Toute l'actualité de la Cybersécurité
How To Reframe Cybersecurity Budget Requests And Get Them Approved
2025-12-04 14:07:23
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Dec. 4, 2025 – Read the full story from BreachLock Cybersecurity is no longer considered a “technical issue...
SpyCloud Data Shows Corporate Users 3x More Likely to Be Targeted by Phishing Than by Malware
2025-12-04 14:01:30
Austin, TX, USA, 4th December 2025, CyberNewsWire
Student Sells Gov't, University Sites to Chinese Actors
2025-12-04 14:00:00
It's the best deal going in cybercrime: fully compromised websites belonging to high-value organizations, for just a couple hundred bucks each.
Une vulnérabilité dans React et Next.js à corriger en urgence
2025-12-04 13:55:04
Alerte maximale pour les développeurs déclenchée par Wiz (filiale cybersécurité de Google) après la découverte (...)
Lazarus Group's IT Workers Scheme Hacker Group Caught Live On Camera
2025-12-04 13:29:30
Lazarus Group's Famous Chollima unit has been caught “live on camera” running its remote IT worker scheme, after researchers funneled its operatives into fake laptops that were actually long‑running...
Threat Actors Leveraging Foxit PDF Reader to Gain System Control and Steal Sensitive Data
2025-12-04 13:24:15
Cybercriminals have discovered a clever way to slip malware onto job seekers’ computers by disguising malicious files as legitimate recruitment documents. A new campaign called ValleyRAT targets...
Microsoft 365 license check bug blocks desktop app downloads
2025-12-04 13:18:08
Microsoft is investigating and working to resolve a known issue that prevents customers from downloading Microsoft 365 desktop apps from the Microsoft 365 homepage. [...]
WebXR Flaw Hits 4 Billion Chromium Users, Update Your Browser Now
2025-12-04 13:16:24
Cybersecurity startup AISLE discovered a Medium severity flaw in the WebXR component of Chrome, Edge, and other Chromium browsers. Over 4 billion devices were at risk. Update now.
New Phishing Attack Mimic as Income Tax Department of India Delivers AsyncRAT
2025-12-04 13:00:28
A comprehensive phishing operation began targeting Indian companies in November 2025 by impersonating the Income Tax Department of India. The campaign employed remarkably authentic government communication...
Accelerate DevOps with Sonatype's Multi-Product AWS Offering
2025-12-04 13:00:03
Organizations building modern applications are constantly pressured to deliver software faster without compromising on security.
KnowBe4 Named a Leader in Gartner® Magic Quadrant™ for Email Security
2025-12-04 12:51:32
KnowBe4, the platform that comprehensively addresses AI and human risk management, has been recognised as a Leader in the 2025 Gartner Magic Quadrant for Email Security Platforms for the second consecutive...
PickleScan 0-Day Vulnerabilities Enable Arbitrary Code Execution via Malicious PyTorch Models
2025-12-04 12:45:35
Multiple critical zero‑day vulnerabilities in PickleScan, a popular open‑source tool used to scan machine learning models for malicious code. PickleScan is widely used in the AI world, including...
Update Chrome now: Google fixes 13 security issues affecting billions
2025-12-04 12:42:02
Google has pushed out a Chrome update with 13 security fixes, including a high-severity flaw in Digital Credentials.
Freedom Mobile Data Breach Exposes Personal Information of Customers
2025-12-04 12:37:03
Canadian wireless provider Freedom Mobile has disclosed a data breach affecting customer personal information following unauthorized access to its account management platform. On October 23, 2025, Freedom...
Newly Sold Albiriox Android Malware Targets Banks and Crypto Holders
2025-12-04 12:34:39
Cleafy analysis reveals Albiriox, a new Android Malware-as-a-Service (MaaS) RAT that targets over 400 global banking and crypto apps. Learn how ODF fraud enables full device takeover.
iOS Zero-Day Exploit Chain Leveraged by Mercenary Spyware for Device Surveillance
2025-12-04 12:26:32
A new iOS zero-day exploit chain has been linked to mercenary spyware used for silent device surveillance against high‑risk users. The operation, attributed to the commercial surveillance vendor Intellexa,...
Face à Excel et Google Sheets, Proton lance son tableur
2025-12-04 12:13:00
Petit à petit, la suite Workspace de Proton s’enrichit pour être une alternative européenne et sécurisée aux offres (...)
ThreatsDay Bulletin: Wi-Fi Hack, npm Worm, DeFi Theft, Phishing Blasts— and 15 More Stories
2025-12-04 11:58:00
Think your Wi-Fi is safe? Your coding tools? Or even your favorite financial apps? This week proves again how hackers, companies, and governments are all locked in a nonstop race to outsmart each other.
Here's...
USN-7907-4: Linux kernel (GCP FIPS) vulnerabilities
2025-12-04 11:52:45
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Cryptographic API;
...
USN-7907-3: Linux kernel vulnerabilities
2025-12-04 11:46:28
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Cryptographic API;
...
USN-7911-1: Linux kernel vulnerabilities
2025-12-04 11:35:55
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- SCSI subsystem;
...
5 Threats That Reshaped Web Security This Year [2025]
2025-12-04 11:30:00
As 2025 draws to a close, security professionals face a sobering realization: the traditional playbook for web security has become dangerously obsolete. AI-powered attacks, evolving injection techniques,...
USN-7910-1: Linux kernel (Azure FIPS) vulnerabilities
2025-12-04 11:23:32
Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered
that the Linux kernel contained insufficient branch predictor isolation
between a guest and a userspace hypervisor for certain...
USN-7909-3: Linux kernel (FIPS) vulnerabilities
2025-12-04 11:14:34
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM32 architecture;
...
USN-7909-2: Linux kernel (Real-time) vulnerabilities
2025-12-04 11:03:24
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM32 architecture;
...
Numerical Tests Highlight OTFS's Spectral-Efficiency Gains Over OFDM
2025-12-04 11:00:05
Simulations across delay, Doppler, and bandwidth variations show that OFDM suffers heavy ICI, aliasing, and mobility-driven estimation errors, while OTFS maintains more stable performance and higher spectral...
Sécurité des e-mails : l'option multifournisseur s'impose
2025-12-04 10:43:07
L'évolution du marché des solutions de sécurité des e-mails rend aussi opportunes que nécessaires les stratégies multifournisseurs.
The post Sécurité des e-mails : l’option multifournisseur...
USN-7889-4: Linux kernel vulnerabilities
2025-12-04 10:36:44
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Media drivers;
...
Hackers Using Evilginx to Steal Session Cookies and Bypass Multi-Factor Authentication Tokens
2025-12-04 10:32:01
A sophisticated phishing toolkit known as Evilginx is empowering attackers to execute advanced attacker-in-the-middle (AiTM) campaigns with alarming success. These attacks are engineered to steal temporary...
USN-7879-4: Linux kernel vulnerabilities
2025-12-04 10:22:14
It was discovered that improper initialization of CPU cache memory could
allow a local attacker with hypervisor access to overwrite SEV-SNP guest
memory resulting in loss of data integrity. (CVE-2024-36331)
Several...
New ‘Sryxen' Stealer Bypasses Chrome Encryption via Headless Browser Technique
2025-12-04 10:11:53
A new information stealer called Sryxen has emerged in the underground malware market, targeting Windows systems with advanced techniques to harvest browser credentials and sensitive data. Sold as Malware-as-a-Service,...
GoldFactory Hits Southeast Asia with Modified Banking Apps Driving 11,000+ Infections
2025-12-04 09:27:00
Cybercriminals associated with a financially motivated group known as GoldFactory have been observed staging a fresh round of attacks targeting mobile users in Indonesia, Thailand, and Vietnam by impersonating...
USN-7909-1: Linux kernel vulnerabilities
2025-12-04 09:26:45
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM32 architecture;
...
Trois clés pour embarquer les employés dans la cybersécurité
2025-12-04 09:19:36
Dans de nombreuses entreprises, les directives de sécurité informatique se heurtent à la résistance des employés qui (...)
Hackers Leverage Velociraptor DFIR Tool for Stealthy C2 & Ransomware Delivery
2025-12-04 09:15:16
Legitimate administrative tools are increasingly becoming the weapon of choice for sophisticated threat actors aiming to blend in with normal network activity. A recent campaign has highlighted this dangerous...
Cloudflare mitigates record 29.7 Tbps DDoS attack by the AISURU botnet
2025-12-04 09:11:43
Cloudflare blocked a record 29.7 Tbps DDoS attack from the AISURU botnet. The 69-second attack set a new high, though the target remains undisclosed. Cloudflare stopped a record 29.7 Tbps DDoS attack...
AWS enrichit son offre Transform avec des agents IA
2025-12-04 09:08:42
« Aujourd’hui, la modernisation n’est plus une option pour les entreprises », souligne Akshat Tyagi, directeur adjoint (...)
Entretien Yves Pellemans, DG délégué Cheops Technology : « Il faut maîtriser le coût de l'IA »
2025-12-04 08:56:58
Suite des entretiens du Monde Informatique avec Yves Pellemans, directeur général délégué de Cheops Technology. Recruté (...)
Hackers Actively Exploiting Worpress Plugin Vulnerability to Execute Remote Code
2025-12-04 08:36:53
A critical remote code execution vulnerability in the Sneeit Framework WordPress plugin has come under active exploitation by threat actors, posing an immediate risk to thousands of websites worldwide....
Debian 11: Webkit2gtk Critical Security Update DLA-4394-1 CVE-2025-43392
2025-12-04 07:15:49
The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2025-43392
The TechBeat: Porting Scientific Algorithms from MATLAB to JavaScript (12/4/2025)
2025-12-04 07:10:50
How are you, hacker?
🪐Want to know what's trending right now?:
The Techbeat by HackerNoon has got you covered with fresh content from our trending stories of the day! Set email preference here.
...
Why OTFS Outperforms OFDM in High-Mobility Scenarios
2025-12-04 07:00:07
The article explains how OTFS leverages the slow-varying nature of the delay-Doppler domain to interpolate and extrapolate channel states, enabling accurate tracking, lower pilot overhead, and reduced...
'MuddyWater' Hackers Target Israeli Orgs With Retro Game Tactic
2025-12-04 07:00:00
Iran's top state-sponsored APT is usually rather crass. But in a recent spate of attacks, it tried out some interesting evasion tactics, including delving into Snake, an old-school mobile game.
Record 29.7 Tbps DDoS Attack Linked to AISURU Botnet with up to 4 Million Infected Hosts
2025-12-04 06:52:00
Cloudflare on Wednesday said it detected and mitigated the largest ever distributed denial-of-service (DDoS) attack that measured at 29.7 terabits per second (Tbps).
The activity, the web infrastructure...
Tired of Learning 50 New Concepts to Build a Form? Say Hello to Lighthouse for PHP
2025-12-04 06:22:17
TL;DR: I built Lighthouse PHP Framework because modern frameworks got too complex. It lets you handle forms in views (like PHP intended), uses SQLite out of the box, includes security by default, and...
Why I Built Allos to Decouple AI Agents From LLM Vendors
2025-12-04 06:17:42
Allos is a Python SDK for building AI agents that can switch between OpenAI, Anthropic, and more with a single command. Allos is built on a single philosophy: developers deserve the freedom to choose...
X Is Auto-Loading Your Links—Affiliates Just Found a Way to Turn It Into CPM Cash
2025-12-04 06:13:56
X recently rolled out a feature that preloads external links in tweets the moment they appear in someone's feed. This is the biggest opportunity affiliate marketers have seen since the early days of...
How Request–Response Really Works
2025-12-04 06:12:23
Learn how the request–response model really works under the hood.
If You Need to Brag About How Complex It Is, You've Probably Built It Wrong
2025-12-04 06:04:59
Complexity is one of the biggest enemies of any software system. As the complexity increases, the quality goes down. It is always a good idea to take a step back from new feature development.
How I Access My Home NAS from Anywhere (Without Doxxing My IP) Using Cloudflare Tunnel
2025-12-04 06:03:18
I'll soon travel to Australia for weeks, and I want to continue publishing content. How do I access it securely from there without exposing my home network and compromising my privacy?
Seven Silent Career Killers: Why Your Promotion Keeps Getting Delayed
2025-12-04 06:01:23
Instead of complaining, blaming and sobbing, you need to look for patterns that unintentionally might be holding you back.
Beyond the Server: Why Cloud Finance is Now the Science of Power Stranding
2025-12-04 06:00:10
How do you accurately deploy capital for power infrastructure years in advance when customer utilization - the speed, size, and shape of the workloads - is changing by the minute?
From Fixed Labels to Prompts: How Vision-Language Models Are Re-Wiring Object Detection
2025-12-04 05:50:03
Object detection has evolved from hand-crafted features to deep CNNs with much higher accuracy, but most production systems are still stuck with fixed label sets that are expensive to update. New open-vocabulary,...
CVE-2025-66478: RCE in React Server Components
2025-12-04 04:21:47
Bulletin ID: AWS-2025-030 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/12/03 20:00 PM PST
Description:
AWS is aware of the recently disclosed CVE-2025-55182 which affects...
Fedora 42: usd Important Security Update for 3D Format 2025-073e4f7991
2025-12-04 01:02:55
Rebuilt with stb_image patched for two new security bugs.
Ubuntu 23.04: xyz Enhanced Security Vulnerabilities Update 2025-4bd12a45g3
2025-12-04 01:02:51
Patch two newly-reported memory-safety bugs in stb_image: https://github.com/nothings/stb/issues/1860 https://github.com/nothings/stb/issues/1861
Fedora 43: Ubertooth Critical Security Update for Bluetooth 2025-0cc929ff17
2025-12-04 00:53:25
PySide6 6.10.1 update. Pyside6 6.10.1 release. Rebuilt with stb_image patched for two new security bugs.
Fedora 43: Important Update for tinyproxy Integer Overflow Issue
2025-12-04 00:53:25
Add upstream patch to fix CVE-2025-63938.
Fedora 43: usd Security Advisory 2025-0cc929ff17 - PySide6 Update
2025-12-04 00:53:25
PySide6 6.10.1 update. Pyside6 6.10.1 release. Rebuilt with stb_image patched for two new security bugs.