Toute l'actualité de la Cybersécurité
Announcing Rapid7's Next-Gen SIEM Buyer's Guide
2025-12-02 19:38:51
AI dominates headlines, yet one cornerstone of security operations keeps evolving to meet today's threats. Security Information and Event Management (SIEM) has come a long way from basic logging. Modern...
SaaS et chiffrement : Microsoft 365 ciblé par un appel à la vigilance
2025-12-02 15:27:08
L'association privatim - qui réunit des autorités de protection des données - rappelle les risques qu'induit le chiffrement fournisseur.
The post SaaS et chiffrement : Microsoft 365 ciblé par un appel...
Les pirates de Contagious Interview trompent les développeurs
2025-12-02 15:19:53
Les chercheurs de Socket, à l’origine de la découverte de la campagne Contagious Interview, ont livré plus de détails (...)
MuddyWater strikes Israel with advanced MuddyViper malware
2025-12-02 15:19:27
Iran-linked threat actor MuddyWater targeted multiple Israeli sectors with a new MuddyViper backdoor in recent attacks. ESET researchers uncovered a new MuddyWater campaign targeting Israeli organizations...
Cybercrime Goes SaaS: Renting Tools, Access, and Infrastructure
2025-12-02 15:10:20
Cybercrime has fully shifted to a subscription model, with phishing kits, Telegram OTP bots, infostealer logs, and even RATs now rented like SaaS tools. Varonis explains how this "crime-as-a-service"...
Researchers Capture Lazarus APT's Remote-Worker Scheme Live on Camera
2025-12-02 15:02:00
A joint investigation led by Mauro Eldritch, founder of BCA LTD, conducted together with threat-intel initiative NorthScan and ANY.RUN, a solution for interactive malware analysis and threat intelligence,...
GlassWorm Returns with 24 Malicious Extensions Impersonating Popular Developer Tools
2025-12-02 15:01:00
The supply chain campaign known as GlassWorm has once again reared its head, infiltrating both Microsoft Visual Studio Marketplace and Open VSX with 24 extensions impersonating popular developer tools...
SmartTube YouTube App for Android TV Compromised Following Exposure of Signing Keys
2025-12-02 15:00:14
The Android TV community faces a significant security crisis as SmartTube, a popular third-party YouTube client, has been compromised due to exposed signing keys. Security researchers have identified...
North Korea lures engineers to rent identities in fake IT worker scheme
2025-12-02 14:57:26
In an unprecedented intelligence operation, security researchers exposed how North Korean IT recruiters target and lure developers into renting their identities for illicit fundraising. [...]
3 failles zero-day CVSS 9.3 dans PickleScan : JFrog alerte l'écosystème PyTorch et la chaîne logistique IA
2025-12-02 14:44:22
JFrog Ltd., la société Liquid Software et créatrice de la plateforme JFrog Software Supply Chain, a annoncé aujourd’hui la découverte de trois vulnérabilités zero-day (chacune notée CVSS...
Cyber Startup Frenetik Launches with Patented Deception Technology That Bets Against the AI Arms Race
2025-12-02 13:01:03
Bethesda, USA / Maryland, 2nd December 2025, CyberNewsWire
AI Adoption Surges While Governance Lags — Report Warns of Growing Shadow Identity Risk
2025-12-02 12:01:04
Baltimore, MD, 2nd December 2025, CyberNewsWire
Google fixes two Android zero days exploited in attacks, 107 flaws
2025-12-02 14:36:44
Google has released the December 2025 Android security bulletin, addressing 107 vulnerabilities, including two flaws actively exploited in targeted attacks. [...]
New Arkanix Stealer Attacking Users to Steal VPN Accounts, Screenshots and Wi-Fi Credentials
2025-12-02 14:32:07
The Arkanix stealer is a new malware family now spreading in the wild. It targets home users and small offices that rely on VPN clients and wireless networks for daily work. Once active, it focuses on...
Whispering poetry at AI can make it break its own rules
2025-12-02 14:18:00
Malicious prompts rewritten as poems have been found to bypass AI guardrails. Which models resisted and which failed the poetic jailbreak test?
Malicious npm Package Uses Hidden Prompt and Script to Evade AI Security Tools
2025-12-02 14:17:00
Cybersecurity researchers have disclosed details of an npm package that attempts to influence artificial intelligence (AI)-driven security scanners.
The package in question is eslint-plugin-unicorn-ts-2,...
Candiru's DevilsTongue Spyware Attacking Windows Users in Multiple Countries
2025-12-02 14:15:36
Candiru, an Israeli-based spyware vendor, has deployed sophisticated malware infrastructure across multiple countries to target high-value individuals including politicians, journalists, and business...
Trois ans après, l'IA générative a inauguré un âge d'or pour les cybercriminels
2025-12-02 14:11:44
Le dimanche 30 novembre marquait les trois ans du lancement de ChatGPT auprès du public. Depuis cette date, l’IA générative (GenAI) d’OpenAI a transformé notre manière de travailler,...
Souveraineté, rapidité et SaaS : trois leviers essentiels pour une gouvernance des identités de confiance
2025-12-02 14:09:35
À l'heure où les entreprises cherchent à conjuguer sécurité, conformité et agilité, la gestion des identités et des accès s'impose comme un pilier stratégique de la gouvernance IT. Longtemps...
Les priorités des DSI à l'ère de l'IA seront l'inférence, le NaaS 2.0 et la sécurité pour le quantique en 2026
2025-12-02 14:07:34
Ces priorités sont présentées par Colt après avoir consulté les entreprises et mené des études prédictives sur l'évolution du marché pour l'année prochaine. Tribune – Colt Technology...
Firefly évalue la résilience des applications critiques dans le cloud
2025-12-02 14:06:34
Récemment des pannes majeures ont frappé les principaux fournisseurs cloud, perturbant des services utilisés par des millions d’utilisateurs (...)
Gradium lève 60 millions € pour industrialiser l'IA vocale
2025-12-02 14:03:40
La startup Gradium annonce une levée de fonds record de 60 millions € en amorçage et dévoile une technologie de rupture visant à remplacer les systèmes vocaux actuels par des modèles natifs.
The...
Fake Calendly invites spoof top brands to hijack ad manager accounts
2025-12-02 14:00:00
An ongoing phishing campaign impersonates popular brands, such as Unilever, Disney, MasterCard, LVMH, and Uber, in Calendly-themed lures to steal Google Workspace and Facebook business account credentials....
Rapid7 Helps Lower Your Cost to Assurance for HITRUST
2025-12-02 14:00:00
Organizations across regulated sectors are under growing pressure to prove their security readiness. At the same time, traditional assurance approaches rely on periodic audits and manual evidence collection....
Ethical Hacker: Coolest Job In 2026
2025-12-02 13:58:47
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Dec. 2, 2025 – Read the full story in Bolde The working world is far weirder, cooler, and more creative than...
Microsoft: KB5070311 triggers File Explorer white flash in dark mode
2025-12-02 13:39:51
Microsoft has confirmed that the KB5070311 preview update is triggering bright white flashes when launching the File Explorer in dark mode on Windows 11 systems. [...]
Microsoft Investigation Defender portal Issue That Blocking Users Access
2025-12-02 13:38:34
Microsoft is currently investigating a service disruption affecting the Microsoft Defender portal, which has blocked numerous security professionals from accessing critical threat management tools. The...
Iran-Linked Hackers Hits Israeli Sectors with New MuddyViper Backdoor in Targeted Attacks
2025-12-02 13:37:00
Israeli entities spanning academia, engineering, local government, manufacturing, technology, transportation, and utilities sectors have emerged as the target of a new set of attacks undertaken by Iranian...
Raspberry Pi 5 Now Available With 1GB RAM With Dual-Band Wi-Fi and PCI Express Port Support
2025-12-02 13:16:14
The Raspberry Pi Foundation has announced immediate availability of a new 1GB version of the Raspberry Pi 5, marking a significant expansion of its affordable computing platform. The new entry-level model...
USN-7855-2: Unbound regression
2025-12-02 13:15:02
USN-7855-1 fixed vulnerabilities in Unbound. It was discovered that the fix
for CVE-2025-11411 was incomplete. This update fixes the problem.
Original advisory details:
Yuxiao Wu, Yunyi Zhang, Baojun...
DPRK's 'Contagious Interview' Spawns Malicious Npm Package Factory
2025-12-02 13:02:14
North Korean attackers have delivered more than 197 malicious packages with 31K-plus downloads since Oct. 10, as part of ongoing state-sponsored activity to compromise software developers.
University of Pennsylvania confirms new data breach after Oracle hack
2025-12-02 12:55:59
The University of Pennsylvania (Penn) has confirmed a new data breach after attackers stole documents containing personal information from its Oracle E-Business Suite servers in August. [...]
Glassworm Malware Hits OpenVSX and Microsoft Visual Studio Platforms with 24 New Packages
2025-12-02 12:27:36
The Glassworm malware campaign has resurfaced with unprecedented scale, deploying 24 malicious extensions across Microsoft Visual Studio Marketplace and OpenVSX over the past week. This latest wave of...
Hackers Leverages Telegram, WinSCP, Google Chrome, and Microsoft Teams to Deploy ValleyRat
2025-12-02 12:13:09
A new malware campaign has emerged that exploits the trust users place in popular applications. Threat actors are distributing trojanized installers for Telegram, WinSCP, Google Chrome, and Microsoft...
‘Korea's Amazon' Coupang discloses a data breach impacting 34M customers
2025-12-02 12:04:40
Coupang disclosed a five-month data breach that exposed the personal information of nearly 34 million South Korean customers. South Korean e-commerce giant disclosed a data breach affecting nearly 34...
A NICE Retrospective on Shaping Cybersecurity's Future
2025-12-02 12:00:00
Rodney Petersen has served as the Director of NICE at the National Institute for Standards and Technology (NIST) for the past eleven years where his focus has been on advancing cybersecurity education...
Une faille Teams désactive Defender dans Office 365
2025-12-02 11:58:48
Dans de très nombreuses entreprises, Teams est devenu un outil central pour les communications et le partage de fichiers. Mais la solution collaborative (...)
Proxyearth Tool Lets Anyone Trace Users in India with Just a Mobile Number
2025-12-02 11:44:30
Proxyearth is a new site that shows names, Aadhaar numbers, and live locations of users in India using only mobile numbers, raising serious privacy and security concerns.
Google patches 107 Android flaws, including two being actively exploited
2025-12-02 11:37:46
Google's December update fixes two Android bugs that criminals are actively exploiting. Update as soon as you can.
SecAlerts Cuts Through the Noise with a Smarter, Faster Way to Track Vulnerabilities
2025-12-02 11:30:00
Vulnerability management is a core component of every cybersecurity strategy. However, businesses often use thousands of software without realising it (when was the last time you checked?), and keeping...
Windows 11 KB5070311 update fixes File Explorer freezes, search issues
2025-12-02 11:19:31
Microsoft has released the KB5070311 preview cumulative update for Windows 11 systems, which includes 49 changes, including fixes for File Explorer freezes and search issues. [...]
Charging Cable that Hacks your Device to Record Keystrokes and Control Wi-Fi
2025-12-02 11:02:37
The Evil Crow Cable Wind is a stealthy tool for red teamers that hides a powerful hacking implant inside what appears to be a standard USB charging cable. Designed by security researcher Joel Serna Moreno,...
How I Built an AI-Powered Research Automation System with n8n, Groq, and 5 Academic APIs
2025-12-02 10:58:07
This post guides you through architecting an AI-powered research automation system using a low-code approach. It shows you how to integrate n8n for workflow orchestration, Groq for high-speed LLM inference,...
The Organisational Kernel Panic: AI at Scale Meets a Human OS From 1998
2025-12-02 10:46:32
AI is scaling; organisations are not. Most failures blamed on models are really symptoms of a human OS built for 1998. Until decision-making, incentives, and ownership modernise, AI programs will keep...
The Hidden Cost of Bad Data: Why It's Undermining Your AI Strategy
2025-12-02 10:36:04
Poor data quality is a massive hidden cost that silently sabotages expensive AI projects and drains company resources. The "1-10-100 Rule" proves that proactive prevention is exponentially cheaper than...
Google's latest Android security update fixes two actively exploited flaws
2025-12-02 10:23:07
Google's latest Android security update fixes 107 flaws across multiple components, including two vulnerabilities actively exploited in the wild. Google's new Android update patches 107 vulnerabilities,...
How Will We Distinguish Truth From Fiction?
2025-12-02 10:21:36
Deepfake technology has its greatest impact on people through identity theft. It is no longer just fake videos on social media; even a few seconds of voice recording can create a convincing scam. The...
The Limits of Spec-Driven Development
2025-12-02 10:12:38
SDD (Spec-Driven Development) is being positioned as the "right way" to build with AI. For certain problems such as API integrations with strict contracts, regulated industries with compliance requirements,...
Kaspersky Security Bulletin 2025. Statistics
2025-12-02 10:07:03
Kaspersky Security Bulletin contains statistics on various cyberthreats for the period from November 2024 to October 2025, which are based on anonymized data voluntarily provided by Kaspersky users via...
Stateful API-to-Database Synchronization: Implementing Incremental Data Ingestion from REST APIs wit
2025-12-02 09:59:45
Stop writing fragile cron scripts. Learn to build stateful, incremental data streams from any REST API using Python and a pull-based CDC model.
The Oxidized Age: Why Rust's "Fungal" Growth Might Outlast Us All
2025-12-02 09:47:13
By 2025, Rust has crossed the "immortality threshold," embedding itself in Linux and automotive systems via the Ferrocene project. Despite challenges like async fragmentation and the steep learning curve,...
What makes a responsible cyber actor: introducing the Pall Mall industry consultation on good practice
2025-12-02 09:30:15
Calling vulnerability researchers, exploit developers and others in the offensive cyber industry to share their views.
L'USF dans l'attente de l'offre SAP dans le cloud de confiance
2025-12-02 08:51:34
Le club des utilisateurs SAP francophones, l'USF, tire un bilan positif du sommet franco-allemand sur la souveraineté numérique, qui s'est (...)
Google Patches 107 Android Flaws, Including Two Framework Bugs Exploited in the Wild
2025-12-02 07:17:00
Google on Monday released monthly security updates for the Android operating system, including two vulnerabilities that it said have been exploited in the wild.
The patch addresses a total of 107 security...
The TechBeat: How Teodor Calin's New Company, Vulture Labs, Is Making Every Camera Proactive (12/2/2025)
2025-12-02 07:10:59
How are you, hacker?
🪐Want to know what's trending right now?:
The Techbeat by HackerNoon has got you covered with fresh content from our trending stories of the day! Set email preference here.
...
Sonesta International Hotels Implements Industry-Leading Cloud Security Through AccuKnox Collaboration
2025-12-02 06:30:20
Menlo Park, USA, 2nd December 2025, CyberNewsWire
From Drones to Robot Dogs: How I Refactored a Manufacturing Engine in 88k Tokens
2025-12-02 04:45:28
Gemini 3.0 challenge: Stop building things that walk and start building things to fly. The solution is Neuro-Symbolic AI. The codebase from rigid-body drones to articulated robot dogs usually implies...
IdeaOps: Why Every Request is a Company Asset in Product Development
2025-12-02 04:44:15
Requests and ideas about company products are highly important for business. Every suggestion should be classified, meticulously processed and have a detailed decision. Later, it may help you to grow...
Is Your Crypto Safe? A Look at Custody & Security
2025-12-02 04:43:38
Most crypto losses don't come from market swings — they come from weak security. Your first decision is simple: custodial or non-custodial storage? Custodial = convenience but third-party risk. Non-custodial...
Cosmic Rays vs. Code: How a Solar Flare Knocked the Digital Brains Out of 6,000 Airbus Jets
2025-12-02 04:42:52
A single 'bit blip' from a solar flare exposed a critical flaw in the Airbus A320's ELAC L104 software, causing a global safety crisis. Over 6,000 jets were grounded in the largest recall in Airbus history....
The CSA Cloud Controls Matrix v4.1: Strengthening the Future of Cloud Security
2025-12-02 04:26:22
Since its introduction in 2010, the Cloud Controls Matrix (CCM) has become a cornerstone of cloud security and compliance worldwide. Adopted across industries and geographies, it has enabled cloud service...
Out-of-Bounds Read Bugs Add Quiet Pressure on Linux Security
2025-12-02 03:35:08
Out-of-bounds reads sit quietly in Linux security. You don't always see them until the code steps past a buffer and hands back a piece of memory it was never supposed to touch. The leak might look small,...
CISA Adds Actively Exploited ScadaBR XSS Bug to KEV, Raising Linux Security Concerns
2025-12-02 03:21:14
CISA added CVE-2021-26829 to its Known Exploited Vulnerabilities catalog after confirming that attackers are already using the ScadaBR stored XSS flaw in real environments. The news barely made a ripple...
Ubuntu 25.10 OpenJDK Critical Security Risks USN-7900-1 CVE-2025-53057
2025-12-02 01:57:29
Several security issues were fixed in CRaC JDK 17.
Ubuntu 25.10: CRaC JDK 25 Important XML External Entity Advisory 2025-53066
2025-12-02 01:57:28
Several security issues were fixed in CRaC JDK 25.
Ubuntu 25.10: Crucial Security Fix for OpenJDK 21 USN-7901-1 CVE-2025-53057
2025-12-02 01:57:26
Several security issues were fixed in CRaC JDK 21.
Fedora 42: python-spotipy Update 2025-9501cd4d8c to Version 2.25.2
2025-12-02 01:34:25
update to version 2.25.2
Fedora 42: Unbound Critical Fix for CVE-2025-11411 Advisory 2025-38b1c0f3b5
2025-12-02 01:34:24
Update to 1.24.2 (rhbz#2417261) Additional fix for CVE-2025-11411 https://nlnetlabs.nl/projects/unbound/download/#unbound-1-24-2
Fedora 42 webkitgtk Important Security Fix - 2025-4fc934f283
2025-12-02 01:34:18
Prevent unsafe URI schemes from participating in media playback. Make jsc_value_array_buffer_get_data() function introspectable. Fix logging in to Google accounts that have a WebAuthn second factor configured....
Law enforcement shuts down Cryptomixer in major crypto crime takedown
2025-12-02 00:27:47
Authorities seized M in Bitcoin after takedown of Cryptomixer, a service used to launder cybercrime proceeds. Europol announced the seizure of M in Bitcoin after shutting down Cryptomixer, a crypto-mixing...
Multiples vulnérabilités dans les produits VMware (02 décembre 2025)
02/12/2025
De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Multiples vulnérabilités dans Google Android (02 décembre 2025)
02/12/2025
De multiples vulnérabilités ont été découvertes dans Google Android. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité...