Toute l'actualité de la Cybersécurité
Cyberinfo de la semaine du 13 décembre 2025
2025-12-13 09:28:02
Cyberinfo de la semaine du 13 décembre 2025 - Cyberattaques, fuites massives & espionnage : l'actu cybersécurité de la semaine....
Rust-Based Luca Stealer Spreads Across Linux and Windows Systems
2025-12-13 08:33:23
Threat actors are increasingly abandoning traditional languages like C and C++ in favor of modern alternatives such as Golang, Rust, and Nim. This strategic shift enables developers to compile malicious...
Beyond Authentication — Exploiting a Nasty IDOR in Profile Update Functionality
2025-12-13 07:57:06
Beyond Authentication — Exploiting a Nasty IDOR in Profile Update FunctionalityIt wasn't a complex SQL injection or a tricky deserialization flaw. It was a failure to ask one simple question:...
MITRE: TryHackMe Room Walkthrough
2025-12-13 07:54:10
This TryHackMe room walkthrough will discuss the various resources MITRE has made available for the cybersecurity community.Continue reading on InfoSec Write-ups »
Stored Cross-Site Scripting: HTML Context (Nothing Encoded)
2025-12-13 07:54:03
Stored XSS occurs when malicious input is saved on the server and executed every time a user loads the affected page.Continue reading on InfoSec Write-ups »
From Recon to RCE: Hunting React2Shell (CVE-2025–55182) for Bug Bounties
2025-12-13 07:53:14
A step-by-step walkthrough covering discovery, validation and real-world exploitation in React and Next.js applicationsContinue reading on InfoSec Write-ups »
New Phantom Stealer Campaign Hits Windows Machines Through ISO Mounting
2025-12-13 06:23:29
Researchers have uncovered a sophisticated phishing campaign originating in Russia that deploys the Phantom information-stealing malware via malicious ISO files. The attack, dubbed “Operation MoneyMount-ISO,”...
Apple Issues Security Updates After Two WebKit Flaws Found Exploited in the Wild
2025-12-13 05:32:00
Apple on Friday released security updates for iOS, iPadOS, macOS, tvOS, watchOS, visionOS, and its Safari web browser to address two security flaws that it said have been exploited in the wild, one of...
React2Shell Remote Code Execution (RCE) Vulnerability
2025-12-13 02:46:40
What is the Vulnerability?
React2Shell is a critical unauthenticated RCE vulnerability impacting React Server Components (RSC) and frameworks that...
Apple 0-Day Vulnerabilities Exploited in Sophisticated Attacks Targeting iPhone Users
2025-12-13 02:44:13
Apple patches two WebKit zero-day flaws actively exploited in sophisticated attacks targeting specific iPhone users running iOS versions prior to 26. The iOS 26.2 and iPadOS 26.2 updates, released...
Fedora 41: apptainer 2025-df330356b2
2025-12-13 01:27:27
Apply fuse2fs patches that were accidentally empty Update to upstream 1.4.5, including a fix for CVE-2025-65105
Fedora 43: apptainer 2025-cf169a01e8
2025-12-13 01:12:52
Apply fuse2fs patches that were accidentally empty Update to upstream 1.4.5, including a fix for CVE-2025-65105
Fedora 42: apptainer 2025-ff963b3775
2025-12-13 00:50:49
Apply fuse2fs patches that were accidentally empty Update to upstream 1.4.5, including a fix for CVE-2025-65105
Fake Microsoft Teams and Google Meet Downloads Spread Oyster Backdoor
2025-12-13 00:17:14
The Oyster backdoor (also known as Broomstick) is targeting the financial world, using malicious search ads for PuTTY, Teams, and Google Meet.
Emergency fixes deployed by Google and Apple after targeted attacks
2025-12-13 00:08:15
Google and Apple issued emergency updates to address zero-day flaws exploited in attacks targeting an unknown number of users. Apple and Google have both pushed out urgent security updates after uncovering...
List of 14 new domains
2025-12-13 00:00:00
.fr alexandercasino-bet[.fr] (registrar: NETIM)
assistances-sg-intranet[.fr] (registrar: Hostinger operations UAB)
carplusfrance[.fr] (registrar: OVH)
carrefoursa[.fr] (registrar: EPAG Domainservices...