Toute l'actualité de la Cybersécurité


Critical React and Next.js Enables Remote Attackers to Execute Malicious Code

2025-12-04 05:51:44
A critical security flaw in React and Next.js could let remote attackers run malicious code on servers without logging in. The issue affects React Server Components (RSC) and the “Flight” protocol...

Lire la suite »

Threat Actors Using Malicious VSCode Extension to Deploy Anivia Loader and OctoRAT

2025-12-04 05:00:44
A fake Visual Studio Code extension has been used in a supply chain attack that targets developers through their editor. The rogue extension, named prettier-vscode-plus and posing as the trusted Prettier...

Lire la suite »

CVE-2025-66478: RCE in React Server Components

2025-12-04 04:21:47
Bulletin ID: AWS-2025-030 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/12/03 20:00 PM PST Description: AWS is aware of the recently disclosed CVE-2025-55182 which affects...

Lire la suite »

Debian: WebKitGTK Critical CVE-2025-43392 Exfiltration and Crash DSA-6070-1

2025-12-04 00:06:40
The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2025-43392 Tom Van Goethem discovered that a website may exfiltrate image data cross-origin.

Lire la suite »

openSUSE: icinga2 Important TLS Bypass CVE-2024-49369 Advisory 2025:0457-1

2025-12-04 00:04:46
An update that solves one vulnerability and has one errata is now available.

Lire la suite »