Toute l'actualité de la Cybersécurité
React2Shell flaw exploited to breach 30 orgs, 77k IP addresses vulnerable
2025-12-06 19:07:33
Over 77,000 Internet-exposed IP addresses are vulnerable to the critical React2Shell remote code execution flaw (CVE-2025-55182), with researchers now confirming that attackers have already compromised...
Barts Health NHS Confirms Cl0p Ransomware Behind Data Breach
2025-12-06 16:34:40
Barts Health NHS confirms Cl0p ransomware breach via Oracle flaw. Invoice data exposed. Patient records and clinical systems remain unaffected.
Attackers launch dual campaign on GlobalProtect portals and SonicWall APIs
2025-12-06 16:08:52
A hacking campaign is targeting GlobalProtect logins and scannig SonicWall APIs since December 2, 2025. A campaign began on December 2 targeting Palo Alto GlobalProtect portals with login attempts and...
The HackerNoon Newsletter: So You Want to Build a Writing Career? (12/6/2025)
2025-12-06 16:01:56
How are you, hacker?
🪐 What's happening in tech today, December 6, 2025?
The
HackerNoon Newsletter
brings the HackerNoon
...
New FvncBot Android Banking Attacking Users to Log Keystrokes and Inject Malicious Payloads
2025-12-06 15:53:29
A dangerous new Android banking malware named FvncBot was first observed on November 25, 2025. This malicious tool is designed to steal sensitive financial information by logging keystrokes, recording...
Researchers Uncover 30+ Flaws in AI Coding Tools Enabling Data Theft and RCE Attacks
2025-12-06 15:24:00
Over 30 security vulnerabilities have been disclosed in various artificial intelligence (AI)-powered Integrated Development Environments (IDEs) that combine prompt injection primitives with legitimate...
New wave of VPN login attempts targets Palo Alto GlobalProtect portals
2025-12-06 15:18:19
A campaign has been observed targeting Palo Alto GlobalProtect portals with login attempts and launching scanning activity against SonicWall SonicOS API endpoints. [...]
PDFs to Intelligence: How To Auto-Extract Python Manual Knowledge Recursively Using Ollama, LLMs
2025-12-06 15:00:06
We'll demonstrate an end-to-end data extraction pipeline engineered for maximum automation, reproducibility, and technical rigor. Our goal is to transform unstructured PDF documentation into precise,...
Drones to Diplomas: How Russia's Largest Private University is Linked to a M Essay Mill
2025-12-06 14:45:03
A sprawling academic cheating network turbocharged by Google Ads that has generated nearly million in revenue has curious connections to a Kremlin-connected oligarch whose Russian university builds...
Corée du Sud : 120 000 caméras piratées pour du porno
2025-12-06 14:26:03
Piratage de 120 000 caméras sud-coréennes et enquête sur les risques pour la vie privée et la cybersécurité domestique....
Arnaque aux faux abonnements gratuits dans les transports publics
2025-12-06 13:18:15
Plus de 200 faux sites de transports publics mis en place par des pirates informatiques. Ils vous promettent des cartes de bus pour 2 €....
BSGAL: Gradient-Based Screening for Long-Tailed Perception Tasks
2025-12-06 13:00:02
Proposes BSGAL, a gradient-based method for effective screening and utilization of generated data to improve downstream perception tasks.
Critical React2Shell Flaw Added to CISA KEV After Confirmed Active Exploitation
2025-12-06 11:40:00
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday formally added a critical security flaw impacting React Server Components (RSC) to its Known Exploited Vulnerabilities (KEV)...
Faux sites administratifs : enquête sur une menace silencieuse
2025-12-06 11:32:23
Enquête ZATAZ sur la prolifération de faux sites administratifs et leurs risques d'usurpation d'identité, avec un décryptage cyber précis et des conseils de protection....
L'espionnage numérique bouleversé par l'IA
2025-12-06 10:51:20
Analyse d'une opération d'espionnage automatisée utilisant une IA agentique. 007 en plein chamboulement !...
Researchers Hack Google's Gemini CLI Through Prompt Injections in GitHub Actions
2025-12-06 10:38:40
A critical vulnerability class dubbed “PromptPwnd,” affects AI agents integrated into GitHub Actions and GitLab CI/CD pipelines. This flaw allows attackers to inject malicious prompts via...
KinoKong - 817,808 breached accounts
2025-12-06 08:13:57
In March 2021, the Russian online streaming service KinoKong suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed over 800k unique email addresses...
2.15M Web Services Running Next.js Exposed Over Internet, Active Exploitation Underway – Patch Now
2025-12-06 07:48:34
A critical unauthenticated remote code execution vulnerability dubbed “React2Shell” is actively being exploited in the wild, putting millions of web services at risk. On December 3, React...
The TechBeat: Why the Next Wave of AI Value Will Come from “Boring” Operations Work (12/6/2025)
2025-12-06 07:10:59
How are you, hacker?
🪐Want to know what's trending right now?:
The Techbeat by HackerNoon has got you covered with fresh content from our trending stories of the day! Set email preference here.
...
React2Shell Remote Code Execution (RCE) Vulnerability
2025-12-06 04:11:13
What is the Vulnerability?
React2Shell is a critical unauthenticated RCE vulnerability impacting React Server Components (RSC) and frameworks that...
Avast Antivirus Sandbox Vulnerabilities Let Attackers Escalate Privileges
2025-12-06 03:33:15
Security researchers from the SAFA team have uncovered four kernel heap overflow vulnerabilities in Avast Antivirus, all traced to the aswSnx kernel driver. The flaws, now tracked collectively as CVE-2025-13032,...
Debian 11: Krita Major Heap Overflow Issue DLA-4395-1 CVE-2025-59820
2025-12-06 01:28:57
Loading a manipulated TGA file in krita, an image manipulation program, could result in a heap-based buffer overflow in KisTgaImport.
Fedora 42: Chromium High CVE-2025-13630, 13631, 13632 Advisory
2025-12-06 01:27:35
Update to 143.0.7499.40 * High CVE-2025-13630: Type Confusion in V8 * High CVE-2025-13631: Inappropriate implementation in Google Updater * High CVE-2025-13632: Inappropriate implementation in DevTools...
Fedora 42: abrt Critical Command Injection Vulnerability CVE-2025-12744
2025-12-06 01:27:34
Fix CVE-2025-12744
Fedora 42: cef High Type Confusion Vuln CVE-2025-13223,13224 Advisory
2025-12-06 01:27:28
Update to cef-142.0.17+g60aac24 & chromium 142.0.7444.175 (rhbz#2413981) High CVE-2025-13223: Type Confusion in V8 High CVE-2025-13224: Type Confusion in V8
Fedora 43: chromium High CVE-2025-13630 Type Confusion and more
2025-12-06 00:48:47
Update to 143.0.7499.40 * High CVE-2025-13630: Type Confusion in V8 * High CVE-2025-13631: Inappropriate implementation in Google Updater * High CVE-2025-13632: Inappropriate implementation in DevTools...
Fedora 43: abrt Critical Command Injection Fix CVE-2025-12744
2025-12-06 00:48:45
Fix CVE-2025-12744
Maximum-severity XXE vulnerability discovered in Apache Tika
2025-12-06 00:03:20
A maximum severity vulnerability in Apache Tika, tracked as CVE-2025-66516 (CVSS score of 10.0), allows XML external entity attacks. CVE-2025-66516 carries a maximum CVSS rating of 10.0 because it lets...
List of 15 new domains
2025-12-06 00:00:00
.fr 1001pneu[.fr] (registrar: Catchtiger B.V.)
centre-hospitalier-ruffec[.fr] (registrar: SWIIFT)
impots-cryptomonnaies[.fr] (registrar: Hosting Concepts B.V. d/b/a Openprovider)
leon-casino-online[.fr]...