Toute l'actualité de la Cybersécurité
Ongoing FileFix Attack Installs StealC Infostealer Via Fake Facebook Pages
2025-09-16 18:30:10
Researchers spot FileFix phishing sites that deliver StealC Infostealer through fake Facebook warnings and hidden payloads in images.
OpenSSL Conference 2025: Just 21 Days Until It Begins
2025-09-16 18:27:26
Newark, New Jersey, United States, September 16th, 2025, CyberNewsWire The OpenSSL Conference 2025 will take place on October 7 – 9 in Prague. The program will bring together lawyers, regulators,...
3 Weeks Left Until the Start of the OpenSSL Conference 2025
2025-09-16 18:18:14
Newark, New Jersey, United States, 16th September 2025, CyberNewsWire
Microsoft rolls out Copilot Chat to Microsoft 365 Office apps
2025-09-16 18:01:41
Microsoft is rolling out Copilot Chat to Word, Excel, PowerPoint, Outlook, and OneNote for paying Microsoft 365 business customers. [...]
Innovator Spotlight: WitnessAI
2025-09-16 17:40:56
WitnessAI Delivers Security for the AI Era In the AI era, innovation is moving fast. Unfortunately, this means that the risks associated with this movement are too. Malicious activities like...
The post...
Top 10 Best MCP (Model Context Protocol) Servers in 2025
2025-09-16 17:30:00
The rise of large language models (LLMs) has revolutionized how we interact with technology, but their true potential has always been limited by their inability to interact with the real world. LLMs are...
Google nukes 224 Android malware apps behind massive ad fraud campaign
2025-09-16 17:20:00
A massive Android ad fraud operation dubbed "SlopAds" was disrupted after 224 malicious applications on Google Play were used to generate 2.3 billion ad requests per day. [...]
Bisbilles autour des propositions pour sécuriser C++
2025-09-16 17:17:41
Régulièrement taclé pour son manque de sécurité, le langage C++ essaye de trouver un moyen de protéger l’accès (...)
Hackers Stolen Millions of Users Personal Data from Gucci, Balenciaga and Alexander McQueen Stores
2025-09-16 17:16:50
Luxury fashion company Kering has confirmed a data exfiltration incident in which threat actor Shiny Hunters accessed private customer records for Gucci, Balenciaga, and Alexander McQueen. The breach,...
Self-propagating supply chain attack hits 187 npm packages
2025-09-16 16:46:43
Security researchers have identified at least 187 npm packages compromised in an ongoing supply chain attack. The coordinated worm-style campaign dubbed 'Shai-Hulud' started yesterday with the compromise...
Chaos Mesh Critical GraphQL Flaws Enable RCE and Full Kubernetes Cluster Takeover
2025-09-16 16:23:00
Cybersecurity researchers have disclosed multiple critical security vulnerabilities in Chaos Mesh that, if successfully exploited, could lead to cluster takeover in Kubernetes environments.
"Attackers...
Las Vegas, United States, September 16th, 2025, CyberNewsWire
2025-09-16 16:00:50
Seraphic today announced at Fal.Con 2025 that its Secure Enterprise Browser (SEB) solution is now available for purchase in the CrowdStrike Marketplace, a one-stop destination for the world-class ecosystem...
Microsoft Purview innovations for your Fabric data: Unify data security and governance for the AI era
2025-09-16 16:00:00
The Microsoft Fabric and Purview teams are thrilled to participate in the European Microsoft Fabric Community Conference Sept. 15-18, 2025 in Vienna, Austria. The event is Microsoft's largest tech conference...
Microsoft: WMIC will be removed after Windows 11 25H2 upgrade
2025-09-16 15:58:59
Microsoft has announced that the Windows Management Instrumentation Command-line (WMIC) tool will be removed after upgrading to Windows 11 25H2 and later. [...]
Seraphic Browser-Native Protection Now Available for Purchase on the CrowdStrike Marketplace
2025-09-16 12:00:51
Las Vegas, United States, 16th September 2025, CyberNewsWire
Samsung corrige une faille dans une bibliothèque d'analyse d'images
2025-09-16 15:39:06
Alerte sur les plusieurs smartphones Galaxy de Samsung. En effet, la société a mis à jour ses terminaux après la découverte (...)
Why Real-Time Threat Intelligence Is Critical for Modern SOCs
2025-09-16 15:30:12
Security Operations Centers (SOCs) exist under ever-increasing pressure to detect and respond to threats before they escalate. Today's fast-moving adversaries exploit gaps in threat visibility with...
Managing AI Risks in the Modern Software Supply Chain
2025-09-16 15:30:00
Artificial Intelligence (AI) and Machine Learning (ML) continue to reshape software development at an unprecedented pace. Platforms like Hugging Face make millions of pre-trained models easily...
Innovator Spotlight: LastPass
2025-09-16 15:27:50
LastPass Evolves Secure Access Experiences to Combat Shadow IT and AI Risks for CISOs Picture your organization humming along, with teams adopting new apps to boost efficiency. But beneath that...
The...
L'obsolescence programmée de Windows 10 dénoncée
2025-09-16 15:16:23
Le compte à rebours est lancé pour la fin du support de Windows 10. Microsoft a prévenu depuis longtemps que le couperet tomberait (...)
Bridging the Cybersecurity Talent Gap
2025-09-16 15:00:38
There's no doubt about it. Cybersecurity incidents are rising. In 2024, the FBI reported a 9% increase in ransomware complaints targeting critical U.S. infrastructure sectors, such as healthcare,...
Top 10 Best Dynamic Application Security Testing (DAST) Platforms in 2025
2025-09-16 14:53:07
In today’s fast-paced software development world, where applications are released at an unprecedented rate, ensuring their security is more critical than ever. Dynamic Application Security Testing...
SlopAds Fraud Ring Exploits 224 Android Apps to Drive 2.3 Billion Daily Ad Bids
2025-09-16 14:19:00
A massive ad fraud and click fraud operation dubbed SlopAds ran a cluster of 224 apps, collectively attracting 38 million downloads across 228 countries and territories.
"These apps deliver their fraud...
KillSec Ransomware Attacking Healthcare Industry IT Systems
2025-09-16 14:09:29
The KillSec ransomware strain has rapidly emerged as a formidable threat targeting healthcare IT infrastructures across Latin America and beyond. First observed in early September 2025, KillSec operators...
Self-Replicating Worm Hits 180+ Software Packages
2025-09-16 14:08:02
At least 187 code packages made available through the JavaScript repository NPM have been infected with a self-replicating worm that steals credentials from developers and publishes those secrets on GitHub,...
Team-Wide VMware Certification: Your Secret Weapon for Security
2025-09-16 14:01:11
One VMware-certified pro is a win. An entire certified team? That's a security multiplier. VMUG Advantage makes team-wide certification practical—building collaboration, resilience, and retention. [...]...
How a Terminal Diagnosis Inspired a New Ethical AI System
2025-09-16 13:59:59
Machines answer instantly. Humans hesitate. Out of that gap came the Sacred Pause — the core of Ternary Moral Logic (TML). It's a three-state system:
+1 Proceed when the path is clear
0 Sacred Pause...
Windows Users Hit by VenomRAT in AI-Driven RevengeHotels Attack
2025-09-16 13:45:55
RevengeHotels, also known as TA558, has escalated its long-standing cybercrime campaign by incorporating artificial intelligence into its infection chains, deploying the potent VenomRAT malware against...
USN-7752-1: libyang vulnerabilities
2025-09-16 13:41:30
It was discovered that libyang incorrectly handled certain memory
operations when parsing YANG strings. An attacker could possibly use this
issue to cause libyang to crash, resulting in a denial of service....
Scattered Spider et d'autres mettent en scène leur fausse retraite
2025-09-16 13:40:31
L'annonce a surpris, mais n'a pas déchaîné l'exultation des experts en cybersécurité. Plusieurs groupes de cybercriminels (...)
Top 10 Best Privileged Access Management (PAM) Companies in 2025
2025-09-16 13:40:00
In an increasingly complex digital landscape, where cloud migrations, remote work, and a distributed workforce have become the norm, the traditional security perimeter has all but disappeared. The most...
RevengeHotels Leveraging AI To Attack Windows Users With VenomRAT
2025-09-16 13:36:48
RevengeHotels, a financially motivated threat group active since 2015, has escalated its operations against hospitality organizations by integrating large language model–generated code into its infection...
Cybercrime group accessed Google Law Enforcement Request System (LERS)
2025-09-16 13:24:15
Google found threat actors created a fake account in its Law Enforcement Request System (LERS) and shut it down. Google confirmed that threat actors gained access to its Law Enforcement Request System...
Top 10 Best Privileged Access Management (PAM) Tools in 2025
2025-09-16 13:24:00
In today’s complex digital landscape, where data breaches and cyberattacks are a constant threat, securing privileged accounts is more critical than ever. Privileged Access Management (PAM) is a...
Threat Actors Could Misuse Code Assistant To Inject Backdoors and Generating Harmful Content
2025-09-16 13:19:45
Modern development workflows increasingly rely on AI-driven coding assistants to accelerate software delivery and improve code quality. However, recent research has illuminated a potent new threat: adversaries...
Threat Actors and Code Assistants: The Hidden Risks of Backdoor Injections
2025-09-16 13:19:32
AI code assistants integrated into IDEs, like GitHub Copilot, offer powerful chat, auto-completion, and test-generation features. However, threat actors and careless users can exploit these capabilities...
Jaguar Land Rover extends shutdown after cyberattack by another week
2025-09-16 13:08:16
Jaguar Land Rover (JLR) announced today that it will extend the production shutdown for another week, following a devastating cyberattack that impacted its systems at the end of August. [...]
LG WebOS TV Vulnerability Enables Full Device Takeover by Bypassing Authentication
2025-09-16 13:08:15
A security vulnerability has been discovered in LG WebOS TV systems that allows attackers to gain complete control over affected devices by bypassing authentication mechanisms. The vulnerability, disclosed...
Grok, ChatGPT, other AIs happy to help phish senior citizens
2025-09-16 13:06:17
Big name AI chatbots are happy to create phishing emails and malicious code to target senior citizens.
Digital Transformation Failures: A National Security Crisis in the Making
2025-09-16 13:00:05
In the hyperconnected world, digital transformation has become synonymous with progress, efficiency and innovation. For governments, business and defense organizations alike, the ability to leverage the...
DevOps Tools Open The Gates For High-Profile Cyberattacks
2025-09-16 12:56:19
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Sep. 16, 2025 –Read the full TechRadar Pro story Source code is a critical asset for every company, and platforms...
APT28 Exploits Signal Messenger to Deploy eardShell and Covenant Malware
2025-09-16 12:52:32
Sekoia.io's Threat Detection and Response (TDR) team has uncovered a sophisticated campaign by APT28 that weaponizes Signal Messenger to deploy two previously undocumented malware families—BeardShell...
CrowdStrike npm Packages Hit by Supply Chain Attack
2025-09-16 12:52:04
A new supply chain attack has compromised multiple npm packages maintained by the crowdstrike-publisher account, marking a worrying continuation of the so-called “Shai-Halud attack.” Developers and...
LG WebOS TV Vulnerability Let Attackers Bypass Authentication and Enable Full Device Takeover
2025-09-16 12:38:20
A critical vulnerability has been discovered in LG’s WebOS for smart TVs, allowing an attacker on the same local network to bypass authentication mechanisms and achieve full control over the device....
New FileFix Variant Delivers StealC Malware Through Multilingual Phishing Site
2025-09-16 12:33:00
Cybersecurity researchers have warned of a new campaign that's leveraging a variant of the FileFix social engineering tactic to deliver the StealC information stealer malware.
"The observed campaign uses...
New APT28 Attack Via Signal Messenger Delivers BeardShell and Covenant Malware
2025-09-16 12:28:26
Late in the summer of 2025, cybersecurity researchers uncovered a sophisticated spearphishing campaign targeting Ukrainian military personnel via the Signal messaging platform. The operation, dubbed “Phantom...
Apple backports zero-day patches to older iPhones and iPads
2025-09-16 12:16:53
Apple has released security updates to backport patches released last month to older iPhones and iPads, addressing a zero-day bug that was exploited in "extremely sophisticated" attacks. [...]
Fractalline: Asking AI If It's Conscious - Plus, What to Do If It Is
2025-09-16 12:00:05
What does the fractal nature of AI and consciousness suggest for the future of both?
New FileFix attack uses steganography to drop StealC malware
2025-09-16 12:00:00
A newly discovered FileFix social engineering attack impersonates Meta account suspension warnings to trick users into unknowingly installing the StealC infostealer malware. [...]
Innovative FileFix Phishing Attack Proves Plenty Potent
2025-09-16 12:00:00
Highly deceptive FileFix uses code obfuscation and steganography and has been translated into at least 16 languages to power a global campaign.
Ukrainian Fugitive Added to EU Most Wanted List for LockerGoga Ransomware
2025-09-16 11:39:32
Ukrainian fugitive Volodymyr Tymoshchuk, linked to LockerGoga ransomware, has been added to the EU Most Wanted list as global authorities pursue him.
La modernisation des mainframes accélérée par l'IA
2025-09-16 11:13:17
L’IA est au cœur de l’étude sur l’état de la modernisation des mainframes menée par Kyndryl. La plupart des (...)
Apple Backports Fix for CVE-2025-43300 Exploited in Sophisticated Spyware Attack
2025-09-16 11:06:00
Apple on Monday backported fixes for a recently patched security flaw that has been actively exploited in the wild.
The vulnerability in question is CVE-2025-43300 (CVSS score: 8.8), an out-of-bounds...
Webinar: Your browser is the breach — securing the modern web edge
2025-09-16 11:01:08
The web browser has quietly become one of the most critical components of enterprise infrastructure—and one of the most dangerous. Join BleepingComputer, SC Media, and Push Security on September 29...
Securing the Agentic Era: Introducing Astrix's AI Agent Control Plane
2025-09-16 11:00:00
AI agents are rapidly becoming a core part of the enterprise, being embedded across enterprise workflows, operating with autonomy, and making decisions about which systems to access and how to use them....
Balancing Growth with Sustainability: Meet Mutuum Finance (MUTM)
2025-09-16 10:55:37
Mutuum Finance (MUTM) has raised .6 million in Phase 6, attracting more than 16,200 holders while selling through 38% of its allocation at .035. The DeFi-native project is currently priced at just...
Linking Gemini's IPO To Mutuum's Momentum
2025-09-16 10:53:03
Mutuum Finance (MUTM) is emerging as the best crypto to invest in during this surge of enthusiasm. The presale has already reached Phase 6 out of 11, with tokens priced at .035. Current buyers could...
“A dare, a challenge, a bit of fun:” Children are hacking their own schools’ systems, says study
2025-09-16 10:20:52
Research shows that students are responsible for over half of school incidents, often without realizing the possible consequences.
Watch out for the “We are hiring” remote online evaluator message scam
2025-09-16 10:17:46
Several of our staff have reported receiving a job offer as an online evaluator. A job that pays very well for a few hours of work.
Gucci, Balenciaga and Alexander McQueen Breach Linked to ShinyHunters
2025-09-16 10:12:27
ShinyHunters reportedly hacked Kering, exposing Gucci, Balenciaga and Alexander McQueen customer data, raising risks of scams and spear…
RevengeHotels: a new wave of attacks leveraging LLMs and VenomRAT
2025-09-16 10:00:41
Kaspersky GReAT expert takes a closer look at the RevengeHotels threat actor's new campaign, including AI-generated scripts, targeted phishing, and VenomRAT.
BountyHunter Walkthrough: HackTheBox Writeup
2025-09-16 09:38:54
BountyHunter is a very simple Linux machine designed for beginners. In this walk-through we will be going understand how to gain user and…Continue reading on InfoSec Write-ups »
HTB Planning Machine Walkthrough | Easy HackTheBox Guide for Beginners
2025-09-16 09:38:23
Welcome to the WhyWriteUps articles, where we explain every step we made and why we made it. I have been solving machines for quite a bit of time, and most of the walkthroughs I have ever read are just...
How I Hacked My ISP's IPTV Set-Top Box?
2025-09-16 09:36:34
This is Prashant Singh, a cybersecurity geek with a deep passion for exploring and securing technologies. This is my second write-up after 4 long years. A small but heartfelt contribution to the community...
What are AI Agents and Why They Matter
2025-09-16 09:29:11
AI agents are the new buzz in tech, but what are they really, and why should you care? This guide breaks it down in simple terms.
How Space Debris Cleanup Could Become the Next Trillion-Dollar Industry
2025-09-16 09:22:56
Earth's orbit is becoming dangerously crowded. Old satellites, broken rocket parts, and countless fragments of debris are crowding our orbits. One piece of junk could crash into a working satellite and...
Les RSSI avancent avec pragmatisme sur la sécurité de l'OT
2025-09-16 09:06:00
Un parc mal connu, des équipements et logiciels totalement obsolètes, une incapacité à patcher, des fournisseurs pas toujours (...)
Emerging Yurei Ransomware Claims First Victims
2025-09-16 08:53:40
The cybercrime group, named after Japanese ghosts but believed to be from Morocco, uses a modified version of the Prince-Ransomware binary that includes a flaw allowing for partial data recovery. However,...
From Walled Gardens to World Grid: A Short History of How We Centralized the Internet
2025-09-16 08:38:42
The internet began decentralized, designed to survive disruption. Over decades, it centralized into walled gardens and fragile empires. Yet seeds of resistance—open source, peer-to-peer, Bitcoin, IPFS—show...
The Unseen Variable: Why Your LLM Gives Different Answers (and How We Can Fix It)
2025-09-16 08:33:32
The same prompt, run multiple times, can produce entirely different outputs. This isn't just a quirk of “probabilistic” AI; it's a fundamental challenge to reproducibility, reliability, and ultimately,...
China-linked Mustang Panda deploys advanced SnakeDisk USB worm
2025-09-16 07:36:59
China-linked APT group Mustang Panda has been spotted using a new USB worm called SnakeDisk along with a new version of known malware China-linked APT group Mustang Panda (aka Hive0154, Camaro Dragon, RedDelta or Bronze...
Phoenix RowHammer Attack Bypasses Advanced DDR5 Memory Protections in 109 Seconds
2025-09-16 07:27:00
A team of academics from ETH Zürich and Google has discovered a new variant of a RowHammer attack targeting Double Data Rate 5 (DDR5) memory chips from South Korean semiconductor vendor SK Hynix.
The...
The TechBeat: How Evergen Scaled Renewable Monitoring with TigerData (TimescaleDB) and Slashed Infrastructure Cost (9/16/2025)
2025-09-16 06:11:10
How are you, hacker?
🪐Want to know what's trending right now?:
The Techbeat by HackerNoon has got you covered with fresh content from our trending stories of the day! Set email preference here.
...
Insider breach at FinWise Bank exposes data of 689,000 AFF customers
2025-09-16 05:58:14
An ex-employee caused an insider breach at FinWise Bank, exposing data of 689,000 American First Finance customers. FinWise Bank is a Utah-based community bank, FDIC-insured, that partners with fintechs...
Self-Replicating Worm Hits 180+ npm Packages to Steal Credentials in Latest Supply Chain Attack
2025-09-16 05:00:00
Cybersecurity researchers have flagged a fresh software supply chain attack targeting the npm registry that has affected more than 40 packages that belong to multiple maintainers.
"The compromised versions...
The Evolution of Marketing Laws: From Comfort to Psychological Warfare
2025-09-16 03:42:01
Marketing is no longer about persuasion; it is about domination. Modern campaigns are crafted not to speak to reason but to exploit vulnerabilities buried deep in the human psyche. Scarcity, authority,...
Remote Work Reality Check: Malta, Madeira and the Canaries
2025-09-16 03:40:18
Elizaveta Semenova has spent four years conducting an experiment: can island life really work for remote professionals? She tested three distinct island cultures, each offering unique advantages and challenges...
Streamlining Symfony Deployments with Docker, Supervisord, and Redis
2025-09-16 03:36:42
This article will guide you through the process of containerizing a Symfony application using Docker and Docker Compose.
Fedora 42: perl-Plack-Middleware-Session 2025-ca07c36a0a
2025-09-16 01:15:12
This update upgrade the package to version 0.36. This version fixes CVE-2025-40923 by using Crypt::SysRandom to generate secure session IDs.
Fedora 42: perl-Catalyst-Plugin-Session 2025-90d5989bee
2025-09-16 01:15:12
This update upgrade the package to version 0.44. This version fixes CVE-2025-40924 by using Crypt::SysRandom to generate properly random session IDs.
Fedora 42: perl-Catalyst-Authentication-Credential-HTTP 2025-d72429a1f8
2025-09-16 01:15:11
This update upgrade the package to version 1.019. This version fixes CVE-2025-40920 by using Crypt::SysRandom to generate nonces instead of Data::UUID.
OpenAI's new GPT-5 Codex model takes on Claude Code
2025-09-16 00:51:22
OpenAI is rolling out the GPT-5 Codex model to all Codex instances, including Terminal, IDE extension, and Codex Web (codex.chatgpt.com). [...]
Fedora 43: chromium 2025-fade46c641
2025-09-16 00:21:41
Update to 140.0.7339.127 CVE-2025-10200: Use after free in Serviceworker CVE-2025-10201: Inappropriate implementation in Mojo
Fedora 43: cups 2025-3596273b51
2025-09-16 00:21:40
2.4.14 (fixes CVE-2025-58060 and CVE-2025-58364)
Fedora 43: qemu 2025-b8b6acb283
2025-09-16 00:20:11
Fix crash with spice GL (bz 2391334) Update to 10.1.0 GA release Automatic update for qemu-10.1.0-0.4.rc4.fc43.
Miljödata - 870,108 breached accounts
2025-09-16 00:10:29
In August 2025, the Swedish system supplier Miljödata was the victim of a ransomware attack. Following the attack, data was subsequently published on the dark web and included 870k unique email addresses...
Multiples vulnérabilités dans les produits Apple (16 septembre 2025)
16/09/2025
De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation...
Multiples vulnérabilités dans les produits Spring (16 septembre 2025)
16/09/2025
De multiples vulnérabilités ont été découvertes dans les produits Spring. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité.
Multiples vulnérabilités dans Liferay (16 septembre 2025)
16/09/2025
De multiples vulnérabilités ont été découvertes dans Liferay. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une injection de code...