RCE in React Server Components
As reported by React and Next.js and titled react2shell, a new unauthenticated remote-code-execution...
SpyCloud Data Shows Corporate Users 3x More Likely to Be Targeted by Phishing Than by Malware
2025-12-04 14:01:30
Austin, TX, USA, 4th December 2025, CyberNewsWire
Cybersecurity strategies to prioritize now
2025-12-04 17:00:00
In this article, Damon Becknel, Vice President and Deputy CISO for Regulated Industries at Microsoft, outlines four things to prioritize doing now.
The post Cybersecurity strategies to prioritize now ...
Contractors with hacking records accused of wiping 96 govt databases
2025-12-04 16:30:59
U.S. prosecutors have charged two Virginia brothers arrested on Wednesday with allegedly conspiring to steal sensitive information and destroy government databases after being fired from their jobs as...
New SVG Clickjacking Attack Let Attackers Create Interactive Clickjacking Attacks
2025-12-04 16:27:20
Clickjacking has long been considered a “dumb” attack in the cybersecurity world. Traditionally, it involves placing an invisible frame over a legitimate website to trick a user into clicking...
Cloudflare Blocks Aisuru Botnet Powered Largest Ever 29.7 Tbps DDoS Attack
2025-12-04 16:19:00
Cloudflare's Q3 2025 DDoS Threat Report reveals the Aisuru botnet launched a record 29.7 Tbps attack. Learn which sectors were the most targeted, and the key drivers behind the surge in attacks.
USN-7912-1: CUPS vulnerability
2025-12-04 16:07:04
Johannes Meixner and Paul Zirnik discovered that CUPS incorrectly handled
clients that send messages slowly. A remote attacker could possibly use
this issue to cause CUPS to stop responding, resulting...
React2Shell (CVE-2025-55182) - Critical unauthenticated RCE affecting React Server Components
2025-12-04 16:05:50
OverviewOn December 3, 2025, Meta disclosed a new vulnerability, CVE-2025-55182, which has since been dubbed React2Shell. A second CVE identifier, CVE-2025-66478, was assigned and published to track the...
The HackerNoon Newsletter: How to Turn Year-End Reflections into Q1 Content Gold (12/4/2025)
2025-12-04 16:04:30
How are you, hacker?
🪐 What's happening in tech today, December 4, 2025?
The
HackerNoon Newsletter
brings the HackerNoon
...
Modern Data Engineering with Apache Spark: A Hands-On Guide to Slowly Changing Dimensions (SCD)
2025-12-04 16:00:54
Slowly Changing Dimensions are critical for preserving historical accuracy in analytics. This guide walks through SCD Types 0–6 and shows how Spark and Databricks implement scalable, automated workflows...
The Art of the Prompt: Engineering GenAI to Produce SOLID-Compliant Code
2025-12-04 16:00:18
Generative AI is great at writing code that works, but terrible at writing code that lasts. Left to its own devices, an LLM will generate tightly coupled, brittle spaghetti code. The secret isn't a better...
The Real Reason Startup Lead Gen Fails (and How Brand Awareness Fixes It)
2025-12-04 15:59:59
Most early-stage startups struggle with lead generation because their brand isn't visible or trusted. Building brand awareness first - through consistent content, credible placement, and wide distribution...
CISA Warns of OpenPLC ScadaBR File Upload Vulnerability Exploited in Attacks
2025-12-04 15:59:11
Critical vulnerability has been added to CISA’s Known Exploited Vulnerabilities list, warning organizations about a dangerous file-upload flaw in OpenPLC ScadaBR systems. The vulnerability allows...
Sécuriser les VM Windows Server : la MFA sans complexité
2025-12-04 15:57:15
La virtualisation constitue l'un des piliers de l'informatique moderne, mais elle n'est pas sans défis de sécurité. Le premier problème : le nombre d'instances de serveurs virtualisés (machines...
As Bitcoin (BTC) Momentum Cools,This New Crypto Gains 18,300 Buyers & Breaks Through 96% Allocation
2025-12-04 15:56:31
Mutuum Finance (MUTM) is developing a lending protocol designed around real on-chain activity. Users can lend assets such as ETH or USDT and receive mt tokens in return. MUTM has raised .1 million...
ASUS confirms vendor breach as Everest gang leaks data, claims ArcSoft and Qualcomm
2025-12-04 15:53:01
ASUS confirms a third-party breach after Everest leaks sample data. Hackers also claim ArcSoft and Qualcomm. ASUS says a third-party breach exposed data after Everest ransomware leaked samples, claiming...
The Tradeoff Triangle: Why Microservices Start to Hurt at Scale
2025-12-04 15:51:00
Microservices might be the best example of what modern software architecture looks like. However, sometimes scaling of this architecture begins to hurt more than it helps. The more they fracture applications...
The Architecture of Collaboration: A Practical Framework for Human-AI Interaction
2025-12-04 15:41:23
The rise of advanced AI has shifted the workplace narrative from AI-driven automation (replacement) to augmentation (collaboration). This human-AI teamwork, called Collaborative Intelligence, boosts productivity...
ServiceNow's Acquisition of NHI Provider Veza Strengthens Governance Portfolio
2025-12-04 15:29:11
The deal, believed to be valued at billion, will bring non-human identity access control of agents and machines to ServiceNow's offerings including its new AI Control Tower.
On en sait (un peu) plus sur la future startup de Yann LeCun
2025-12-04 15:17:47
Le pionnier français de l'intelligence artificielle a confirmé que le géant américain ne prendra pas de participation dans sa future start-up dédiée aux "modèles du monde".
The post On en sait...
How to Build No-Code AI Workflows Using Activepieces and Sevalla
2025-12-04 15:13:50
ActivePieces is an open source tool that lets anyone create smart workflows. It uses a clean flow builder where each block represents a step. By linking pieces together, you can build workflows that act...
Critical React, Next.js flaw lets hackers execute code on servers
2025-12-04 15:11:54
A maximum severity vulnerability, dubbed 'React2Shell', in the React Server Components (RSC) 'Flight' protocol allows remote code execution without authentication in React and Next.js applications....
How strong password policies secure OT systems against cyber threats
2025-12-04 15:11:22
OT environments rely on aging systems, shared accounts, and remote access, making weak or reused passwords a major attack vector. Specops Software explains how stronger password policies and continuous...
5 Open-Source & Free Software Projects to Celebrate Christmas —And Support Via Kivach
2025-12-04 15:07:43
GitHub is home to free and open-source projects that capture the Christmas spirit. From animated light displays and festive games to apps that help plant trees or organize gift exchanges, these projects...
Cybersecurity in Agentic Commerce: Safeguarding the Autonomous Future
2025-12-04 14:43:54
Building a Secure Foundation for the Future of Autonomous Transactions –Dr. Alissa Abdullah, Deputy Chief Security Officer, Mastercard San Jose, Calif. – Dec. 4, 2025 Agentic commerce is changing...
Midnight Opens Redemptions for 4.5B+ NIGHT Tokens After Record-Breaking Distribution Event
2025-12-04 14:43:45
Midnight Network launches NIGHT on Cardano. Night is the native token of the Midnight network, enabling users to utilize the network, participate in consensus, and govern the long term direction of the...
Trois spécialistes de la cybersécurité sur quatre affirment avoir été confrontés à l'épuisement professionnel
2025-12-04 14:39:42
Une récente étude de Sophos dévoile que, dans le domaine de la cybersécurité, le « burnout » représente un facteur de risque majeur pour les entreprises et leurs équipes. Tribune – Selon les...
Écoconception web : Orange en tête d'un CAC 40 qui stagne
2025-12-04 14:38:13
D'après les mesures de l'agence Razorfish et du collectif Green IT, le score moyen de performance environnementale des sites web du CAC 40 ne croît plus.
The post Écoconception web : Orange en tête...
openSUSE Leap 16.0: mozjs128 Important Sandbox Escape Issues 2025-20135-1
2025-12-04 14:33:31
An update that solves 26 vulnerabilities and has one bug fix can now be installed.
Arizona Attorney General Suses Chinese E-commerce Retailer Temu Over Data Theft Claims
2025-12-04 14:16:35
Arizona Attorney General Kris Mayes has announced a lawsuit against the popular Chinese e-commerce retailer Temu, accusing the company of stealing vast amounts of customer data. The lawsuit, filed Tuesday,...
How To Reframe Cybersecurity Budget Requests And Get Them Approved
2025-12-04 14:07:23
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Dec. 4, 2025 – Read the full story from BreachLock Cybersecurity is no longer considered a “technical issue...
From Policy to Practice: Why Cyber Resilience Needs a Reboot
2025-12-04 14:00:00
In cybersecurity today, regulation is everywhere, but resilience isn't keeping pace.In this episode of Experts on Experts: Commanding Perspectives, Craig Adams chats with Sabeen Malik, VP of Public...
Student Sells Gov't, University Sites to Chinese Actors
2025-12-04 14:00:00
It's the best deal going in cybercrime: fully compromised websites belonging to high-value organizations, for just a couple hundred bucks each.
Une vulnérabilité dans React et Next.js à corriger en urgence
2025-12-04 13:55:04
Alerte maximale pour les développeurs déclenchée par Wiz (filiale cybersécurité de Google) après la découverte (...)
Your Startup Needs Governance, Not Vibes
2025-12-04 13:30:18
Many early-stage tech teams operate without real governance, leaving critical systems exposed to drift, single points of failure, and unaccountable decision-making. This article outlines practical, lightweight...
Lazarus Group's IT Workers Scheme Hacker Group Caught Live On Camera
2025-12-04 13:29:30
Lazarus Group's Famous Chollima unit has been caught “live on camera” running its remote IT worker scheme, after researchers funneled its operatives into fake laptops that were actually long‑running...
Threat Actors Leveraging Foxit PDF Reader to Gain System Control and Steal Sensitive Data
2025-12-04 13:24:15
Cybercriminals have discovered a clever way to slip malware onto job seekers’ computers by disguising malicious files as legitimate recruitment documents. A new campaign called ValleyRAT targets...
Canadian police trialing facial recognition bodycams
2025-12-04 13:19:24
Facial recognition software has long been criticized for accuracy issues and past wrongful arrests.
Is Dubizzle a Craigslist Waiting to Happen – And Can AI Unbundle It?
2025-12-04 13:18:10
The article asks whether Dubizzle, often called the “Craigslist of the UAE,” could trigger a new unbundling wave like Craigslist did in the early 2000s. Using Grok3 and ChatGPT o3, the author maps...
Microsoft 365 license check bug blocks desktop app downloads
2025-12-04 13:18:08
Microsoft is investigating and working to resolve a known issue that prevents customers from downloading Microsoft 365 desktop apps from the Microsoft 365 homepage. [...]
WebXR Flaw Hits 4 Billion Chromium Users, Update Your Browser Now
2025-12-04 13:16:24
Cybersecurity startup AISLE discovered a Medium severity flaw in the WebXR component of Chrome, Edge, and other Chromium browsers. Over 4 billion devices were at risk. Update now.
New Phishing Attack Mimic as Income Tax Department of India Delivers AsyncRAT
2025-12-04 13:00:28
A comprehensive phishing operation began targeting Indian companies in November 2025 by impersonating the Income Tax Department of India. The campaign employed remarkably authentic government communication...
Accelerate DevOps with Sonatype's Multi-Product AWS Offering
2025-12-04 13:00:03
Organizations building modern applications are constantly pressured to deliver software faster without compromising on security.
KnowBe4 Named a Leader in Gartner® Magic Quadrant™ for Email Security
2025-12-04 12:51:32
KnowBe4, the platform that comprehensively addresses AI and human risk management, has been recognised as a Leader in the 2025 Gartner Magic Quadrant for Email Security Platforms for the second consecutive...
PickleScan 0-Day Vulnerabilities Enable Arbitrary Code Execution via Malicious PyTorch Models
2025-12-04 12:45:35
Multiple critical zero‑day vulnerabilities in PickleScan, a popular open‑source tool used to scan machine learning models for malicious code. PickleScan is widely used in the AI world, including...
Update Chrome now: Google fixes 13 security issues affecting billions
2025-12-04 12:42:02
Google has pushed out a Chrome update with 13 security fixes, including a high-severity flaw in Digital Credentials.
Newly Sold Albiriox Android Malware Targets Banks and Crypto Holders
2025-12-04 12:34:39
Cleafy analysis reveals Albiriox, a new Android Malware-as-a-Service (MaaS) RAT that targets over 400 global banking and crypto apps. Learn how ODF fraud enables full device takeover.
Face à Excel et Google Sheets, Proton lance son tableur
2025-12-04 12:13:00
Petit à petit, la suite Workspace de Proton s’enrichit pour être une alternative européenne et sécurisée aux offres (...)
ThreatsDay Bulletin: Wi-Fi Hack, npm Worm, DeFi Theft, Phishing Blasts— and 15 More Stories
2025-12-04 11:58:00
Think your Wi-Fi is safe? Your coding tools? Or even your favorite financial apps? This week proves again how hackers, companies, and governments are all locked in a nonstop race to outsmart each other.
Here's...
Ubuntu 18.04 LTS: USN-7907-4 Linux Kernel Critical Security Fixes
2025-12-04 11:56:39
Several security issues were fixed in the Linux kernel.
USN-7907-4: Linux kernel (GCP FIPS) vulnerabilities
2025-12-04 11:52:45
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Cryptographic API;
...
Ubuntu 18.04 & 16.04: Linux Kernel Critical Security Update USN-7907-3
2025-12-04 11:49:51
Several security issues were fixed in the Linux kernel.
USN-7907-3: Linux kernel vulnerabilities
2025-12-04 11:46:28
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Cryptographic API;
...
Ubuntu 14.04: Critical Kernel Issues Advisory USN-7911-1 CVE-2023-52975
2025-12-04 11:40:26
Several security issues were fixed in the Linux kernel.
USN-7911-1: Linux kernel vulnerabilities
2025-12-04 11:35:55
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- SCSI subsystem;
...
5 Threats That Reshaped Web Security This Year [2025]
2025-12-04 11:30:00
As 2025 draws to a close, security professionals face a sobering realization: the traditional playbook for web security has become dangerously obsolete. AI-powered attacks, evolving injection techniques,...
Ubuntu 22.04 LTS: Linux Kernel Critical Security Issues Fixed USN-7910-1
2025-12-04 11:27:44
Several security issues were fixed in the Linux kernel.
USN-7910-1: Linux kernel (Azure FIPS) vulnerabilities
2025-12-04 11:23:32
Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered
that the Linux kernel contained insufficient branch predictor isolation
between a guest and a userspace hypervisor for certain...
Ubuntu 22.04 LTS: Critical Linux Kernel Vulnerabilities USN-7909-3 CVEs
2025-12-04 11:19:15
Several security issues were fixed in the Linux kernel.
USN-7909-3: Linux kernel (FIPS) vulnerabilities
2025-12-04 11:14:34
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM32 architecture;
...
USN-7909-2: Linux kernel (Real-time) vulnerabilities
2025-12-04 11:03:24
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM32 architecture;
...
Sécurité des e-mails : l'option multifournisseur s'impose
2025-12-04 10:43:07
L'évolution du marché des solutions de sécurité des e-mails rend aussi opportunes que nécessaires les stratégies multifournisseurs.
The post Sécurité des e-mails : l’option multifournisseur...
GoldFactory Hits Southeast Asia with Modified Banking Apps Driving 11,000+ Infections
2025-12-04 09:27:00
Cybercriminals associated with a financially motivated group known as GoldFactory have been observed staging a fresh round of attacks targeting mobile users in Indonesia, Thailand, and Vietnam by impersonating...
Trois clés pour embarquer les employés dans la cybersécurité
2025-12-04 09:19:36
Dans de nombreuses entreprises, les directives de sécurité informatique se heurtent à la résistance des employés qui (...)
Cloudflare mitigates record 29.7 Tbps DDoS attack by the AISURU botnet
2025-12-04 09:11:43
Cloudflare blocked a record 29.7 Tbps DDoS attack from the AISURU botnet. The 69-second attack set a new high, though the target remains undisclosed. Cloudflare stopped a record 29.7 Tbps DDoS attack...
AWS enrichit son offre Transform avec des agents IA
2025-12-04 09:08:42
« Aujourd’hui, la modernisation n’est plus une option pour les entreprises », souligne Akshat Tyagi, directeur adjoint (...)
Entretien Yves Pellemans, DG délégué Cheops Technology : « Il faut maîtriser le coût de l'IA »
2025-12-04 08:56:58
Suite des entretiens du Monde Informatique avec Yves Pellemans, directeur général délégué de Cheops Technology. Recruté (...)
'MuddyWater' Hackers Target Israeli Orgs With Retro Game Tactic
2025-12-04 07:00:00
Iran's top state-sponsored APT is usually rather crass. But in a recent spate of attacks, it tried out some interesting evasion tactics, including delving into Snake, an old-school mobile game.
Record 29.7 Tbps DDoS Attack Linked to AISURU Botnet with up to 4 Million Infected Hosts
2025-12-04 06:52:00
Cloudflare on Wednesday said it detected and mitigated the largest ever distributed denial-of-service (DDoS) attack that measured at 29.7 terabits per second (Tbps).
The activity, the web infrastructure...
CVE-2025-66478: RCE in React Server Components
2025-12-04 04:21:47
Bulletin ID: AWS-2025-030 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/12/03 20:00 PM PST
Description:
AWS is aware of the recently disclosed CVE-2025-55182 which affects...
List of 36 new domains
2025-12-04 00:00:00
.fr assistance-verifier[.fr] (registrar: PDR Ltd. d/b/a PublicDomainRegistry.com)
auchan-intermarche[.fr] (registrar: IONOS SE)
barcllays[.fr] (registrar: Hostinger operations UAB)
blindluckcasino[.fr]...
Vulnérabilité dans PostgreSQL PgBouncer (04 décembre 2025)
04/12/2025
Une vulnérabilité a été découverte dans PostgreSQL PgBouncer. Elle permet à un attaquant de provoquer une injection SQL (SQLi).
Multiples vulnérabilités dans Wireshark (04 décembre 2025)
04/12/2025
De multiples vulnérabilités ont été découvertes dans Wireshark. Elles permettent à un attaquant de provoquer un déni de service à distance.
Multiples vulnérabilités dans les produits Splunk (04 décembre 2025)
04/12/2025
De multiples vulnérabilités ont été découvertes dans les produits Splunk. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité...
Multiples vulnérabilités dans les produits Microsoft (04 décembre 2025)
04/12/2025
De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni...