Toute l'actualité de la Cybersécurité
Over 390 Abandoned iCalendar Sync Domains Could Expose ~4 Million Devices to Security Risks
2025-11-27 19:13:23
Digital calendars have become indispensable tools for managing personal and professional schedules. Users frequently subscribe to external calendars for public holidays, sports schedules, or community...
Devenir data analyst en 2025 : un métier qui attire de plus en plus de personnes en reconversion
2025-11-27 18:13:17
Au cours des dernières années, un mouvement discret mais puissant s'est installé dans le paysage de la formation professionnelle : de plus en plus d'adultes choisissent de réorienter leur carrière...
Bloody Wolf Expands Java-based NetSupport RAT Attacks in Kyrgyzstan and Uzbekistan
2025-11-27 18:13:00
The threat actor known as Bloody Wolf has been attributed to a cyber attack campaign that has targeted Kyrgyzstan since at least June 2025 with the goal of delivering NetSupport RAT.
As of October 2025,...
Suse lance la bêta de son serveur MCP pour Multi-Linux Manager
2025-11-27 18:01:26
Les administrateurs de systèmes Linux n'échapperont pas au déferlement de la vague des outils d'automatisation des processus IT par (...)
Un tribunal canadien somme OVH de fournir des données stockées sur ses serveurs
2025-11-27 17:30:37
La question de l’extraterritorialité des lois n’est pas l’apanage des réglementations américaines (Cloud Act, Fisa,…), (...)
Report Names Teen in Scattered LAPSUS$ Hunters, Group Denies
2025-11-27 17:19:30
Scattered LAPSUS$ Hunters admin "Rey," allegedly a 15-year-old named Saif Khader from Jordan, has been named in a report linking him to the group. He denies the claim.
One Identity Safeguard Named a Visionary in the 2025 Gartner Magic Quadrant for PAM
2025-11-27 15:28:21
Alisa Viejo, CA, USA, 27th November 2025, CyberNewsWire
The Next Wave of Supply Chain Attacks: NPM, PyPI, and Docker Hub Incidents Set the Stage for 2026
2025-11-27 17:07:08
When npm was hit in September, it was tempting to see it as an isolated supply chain attack. A maintainer fell for a phish, popular packages were swapped out, and downstream projects scrambled. But npm...
Quttera Launches “Evidence-as-Code” API to Automate Security Compliance for SOC 2 and PCI DSS v4.0V
2025-11-27 17:03:06
New API capabilities and AI-powered Threat Encyclopedia eliminate manual audit preparation, providing real-time compliance evidence and instant threat intelligence Quttera today announced major enhancements...
What the Recent Amazon and Microsoft Cloud Outages Taught the UK Payments Industry
2025-11-27 16:53:34
October 2025's AWS and Azure outages showed how dependent the UK payments sector is on a small set of cloud providers. The piece unpacks the systemic risks, regulatory concerns, and lessons from blockchain—offering...
USN-7898-1: OpenVPN vulnerability
2025-11-27 16:34:52
Joshua Rogers discovered that OpenVPN incorrectly handled HMAC verification
checks. A remote attacker could possibly use this issue to bypass source IP
address validation.
Shai Hulud v2 Exploits GitHub Actions Workflows as Attack Vector to Steal Secrets
2025-11-27 16:30:40
The software supply chain is under siege from “Shai Hulud v2,” a sophisticated malware campaign that has compromised 834 packages across the npm and Maven ecosystems. This new wave specifically...
How Saurav Kant Kumar Is Using AI to Strengthen Industries—and the Workforce
2025-11-27 16:29:59
Saurav Kant Kumar drives large-scale impact across energy, manufacturing, logistics, and telecom through AI systems that predict failures, detect defects, optimize routes, and forecast demand. His projects...
Engineering Intelligence: Visionary of Autonomous Infrastructure and Fluid Digital Evolution
2025-11-27 16:14:59
Hardik Mahant is redefining digital infrastructure with autonomous, self-healing systems that cut manual intervention by 60% and prevent failures before they occur. His machine-learning frameworks unify...
Après les datasets, Open-R1 cherche à reproduire le pipeline de DeepSeek
2025-11-27 16:06:25
Après la phase axée sur les datasets, le projet - qui vise une reproduction ouverte de DeepSeek-R1 - a basculé sur le pipeline d'apprentissage.
The post Après les datasets, Open-R1 cherche à reproduire...
The HackerNoon Newsletter: Everyones Using the Wrong Algebra in AI (11/27/2025)
2025-11-27 16:01:51
How are you, hacker?
🪐 What's happening in tech today, November 27, 2025?
The
HackerNoon Newsletter
brings the HackerNoon
...
Why Over-Explaining Your Tech Is Killing Your Content Strategy
2025-11-27 16:00:08
Most users don't care how your product works—they care what it helps them achieve. This article breaks down how startups can translate features into human benefits, use demonstrations over explanations,...
USN-7897-1: CUPS vulnerability
2025-11-27 15:59:31
It was discovered that CUPS incorrectly handled input from users in the web
configuration settings. An attacker could use this issue to insert
malicious configuration options, causing a denial of service...
L'Autorité de la concurrence rejette la plainte de Qwant contre Microsoft
2025-11-27 15:59:15
L'Autorité de la concurrence rejette la plainte de Qwant contre Microsoft, jugeant que les accusations d'abus de position dominante et de dépendance économique dans la recherche en ligne n'étaient...
Node.js 24 LTS Is Here—Your Backend Has No Business Being Stuck in 2022
2025-11-27 15:58:49
Node.js 24 has officially entered LTS, bringing a modern runtime, new Web APIs, and long-term support through 2028. While the upgrade exposes outdated tooling and dependencies, it offers teams a chance...
What your firewall sees that your EDR doesn't
2025-11-27 15:52:17
The group known as Librarian Ghouls has infiltrated networks of technical universities and industrial organisations across Russia, Belarus and Kazakhstan, all without raising immediate alarms. They achieved...
Microsoft to Block Unauthorized Scripts in Entra ID Logins with 2026 CSP Update
2025-11-27 15:37:00
Microsoft has announced plans to improve the security of Entra ID authentication by blocking unauthorized script injection attacks starting a year from now.
The update to its Content Security Policy (CSP)...
Proactive Risk Management in Marketing: How AI Can Anticipate the Next Brand Meltdown Before You Do
2025-11-27 15:31:06
AI-driven marketing now needs risk telemetry, systems that detect sentiment drift, simulate backlash, and measure reputation latency to prevent trust failures before they escalate into brand crises.
OpenAI data may have been exposed after a cyberattack on analytics firm Mixpanel
2025-11-27 15:28:53
OpenAI warns some users that a cyberattack on analytics firm Mixpanel may have exposed their data. Mixpanel is a product analytics platform that companies use to understand how people interact with their...
Scaling Your SaaS Stack with Convex and Clerk
2025-11-27 15:22:38
Convex and Clerk comfortably support hundreds of thousands to millions of users; the real question isn't capability but when costs, compliance, or control justify migrating to AWS—where lower bills...
How I Tracked and Retired Out-of-Support .NET Runtimes Across Legacy IIS Servers
2025-11-27 15:08:20
A security alert exposed multiple out-of-support .NET Core runtimes across legacy IIS apps. This article recounts the full audit—scanning runtimeconfig files, mapping them to IIS sites, prioritizing...
Making Voice Assistants Human Again: A Story of Purpose-Driven Innovation
2025-11-27 14:59:59
Navneet Magotra is reshaping voice tech by building AI-powered, human-centered assistants for hospitals, hotels, and senior living. His systems boost adoption, automate tasks, enhance care, and create...
Webinar: Learn to Spot Risks and Patch Safely with Community-Maintained Tools
2025-11-27 14:59:00
If you're using community tools like Chocolatey or Winget to keep systems updated, you're not alone. These platforms are fast, flexible, and easy to work with—making them favorites for IT teams. But...
Qilin RaaS Exposed 1 Million Files and 2 TB of Data Linked to Korean MSP Breach
2025-11-27 14:52:09
The “Korean Leaks” campaign has emerged as one of the most sophisticated supply chain attacks targeting South Korea’s financial sector in recent memory. This operation combined the capabilities...
Dead Man's Switch – Widespread npm Supply Chain Attack Driving Malware Attacks
2025-11-27 14:42:43
GitLab’s Vulnerability Research team has uncovered a large-scale supply chain attack spreading a destructive malware variant through the npm ecosystem. The malware, an evolved version of “Shai-Hulud,”...
Wallix mise sur l'IA de Malizen pour renforcer ses solutions
2025-11-27 14:41:44
Wallix acquiert la startup rennaise Malizen pour 1,6 million € afin d'intégrer l'analyse comportementale pilotée par l'intelligence artificielle dans ses solutions dès 2026.
The post Wallix mise...
Black Friday, Cyber Monday : un marathon commercial… et un terrain de jeu idéal pour les cybercriminels
2025-11-27 14:41:13
Alors que les enseignes françaises sont en plein pic d'activité du Black Friday et du Cyber Monday, une autre course s'intensifie en coulisses : celle contre les cyberattaques. Les incidents majeurs...
Millions at risk after nationwide CodeRED alert system outage and data breach
2025-11-27 14:40:32
A ransomware attack against the CodeRED emergency alert platform has triggered warnings across the US.
NVIDIA DGX Spark Vulnerabilities Let Attackers Execute Malicious Code and DoS Attacks
2025-11-27 14:39:43
An urgent security update for its DGX Spark AI workstation after discovering 14 vulnerabilities in the system’s firmware that could allow attackers to execute malicious code and launch denial-of-service...
80% des entreprises prêtes à adopter la Threat Intelligence : un mouvement en faveur d'une modernisation de la cybersécurité en entreprise
2025-11-27 14:36:17
Alors que les entreprises renforcent de plus en plus leurs fondamentaux en matière de cybersécurité, l'adoption de solutions avancées reste minoritaire, créant un écart de maturité entre les...
USN-7896-1: libxml2 vulnerabilities
2025-11-27 14:21:02
It was discovered that the libxml2 Python bindings incorrectly handled
certain return values. An attacker could possibly use this issue to cause
libxml2 to crash, resulting in a denial of service. (CVE-2025-32414)
It...
Cyberattack on Multiple London Councils Exposes Fragility of Shared Public-Sector Systems
2025-11-27 14:14:10
Several major London boroughs, including Westminster, Kensington and Chelsea, and Hammersmith & Fulham, are facing serious disruption after a cyberattack crippled key IT systems, preventing residents...
Cyberfraude Black Friday : Les E-commerçants Français renforcent leur défense, mais 42 % restent vulnérables
2025-11-27 14:12:51
Les sites e-commerce français progressent dans la sécurisation de leurs courriels, mais 42 % n’atteignent pas une protection complète, exposant les acheteurs durant la période des fêtes. Tribune...
USN-7852-2: libxml2 vulnerability
2025-11-27 14:12:04
USN-7582-1 fixed a vulnerability in libxml2. This update provides the
corresponding fix for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS.
Original advisory details:
It was discovered that...
Kaspersky identifie des fraudes liées à la vente de produits dérivés lors de la tournée mondiale de BlackPink
2025-11-27 14:05:35
Alors que le groupe de K-pop BlackPink poursuit sa tournée mondiale, des cybercriminels profitent de l'enthousiasme des fans pour tirer profit de la situation. Les experts de Kaspersky ont identifié...
KawaiiGPT – Free WormGPT Variant Leveraging DeepSeek, Gemini, and Kimi-K2 AI Models
2025-11-27 14:03:17
KawaiiGPT emerges as an accessible, open-source tool that mimics the controversial WormGPT, providing unrestricted AI assistance via jailbroken large language models. Hosted on GitHub with over 188 stars...
Can Antitrust Regulations Keep Up With AI? Researchers Warn of Growing Structural Tensions
2025-11-27 14:00:08
The article examines how market structure—especially vertical integration—shapes AI safety, competition, regulatory oversight, and policy design. It highlights unresolved research questions around...
Réinventer la cybersécurité dans le Cloud : pourquoi l'IA agentique est incontournable ?
2025-11-27 13:49:33
Le paysage de la cybersécurité dans le Cloud a atteint un point d'inflexion. Face à des environnements Cloud, de conteneurs, d’API et de charges de travail éphémères, la surface d’attaque...
North Korean Hackers Exploiting npm, GitHub, and Vercel to Deliver OtterCookie Malware
2025-11-27 13:40:20
A major security threat has emerged targeting software developers worldwide. North Korean state-sponsored threat actors, operating under the “Contagious Interview” campaign, are systematically...
USN-7895-1: WebKitGTK vulnerabilities
2025-11-27 13:39:57
Several security issues were discovered in the WebKitGTK Web and JavaScript
engines. If a user were tricked into viewing a malicious website, a remote
attacker could exploit a variety of issues related...
Cronos Kicks Off K Global Hackathon Focused on AI-Powered On-Chain Payments
2025-11-27 13:39:16
Cronos launches x402 PayTech Hackathon with K prize pool to drive AI-powered on-chain payments using agent tech and Crypto.com tools.
Gitlab Patches Multiple Vulnerabilities that Enable Authentication Bypass and DoS Attacks
2025-11-27 13:37:01
GitLab has released critical security updates for its Community Edition (CE) and Enterprise Edition (EE) to address multiple high-severity vulnerabilities. The patches, rolled out in versions 18.6.1, 18.5.3,...
Holiday shoppers targeted as Amazon and FBI warn of surge in account takeover attacks
2025-11-27 13:18:34
Scammers are stepping up their game for the holidays, impersonating brands to trick people into handing over their accounts.
IA en santé : Inria et Doctolib s'associent
2025-11-27 12:58:52
Inria et Doctolib s'associent pour créer une équipe de recherche commune dédiée à la recherche allant du diagnostic assisté à l'accompagnement personnalisé des patients.
The post IA en santé...
De nombreux identifiants exposés sur des sites de codage
2025-11-27 12:38:29
Identifiants, clés d’authentification, données de configuration, tokens et clés d’API sont potentiellement exposés (...)
Can AI Agents Pay Each Other? How Cronos Is Testing the Next Frontier with x402 PayTech Hackathon
2025-11-27 12:37:39
Cronos x402 Hackathon offers K for developers building AI agents with autonomous payment capabilities.
Gemini 3 Pro : à J+10, un enthousiasme plus tempéré
2025-11-27 12:21:13
L'enthousiasme suscité par le premier modèle de la famille Gemini 3 perdure, mais se révèle plus modéré qu'au lancement.
The post Gemini 3 Pro : à J+10, un enthousiasme plus tempéré appeared...
OpenAI API User Data Exposed in Mixpanel Breach, ChatGPT Unaffected
2025-11-27 12:19:02
OpenAI confirmed a third-party data breach via Mixpanel, exposing limited API user metadata like names, emails and browser…
OpenAI discloses API customer data breach via Mixpanel vendor hack
2025-11-27 11:27:06
OpenAI is notifying some ChatGPT API customers that limited identifying information was exposed following a breach at its third-party analytics provider Mixpanel. [...]
Debian LTS: libssh Critical Issues Addressed in DLA-4385-1
2025-11-27 10:26:47
Several vulnerabilities have been found in libssh, a tiny C SSH library. CVE-2025-4877
ThreatsDay Bulletin: AI Malware, Voice Bot Flaws, Crypto Laundering, IoT Attacks — and 20 More Stories
2025-11-27 10:03:00
Hackers have been busy again this week. From fake voice calls and AI-powered malware to huge money-laundering busts and new scams, there's a lot happening in the cyber world.
Criminals are getting creative...
openSUSE: Kernel Important Update for CVEs 2025-20091-1
2025-11-27 09:35:58
An update that solves 83 vulnerabilities and has 101 bug fixes can now be installed.
openSUSE: Important Security Fix for mysql-connector-java CVE-2025-20089-1
2025-11-27 09:35:58
An update that solves one vulnerability and has one bug fix can now be installed.
NCSC handing over the baton of smart meter security: a decade of progress
2025-11-27 08:54:47
Why transferring the Commercial Product Assurance scheme to industry ownership marks an important milestone.
Ubuntu 16.04: FFmpeg Important Denial Of Service Crash USN-7890-1
2025-11-27 08:49:33
FFmpeg could be made to crash if it opened a specially crafted file.
New ASUS firmware patches critical AiCloud vulnerability
2025-11-27 08:33:32
ASUS released new firmware to address multiple vulnerabilities, including a critical authentication bypass flaw in routers with AiCloud enabled. ASUS has issued new firmware addressing nine security vulnerabilities,...
Critical Kernel Update for CVE-2025-4269-1 in openSUSE Available Now
2025-11-27 08:30:11
An update that solves two vulnerabilities can now be installed.
SUSE: Kernel Important Security Update CVE-2025-38500 2025:4269-1
2025-11-27 08:30:10
* bsc#1248672 * bsc#1249537 Cross-References: * CVE-2025-38500
Gainsight Expands Impacted Customer List Following Salesforce Security Alert
2025-11-27 07:03:00
Gainsight has disclosed that the recent suspicious activity targeting its applications has affected more customers than previously thought.
The company said Salesforce initially provided a list of 3 impacted...
China Software Developer Network - 6,414,990 breached accounts
2025-11-27 05:49:56
In 2011, the China Software Developer Network (CSDN) suffered a data breach that exposed over 6M user records. The data included email addresses alongside usernames and plain text passwords.
UNC2891 Hackers Use Linux Malware in Major Banking Security Heists
2025-11-27 02:47:22
UNC2891 has been working its way through gaps in ATM security and broader banking security by slipping small hardware implants into places most teams assume are locked down. Investigators found Raspberry...
List of 35 new domains
2025-11-27 00:00:00
.fr baxterbet-fr[.fr] (registrar: NETIM)
betbona[.fr] (registrar: NETIM)
browiner[.fr] (registrar: NETIM)
browinner-fr[.fr] (registrar: NETIM)
caissedepot[.fr] (registrar: Dreamscape Networks International...
Multiples vulnérabilités dans GitLab (27 novembre 2025)
27/11/2025
De multiples vulnérabilités ont été découvertes dans GitLab. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et un...
Multiples vulnérabilités dans les produits Splunk (27 novembre 2025)
27/11/2025
De multiples vulnérabilités ont été découvertes dans les produits Splunk. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une atteinte à la confidentialité...
Vulnérabilité dans Mattermost Server (27 novembre 2025)
27/11/2025
Une vulnérabilité a été découverte dans Mattermost Server. Elle permet à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Vulnérabilité dans MISP (27 novembre 2025)
27/11/2025
Une vulnérabilité a été découverte dans MISP. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.