Toute l'actualité de la Cybersécurité
Poland arrests Ukrainians utilizing 'advanced' hacking equipment
2025-12-08 18:31:13
The police in Poland arrested three Ukrainian nationals for allegedly attempting to damage IT systems in the country using hacking equipment and for obtaining "computer data of particular importance...
New JS#SMUGGLER Campaign Drops NetSupport RAT Through Infected Sites
2025-12-08 18:16:40
Securonix Threat Research details the complex JS#SMUGGLER campaign, a three-step web attack using obfuscated JavaScript and hidden HTA files to install the NetSupport RAT on user Windows desktops, granting...
FBI: Crooks manipulate online photos to fuel virtual kidnapping ransoms
2025-12-08 18:16:18
The FBI warns of criminals altering images shared on social media and using them as fake proof of life photos in virtual kidnapping ransom scams. The FBI warns that criminals are altering publicly available...
Google Chrome adds new security layer for Gemini AI agentic browsing
2025-12-08 18:08:52
Google Chrome is introducing a new security architecture designed to protect upcoming agentic AI browsing features powered by Gemini. [...]
Architecting Security for Agentic Capabilities in Chrome
2025-12-08 18:03:00
Posted by Nathan Parker, Chrome security team
Chrome has been advancing the web's security for well over 15 years, and we're committed to meeting new challenges and opportunities with AI. Billions...
Bercy valide le rachat de Hornetsecurity par Proofpoint
2025-12-08 17:59:34
Feu vert définitif pour l’acquisition de Hornetsecurity par Proofpoint. L’éditeur américain de cybersécurité (...)
Experts Confirm JS#SMUGGLER Uses Compromised Sites to Deploy NetSupport RAT
2025-12-08 17:37:00
Cybersecurity researchers are calling attention to a new campaign dubbed JS#SMUGGLER that has been observed leveraging compromised websites as a distribution vector for a remote access trojan named NetSupport...
Malicious Document Reader App in Google Play With 50K Downloads Installs Anatsa Malware
2025-12-08 17:24:26
A deceptive Android application lurking in the Google Play Store, disguised as a document reader and file manager, but delivering the Anatsa banking trojan to users. Cybersecurity firm Zscaler ThreatLabz...
Meet MacPaw: HackerNoon Company of the Week
2025-12-08 17:00:01
MacPaw is a leading macOS and iOS software developer founded in Ukraine in 2008. The company serves over 30 million users worldwide, with one in every five Mac users having at least one MacPaw app. Known...
Stronger together: New Beazley collaboration enhances cyber resilience
2025-12-08 17:00:00
To bolster security for our customers, we need to align with our ecosystem partners. Our new collaboration with Beazley as an incident response partner is a step in that direction.
The post Stronger together:...
Hackers Exploit AWS IAM Eventual Consistency to Establish Persistence
2025-12-08 16:56:27
A critical persistence technique in AWS Identity and Access Management (IAM) stemming from its eventual consistency model, allowing attackers to retain access even after defenders delete compromised access...
Vector Databases Aren't Enough: Why AI Needs Multi-Modal Memory Architectures
2025-12-08 16:53:27
Multi-modal memory is a new way of storing data that can be used by AI systems. It's about creating a memory system that understands and connects information across multiple dimensions. Multi-Modal Memory...
Sextortion emails: how to protect yourself
2025-12-08 16:44:29
Advice in response to the increase in sextortion scams
Meet the Writer: Rupesh Ghosh on Turning Real BI Crises Into Impactful Tech Stories
2025-12-08 16:43:20
Meet the Writer is a series of interviews with contributors to HackerNoon. This week, we look at a story that the community found interesting and valuable.
Shopping and paying safely online
2025-12-08 16:40:12
Tips to help you purchase items safely and avoid fraudulent websites.
How to recover an infected device
2025-12-08 16:33:45
Advice for those concerned a device has been infected.
Mitigating malware and ransomware attacks
2025-12-08 16:31:33
How to defend organisations against malware or ransomware attacks.
Recovering a hacked account
2025-12-08 16:28:06
A step by step guide to recovering online accounts.
Early Years practitioners: using cyber security to protect your settings
2025-12-08 16:26:12
How to protect sensitive information about your setting and the children in your care from accidental damage and online criminals.
Data breaches: guidance for individuals and families
2025-12-08 16:24:56
How to protect yourself from the impact of data breaches
New GhostFrame Super Stealthy Phishing Kit Attacks Millions of Users Worldwide
2025-12-08 16:15:49
A sophisticated new phishing kit called GhostFrame has already been used to launch over 1 million attacks. First discovered in September 2025 by Security researchers at Barracuda, this stealthy tool represents...
INE Earns G2 Winter 2026 Badges Across Global Markets
2025-12-08 15:16:40
Cary, North Carolina, USA, 8th December 2025, CyberNewsWire
FBI Warns of Hackers Altering Photos Found on Social Media to Use as Fake Proof
2025-12-08 16:11:13
A new alert warns people about a growing scam that uses altered photos to trick families into paying fake ransom demands. In a notice titled Alert Number: I-120525-PSA, dated December 5, 2025. The FBI...
The HackerNoon Newsletter: Can ChatGPT Outperform the Market? Week 18 (12/8/2025)
2025-12-08 16:02:18
How are you, hacker?
🪐 What's happening in tech today, December 8, 2025?
The
HackerNoon Newsletter
brings the HackerNoon
...
How to spot scammers claiming to be from the NCSC
2025-12-08 15:47:27
Check that you're talking to a genuine NCSC employee, and not a criminal.
QuasarRAT Core Functionalities Along with Encrypted Configuration and Obfuscation Techniques Exposed
2025-12-08 15:29:28
QuasarRAT, initially surfacing in 2014 under the alias xRAT, began its lifecycle as a legitimate remote administration tool for Windows environments. Over the last decade, however, its open-source nature...
How phishers hide banking scams behind free Cloudflare Pages
2025-12-08 15:26:29
We found a campaign that hosts fake login pages on Cloudflare Pages and sends the stolen info straight to Telegram.
How Agentic BAS AI Turns Threat Headlines Into Defense Strategies
2025-12-08 15:02:12
Picus Security explains why relying on LLM-generated attack scripts is risky and how an agentic approach maps real threat intel to safe, validated TTPs. Their breakdown shows how teams can turn headline...
Can ChatGPT Outperform the Market? Week 18
2025-12-08 15:00:00
Monday marked a new max drawdown of -45.85%.
NVIDIA and Lakera AI Propose Unified Framework for Agentic System Safety
2025-12-08 14:55:32
As artificial intelligence systems become more autonomous, their ability to interact with digital tools and data introduces complex new risks. Recognizing this challenge, researchers from NVIDIA and Lakera...
Oracle EBS zero-day used by Clop to breach Barts Health NHS
2025-12-08 14:53:05
Clop ransomware stole data from Barts Health NHS after exploiting a zero-day in its Oracle E-Business Suite. Barts Health NHS confirmed that Clop ransomware group stole data by exploiting zero-day CVE-2025-61882...
Explainable AI for Ethical Healthcare Interoperability: Dr. Sateesh Kumar Rongali's Global Vision
2025-12-08 14:29:59
Dr. Sateesh Kumar Rongali is a global advocate for explainable and ethical AI, especially in healthcare interoperability. His research integrates XAI, cloud-native architectures, and compliance frameworks...
Hackers Can Leverage Delivery Receipts on WhatsApp and Signal to Extract User Private Information
2025-12-08 14:24:43
Security researchers have exposed a critical privacy flaw dubbed “Careless Whisper” that lets attackers monitor user activity on WhatsApp and Signal through silent delivery receipts, without...
Hackers Leverage Multiple Ad Networks to Attack Adroid Users With Triada Malware
2025-12-08 14:20:30
Mobile security continues to face significant challenges as sophisticated malware campaigns evolve to bypass traditional defenses. The Triada Trojan, a persistent threat to Android users for nearly a...
IBM rachète Confluent pour 11 milliards $
2025-12-08 14:13:34
En s'emparant de Confluent, spécialiste du streaming de données en temps réel, IBM renforce son offre pour déployer l'IA générative et agentique en entreprise.
The post IBM rachète Confluent pour...
CISA Adds Critical React2Shell Vulnerability to KEV Catalog Following Active Exploitation
2025-12-08 14:11:37
A critical vulnerability affecting Meta React Server Components has been added to the Known Exploited Vulnerabilities catalog, signalling widespread active exploitation by CISA. Tracked as CVE-2025-55182,...
Decentralized Trading as the Center of Market Evolution in 2026
2025-12-08 14:08:40
Decentralized exchanges reached about 4B in trading volume in May 2025, representing roughly 25% of the global crypto spot market. The advantage of decentralized exchanges is rooted in custody and...
How to Migrate an SQL Server Database: A Complete Step-by-Step Guide
2025-12-08 14:06:48
This guide walks through migrating a SQL Server database from a source server to a destination server, covering schema scripting, database creation, and data transfer using both Generate Scripts and the...
Hotstuff Labs launches Hotstuff, a DeFi Native Layer 1 Connecting On-Chain Trading With Fiat Rails
2025-12-08 13:53:00
Hotstuff L1 is a DeFi Layer 1 powered by DracoBFT, a custom-built consensus protocol. It pairs a highly performant on-chain order book with a programmable finance routing layer where validators act as...
