Toute l'actualité de la Cybersécurité
Outpost24 Acquires Infinipoint
2025-12-11 16:46:29
This week, Outpost24 announced the acquisition of Infinipoint, a specialist in device identity, posture validation, and secure workforce access. The acquisition marks Outpost24's entry into the Zero...
The Best Red Teaming Tools of 2026: What You Need to Know
2025-12-11 16:36:42
As AI-generated threats continue to rise, more organisations are turning to red teaming to turn the tide. Nothing provides a better understanding of your security posture like letting a red team...
GitHub Down: Developers Frustrated by ‘No Server Available' Message
2025-12-11 16:28:38
GitHub is experiencing user-reported outages, with many developers greeted by a prominent error featuring the platform’s unicorn mascot and the message “No server is currently available to...
Orange recrute Guillaume Poupard pour piloter sa stratégie de souveraineté numérique
2025-12-11 16:21:23
L'actuel DGA de Docaposte rejoint l'opérateur historique en tant que Chief Trust Officer.
The post Orange recrute Guillaume Poupard pour piloter sa stratégie de souveraineté numérique appeared first...
2025 Cybersecurity Almanac: 100 Facts, Figures, Predictions And Statistics
2025-12-11 16:15:56
The past, present, and future of cybercrime. Brought to you by Evolution Equity Partners – Steve Morgan, Editor-In-Chief Sausalito, Calif. – Dec. 11, 2025 If it were measured as a country, then cybercrime...
Microsoft bounty program now includes any flaw impacting its services
2025-12-11 16:00:46
Microsoft now pays security researchers for finding critical vulnerabilities in any of its online services, regardless of whether the code was written by Microsoft or a third party. [...]
Notepad++ Vulnerability Let Attackers Hijack Network Traffic to Install Malware via Updates
2025-12-11 15:43:15
The popular text editor Notepad++ has addressed a severe security weakness in its update mechanism that could allow attackers to hijack network traffic and push malicious executables to users under the...
New ConsentFix attack hijacks Microsoft accounts via Azure CLI
2025-12-11 15:10:49
A new variation of the ClickFix attack dubbed 'ConsentFix' abuses the Azure CLI OAuth app to hijack Microsoft accounts without the need for a password or to bypass multi-factor authentication (MFA) verifications....
Gogs 0-Day Vulnerability Exploited in the Wild to Hack 700+ Instances
2025-12-11 15:07:39
A critical zero-day vulnerability in Gogs, a widely used self-hosted Git service, is currently being exploited in the wild. Designated as CVE-2025-8110, this flaw allows authenticated users to execute...
AI is accelerating cyberattacks. Is your network prepared?
2025-12-11 15:05:15
AI-driven attacks now automate reconnaissance, generate malware variants, and evade detection at a speed that overwhelms traditional defenses. Corelight explains how network detection and response (NDR)...
1inch Named Exclusive Swap Provider at Launch for Ledger Multisig
2025-12-11 14:00:41
Road Town, British Virgin Islands, 11th December 2025, CyberNewsWire
New DroidLock Malware Locks Android Devices and Demands a Ransom
2025-12-11 14:54:05
A dangerous new malware called DroidLock is targeting Android users, particularly in Spanish-speaking regions, through phishing websites. This threat combines ransomware tactics with remote-control capabilities,...
AI in OT Sparks Cascade of Complex Challenges
2025-12-11 14:50:59
Using artificial intelligence in operational technology environments could be a bumpy ride full of trust issues and security challenges.
New ‘DroidLock' Android Malware Locks Users Out, Spies via Front Camera
2025-12-11 14:37:59
Zimperium zLabs reveals DroidLock, a new Android malware acting like ransomware that can hijack Android devices, steal credentials via phishing, and stream your screen via VNC.
Microsoft refuse de corriger une faille de proxy http dans .NET
2025-12-11 14:37:52
A l’occasion de la Black Hat en Europe qui s’est tenue à Londres du 8 au 11 décembre, Piotr Bazydło un chercheur de (...)
The Odds Of Suffering A Data Breach
2025-12-11 14:36:29
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Dec. 11, 2025 –Read the full story in KBI Media According to research from Cybersecurity Ventures, cybercrime...
INE Highlights Enterprise Shift Toward Hands-On Training Amid Widening Skills Gaps
2025-12-11 12:43:15
Cary, North Carolina, USA, 11th December 2025, CyberNewsWire
Microsoft Teams to Introduce External Domains Anomalies Report for Enhanced Security
2025-12-11 13:55:41
Microsoft plans to enhance the administrative features of its Teams collaboration platform with a significant new security function to monitor external communications. Scheduled for rollout in February...
New ClickFix Attacks as macOS Infostealer Leverages Official ChatGPT Website by Piggybacking
2025-12-11 13:54:36
A new malicious campaign is targeting macOS users via a novel attack that exploits ChatGPT’s official website. The attackers are using a technique called ClickFix to spread the AMOS infostealer...
Malwarebytes for Mac now has smarter, deeper scans
2025-12-11 13:40:02
Say hello to the upgraded Malwarebytes for Mac, with stronger protection and more control.
ThreatsDay Bulletin: Spyware Alerts, Mirai Strikes, Docker Leaks, ValleyRAT Rootkit — and 20 More Stories
2025-12-11 13:40:00
This week's cyber stories show how fast the online world can turn risky. Hackers are sneaking malware into movie downloads, browser add-ons, and even software updates people trust. Tech giants and governments...
Plate-forme Data : comment la Matmut a fait son entrée chez S3NS
2025-12-11 13:26:25
La Matmut a migré sa plate-forme data d'un socle Spark-Hadoop on-prem à un environnement BigQuery chez S3NS. Elle partage ses perspectives.
The post Plate-forme Data : comment la Matmut a fait son entrée...
Hackers exploit unpatched Gogs zero-day to breach 700 servers
2025-12-11 13:19:50
An unpatched zero-day vulnerability in Gogs, a popular self-hosted Git service, has enabled attackers to gain remote code execution on Internet-facing instances and compromise hundreds of servers. [...]...
NANOREMOTE Malware Uses Google Drive API for Hidden Control on Windows Systems
2025-12-11 13:16:00
Cybersecurity researchers have disclosed details of a new fully-featured Windows backdoor called NANOREMOTE that uses the Google Drive API for command-and-control (C2) purposes.
According to a report...
Charming Kitten Leak Exposes Key Personnel, Front Companies, and Thousands of Compromised Systems
2025-12-11 13:09:25
Fresh leaks from the Iranian state‑backed group Charming Kitten, also tracked as APT35, have exposed key personnel, front companies, and thousands of compromised systems spread across five continents....
USN-7925-1: c-ares vulnerability
2025-12-11 13:07:40
It was discovered that c-ares incorrectly handled terminating certain
queries after a maximum number of attempts. An attacker could possibly use
this issue to cause c-ares to crash, resulting in a denial...
Scammers Sent 40,000 E-Signature Phishing Emails to 6,000 Firms in Just 2 Weeks
2025-12-11 12:46:42
Phishing campaign: Scammers sent over 40,000 spoofed SharePoint, DocuSign and e-sign emails to companies, hiding malicious links behind trusted redirect services.
Aviz Networks lance une distribution Sonic pour les entreprises
2025-12-11 12:32:31
Comment faciliter le déploiement de Sonic auprès des entreprises. Aviz Networks a peut être trouvé la solution en lançant (...)
Hackers Leveraging LLM Shared Chats to Steal Your Passwords and Crypto
2025-12-11 12:14:42
A new malware campaign has emerged that exploits legitimate AI platforms to deliver malicious code directly to unsuspecting users. Threat actors are using sponsored Google search results to redirect users...
Hunting for Mythic in network traffic
2025-12-11 12:00:52
We analyze the network activity of the Mythic framework, focusing on agent-to-C2 communication, and use signature and behavioral analysis to create detection rules for Network Detection and Response (NDR)...
Another Chrome zero-day under attack: update now
2025-12-11 11:58:47
If we're lucky, this update will close out 2025's run of Chrome zero-days. This one is a V8 type-confusion issue already being exploited in the wild.
The Impact of Robotic Process Automation (RPA) on Identity and Access Management
2025-12-11 11:30:00
As enterprises refine their strategies for handling Non-Human Identities (NHIs), Robotic Process Automation (RPA) has become a powerful tool for streamlining operations and enhancing security. However,...
Google Cloud lance des serveurs MCP managés pour ses services
2025-12-11 11:26:03
Petit à petit, l’automatisation s’invite dans le développement des agents IA et, en particulier, dans leur manière d’interagir (...)
Coupang CEO Resigns Following Major Data Breach Exposing 34 Million Customers
2025-12-11 11:16:45
South Korea's largest online retailer, Coupang, has been rocked by a massive data breach that exposed the personal details of nearly 34 million customers, forcing CEO Park Dae-jun to resign amid mounting...
Ne tombez pas dans le Monde à l'envers : des escrocs tentent d'hameçonner les fans de Stranger Things
2025-12-11 11:14:01
Alors que la nouvelle saison de Stranger Things arrive sur les plateformes de streaming, les experts en cybersécurité de Kaspersky lancent un avertissement aux fans. Un pic d’escroqueries a été...
Cybersécurité en PME : Pourquoi la sécurité est l'affaire de tous
2025-12-11 11:07:53
Dans l'imaginaire collectif, la cybersécurité évoque encore des salles obscures remplies de serveurs, des lignes de code à perte de vue et des ingénieurs penchés sur des écrans clignotants. En...
Hamas-Affiliated Ashen Lepus Targets Middle Eastern Diplomatic Entities With New AshTag Malware Suite
2025-12-11 11:00:38
Hamas-affiliated threat actor Ashen Lepus (aka WIRTE) is conducting espionage with its new AshTag malware suite against Middle Eastern government entities.
The post Hamas-Affiliated Ashen Lepus Targets...
WIRTE Leverages AshenLoader Sideloading to Install the AshTag Espionage Backdoor
2025-12-11 11:00:00
An advanced persistent threat (APT) known as WIRTE has been attributed to attacks targeting government and diplomatic entities across the Middle East with a previously undocumented malware suite dubbed...
New Research: Multifunction Printer (MFP) Security Concerns within the Enterprise Business Environment
2025-12-11 10:57:28
Multifunction printers (MFPs) do far more than print. They scan, email, fax, store, and authenticate. That convenience comes with risk. Our latest report, Understanding Multifunction Printer (MFP) Security...
Unpatched Gogs Zero-Day Exploited Across 700+ Instances Amid Active Attacks
2025-12-11 10:30:00
A high-severity unpatched security vulnerability in Gogs has come under active exploitation, with more than 700 compromised instances accessible over the internet, according to new findings from Wiz.
The...
Top 10 Data Anonymization Solutions for 2026
2025-12-11 10:27:55
Every business today has to deal with private information – whether it is about customers, employees, or financial…
Adam M. Root: How to Architect Agentic AI Workflows That Scale Across the Enterprise
2025-12-11 10:14:59
Enterprises struggle to scale agentic AI because they chase tools instead of defining real problems. Adam M. Root argues that human expertise, strong questions, and strategic frameworks like PURSUIT—not...
Microsoft fixes Windows Explorer white flashes in dark mode
2025-12-11 10:09:52
Microsoft has fixed a known issue that caused bright white flashes when launching File Explorer in dark mode on Windows 11 systems after installing the KB5070311 optional update. [...]
Geopolitics and Cyber Risk: How Global Tensions Shape the Attack Surface
2025-12-11 10:01:00
Geopolitics has become a significant risk factor for today's organizations, transforming cybersecurity into a technical and strategic challenge heavily influenced by state behavior. International tensions...
Copilot's No-Code AI Agents Liable to Leak Company Data
2025-12-11 10:00:00
Microsoft puts the power of AI in the hands of everyday non-technical Joes. It's a nice idea, and a surefire recipe for security issues.
CastleLoader Malware Now Uses Python Loader to Bypass Security
2025-12-11 09:28:08
Cybersecurity researchers at Blackpoint Cyber discovered a new, evasive CastleLoader malware variant using Python and ClickFix social engineering to deliver RATs and info-stealers directly from memory....
Avec SecNumCloud en perspective, Numspot voit au-delà d'OUTSCALE
2025-12-11 09:18:05
Numspot se positionne désormais en plate-forme « portable » et s'oriente vers des partenariats avec des fournisseurs européens de cloud d'infrastructure.
The post Avec SecNumCloud en perspective,...
Deutsche Börse se dote d'un centre dédié à l'IA responsable
2025-12-11 09:12:17
« Nous voulons garantir la transparence, la gouvernance et la conformité dans un environnement hautement réglementé, sans pour (...)
Evroc et Suse lancent une offre cloud européenne sur Kubernetes
2025-12-11 09:02:54
Suivant le regain d'intérêt pour des offres IT européennes, Evroc et Suse apportent leur pierre à l'édifice. Les (...)
Un pack Trend Micro pour sécuriser les développements IA
2025-12-11 08:49:22
A l'occasion de l'évènement d'AWS re: Invent 2025 qui s'est déroulé la semaine dernière, Trend Micro a annoncé (...)
ITS Integra absorbe QosGuard
2025-12-11 08:49:06
L'infogéreur et opérateur cloud ITS Integra, filiale d'ITS Group, enrichit son portefeuille de services autour de l'amélioration de (...)
Pro-Russia Hacktivist Support: Ukrainian Faces US Charges
2025-12-11 08:29:54
Ukrainian Victoria Dubranova, 33, faces US charges for aiding pro-Russia hacktivist groups CARR and NoName057(16) in global cyberattacks. A Ukrainian woman, Victoria Dubranova (33), has been charged in...
Google fixes eighth Chrome zero-day exploited in attacks in 2025
2025-12-11 08:01:21
Google has released emergency updates to fix another Chrome zero-day vulnerability exploited in the wild, marking the eighth such security flaw patched since the start of the year. [...]
Cyber deception trials: what we've learned so far
2025-12-11 07:55:27
An update on the NCSC's trials to test the real-world efficacy of cyber deception solutions.
Ubuntu 25.10: libpng Denial of Service Vulnerability USN-7924-1
2025-12-11 07:35:13
Several security issues were fixed in libpng.
It didn't take long: CVE-2025-55182 is now under active exploitation
2025-12-11 07:30:41
Threat actors are now exploiting CVE-2025-55182, and attacks are poised to grow. Here's what you need to know about the vulnerability, how our honeypots are being targeted, what malware is being deployed,...
Apple's Design Lightning Rod Just Joined Meta. What Now?
2025-12-11 07:21:40
Alan Dye, the man who has spent the last decade shaping how Apple's software looks and feels, is heading to Meta.
Ubuntu 22.04 LTS: Qt Critical Denial of Service Risk 2025:7923-1
2025-12-11 07:19:04
Qt could be made to crash or run programs as your login if it opened a specially crafted file.
The TechBeat: Exploiting EIP-7702 Delegation in the Ethernaut Cashback Challenge — A Step-by-Step Writeup (12/11/2025)
2025-12-11 07:10:52
How are you, hacker?
🪐Want to know what's trending right now?:
The Techbeat by HackerNoon has got you covered with fresh content from our trending stories of the day! Set email preference here.
...
Chrome Targeted by Active In-the-Wild Exploit Tied to Undisclosed High-Severity Flaw
2025-12-11 07:09:00
Google on Wednesday shipped security updates for its Chrome browser to address three security flaws, including one it said has come under active exploitation in the wild.
The vulnerability, rated high...
Swift's #Predicate Explained: How Type-Safe Filtering Works in SwiftData
2025-12-11 07:01:17
Swift's new #Predicate macro turns query filtering into a type-safe, compile-time-checked process for SwiftData, but it requires comparing scalar identifiers—not whole objects—to generate valid...
Oracle: Unbreakable Enterprise Kernel Important Update ELSA-2025-28040
2025-12-11 06:51:34
The following updated rpms for have been uploaded to the Unbreakable Linux Network:
Oracle Linux 10: ELSA-2025-23052 Tomcat9 Important RCE Issues
2025-12-11 06:49:28
The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:
Oracle Linux 10: Firefox Important Security Fixes ELSA-2025-23035
2025-12-11 06:49:26
The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:
Oracle Linux 10 ELSA-2025-23008 MySQL 8.4 Moderate Security Advisory
2025-12-11 06:49:25
The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:
A Step-By-Step Guide to Activating IIS Client Certificate Mapping in Windows 11
2025-12-11 06:37:17
This guide walks you through enabling IIS Client Certificate Mapping Authentication on Windows 11 via Windows Features, explains how One-to-One and Many-to-One mappings work, and answers key questions...
AI Is Rewriting People's Lives Online. Some Are Fighting Back With Structured Identities.
2025-12-11 06:31:47
Companies are turning to AI systems to surface information about job candidates, business partners and public figures. More people are being reshaped, misidentified or erased entirely by the same systems...
Why I'm Tired of Productivity Wellness (And What It's Doing to Our Minds)
2025-12-11 06:25:10
"Doing good work" has morphed into a performance identity and a subscription economy. Everything is presented as "your best self," "beautiful systems," "better you," and "powerful morning routines"
Authorization in the Age of AI Agents: Beyond All-or-Nothing Access Control
2025-12-11 06:23:36
Authorization is the process of determining *what* you're allowed to do. It's the invisible security perimeter around every digital interaction you have. If authorization fails, everything fails.
How to Enable Long Paths on Windows 11 and Fix Error 0x80010135
2025-12-11 06:21:18
Windows 11 can bypass the legacy 260-character file path limit by enabling Long Paths through either the Settings menu or the Registry Editor. This guide walks through both methods, explains common errors...
Introducing Flatopia: How to Generate Your Own Sitcom with Python and Manim
2025-12-11 06:18:07
Opensource TV show sitcom and code to make your own episodes.
GitLab Cofounder-backed Kilo Code Raises M to Build an Open-source, Model-agnostic Copilot Rival
2025-12-11 06:15:28
Launched in March, 2025, Kilo Code is an open source coding agent that can be configured for a range of tasks.
I Don't Trust AI to Write My Code—But I Let It Read Everything
2025-12-11 06:09:15
I'm a senior full-stack developer who still cringes at AI-generated code in production. But tools like Copilot, Cursor, and Claude already save me hours every week – not by writing code for me, but...
Active Attacks Exploit Gladinet's Hard-Coded Keys for Unauthorized Access and Code Execution
2025-12-11 05:56:00
Huntress is warning of a new actively exploited vulnerability in Gladinet's CentreStack and Triofox products stemming from the use of hard-coded cryptographic keys that have affected nine organizations...
USN-7924-1: libpng vulnerabilities
2025-12-11 05:26:40
It was discovered that libpng incorrectly handled memory when processing
certain PNG files, which could result in an out-of-bounds memory access.
If a user or automated system were tricked into opening...
USN-7923-1: Qt vulnerability
2025-12-11 04:18:33
It was discovered that Qt did not correctly handle certain memory
operations. If a user or automated system were tricked into opening a
specially crafted file, an attacker could possibly use this issue...
HTB Academy: Windows CMD and PowerShell
2025-12-11 03:06:01
I did say that I needed to work on my Windows sys admin skills and also my PowerShell-fu and so here I am. As per the usual when it comes to my Academy content, I will just be covering the skill assessment...
Multiples vulnérabilités dans GitLab (11 décembre 2025)
11/12/2025
De multiples vulnérabilités ont été découvertes dans GitLab. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des...
Multiples vulnérabilités dans Google Chrome (11 décembre 2025)
11/12/2025
De multiples vulnérabilités ont été découvertes dans Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Multiples vulnérabilités dans les produits Mitel (11 décembre 2025)
11/12/2025
De multiples vulnérabilités ont été découvertes dans les produits Mitel. Elles permettent à un attaquant de provoquer une injection de code indirecte à distance (XSS).
Vulnérabilité dans Broadcom Carbon Black Cloud (11 décembre 2025)
11/12/2025
Une vulnérabilité a été découverte dans Broadcom Carbon Black Cloud. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.
Multiples vulnérabilités dans les produits Mozilla (11 décembre 2025)
11/12/2025
De multiples vulnérabilités ont été découvertes dans les produits Mozilla. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation...