Toute l'actualité de la Cybersécurité
Nvidia confirms October Windows updates cause gaming issues
2025-11-21 19:57:48
Nvidia has confirmed that last month's security updates are causing gaming performance issues on Windows 11 24H2 and Windows 11 25H2 systems. [...]
Phishing Breaks More Defenses Than Ever. Here's the Fix
2025-11-21 19:29:39
If your tools say a link is clean, do you fully trust it? Most SOC leaders don't anymore, and for good reason. Phishing has become polished, quiet, and built to blend into everyday traffic....
AI-Based Obfuscated Malicious Apps Evading AV Detection to Deploy Malicious Payload
2025-11-21 19:17:06
A new wave of malicious Android applications impersonating a well-known Korean delivery service has emerged, featuring advanced obfuscation techniques powered by artificial intelligence. These apps work...
Xillen Stealer With New Advanced Features Evade AI Detection and Steal Sensitive Data from Password Managers
2025-11-21 18:56:29
Xillen Stealer, a sophisticated Python-based information stealer, has emerged as a significant threat in the cybercriminal landscape. Originally identified by Cyfirma in September 2025, this cross-platform...
AI teddy bear for kids responds with sexual content and advice about weapons
2025-11-21 18:45:32
FoloToy's AI teddy bear, Kumma, crossed serious lines, raising fresh concerns about how little oversight exists for AI toys marketed to children.
Dark Web Job Market Evolved – Prioritizes Practical Skills Over Formal Education
2025-11-21 18:36:12
The dark web has transformed into a functioning parallel labor market where cyber specialists find employment through unconventional channels. Unlike traditional job boards, this shadow economy operates...
North Korean Kimsuky and Lazarus Join Forces to Exploit Zero-Day Vulnerabilities Targeting Critical Sectors Worldwide
2025-11-21 18:09:22
Two of North Korea’s most dangerous hacking groups have joined forces to launch a coordinated attack campaign that threatens organizations worldwide. The Kimsuky and Lazarus groups are working together...
Microsoft: Out-of-band update fixes Windows 11 hotpatch install loop
2025-11-21 18:02:05
Microsoft has released an out-of-band cumulative update to fix a known issue causing the November 2025 KB5068966 hotpatch update to reinstall on Windows 11 systems repeatedly. [...]
Grafana warns of max severity admin spoofing vulnerability
2025-11-21 17:58:32
Grafana Labs is warning of a maximum severity vulnerability (CVE-2025-41115) in its Enterprise product that can be exploited to treat new users as administrators or for privilege escalation. [...]
Des clients Salesforce encore victimes de tokens OAuth compromis
2025-11-21 17:55:20
Salesforce a révélé un nouvel incident de sécurité impliquant un accès non autorisé aux données (...)
Hackers Using New Matrix Push C2 to Deliver Malware and Phishing Attacks via Web Browser
2025-11-21 17:32:15
A new command-and-control platform called Matrix Push C2 has emerged as a serious threat to web users across all operating systems. This browser-based attack framework turns legitimate web browser features...
Le DMA rend iOS et Android un peu plus interopérables
2025-11-21 17:20:18
En application du DMA, Apple a établi une interopérabilité partielle entre AirDrop et Quick Share pour le partage Wi-Fi P2P.
The post Le DMA rend iOS et Android un peu plus interopérables appeared...
Operation DreamJob Attacking Manufacturing Industries Using Job-related WhatsApp Web Message
2025-11-21 17:07:14
In August 2025, a sophisticated cyber attack targeted an Asian subsidiary of a large European manufacturing organization through a deceptive job offer scheme. The intrusion campaign, identified as Operation...
A Guide on How to Make Your AI Fool-Proof
2025-11-21 17:00:05
People mistake AI's statistical pattern-matching for genuine wisdom, asking it for life-defining choices (marry, build a business, etc.). AI is a probability compressor and a master of inductive reasoning...
Microsoft named a Leader in the Gartner® Magic Quadrant™ for Access Management for the ninth consecutive year
2025-11-21 17:00:00
We're happy to share that Microsoft has been recognized as a Leader in the 2025 Gartner® Magic Quadrant™ for Access Management for the ninth consecutive year.
The post Microsoft named a Leader in...
New Sturnus Android Malware Reads WhatsApp, Telegram, Signal Chats via Accessibility Abuse
2025-11-21 16:52:43
Sturnus, an advanced Android banking trojan, has been discovered by ThreatFabric. Learn how this malware bypasses end-to-end encryption on Signal and WhatsApp, steals bank credentials using fake screens,...
