Toute l'actualité de la Cybersécurité
Plus asynchrone, plus interactif… Les évolutions en cours du protocole MCP
2025-11-25 13:40:14
Voilà un an qu'Anthropic a ouvert le protocole MCP. Une nouvelle version de la spécification est en cours de finalisation.
The post Plus asynchrone, plus interactif… Les évolutions en cours du...
Society Bears A Huge Cybercrime Burden
2025-11-25 13:35:45
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Nov. 25, 2025 – Read the full story from American Enterprise Institute The annual cost of cybercrime is expected...
CISA Warns of Threat Actors Leveraging Commercial Spyware to Target Users of Signal and WhatsApp
2025-11-25 13:27:40
Cybersecurity authorities have raised fresh alarms over the spread of advanced commercial spyware targeting secure messaging apps like Signal and WhatsApp. According to a recent CISA advisory, multiple...
Thinking Beyond Price: What Tech Teams Should Look for in a Hosting Provider
2025-11-25 13:24:10
Discover why reliability, scalability, and local support matter more than cost when choosing Australian web hosting for your tech stack.
La Mêlée Numérique sensibilise des juniors à l'IT à Toulouse
2025-11-25 13:07:29
Evènement phare de l’innovation en Occitanie, le festival de la Mêlée Numérique organise une session réservée (...)
'JackFix' Attack Circumvents ClickFix Mitigations
2025-11-25 13:00:00
A new ClickFix variant ratchets up the psychological pressure to 100 and addresses some technical mitigations to classic ClickFix attacks.
USN-7887-2: Linux kernel (Raspberry Pi) vulnerabilities
2025-11-25 12:54:50
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
...
Update Firefox to Patch CVE-2025-13016 Vulnerability Affecting 180 Million Users
2025-11-25 12:45:44
AI security firm AISLE revealed CVE-2025-13016, a critical Firefox Wasm bug that risked 180M users for six months. Learn how the memory flaw allowed code execution.
Threat Actors Leverage Blender Foundation Files to Deliver Notorious StealC V2 Infostealer
2025-11-25 12:37:25
Cybercriminals have discovered a new attack vector targeting the creative design community by exploiting Blender, a widely used open-source 3D modeling application. Threat actors are uploading malicious...
Code-formatters expose thousands of secrets from banks, govt, tech orgs
2025-11-25 12:01:20
Thousands of credentials, authentication keys, and configuration data impacting organizations in sensitive sectors have been sitting in publicly accessible JSON snippets submitted to the JSONFormatter...
Avec Titan, Gluware coordonne les agents IA
2025-11-25 11:59:45
Lorsque Jeff Gray et Olivier Huynh Van, co-fondateurs de Gluware (occupant respectivement les postes de CEO et de directeur scientifique), ont présenté (...)
Comment une cyberattaque a paralysé 23 000 professionnels de santé
2025-11-25 11:53:20
Une intrusion informatique a paralysé Weda, l'un des principaux logiciels médicaux français en mode SaaS, pendant quatre jours, forçant des milliers de praticiens à revenir au papier et au crayon.
The...
Snowflake rachète Select Star, spécialiste de la traçabilité des données
2025-11-25 11:43:13
Les projets IA nécessitent d'avoir les bonnes données. Dans ce cadre, Snowflake renforce encore les capacités d’Horizon Catalog, (...)
Threat Actors Exploiting Black Friday Shopping Hype – 2+ Million Attacks Recorded
2025-11-25 11:38:49
The 2025 Black Friday shopping season has become a prime hunting ground for cybercriminals, with threat actors recording over 2 million phishing attacks targeting online gamers and shoppers worldwide....
ToddyCat's New Hacking Tools Steal Outlook Emails and Microsoft 365 Access Tokens
2025-11-25 11:36:00
The threat actor known as ToddyCat has been observed adopting new methods to obtain access to corporate email data belonging to target companies, including using a custom tool dubbed TCSectorCopy.
"This...
WhatsApp closes loophole that let researchers collect data on 3.5B accounts
2025-11-25 11:30:10
A weak spot in WhatsApp's API allowed researchers to scrape data linked to 3.5 billion registered accounts, including profile photos and “about” text.
3 SOC Challenges You Need to Solve Before 2026
2025-11-25 11:30:00
2026 will mark a pivotal shift in cybersecurity. Threat actors are moving from experimenting with AI to making it their primary weapon, using it to scale attacks, automate reconnaissance, and craft hyper-realistic...
Hackers Hijack Blender 3D Assets to Deploy StealC V2 Data-Stealing Malware
2025-11-25 11:28:00
Cybersecurity researchers have disclosed details of a new campaign that has leveraged Blender Foundation files to deliver an information stealer known as StealC V2.
"This ongoing operation, active for...
Dartmouth College confirms data breach after Clop extortion attack
2025-11-25 11:12:19
Dartmouth College has disclosed a data breach after the Clop extortion gang leaked data allegedly stolen from the school's Oracle E-Business Suite servers on its dark web leak site. [...]
The Dual-Use Dilemma of AI: Malicious LLMs
2025-11-25 11:00:26
The line between research tool and threat creation engine is thin. We examine the capabilities of WormGPT 4 and KawaiiGPT, two malicious LLMs.
The post The Dual-Use Dilemma of AI: Malicious LLMs appeared...
Dutch Takeover of China-Owned Nexperia Sparks New Fears Over Global Supply Chain Fragility
2025-11-25 10:47:46
Nexperia's export halt has reignited chip shortages, forcing Nissan, Honda, and Bosch to cut auto production amid fresh global supply chain shocks.
“AI Is Like a Nuclear Project” - Russia's Vedyakhin on The Emerging National AI Arms Race
2025-11-25 10:47:39
Russia says nations with home‑grown large‑language models will join an “AI club” with power comparable to nuclear weapons, its top AI executive said.
China Regains 14 % of Global Bitcoin Mining Share in Surprise Revival
2025-11-25 10:47:33
China's Bitcoin mining resurges to around 14% of global share, driven by cheap power and rig demand, even though the 2021 ban still formally stands.
Meta Accused of Burying Research that Linked Facebook Usage to Teen Depression
2025-11-25 10:47:24
Meta is accused of shelving internal research that found Facebook use caused increased depression and anxiety, U.S. court filings show.
CISA: Spyware and RATs used to target WhatsApp and Signal Users
2025-11-25 10:39:40
CISA warns that threat actors are actively using commercial spyware and RATs to target users of mobile messaging apps WhatsApp and Signal. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)...
Canon Allegedly Breached by Clop Ransomware via Oracle E-Business Suite 0-Day Hack
2025-11-25 09:48:39
Canon has officially confirmed that it was targeted during the widespread hacking campaign exploiting a critical zero-day vulnerability in Oracle E-Business Suite (EBS). The attack, orchestrated by the...
Règlement DORA : la liste des prestataires IT critiques
2025-11-25 09:05:58
Une liste de 19 prestataires informatiques critiques a été annexée au règlement DORA. Orange et Capgemini en font partie.
The post Règlement DORA : la liste des prestataires IT critiques appeared...
BPCE oriente sa stratégie IA sur l'agentique
2025-11-25 08:58:39
Dix-huit mois après le lancement de son programme IA dans le cadre du projet stratégique Vision 2030 du groupe, BPCE fait un point d'étape (...)
Why Dumb People Outsmart You and Steal Your Success
2025-11-25 08:34:06
The smarter you are, the easier it is to get stuck. Intelligence creates hesitation, doubt, and perfectionism. Success comes from motion, visibility, and repetition. Not mastery. Confidence is built through...
SitusAMC confirms data breach affecting customer information
2025-11-25 08:26:21
SitusAMC says a recent breach exposed customer data; the real-estate financing firm provides back-office services for banks and lenders. SitusAMC, a leading real-estate financing services provider for...
HashiCorp Vault Vulnerability Allow Attackers to Authenticate to Vault Without Valid Credentials
2025-11-25 08:24:00
A critical security flaw has been discovered in HashiCorp’s Vault Terraform Provider that could allow attackers to bypass authentication and access Vault without valid credentials. The vulnerability,...
Microsoft's Update Health Tools Configuration Vulnerability Let Attackers Execute Arbitrary Code Remotely
2025-11-25 07:54:36
A critical remote code execution (RCE) vulnerability in Microsoft’s Update Health Tools (KB4023057). A widely deployed Windows component designed to expedite security updates through Intune. The...
The TechBeat: Stop Building Your Product for Yourself: Why Most Early-Stage Startups Fail at Marketing (11/25/2025)
2025-11-25 07:10:55
How are you, hacker?
🪐Want to know what's trending right now?:
The Techbeat by HackerNoon has got you covered with fresh content from our trending stories of the day! Set email preference here.
...
Elite Cyber Veterans Launch Blast Security With M to Turn Cloud Detection Into Prevention
2025-11-25 06:56:33
Blast Security is a cybersecurity startup founded by industry veterans from Solebit (acquired by Mimecast) and elite IDF units. The company is already working with numerous global enterprises to secure...
CISA Warns of Active Spyware Campaigns Hijacking High-Value Signal and WhatsApp Users
2025-11-25 06:42:00
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday issued an alert warning of bad actors actively leveraging commercial spyware and remote access trojans (RATs) to target users...
Top 10 Best Exposure Management Tools In 2026
2025-11-25 05:37:04
Exposure Management is a proactive cybersecurity discipline that systematically identifies, assesses, prioritizes, and remediates security vulnerabilities and misconfigurations across an organization’s...
ClickFix Attack Uses Steganography to Hide Malicious Code in Fake Windows Security Update Screen
2025-11-25 05:04:10
A new wave of ClickFix attacks is abusing highly realistic fake Windows Update screens and PNG image steganography to secretly deploy infostealing malware such as LummaC2 and Rhadamanthys on victim systems....
I Was Sick of the Crypto Off-Ramp Pain. So I Built My Own Crypto Card
2025-11-25 04:24:05
For years, crypto was easy to earn but painfully hard to spend. Off-ramps meant four slow, expensive steps and constant bank friction. I finally got tired of this and built a solution — the EMCD Payment...
Debian 11: r-cran-gh Important API Auth Flaw DLA-4378-1 CVE-2025-54956
2025-11-25 04:18:02
A vulnerability has been discovered in r-cran-gh, a GNU R Minimal client to access the 'GitHub' 'API'. CVE-2025-54956
NVIDIA's Isaac-GROOT Robotics Platform Vulnerability Let Attackers Inject Malicious Codes
2025-11-25 03:03:16
NVIDIA has disclosed two critical code injection vulnerabilities affecting its Isaac-GR00T robotics platform. The vulnerabilities, tracked as CVE-2025-33183 and CVE-2025-33184, exist within Python components...
Fedora 42 Addresses Critical CVE-2025-59940 in python-mkdocs-include-plugin
2025-11-25 01:42:23
v7.2.0 New features Add new argument order to sort multiple inclusions. v7.1.8 Bug fixes
Fedora 42: chromium High Type Confusion Vulnerabilities 2025-54b43715b6
2025-11-25 01:42:22
Update to 142.0.7444.175 * High CVE-2025-13223: Type Confusion in V8 * High CVE-2025-13224: Type Confusion in V8
Fedora 42: k9s Important Update for Multiple CVEs 2025-fd56e115c0
2025-11-25 01:42:17
Rebuild to fix several CVEs in golang std.
Fedora 42: kubernetes1.33 Critical Security Update 2025-362709ff5e
2025-11-25 01:42:12
Update to release v1.33.6 Resolves: rhbz#2398588, rhbz#2398849, rhbz#2399250, rhbz#2399523 Resolves: rhbz#2407789, rhbz#2408059, rhbz#2408316, rhbz#2408610 Resolves: rhbz#2408673, rhbz#2408731, rhbz#2409238,...
Fedora 42: Important Kubernetes Updates Released for 2025-4c576d1bd9
2025-11-25 01:42:11
Update to release v1.34.2 Resolves: rhbz#2398589, rhbz#2398850, rhbz#2399251, rhbz#2399524 Resolves: rhbz#2407790, rhbz#2408060, rhbz#2408317, rhbz#2408611 Resolves: rhbz#2408674, rhbz#2408732, rhbz#2409239,...
Multiples vulnérabilités dans Progress MOVEit Transfer (25 novembre 2025)
25/11/2025
De multiples vulnérabilités ont été découvertes dans Progress MOVEit Transfer. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une falsification...
Vulnérabilité dans les produits PrimX (25 novembre 2025)
25/11/2025
Une vulnérabilité a été découverte dans les produits PrimX. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.
Vulnérabilité dans Kaspersky Security Center (25 novembre 2025)
25/11/2025
Une vulnérabilité a été découverte dans Kaspersky Security Center. Elle permet à un attaquant de provoquer une atteinte à l'intégrité des données.