Toute l'actualité de la Cybersécurité
Google Search is now using AI to create interactive UI to answer your questions
2025-11-19 19:45:05
In a move that could redefine the web, Google is testing AI-powered, UI-based answers for its AI mode. [...]
7-Zip RCE flaw (CVE-2025-11001) actively exploited in attacks in the wild
2025-11-19 19:23:13
A remote code execution vulnerability, tracked as CVE-2025-11001, in the 7-Zip software is under active exploitation. A new 7-Zip flaw tracked as CVE-2025-11001 (CVSS score of 7.0) is now being actively...
UK Exposes Bulletproof Hosting Operator Linked to LockBit and Evil Corp
2025-11-19 19:02:47
The operator, Alexander Volosovik, also known as “Yalishanda”, “Downlow” and “Stas_vl,” ran a long-running bulletproof hosting operation used by top ransomware groups.
How to Solve Alert Overload in Your SOC
2025-11-19 18:42:30
Your SOC generates thousands of alerts daily. Many of them are low-priority, repetitive, or false positives. On paper, this looks like a technical problem. In reality, it's a business...
Operation WrtHug hijacks 50,000+ ASUS routers to build a global botnet
2025-11-19 18:31:36
Operation WrtHug hijacks tens of thousands of outdated ASUS routers worldwide, mainly in Taiwan, the U.S., and Russia, forming a large botnet. A new campaign called Operation WrtHug has compromised tens...
Cloudflare détaille la cause de sa panne géante du 18 novembre
2025-11-19 17:53:05
De ChatGPT à Doctissimo en passant par Google, Instagram ou encore X, on ne compte plus le nombre de sites web et services en ligne ayant (...)
W3 Total Cache WordPress plugin vulnerable to PHP command injection
2025-11-19 17:34:45
A critical flaw in the W3 Total Cache (W3TC) WordPress plugin can be exploited to run PHP commands on the server by posting a comment that contains a malicious payload. [...]
Seraphic Becomes the First and Only Secure Enterprise Browser Solution to Protect Electron-Based Applications
2025-11-19 15:43:06
Tel Aviv, Israel, 19th November 2025, CyberNewsWire
USN-7874-2: Linux kernel (FIPS) vulnerabilities
2025-11-19 17:27:37
Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered
that the Linux kernel contained insufficient branch predictor isolation
between a guest and a userspace hypervisor for certain...
Analyse des récentes pannes internet d'envergure
2025-11-19 17:23:24
Ce mardi 18 novembre a eu lieu une panne Cloudflare ayant affecté un bon nombre de sites internet. Tribune – À la suite de cet incident, Eileen Haggerty, VP, Product and Solutions Marketing chez...
Quand une simple panne (Cloudflare) révèle la fragilité des infrastructures Internet
2025-11-19 17:20:58
Un incident réseau chez Cloudflare, société spécialisée dans la sécurité web, a perturbé le trafic Internet et entraîné la panne de plusieurs sites hier à la mi-journée. Parmi les plateformes...
Hackers Actively Exploiting 7-Zip RCE Vulnerability in the Wild
2025-11-19 17:19:06
Hackers have begun actively exploiting a critical remote code execution (RCE) vulnerability in the popular file archiver 7-Zip, putting millions of users at risk of malware infection and system compromise....
USN-7874-1: Linux kernel vulnerabilities
2025-11-19 17:17:52
Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered
that the Linux kernel contained insufficient branch predictor isolation
between a guest and a userspace hypervisor for certain...
Microsoft et Nvidia vont investir 15 milliards € dans Anthropic
2025-11-19 17:07:49
Microsoft et Nvidia vont investir jusqu'à 15 milliards $ dans Anthropic, qui s'engage en parallèle à acheter 30 milliards de capacités de calcul à Microsoft Azure.
The post Microsoft et Nvidia...
From GANs to Diffusion: GDA for Perception Tasks
2025-11-19 17:00:07
Highlights its use in perception (segmentation, detection) but notes the limited exploration of filtering and effective utilization.
Mt. Gox & Silk Road: How Bitcoin's Wild Childhood Shaped our Present
2025-11-19 16:50:22
The early 2010s were for crypto like the Internet's wild frontier: no clear laws, no big investors, and certainly no NFTs. In 2011, a young libertarian named Ross Ulbricht launched an online marketplace...
Hacker Selling Alleged Samsung Medison Data Stolen In 3rd Party Breach
2025-11-19 16:47:20
Hacker using the alias 888, claims to be selling Samsung Medison data taken through a third party breach, including internal files, keys and user info.
Enhancing Long-Tailed Segmentation with Gradient Cache and BSGAL
2025-11-19 16:45:04
Proposes BSGAL, a Generative Active Learning algorithm that uses gradient cache to filter unlimited synthetic data for long-tailed instance segmentation.
Russian bulletproof hosting provider sanctioned over ransomware ties
2025-11-19 16:43:46
Today, the United States, the United Kingdom, and Australia announced sanctions targeting Russian bulletproof hosting (BPH) providers that have supported ransomware gangs and other cybercrime operations....
Sysmon – Go-to Tool for IT Admins, Security Pros, and Threat Hunters Coming to Windows
2025-11-19 16:43:28
Microsoft is bringing native Sysmon functionality directly into Windows, eliminating the need for manual deployment and separate downloads. Starting next year, Windows 11 and Windows Server...
Cross-Model Validation: MIVPG's Efficacy on Encoder-Decoder vs. Decoder-Only LLMs
2025-11-19 16:30:03
MIVPG's CSA module remains effective when switching from FLAN-T5-XL to the OPT-2.7b LLM architecture.
Avec Next, Leviia lance une suite collaborative pour les grands comptes
2025-11-19 16:28:52
Spécialisé dans le stockage S3 et le partage de fichiers, Leviia s'engage sur le marché des suites collaboratives avec Next. Cette (...)
Hackers Actively Exploiting 7-Zip Symbolic Link–Based RCE Vulnerability (CVE-2025-11001)
2025-11-19 16:27:00
A recently disclosed security flaw impacting 7-Zip has come under active exploitation in the wild, according to an advisory issued by the U.K. NHS England Digital on Tuesday.
The vulnerability in question...
Mac users warned about new DigitStealer information stealer
2025-11-19 16:23:38
DigitStealer is a new infostealer built for macOS, and it stands out for being smarter than most. Here's how it works and how to stay safe.
‘The Gentlemen' Ransomware Group with Dual-Extortion Strategy Encrypts and Exfiltrates Data
2025-11-19 16:20:57
A new ransomware threat named “The Gentlemen” has emerged in the cybersecurity landscape, demonstrating advanced attack capabilities and a well-structured operational model. First appearing...
The Shift Toward Unified Platforms in Application Security
2025-11-19 16:15:33
Modern software delivery has never been more complex, or more interconnected.
Theoretical Proof: CSA Module Maintains MIL Properties
2025-11-19 16:15:03
Provides the theoretical proof for Proposition 2, establishing that the Correlated Self-Attention (CSA) module in MIVPG maintains permutation equivalence, ensuring the final query embeddings are MIL-compatible....
L'UE propose d'assouplir ses règles sur l'IA et le RGPD
2025-11-19 16:07:53
L'Union européenne propose d'assouplir ses règles sur l'intelligence artificielle et le RGPD. Objectif affiché : stimuler l'innovation et réduire les contraintes administratives.
The post...
The HackerNoon Newsletter: Clean Code: Interfaces in Go - Why Small Is Beautiful [Part 3] (11/19/2025)
2025-11-19 16:02:05
How are you, hacker?
🪐 What's happening in tech today, November 19, 2025?
The
HackerNoon Newsletter
brings the HackerNoon
...
Visual Prompt Generation: Cross-Attention in Q-Former
2025-11-19 16:00:08
Details the Q-Former architecture: a 12-layer BERT-based model using 32 learnable query embeddings. These queries use cross-attention to extract visual information for MLLM input.
Chinese PlushDaemon Hackers use EdgeStepper Tool to Hijack Legitimate Updates and Redirect to Malicious Servers
2025-11-19 15:59:01
A China-aligned threat group known as PlushDaemon has been weaponizing a sophisticated attack method to infiltrate networks across multiple regions since 2018. The group’s primary strategy involves...
Massive Hacking Operation WrtHug Compromises Thousands of ASUS Routers Worldwide
2025-11-19 15:58:56
A sophisticated cyber campaign known as Operation WrtHug has hijacked tens of thousands of ASUS WRT routers globally, turning them into potential espionage tools for suspected China-linked hackers. SecurityScorecard’s...
Making Tech Human: How to Stay Curious in a Digital World
2025-11-19 15:44:59
Technology doesn't have to be overwhelming. By approaching tools with curiosity, humanizing digital experiences, and using storytelling, we can turn tech into a source of creativity, learning, and empowerment....
Cloudflare Blames Outage on Internal Configuration Error
2025-11-19 15:43:37
Initially though to be a DDoS attack, the incident was actually due to a routine change in permissions that caused widespread software failure.
Python-Based WhatsApp Worm Spreads Eternidade Stealer Across Brazilian Devices
2025-11-19 15:35:00
Cybersecurity researchers have disclosed details of a new campaign that leverages a combination of social engineering and WhatsApp hijacking to distribute a Delphi-based banking trojan named Eternidade...
Hackers Using Leverage Tuoni C2 Framework Tool to Stealthily Deliver In-Memory Payloads
2025-11-19 15:30:17
A new wave of cyberattacks has emerged using the Tuoni Command and Control (C2) framework, a sophisticated tool that allows threat actors to deploy malicious payloads directly into system memory. This...
Fortinet Issues Fixes as FortiWeb Takeover Flaw Sees Active Attacks
2025-11-19 15:29:28
Two FortiWeb vulnerabilities, including a critical unauthenticated bypass (CVE-2025-64446), are under attack. Check logs for rogue admin accounts and upgrade immediately.
Obscure MCP API in Comet Browser Breaches User Trust, Enabling Full Device Control via AI Browsers
2025-11-19 14:01:15
Palo Alto, California, 19th November 2025, CyberNewsWire
Clean Code: Interfaces in Go - Why Small Is Beautiful [Part 3]
2025-11-19 15:00:07
Go's single-method interfaces are the norm, not the exception. In Go, a type satisfies an interface automatically, without explicit declaration. The single method rule is the difference between code that...
New WrtHug campaign hijacks thousands of end-of-life ASUS routers
2025-11-19 14:35:15
Thousands of ASUS WRT routers, mostly end-of-life or outdated devices, have been hijacked in a global campaign called Operation WrtHug that exploits six vulnerabilities. [...]
Adobe rachète Semrush pour 1,9 milliard $
2025-11-19 14:31:40
Adobe rachète Semrush pour 1,9 milliard $, afin d'intégrer l'analyse des moteurs de recherche et des LLM à ses outils.
The post Adobe rachète Semrush pour 1,9 milliard $ appeared first on Silicon.fr....
Rebuilding the Enterprise Brain: Olivier Khatib's AI Plan to Make ERPs Intelligent Again
2025-11-19 14:29:59
After a decade inside ERP failures, Olivier Khatib built DATANEO—an AI-native enterprise OS that unifies finance, CRM, HR, logistics, and support into one intelligent system. Powered by the NeoMind...
Microsoft Investigating Copilot Issue On Processing Files
2025-11-19 14:25:53
Microsoft has launched an investigation into a widespread issue affecting Microsoft Copilot in Microsoft 365, where users are experiencing significant limitations when performing actions on files. The...
OVHcloud en Allemagne : ce qu'il y a en attendant la région 3-AZ
2025-11-19 14:25:17
OVHcloud va ouvrir une région 3-AZ en Allemagne. Il peut capitaliser sur son assise établie en 20 ans sur place, malgré certains projets non concrétisés.
The post OVHcloud en Allemagne : ce qu’il...
The hidden risks in your DevOps stack data—and how to address them
2025-11-19 14:20:29
DevOps repos on GitHub, GitLab, Bitbucket, and Azure DevOps face risks from weak access controls, misconfigurations, outages, and accidental deletions. GitProtect provides automated, immutable backups...
Data Platform as a Service: A Three-Pillar Model for Scaling Enterprise Data Systems
2025-11-19 14:13:49
Enterprise data platforms hit scaling limits because centralized teams can't grow fast enough to handle organizational complexity. Data Platform as a Service (DPaaS) solves this through declarative policies,...
The Cloudflare Outage May Be a Security Roadmap
2025-11-19 14:07:03
An intermittent outage at Cloudflare on Tuesday briefly knocked many of the Internet's top destinations offline. Some affected Cloudflare customers were able to pivot away from the platform temporarily...
Critical Railway Braking Systems Open to Tampering
2025-11-19 14:00:00
It only takes recycled cans, copper, and cheap gadgets off the Web to trick a train conductor into doing something dangerous.
La Cour des comptes incite l'Etat à accélérer sur l'IA
2025-11-19 13:50:37
Le premier président de la Cour des comptes, Pierre Moscovici, a l’art de la litote en présentant le rapport sur la stratégie (...)
CISA gives govt agencies 7 days to patch new Fortinet flaw
2025-11-19 13:44:56
CISA has ordered U.S. government agencies to secure their systems within a week against another vulnerability in Fortinet's FortiWeb web application firewall, which was exploited in zero-day attacks....
U.S. CISA adds a new Fortinet FortiWeb flaw to its Known Exploited Vulnerabilities catalog
2025-11-19 13:43:03
U.S. CISA has added a second Fortinet FortiWeb vulnerability in just a few days to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added...
Avec Agent 365, Microsoft contrôle les agents IA
2025-11-19 13:37:57
À mesure que les entreprises déploient des agents IA en plus grand nombre, les équipes IT devront les gérer et les sécuriser (...)
Mastercard's Hacker Warning: Beware of Deals, Discounts, & Data Thieves
2025-11-19 13:29:08
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Nov. 19, 2025 – Read the full story from Mastercard New survey highlights urgent need for safe retail practices...
Physiognomy as Morphological Ontology: Toward the Rehabilitation of a Discredited Discipline
2025-11-19 13:13:58
This article argues that physiognomy, long dismissed as pseudoscience, is entering a scientific renaissance through AI, genetics, bioinformatics, and systems analysis—reframing the human face as a complex...
Oracle Linux 8: ELSA-2025-21398 Kernal Alert for Remote Code Execution
2025-11-19 13:09:32
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
Oracle Linux 8 ELSA-2025-21232 container-tools Important DoS Advisory
2025-11-19 13:09:31
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
Oracle7 ELSA-2025-19167 Important Squid Fixes to Prevent DoS Attacks
2025-11-19 13:09:18
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:
Meet ShinySp1d3r: New Ransomware-as-a-Service created by ShinyHunters
2025-11-19 13:01:09
An in-development build of the upcoming ShinySp1d3r ransomware-as-a-service platform has surfaced, offering a preview of the upcoming extortion operation. [...]
WrtHug Exploits Six ASUS WRT Flaws to Hijack Tens of Thousands of EoL Routers Worldwide
2025-11-19 13:00:00
A newly discovered campaign has compromised tens of thousands of outdated or end-of-life (EoL) ASUS routers worldwide, predominantly in Taiwan, the U.S., and Russia, to rope them into a massive network.
The...
Attackers are using “Sneaky 2FA” to create fake sign-in windows that look real
2025-11-19 12:50:09
The Phishing-as-a-Service kit Sneaky 2FA was found to use Browser-in-the-Browser attacks to steal login credentials.
SecurityMetrics Wins “Data Leak Detection Solution of the Year” in 2025 CyberSecurity Breakthrough Awards Program
2025-11-19 12:45:49
Orem, United States, November 18th, 2025, CyberNewsWire SecurityMetrics, a leading innovator in compliance and cybersecurity, today announced that…
openSUSE: GIMP Important Buffer Overflow CVE-2025-10934 2025:4137-1
2025-11-19 12:30:10
* bsc#1252886 Cross-References: * CVE-2025-10934
openSUSE: GIMP Important Buffer Overflow Threat CVE-2025-10934 2025:4137-1
2025-11-19 12:30:10
An update that solves one vulnerability can now be installed.
California man admits to laundering crypto stolen in 0M heist
2025-11-19 12:13:34
A 45-year-old from Irvine, California, has pleaded guilty to laundering at least million stolen in a massive 0 million cryptocurrency heist. [...]
Cline Bot AI Agent Vulnerable to Data Theft and Code Execution
2025-11-19 11:59:03
Mindgard reveals 4 critical security flaws in the popular Cline Bot AI coding agent. Learn how prompt injection can hijack the tool for API key theft and remote code execution.
Application Containment: How to Use Ringfencing to Prevent the Weaponization of Trusted Software
2025-11-19 11:55:00
The challenge facing security leaders is monumental: Securing environments where failure is not an option. Reliance on traditional security postures, such as Endpoint Detection and Response (EDR) to chase...
Microsoft a bloqué une attaque DDoS record de 15 Tbps
2025-11-19 11:32:20
La plus grande attaque DDoS jamais enregistrée à ce jour a été bloquée par Microsoft. Liée au botnet Aisuru IoT, (...)
Stratégie IA : la France en tête du peloton européen…mais loin du compte
2025-11-19 11:29:59
Le rapport de la Cour des comptes révèle les failles d'une stratégie nationale sur IA, ambitieuse mais sous-financée.
The post Stratégie IA : la France en tête du peloton européen…mais loin...
Cloudflare blames this week's massive outage on database issues
2025-11-19 10:54:54
On Tuesday, Cloudflare experienced its worst outage in 6 years, blocking access to many websites and online platforms for almost 6 hours after a change to database access controls triggered a cascading...
Sharenting: are you leaving your kids' digital footprints for scammers to find?
2025-11-19 10:30:05
Our children build digital lives long before they understand them. Here's how to shrink their online footprint and stay smart about “sharenting.”
How to Achieve Ultra-Fast Response Time in Your SOC
2025-11-19 10:20:20
ANY.RUN shows how early clarity, automation and shared data help SOC teams cut delays and speed up response during heavy alert loads.
Panne Cloudflare : ce qui s'est passé dans le système anti-bots
2025-11-19 10:19:33
La panne chez Cloudflare a été déclenchée par une erreur de configuration dans une base de données alimentant le système de gestion des bots.
The post Panne Cloudflare : ce qui s’est passé...
Bridewell CEO gives cyber predictions for 2026
2025-11-19 10:01:34
As global economic pressures increase and budgets across both public and private sectors are cut, Anthony Young, CEO at Bridewell, a company that provides cybersecurity services to CNI organisations,...
IT threat evolution in Q3 2025. Mobile statistics
2025-11-19 10:00:34
The report features statistics on mobile threats for the third quarter of 2025, along with interesting findings and trends from the quarter, including an increase in ransomware activity in Germany, and...
IT threat evolution in Q3 2025. Non-mobile statistics
2025-11-19 10:00:02
The report presents key trends and statistics on malware that targets personal computers running Windows and macOS, as well as Internet of Things (IoT) devices, during the third quarter of 2025.
EdgeStepper Implant Reroutes DNS Queries to Deploy Malware via Hijacked Software Updates
2025-11-19 10:00:00
The threat actor known as PlushDaemon has been observed using a previously undocumented Go-based network backdoor codenamed EdgeStepper to facilitate adversary-in-the-middle (AitM) attacks.
EdgeStepper...
‘PlushDaemon' hackers hijack software updates in supply-chain attacks
2025-11-19 10:00:00
The China-aligned advanced persistent threat (APT) tracked as 'PlushDaemon' is hijacking software update traffic to deliver malicious payloads to its targets. [...]
ServiceNow AI Agents Can Be Tricked Into Acting Against Each Other via Second-Order Prompts
2025-11-19 09:59:00
Malicious actors can exploit default configurations in ServiceNow's Now Assist generative artificial intelligence (AI) platform and leverage its agentic capabilities to conduct prompt injection attacks.
The...
Boosting Linux Security with DevOps Platforms for Automation and Compliance
2025-11-19 09:35:47
Most production workloads still land on Linux. That hasn't changed. What's shifted is how teams manage those systems at scale''especially when speed and compliance need to keep pace. That's where DevOps...
Piratage de Jaguar Land Rover : 2 Md€ de pertes au compteur
2025-11-19 08:39:47
Les estimations les plus pessimistes des experts n'étaient pas exagérées. Même si les périmètres évalués (...)
CredShields Joins Forces with Checkmarx to Bring Smart Contract Security to Enterprise AppSec Programs
2025-11-19 08:20:59
Singapore, Singapore, 19th November 2025, CyberNewsWire
Eurofiber confirms November 13 hack, data theft, and extortion attempt
2025-11-19 07:36:05
Eurofiber says hackers exploited a flaw on November 13, breached its ticket and customer portals, stole data, and attempted extortion. On November 13, threat actors exploited a vulnerability to breach...
New FortiWeb zero-day CVE-2025-58034 under attack patched by Fortinet
2025-11-19 06:55:54
Fortinet patched a new FortiWeb zero-day, tracked as CVE-2025-58034, which attackers are actively exploiting. Fortinet patched a new FortiWeb zero-day, tracked as CVE-2025-58034 (CVSS score 6.7), which...
Fortinet Warns of New FortiWeb CVE-2025-58034 Vulnerability Exploited in the Wild
2025-11-19 04:20:00
Fortinet has warned of a new security flaw in FortiWeb that it said has been exploited in the wild.
The medium-severity vulnerability, tracked as CVE-2025-58034, carries a CVSS score of 6.7 out of a maximum...
Mageia 9: Thunderbird Important Race Condition Spoofing MGASA-2025-0305
2025-11-19 03:16:59
MGASA-2025-0305 - Updated thunderbird packages fix security vulnerabilities
Anatomy of an Akira Ransomware Attack: When a Fake CAPTCHA Led to 42 Days of Compromise
2025-11-19 00:00:01
Unit 42 outlines a Howling Scorpius attack delivering Akira ransomware that originated from a fake CAPTCHA and led to a 42-day compromise.
The post Anatomy of an Akira Ransomware Attack: When a Fake CAPTCHA...
List of 21 new domains
2025-11-19 00:00:00
.fr amzn-suivi[.fr] (registrar: IONOS SE)
bookingz[.fr] (registrar: Infomaniak Network SA)
cci-paris-iddf[.fr] (registrar: KEY-SYSTEMS GmbH)
chpascher[.fr] (registrar: Hosting Concepts B.V. d/b/a Openprovider)
chreplique[.fr]...
Multiples vulnérabilités dans les produits SolarWinds (19 novembre 2025)
19/11/2025
De multiples vulnérabilités ont été découvertes dans les produits SolarWinds. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une injection...
Multiples vulnérabilités dans les produits HPE Aruba Networking (19 novembre 2025)
19/11/2025
De multiples vulnérabilités ont été découvertes dans les produits HPE Aruba Networking. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance,...
Multiples vulnérabilités dans Microsoft Edge (19 novembre 2025)
19/11/2025
De multiples vulnérabilités ont été découvertes dans Microsoft Edge. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur. Microsoft indique que...
Multiples vulnérabilités dans les produits Fortinet (19 novembre 2025)
19/11/2025
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation...
Multiples vulnérabilités dans les produits VMware (19 novembre 2025)
19/11/2025
De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Multiples vulnérabilités dans les produits Atlassian (19 novembre 2025)
19/11/2025
De multiples vulnérabilités ont été découvertes dans les produits Atlassian. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité...