Toute l'actualité de la Cybersécurité
Wallix acquiert Malizen, spécialiste de l'UBA
2025-11-26 11:12:58
Wallix vient d'acquérir Malizen, une start-up française spécialisée dans l'analyse du comportement des utilisateurs (User Behaviour (...)
Microsoft dévoile son SLM agentique Fara-7B pour PC locaux
2025-11-26 11:06:33
Microsoft intègre davantage l'IA agentique dans les PC grâce à Fara-7B, un modèle capable d'automatiser entièrement des (...)
Etat de la menace informatique sur les équipements mobiles
2025-11-26 10:11:28
Etat de la menace informatique sur les équipements mobiles
anssiadm
mer 26/11/2025 - 10:11
L'omniprésence, l'usage systématique des smartphones et la multiplication...
Developers Expose Passwords and API Keys via Online Tools like JSONFormatter
2025-11-26 10:06:06
Developers are unintentionally exposing passwords, API keys, and sensitive data in production information into online formatting tools such as JSONFormatter and CodeBeautify. New research from watchTowr...
Getronics se relance en misant sur la sécurité et le digital workplace
2025-11-26 10:05:07
Après des difficultés rencontrées il y a quelques années suite à une série d’acquisitions (Pomeroy aux (...)
Old tech, new vulnerabilities: NTLM abuse, ongoing exploitation in 2025
2025-11-26 10:00:02
This article covers NTLM relay, credential forwarding, and other NTLM-related vulnerabilities and cyberattacks discovered in 2025.
USN-7889-3: Linux kernel (Real-time) vulnerabilities
2025-11-26 09:41:47
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Media drivers;
...
Dissecting a new malspam chain delivering Purelogs infostealer
2025-11-26 09:02:14
The AISI Research Center’s Cybersecurity Observatory publishes the report “Dissecting a new malspam chain delivering Purelogs infostealer” – November 25, 2025. Organizational and...
USN-7889-2: Linux kernel (FIPS) vulnerabilities
2025-11-26 08:54:05
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Media drivers;
...
USN-7879-3: Linux kernel vulnerabilities
2025-11-26 08:34:26
It was discovered that improper initialization of CPU cache memory could
allow a local attacker with hypervisor access to overwrite SEV-SNP guest
memory resulting in loss of data integrity. (CVE-2024-36331)
Several...
RomCom Uses SocGholish Fake Update Attacks to Deliver Mythic Agent Malware
2025-11-26 08:28:00
The threat actors behind a malware family known as RomCom targeted a U.S.-based civil engineering company via a JavaScript loader dubbed SocGholish to deliver the Mythic Agent.
"This is the first time...
HashJack: New Attack Technique Tricks AI Browsers Using a Simple ‘#'
2025-11-26 08:11:46
Security researchers at Cato CTRL have discovered a new indirect prompt injection technique called HashJack, which weaponises legitimate websites to manipulate AI browser assistants. The attack conceals...
NTLM Relaying to HTTPS
2025-11-26 08:00:00
NTLM is the legacy authentication protocol in Windows environment. In the past few years, I've had the opportunity to write on this blog about NTLM Relaying to DCOM (twice), to AD CS (ESC11) and to MSSQL....
Tor Adopts Galois Onion Encryption to Strengthen Defense Against Online Attacks
2025-11-26 06:44:42
The Tor Project has announced a significant cryptographic overhaul, retiring its legacy relay encryption algorithm after decades of service and replacing it with Counter Galois Onion (CGO). This research-backed...
Microsoft Teams Introduces New Feature to Boost Performance and Startup Speed
2025-11-26 05:32:09
Microsoft has announced a significant update to the Teams Desktop Client for Windows that aims to enhance performance and reduce startup times for calling features. The update, detailed in the Message...
Iran Exploits Cyber Domain to Aid Kinetic Strikes
2025-11-26 05:30:00
The country deploys "cyber-enabled kinetic targeting" prior to — and following — real-world missile attacks against ships and land-based targets.
ASUS MyASUS Flaw Lets Hackers Escalate to SYSTEM-Level Access
2025-11-26 04:59:06
ASUS has disclosed a high security vulnerability in its MyASUS application that could allow local attackers to escalate their privileges to SYSTEM-level access on affected Windows devices. The flaw, tracked...
FBI Reports 2M in ATO Fraud as Researchers Cite Growing AI Phishing and Holiday Scams
2025-11-26 04:29:00
The U.S. Federal Bureau of Investigation (FBI) has warned that cybercriminals are impersonating financial institutions with an aim to steal money or sensitive information to facilitate account takeover...
YAMAGoya – Real-Time Threat Monitoring Tool Using Sigma and YARA Rules
2025-11-26 03:39:44
Modern cybersecurity faces an escalating challenge: fileless malware and obfuscation techniques increasingly bypass traditional file-based detection methods. To address this growing threat, JPCERT/CC...
Cobalt Strike 4.12 Released With New Process Injection, UAC Bypasses and Malleable C2 Options
2025-11-26 03:38:32
New release brings significant improvements to the penetration testing framework, introducing enhanced GUI features, REST API support, and powerful new evasion techniques that security researchers can...
Apache Syncope Vulnerability Allows Attacker to Access Internal Database Content
2025-11-26 03:36:44
A significant issue has been disclosed that affects multiple versions of the identity and access management platform. The flaw stems from a hardcoded default encryption key used for password storage,...
Fedora 41: Chromium High Type Confusion Threats CVE-2025-13223
2025-11-26 01:22:21
Update to 142.0.7444.175 * High CVE-2025-13223: Type Confusion in V8 * High CVE-2025-13224: Type Confusion in V8
Fedora 41: Advisory for sudo-rs CVE-2025-64170 Moderate Auth Bypass
2025-11-26 01:22:20
Update to version 0.2.10. This release includes fixes for CVE-2025-64170 and CVE-2025-64517.
Fedora 42: docker-buildx Critical Update for Memory Exhaustion Issues
2025-11-26 01:06:10
Update to release v0.30.1 Upstream fix Update to release v0.30.0 Resolves: rhbz#2413270 Resolves: rhbz#2407614, rhbz#2407881, rhbz#2408158, rhbz#2409066
Fedora 42 sudo-rs Important Auth Bypass CVE-2025-64517 2025-4388808bbf
2025-11-26 01:06:08
Update to version 0.2.10. This release includes fixes for CVE-2025-64170 and CVE-2025-64517.
Fedora 43: Advisory 2025-264853458b for Moderate Unbounded Allocation Risk
2025-11-26 00:52:03
Update to release v0.26.1 Update to release v0.26.0 Resolves: rhbz#2412681, rhbz#2412761 Upstream new features and fixes dependency override for moby/policy-helper needed for license (default
Fedora 43 docker-buildx Critical Security Issues Advisory 2025-b1d7d7f8db
2025-11-26 00:52:02
Update to release v0.30.1 Upstream fix Update to release v0.30.0 Resolves: rhbz#2413270 Resolves: rhbz#2407614, rhbz#2407881, rhbz#2408158, rhbz#2409066