Toute l'actualité de la Cybersécurité
AWS lance des agents IA pour le codage, la sécurité et le DevOps
2025-12-03 11:42:35
Progressivement, AWS se positionne sur l’IA agentique. Lors de son évènement Re :Invent à Las Vegas, le fournisseur a présenté (...)
Beware of the New ‘Executive Award' Campaign That Uses ClickFix to Deliver Stealerium Malware
2025-12-03 10:46:43
A new and dangerous phishing campaign is targeting organizations with a deceptive “Executive Award” theme that combines social engineering with advanced malware delivery. This two-stage attack...
7 Year Long ShadyPanda Attack Spied on 4.3M Chrome and Edge Users
2025-12-03 10:44:31
Koi Security exposes ShadyPanda, a group that used trusted Chrome/Edge extensions to infect 4.3 million users over 7 years for deep surveillance and corporate espionage.
Critical Elementor Plugin Vulnerability Let Attackers Takeover WordPress Site Admin Control
2025-12-03 10:22:21
A critical security flaw in the popular “King Addons for Elementor” WordPress plugin has left thousands of websites at risk of complete takeover, security researchers have warned. The vulnerability,...
Exploits and vulnerabilities in Q3 2025
2025-12-03 10:00:59
This report provides statistical data on vulnerabilities published and exploits we researched during the third quarter of 2025. It also includes summary data on the use of C2 frameworks.
Chopping AI Down to Size: Turning Disruptive Technology into a Strategic Advantage
2025-12-03 09:56:00
Most people know the story of Paul Bunyan. A giant lumberjack, a trusted axe, and a challenge from a machine that promised to outpace him. Paul doubled down on his old way of working, swung harder, and...
Angular Platform Vulnerability Allows Malicious Code Execution Via Weaponized SVG Animation Files
2025-12-03 09:51:20
A critical Stored XSS vulnerability in Angular’s template compiler (CVE-2025-66412) allows attackers to execute arbitrary code by weaponizing SVG animation attributes. Bypassing Angular’s...
CISA Warns of Iskra iHUB Vulnerability Allowing Remote Device Reconfiguration
2025-12-03 09:38:09
A critical warning regarding a severe authentication vulnerability affecting Iskra’s iHUB and iHUB Lite intelligent metering gateways used in energy infrastructure worldwide. The flaw, tracked as...
Picklescan Bugs Allow Malicious PyTorch Models to Evade Scans and Execute Code
2025-12-03 09:30:00
Three critical security flaws have been disclosed in an open-source utility called Picklescan that could allow malicious actors to execute arbitrary code by loading untrusted PyTorch models, effectively...
Threat Actors Allegedly Promoting Fully Undetectable K.G.B RAT on Hacker Forums
2025-12-03 09:24:48
A concerning development has emerged within the cybercriminal ecosystem as threat actors continue distributing K.G.B RAT, a remote access trojan bundled with advanced detection evasion capabilities. According...
India mandates SIM-linked messaging apps to fight rising fraud
2025-12-03 09:20:36
India ordered messaging apps to work only with active SIM cards linked to users' phone numbers to curb fraud and misuse. India’s Department of Telecommunications (DoT) now requires providers of...
BPFDoor and Symbiote Rootkits Attacking Linux Systems Exploiting eBPF Filters
2025-12-03 09:05:18
Two sophisticated Linux rootkits are posing increasingly serious threats to network security by exploiting eBPF technology to hide their presence from traditional detection systems. BPFDoor and Symbiote,...
Malicious Rust Crate Delivers OS-Specific Malware to Web3 Developer Systems
2025-12-03 08:39:00
Cybersecurity researchers have discovered a malicious Rust package that's capable of targeting Windows, macOS, and Linux systems, and features malicious functionality to stealthily execute on developer...
Threat Actors Leveraging Matanbuchus Malicious Downloader to Ransomware and Establish Persistence
2025-12-03 08:30:17
Matanbuchus represents a significant threat in the cybercriminal landscape as a dangerous malware downloader written in C++. Since 2020, this tool has been sold as Malware-as-a-Service, allowing threat...
Let's Encrypt to Reduce Certificate Validity from 90 Days to 45 Days
2025-12-03 08:21:23
Let's Encrypt has officially announced plans to reduce the maximum validity period of its SSL/TLS certificates from 90 days to 45 days. The transition, which will be completed by 2028, aligns with broader...
Multiple Django Vulnerabilities Enables SQL Injection and Denial-of-Service Attacks
2025-12-03 06:44:40
The development team has officially released essential security updates to address two significant vulnerabilities found in the popular web framework. These issues range from high to moderate severity....
Debian 11: Mako Important Denial of Service Fix DLA-4393-1 CVE-2022-40023
2025-12-03 04:04:14
It was found that Mako, a Python template library, was vulnerable to a denial of service attack via crafted regular expressions. For Debian 11 bullseye, this problem has been fixed in version
Chrome 143 Released With Fix for 13 Vulnerabilities that Enable Arbitrary Code Execution
2025-12-03 03:22:21
Google has officially promoted Chrome 143 to the Stable channel, rolling out version 143.0.7499.40 for Linux and 143.0.7499.40/41 for Windows and Mac. This significant update addresses 13 security vulnerabilities,...
China Researches Ways to Disrupt Satellite Internet
2025-12-03 02:00:00
While satellite constellations — such as Starlink — are resilient, 2,000 drones could cut communications to a region the size of Taiwan, researchers find.
Fedora 41: openbao 2.4.4 Important Security Issues DoS 2025-45a7dd8f10
2025-12-03 01:40:15
update to upstream 2.4.4, which fixed CVE-2025-64761 Adds hsm tag. The fedora-41 build was done with golang-1.24.10 which fixed CVE-2025-58189, CVE-2025-61725, CVE-2025-61723, CVE-2025-58185, and CVE-2025-58183....
Fedora 41 Applies Critical Security Patch for NextCloud 32.0.3 Update
2025-12-03 01:40:14
32.0.2 release RHBZ#2416087 RHBZ#2415750 RHBZ#2415751 RHBZ#2415752 RHBZ#2415753
Fedora 41: restic 0.18.1 Advisory - Urgent Security Concerns Identified
2025-12-03 01:40:14
Update to 0.18.1
Fedora 42: openbao Critical CVE-2025-64761 Privileged Escalation Advisory
2025-12-03 01:12:18
update to upstream 2.4.4, which fixed CVE-2025-64761 Adds hsm tag. The fedora-42 build was done with golang-1.24.10 which fixed CVE-2025-58183.
Fedora 42: rclone Security Advisory RHSA-2025:5f73919942 - Update 1.72.0
2025-12-03 01:12:16
Update to 1.72.0
The Browser Defense Playbook: Stopping the Attacks That Start on Your Screen
2025-12-03 00:00:04
85% of daily work occurs in the browser. Unit 42 outlines key security controls and strategies to make sure yours is secure.
The post The Browser Defense Playbook: Stopping the Attacks That Start on Your...