IBM renforce la protection DNS pour le trafic multicloud
2025-12-08 13:48:13
Pour éviter les pannes liées au DNS, IBM s’est associé à AWS pour dévoiler Cloud Sync en proposant une synchronisation (...)
How to Fix 401 Unauthorized Errors in Dockerized Azure Functions
2025-12-08 13:45:51
Dockerized Azure Functions often fail with 401 errors because the container cannot access file-based secret storage. The fix is to switch to blob-based secret storage, keep the container stateless, and...
AWS: China-linked threat actors weaponized React2Shell hours after disclosure
2025-12-08 13:37:42
Multiple China-linked threat actors began exploiting the CVE-2025-55182, aka React2Shell flaw, within hours, AWS Security warns. Multiple China-linked threat actors began exploiting the CVE-2025-55182,...
3 Real-World Penetration Testing Lessons For CISOS and Cybersecurity Teams
2025-12-08 13:31:55
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Dec. 8, 2025 – Read the full story from BreachLock Penetration testing is an offensive security testing methodology...
Scammers harvesting Facebook photos to stage fake kidnappings, warns FBI
2025-12-08 13:17:18
Family photos pulled from social media are being used as "proof-of-life" in virtual kidnapping scams, the FBI warns.
USN-7914-1: WebKitGTK vulnerabilities
2025-12-08 13:17:04
Several security issues were discovered in the WebKitGTK Web and JavaScript
engines. If a user were tricked into viewing a malicious website, a remote
attacker could exploit a variety of issues related...
Space Bears Ransomware Claims Comcast Data Theft Through Quasar Breach
2025-12-08 13:13:11
Space Bears ransowmare claims it obtained Comcast files through a breach at Quasar Inc, with threats to publish the data and separate leaks promised from Quasar itself.
Prompt injection is not SQL injection (it may be worse)
2025-12-08 13:02:30
There are crucial differences between prompt and SQL injection which – if not considered – can undermine mitigations.
The Future of Rail Sustainability: Nampalli's Deep Learning Approach to Energy Efficiency
2025-12-08 12:59:59
Rama Chandra Rao Nampalli's research applies deep learning to optimize rail electrification for energy efficiency and sustainability. His models predict power demand, reduce losses, and support greener...
⚡ Weekly Recap: USB Malware, React2Shell, WhatsApp Worms, AI IDE Bugs & More
2025-12-08 12:44:00
It's been a week of chaos in code and calm in headlines. A bug that broke the internet's favorite framework, hackers chasing AI tools, fake apps stealing cash, and record-breaking cyberattacks —...
L'UE sanctionne X : première amende historique dans le cadre du DSA
2025-12-08 11:59:46
L'amende de 120 millions € infligée à X par l'UE est une sanction inédite qui marque un tournant dans la régulation numérique européenne.
The post L’UE sanctionne X : première amende historique...
How Can Retailers Cyber-Prepare for the Most Vulnerable Time of the Year?
2025-12-08 11:58:00
The holiday season compresses risk into a short, high-stakes window. Systems run hot, teams run lean, and attackers time automated campaigns to get maximum return. Multiple industry threat reports show...
Des cyber-espions chinois ciblent avec persistance vCenter de VMware
2025-12-08 11:49:21
De plus en plus de cybercriminels s’en prennent aux environnements virtuels en particulier ceux de VMware. Selon un rapport de la Cisa (cybersecurity (...)
ISNation Launches New Athlete Mental Fitness App on iOS, Android, and the Web
2025-12-08 11:48:28
ISNation has launched a mental fitness app for athletes aged 13–21, combining daily mindset training, real athlete stories, and expert guidance to address rising stress, isolation, and silence around...
Debian 11 Lasso Important DoS Arbitrary Code Exec DLA-4397-1
2025-12-08 11:46:27
Keane O'Kelley discovered several vulnerabilities in lasso, a library implementing Liberty Alliance and SAML protocols, which could result in denial of service or the execution of arbitrary code.
{ Tribune Expert } – Sécuriser la GenAI commence par un inventaire clair et une visibilité réelle sur ses composants
2025-12-08 11:18:26
La majorité des organisations manquent encore d'un inventaire fiable de leurs actifs IA, qu'il s'agisse de modèles internes ou de solutions tierces intégrées rapidement.
The post { Tribune Expert...
'Broadside' Mirai Variant Targets Maritime Logistics Sector
2025-12-08 11:17:12
"Broadside" is targeting a critical flaw in DVR systems to conduct command injection attacks, which can hijack devices to achieve persistence and move laterally.
Over 70 Domains Used in Months-Long Phishing Spree Against US Universities
2025-12-08 11:15:58
Infoblox Threat Intel reports a campaign that used the Evilginx phishing kit to bypass Multi-Factor Authentication (MFA) and steal credentials from 18 US universities between April and November 2025.
Understanding Firewall Rule Order and Its Impact on Traffic Decisions
2025-12-08 11:06:00
Firewall rule order shapes how a firewall makes decisions. The system checks each rule in a specific sequence, and that sequence affects whether traffic is allowed or denied. People often expect one rule...
Evertrust lève 10 M€ pour s'imposer en leader de la PKI et du CLM
2025-12-08 11:02:05
Evertrust, spécialiste de la confiance numérique, vise le leadership européen avec l'appui d'un fonds américain, sur un marché porté par le raccourcissement de la durée de vie des certificats numériques.
The...
Android Malware FvncBot, SeedSnatcher, and ClayRat Gain Stronger Data Theft Features
2025-12-08 11:00:00
Cybersecurity researchers have disclosed details of two new Android malware families dubbed FvncBot and SeedSnatcher, as another upgraded version of ClayRat has been spotted in the wild.
The findings...
La faille React2Shell exploitée activement par des cybercriminels
2025-12-08 10:38:21
Ce n’était qu’une question de jours pour voir la faille React2Shell exploitée par des groupes de cybercriminels. Des chercheurs (...)
Cybersécurité et téléphonie IP : un examen approfondi s'impose
2025-12-08 10:22:06
Bien que la téléphonie IP soit souvent négligée en matière de sécurité, la protection des téléphones IP demeure une priorité constante. Les vulnérabilités potentielles peuvent également servir...
Proxmox lance une version stable de Datacenter Manager
2025-12-08 09:59:12
Après une version alpha en décembre 2024 puis une beta en septembre dernier, Proxmox a dégainé la version stable 1.0 de (...)
A method to assess 'forgivable' vs 'unforgivable' vulnerabilities
2025-12-08 09:58:58
Research from the NCSC designed to eradicate vulnerability classes and make the top-level mitigations easier to implement.
Sneeit WordPress RCE Exploited in the Wild While ICTBroadcast Bug Fuels Frost Botnet Attacks
2025-12-08 09:15:00
A critical security flaw in the Sneeit Framework plugin for WordPress is being actively exploited in the wild, per data from Wordfence.
The remote code execution vulnerability in question is CVE-2025-6389...
Un assureur, un outil scolaire et de nouvelles fédérations sportives ciblées par un pirate
2025-12-08 09:14:29
Un pirate vise fédérations sportives, assureur et site éducatif, révélant de graves failles de cybersécurité dans l'écosystème français....
U.S. CISA adds a Meta React Server Components flaw to its Known Exploited Vulnerabilities catalog
2025-12-08 09:01:13
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Meta React Server Components flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security...
Bpost : un service de la poste piraté, 30 Go de données diffusées
2025-12-08 08:38:27
Fuite bpost : 30,46 Go de données structurées publiées par les nouveaux pirates du groupe Tridentlocker via un fournisseur....
Google Pixel : une mise à jour corrige plusieurs failles déjà exploitées par des hackers
2025-12-08 08:03:20
Les utilisateurs de smartphones Google Pixel doivent installer au plus vite la mise à jour de sécurité de décembre. Celle-ci corrige un total de 107 failles de sécurité, dont deux qui sont déjà...
A week in security (December 1 – December 7)
2025-12-08 08:03:00
A list of topics we covered in the week of December 1 to December 7 of 2025
MuddyWater Deploys UDPGangster Backdoor in Targeted Turkey-Israel-Azerbaijan Campaign
2025-12-08 06:46:00
The Iranian hacking group known as MuddyWater has been observed leveraging a new backdoor dubbed UDPGangster that uses the User Datagram Protocol (UDP) for command-and-control (C2) purposes.
The cyber...
List of 30 new domains
2025-12-08 00:00:00
.fr betcic[.fr] (registrar: PDR Ltd. d/b/a PublicDomainRegistry.com)
betclc[.fr] (registrar: PDR Ltd. d/b/a PublicDomainRegistry.com)
betcloc[.fr] (registrar: PDR Ltd. d/b/a PublicDomainRegistry.com)
betsclic[.fr]...
Multiples vulnérabilités dans MISP (08 décembre 2025)
08/12/2025
De multiples vulnérabilités ont été découvertes dans MISP. Elles permettent à un attaquant de provoquer une injection de code indirecte à distance (XSS).
Multiples vulnérabilités dans Traefik (08 décembre 2025)
08/12/2025
De multiples vulnérabilités ont été découvertes dans Traefik. Elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et un...
Multiples vulnérabilités dans les produits Microsoft (08 décembre 2025)
08/12/2025
De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.