CrowdStrike catches insider feeding information to hackers
2025-11-21 16:48:41
American cybersecurity firm CrowdStrike has confirmed that an insider shared screenshots taken on internal systems with hackers after they were leaked on Telegram by the Scattered Lapsus$ Hunters threat...
Chinese Hackers Exploiting WSUS Remote Code Execution Vulnerability to Deploy ShadowPad Malware
2025-11-21 16:15:27
Chinese-backed attackers have begun weaponizing a critical vulnerability in Microsoft Windows Server Update Services (WSUS) to distribute ShadowPad, a sophisticated backdoor malware linked to multiple...
Fortinet sous le feu des critiques pour ses correctifs discrets
2025-11-21 16:06:58
Les chercheurs en sécurité mettent en garde contre deux vulnérabilités critiques affectant les appliances FortiWeb de Fortinet. (...)
The HackerNoon Newsletter: How Search Engines Actually Answer Your Questions (11/21/2025)
2025-11-21 16:01:52
How are you, hacker?
🪐 What's happening in tech today, November 21, 2025?
The
HackerNoon Newsletter
brings the HackerNoon
...
FCC rolls back cybersecurity rules for telcos, despite state-hacking risks
2025-11-21 16:01:41
The Federal Communications Commission (FCC) has rolled back a previous ruling that required U.S. telecom carriers to implement stricter cybersecurity measures following the massive hack from the Chinese...
USN-7880-1: Linux kernel (OEM) vulnerabilities
2025-11-21 15:57:32
It was discovered that improper initialization of CPU cache memory could
allow a local attacker with hypervisor access to overwrite SEV-SNP guest
memory resulting in loss of data integrity. (CVE-2024-36331)
Several...
USN-7879-2: Linux kernel (Real-time) vulnerabilities
2025-11-21 15:45:02
It was discovered that improper initialization of CPU cache memory could
allow a local attacker with hypervisor access to overwrite SEV-SNP guest
memory resulting in loss of data integrity. (CVE-2024-36331)
Several...
Avec la suite Hexagone, Interstis cible le public et les grands comptes
2025-11-21 15:41:50
Créé en 2014 par Thomas Balladur et Nicolas Huez, Interstis s’est d’abord imposée dans le partage de fichier auprès (...)
OVH abat ses atouts dans l'IA, le cloud et la sécurité
2025-11-21 15:41:28
« Quel excitant moment pour l'innovation. Me revoilà ». Octave Klaba, fondateur d’OVHcloud, a bien fait comprendre lors du Summit (...)
'Scattered Spider' teens plead not guilty to UK transport hack
2025-11-21 15:41:24
Two British teenagers have denied charges related to an investigation into the breach of Transport for London (TfL) in August 2024, which caused millions of pounds in damage and exposed customer data....
Grafana Patches CVSS 10.0 SCIM Flaw Enabling Impersonation and Privilege Escalation
2025-11-21 15:40:00
Grafana has released security updates to address a maximum severity security flaw that could allow privilege escalation or user impersonation under certain configurations.
The vulnerability, tracked as...
Ransomware Actors Primarily Targeting Retailers This Holiday Season to Deploy Malicious Payloads
2025-11-21 15:30:18
Retailers are facing a sharp rise in targeted ransomware activity as the holiday shopping season begins. Threat groups are timing their attacks to peak sales periods, when downtime is most painful and...
How MSPs Can Cut Response Time by 60% — and Stop Losing Alerts (While Keeping Backups Safe)
2025-11-21 15:30:03
For Managed Service Providers (MSPs), minutes may even define success or failure. Many a time…
How MSPs Can Cut Response Time by 60% — and Stop Losing Alerts (While Keeping Backups Safe) on Latest...
Fake calendar invites are spreading. Here's how to remove them and prevent more
2025-11-21 15:28:23
Calendar spam is a growing problem, often arriving as email attachments or as download links in messaging apps.
USN-7879-1: Linux kernel vulnerabilities
2025-11-21 15:26:39
It was discovered that improper initialization of CPU cache memory could
allow a local attacker with hypervisor access to overwrite SEV-SNP guest
memory resulting in loss of data integrity. (CVE-2024-36331)
Several...
ShinyHunters Breach Gainsight Apps on Salesforce, Claim Data from 1000 Firms
2025-11-21 15:24:13
ShinyHunters breached Gainsight apps integrated with Salesforce, claiming access to data from 1000 firms using stolen credentials and compromised tokens.
Linda Dao Is Vibecoding the Next Wave of AI Products
2025-11-21 15:14:59
Berlin-based AI product leader Linda Dao blends strategy with hands-on building, using tools like Cursor and v0 to ship AI apps fast. After leaving finance, she embraced rapid experimentation, helping...
With AI Reshaping Entry-Level Cyber, What Happens to the Security Talent Pipeline?
2025-11-21 15:02:45
Automation is rewriting early-career cybersecurity work, raising urgent questions about how the next generation of security professionals will gain real-world expertise.
Avast Makes AI-Driven Scam Defense Available for Free Worldwide
2025-11-21 15:00:10
Avast is rolling out Scam Guardian, a free AI-powered protection layer that analyzes websites, messages, and links to detect rising scam threats. Powered by Gen Threat Labs data, it reveals hidden dangers...
AI Eliminates 77,999 Jobs Across 342 Tech Company Layoffs In 2025 Alone
2025-11-21 15:00:03
AI is eliminating jobs — the data is already screaming at us, with 342 tech-company layoffs and 77,999 people impacted so far in 2025. That's 491 people losing their jobs to AI every single day, and...
Inside Kishore Sunderajulu's Mission to Secure Global Payment Systems
2025-11-21 14:59:59
Product leader Kishore Sunderajulu has spent 20+ years securing global payments—from EMV rollouts to Discover's tokenization platform and AI-driven fraud reduction. His work bridges innovation and...
ENISA becomes CVE Program Root, strengthening Europe's vulnerability management framework
2025-11-21 14:49:42
The European Union Agency for Cybersecurity (ENISA) has been officially designated as a Program Root in the global Common Vulnerabilities and Exposures (CVE) Program. It marks a significant step in the...
La gestion de crise cyber consacrée dans le référentiel PRIS
2025-11-21 14:20:33
La gestion de crise cyber devient une activité à part entière dans le référentiel de qualification des prestataires de réponse à incident.
The post La gestion de crise cyber consacrée dans le...
SolarWinds addressed three critical flaws in Serv-U
2025-11-21 14:08:37
SolarWinds patched three critical vulnerabilities in its Serv-U file transfer solution that could allow remote code execution. SolarWinds addressed three critical vulnerabilities in its Serv-U file transfer...
How Search Engines Actually Answer Your Questions
2025-11-21 14:00:03
Modern search Q&A is basically two engines working together: a knowledge-graph engine (KBQA) that's great at hard facts, and a deep neural engine (DeepQA + MRC) that reads messy web pages like a...
Switching to Offense: US Makes Cyber Strategy Changes
2025-11-21 14:00:00
The US national cyber director describes the next cyber strategy as focusing "on shaping adversary behavior," adding consequences and aggressive response.
AI-Powered Cyberattacks & Social Engineering. How to Detect and Defend Against Them.
2025-11-21 13:33:28
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Nov. 21, 2025 – Watch the YouTube video Fortune 500 chief information security officer Adam Keown says that “when...
Le futur des malwares sera alimenté par les LLMs
2025-11-21 13:28:04
Les chercheurs du Threat Labs de Netskope ont publié une analyse d'une nouvelle recherche sur la capacité de créer un malware autonome composé uniquement de prompts des grands modèles de langage...
Google begins showing ads in AI Mode (AI answers)
2025-11-21 13:02:11
Google has started rolling out ads in AI mode, which is the company's "answer engine," not a search engine. [...]
Google Gemini File Search - The End of Homebrew RAG?
2025-11-21 13:00:05
Will Google's Gemini File Search kill homebrew RAG solutions? We test drive to compare function, performance and costs. Plus sample code for PDF Q&A app.
Google Brings AirDrop Compatibility to Android's Quick Share Using Rust-Hardened Security
2025-11-21 13:00:00
In a surprise move, Google on Thursday announced that it has updated Quick Share, its peer-to-peer file transfer service, to work with Apple's equipment AirDrop, allowing users to more easily share files...
What Sports Technology Innovations Are Catching Investor Attention?
2025-11-21 12:28:21
The global sports technology market will grow to over billion by 2033. Top investment areas include fan engagement and injury prevention. Private equity is backing startups with strong momentum.
Most Popular Mental Health Apps Based on Downloads
2025-11-21 12:14:20
Mental well-being has become a global priority. People are turning to their phones not for diversion but to develop healthy self-care practices, mindfulness and calm. These apps have gained tens of millions...
Massive data leak hits Italian railway operator Ferrovie dello Stato via Almaviva hack
2025-11-21 12:14:14
Ferrovie dello Stato Italiane (FS) data leaked after a breach at IT provider Almaviva. A hacker claims the theft of 2.3 TB of sensitive data. Data belonging to Italy’s national railway operator...
China-linked APT24 Hackers New BadAudio Compromised Legitimate Public Websites to Attack Users
2025-11-21 11:42:12
APT24, a sophisticated cyber espionage group linked to China’s People’s Republic, has launched a relentless three-year campaign delivering BadAudio, a highly obfuscated first-stage downloader...
New Bipartisan Bill Seeks Decade-Long Ban on Chinese Equipment for CHIPS Grant Recipients
2025-11-21 11:01:39
A bipartisan group in Congress has introduced a bill that would block CHIPS Act grant recipients from purchasing Chinese chipmaking equipment for 10 years, aiming to tighten guardrails on U.S. semiconductor...
Why IT Admins Choose Samsung for Mobile Security
2025-11-21 11:00:00
Ever wonder how some IT teams keep corporate data safe without slowing down employees? Of course you have.
Mobile devices are essential for modern work—but with mobility comes risk. IT admins, like...
Un avertissement sévère : sans cybersécurité robuste, l'industrie du futur devient un paradis pour pirates
2025-11-21 10:59:20
En interconnectant les machines, les systèmes de production et les réseaux d'information, l'usine du futur exposera ses infrastructures les plus critiques au risque cyber. C'est incontestablement...
Foxconn, Nvidia to Complete .4B AI Supercomputing Centre by 2026
2025-11-21 10:48:54
Foxconn and Nvidia are teaming up on a .4B supercomputing centre powered by GB300 chips, set to become Taiwan's largest GPU cluster and a major driver of Foxconn's AI growth strategy.
Twitch Joins Australia's List of Platforms Blocked for Minors
2025-11-21 10:43:59
Australia will bar users aged 16 and under from Twitch starting Dec. 10, expanding its sweeping social media ban for minors. Platforms must block underage accounts or risk heavy fines, with Reddit and...
APT24 Deploys BADAUDIO in Years-Long Espionage Hitting Taiwan and 1,000+ Domains
2025-11-21 10:42:00
A China-nexus threat actor known as APT24 has been observed using a previously undocumented malware dubbed BADAUDIO to establish persistent remote access to compromised networks as part of a nearly three-year...
Salesforce alerts users to potential data exposure via Gainsight OAuth apps
2025-11-21 10:04:40
Salesforce warns that unusual activity in Gainsight-linked OAuth apps may have enabled unauthorized access to some customers' Salesforce data. Salesforce warned of unusual activity involving Gainsight-linked...
ToddyCat: your hidden email assistant. Part 1
2025-11-21 10:00:33
Kaspersky experts analyze the ToddyCat APT attacks targeting corporate email. We examine the new version of TomBerBil, the TCSectorCopy and XstReader tools, and methods for stealing access tokens from...
Nouveau vol de données Salesforce via une intégration SaaS
2025-11-21 09:30:27
Après le chatbot Salesloft Drift, une autre application a été mise à profit pour accéder à des instances Salesforce.
The post Nouveau vol de données Salesforce via une intégration SaaS appeared...
SEC Drops SolarWinds Case After Years of High-Stakes Cybersecurity Scrutiny
2025-11-21 08:05:00
The U.S. Securities and Exchange Commission (SEC) has abandoned its lawsuit against SolarWinds and its chief information security officer, alleging that the company had misled investors about the security...
Salesforce Flags Unauthorized Data Access via Gainsight-Linked OAuth Activity
2025-11-21 05:32:00
Salesforce has warned of detected "unusual activity" related to Gainsight-published applications connected to the platform.
"Our investigation indicates this activity may have enabled unauthorized access...
Inside Iran's Cyber Objectives: What Do They Want?
2025-11-21 05:02:00
The regime's cyber-espionage strategy employs dual-use targeting, collecting info that can support both military needs and broader political objectives.
Slackware 15.0: gnutls Low Severity Stack Overflow Fix SSA:2025-324-01
2025-11-21 00:17:19
New gnutls packages are available for Slackware 15.0 and -current to fix security issues.
Vulnérabilité dans Microsoft Visual Studio Code (21 novembre 2025)
21/11/2025
Une vulnérabilité a été découverte dans Microsoft Visual Studio Code. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
Multiples vulnérabilités dans le noyau Linux d'Ubuntu (21 novembre 2025)
21/11/2025
De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, un contournement de la...
Multiples vulnérabilités dans le noyau Linux de SUSE (21 novembre 2025)
21/11/2025
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation...
Multiples vulnérabilités dans le noyau Linux de Red Hat (21 novembre 2025)
21/11/2025
De multiples vulnérabilités ont été découvertes dans le noyau Linux de Red Hat. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service...
Multiples vulnérabilités dans les produits IBM (21 novembre 2025)
21/11/2025
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte...