Toute l'actualité de la Cybersécurité
New DroidLock malware locks Android devices and demands a ransom
2025-12-10 21:53:12
A new Android malware called DroidLock has emerged with capabilities to lock screens for ransom payments, erase data, access text messages, call logs, contacts, and audio data. [...]
ClickFix Style Attack Uses Grok, ChatGPT for Malware Delivery
2025-12-10 21:02:30
A new twist on the social engineering tactic is making waves, combining SEO poisoning and legitimate AI domains to install malware on victims' computers.
Torrent for DiCaprio's “One Battle After Another” Movie Drops Agent Tesla
2025-12-10 20:26:29
Bitdefender researchers warn that the torrent for Leonardo DiCaprio's One Battle After Another is a trap deploying Agent Tesla malware. Learn how the fileless LOTL attack targets unsuspecting Windows...
React2Shell Exploitation Delivers Crypto Miners and New Malware Across Multiple Sectors
2025-12-10 20:19:00
React2Shell continues to witness heavy exploitation, with threat actors leveraging the maximum-severity security flaw in React Server Components (RSC) to deliver cryptocurrency miners and an array of...
HTTPS certificate industry phasing out less secure domain validation methods
2025-12-10 20:00:00
Posted by Chrome Root Program Team
Secure connections are the backbone of the modern web, but a certificate is only as trustworthy as the validation process and issuance practices behind it. Recently,...
Microsoft Teams to warn of suspicious traffic with external domains
2025-12-10 19:32:08
Microsoft is working on a new Teams security feature that will analyze suspicious traffic with external domains to help IT administrators tackle potential security threats. [...]
.NET SOAPwn Flaw Opens Door for File Writes and Remote Code Execution via Rogue WSDL
2025-12-10 19:21:00
New research has uncovered exploitation primitives in the .NET Framework that could be leveraged against enterprise-grade applications to achieve remote code execution.
WatchTowr Labs, which has codenamed...
Over 10,000 Docker Hub images found leaking credentials, auth keys
2025-12-10 18:22:25
More than 10,000 Docker Hub container images expose data that should be protected, including live credentials to production systems, CI/CD databases, or LLM model keys. [...]
From awareness to action: Building a security-first culture for the agentic AI era
2025-12-10 18:00:00
The insights gained from Cybersecurity Awareness Month, right through to Microsoft Ignite 2025, demonstrate that security remains a top priority for business leaders.
The post From awareness to action:...
Critical Ivanti EPM Vulnerability Allows Admin Session Hijacking via Stored XSS
2025-12-10 17:36:41
A critical stored cross-site scripting vulnerability in Ivanti Endpoint Manager (“EPM”) versions 2024 SU4 and below, that could enable attackers to hijack administrator sessions without authentication....
Panne massive de Porsche en Russie et soupçons cyber
2025-12-10 17:06:34
Panne des Porsche en Russie: enquête sur le VTS et les risques cyber des systèmes d'immobilisation de voitures connectées....
Cybermenaces : cinq conseils pour améliorer la sécurité des e-mails en entreprise pendant les fêtes de fin d'année
2025-12-10 17:00:39
La période des fêtes est un moment très intense pour tous et les cybercriminels le savent. Tandis que les entreprises se concentrent sur la clôture de l’exercice financier et que les employés...
VLN Research: Foundation Models, Challenges, and Semantic Reasoning
2025-12-10 17:00:03
SOTA methods use specialized pre-training and spatiotemporal learning to address action errors in unfamiliar environments.
Clarity in complexity: New insights for transparent email security
2025-12-10 17:00:00
Microsoft's latest benchmarking report reveals how layered email defenses perform, offering real-world insights to strengthen protection and reduce risk.
The post Clarity in complexity: New insights...
Q&A: How Diversity and Mentorship Are Reshaping the Future of Cybersecurity
2025-12-10 16:57:59
Sophia McCall is a rising force in cybersecurity and a leading cyber security speaker. She is a cyber security professional who co-founded Security Queens, a platform created to break down barriers in...
C'est quoi RSL 1.0, le standard qui veut protéger les éditeurs face à l'IA ?
2025-12-10 16:57:50
Une coalition de grands acteurs de l'internet lance Really Simple Licensing (RSL) 1.0, le premier standard de licence conçu pour protéger le contenu à l'ère de l'IA.
The post C’est quoi RSL...
Human-Centric Cyber Risks Surge as AI Enters the Workforce, Report Finds
2025-12-10 16:51:28
A new industry report by KnowBe4 suggests that organisations are facing a sharply escalating human-centred risk landscape as artificial intelligence becomes embedded in everyday work. The State of Human...
Over 644,000 Domains Exposed to Critical React Server Components Vulnerability
2025-12-10 16:49:02
The Shadowserver Foundation has released alarming new data regarding the exposure of web applications to CVE-2025-55182, a critical vulnerability affecting React Server Components. Following significant...
États-Unis : une Ukrainienne jugée pour cyberattaques
2025-12-10 16:47:34
Une Ukrainienne est inculpée pour son rôle au sein des groupes pro-Russie CARR et NoName, accusés d'attaques contre des infrastructures critiques mondiales....
Sanchar Saathi : l'Inde recule face au tollé
2025-12-10 16:39:17
L'Inde renonce à imposer l'app Sanchar Saathi sur tous les smartphones, révélant les tensions entre cybersécurité d'État, vie privée et puissance des géants du numérique....
North Korean Hackers Deploy EtherRAT Malware in React2Shell Exploits
2025-12-10 16:34:28
Sysdig discovered North Korea-linked EtherRAT, a stealthy new backdoor using Ethereum smart contracts for C2 after exploiting the critical React2Shell vulnerability (CVE-2025-55182).
Le Cesin et Hexatrust recensent les solutions souveraines en cybersécurité
2025-12-10 16:27:12
A l’heure où les entreprises s’interrogent sur la dépendance numérique aux outils notamment américains, le club (...)
New Spiderman Phishing Kit Lets Attackers Create Malicious Bank Login Pages in Few Clicks
2025-12-10 16:10:16
A sophisticated new phishing framework dubbed “Spiderman” has emerged in the cybercrime underground, dramatically lowering the barrier to entry for financial fraud. This toolkit, observed...
Fraude à l'IA : Washington veut frapper plus fort
2025-12-10 16:08:25
Projet de loi américain pour alourdir les peines contre les fraudes et usurpations d'identité commises à l'aide d'outils d'intelligence artificielle....
December Patch Tuesday fixes three zero-days, including one that hijacks Windows devices
2025-12-10 16:06:14
The update patches three zero-days and introduces a new PowerShell warning meant to help you avoid accidentally running unsafe code from the web.
The HackerNoon Newsletter: Hard Problems Are Easier, Once You Think Like This (12/10/2025)
2025-12-10 16:02:43
How are you, hacker?
🪐 What's happening in tech today, December 10, 2025?
The
HackerNoon Newsletter
brings the HackerNoon
...
Hard Problems Are Easier, Once You Think Like This
2025-12-10 16:00:04
Problem: Your brain can only handle 4-7 pieces (chunks) of information at once. Complexity overwhelms you
All human mastery and innovation (from commas to algebra to expert skill) is the history of compressing...
Retour sur la vague Clop Vs. Oracle EBS
2025-12-10 15:54:01
Retour sur la vague d'attaques Clop sur Oracle EBS : universités, médias et industriels piégés par une même chaîne d'extorsion....
Pourquoi Adobe s'invite dans ChatGPT
2025-12-10 15:52:40
Adobe franchit une étape dans sa stratégie d'IA en intégrant trois de ses applications phares directement dans ChatGPT. Une tactique pour conquérir de nouveaux utilisateurs en s'adaptant à l'ère...
L'IT insuffisamment maitrisée par les étudiants en licence
2025-12-10 15:26:37
Le constat peut surprendre. En France, les étudiants de premier cycle universitaire ne maîtrisent pas suffisamment les outils numériques. (...)
Black Duck launches Signal™, bringing agentic AI to application security
2025-12-10 15:25:53
Black Duck today announced the launch of Black Duck Signal™, a new agentic AI platform designed to secure software at the same speed it's now being developed with AI coding tools. As AI-driven development...
L'Agentic AI Foundation veut imposer les standards de l'IA autonome
2025-12-10 15:17:38
OpenAI, Anthropic et Block s'allient au sein de l'Agentic AI Foundation (AAIF), pour éviter la fragmentation d'un marché stratégique. Plusieurs poids lourds de l'IT participent à l'initiative.
The...
Une faille critique dans Apache Tika plus étendue que prévu
2025-12-10 15:16:56
En août dernier, l’utilitaire d’extraction de documents XML Apache Tika a corrigé la faille référencée CVE-2025-54988, (...)
Why a secure software development life cycle is critical for manufacturers
2025-12-10 15:00:10
Recent supply-chain breaches show how attackers exploit development tools, compromised credentials, and malicious NPM packages to infiltrate manufacturing and production environments. Acronis explains...
Tech's Attempt To Conquer Hollywood
2025-12-10 15:00:07
AI has been a major force in seemingly every career field. Now, it seems to have set its eyes somewhere else: Hollywood.
Guillaume Poupard en partance pour Orange
2025-12-10 14:55:48
Selon nos confrères de L’informé, Guillaume Poupard est sur le départ de Docaposte où il occupait le poste de directeur (...)
New Spiderman phishing service targets dozens of European banks
2025-12-10 14:53:00
A new phishing kit called Spiderman is being used to target customers of dozens of European banks and cryptocurrency holders with pixel-perfect cloned sites impersonating brands and organizations....
New EtherRAT backdoor surfaces in React2Shell attacks tied to North Korea
2025-12-10 14:45:46
NK-linked hackers are likely exploiting the React2Shell flaw to deploy a newly discovered remote access trojan, dubbed EtherRAT. North Korea–linked threat actors are likely exploiting the new critical...
What's Next for SOC in 2026: Get the Early-Adopter Advantage
2025-12-10 14:33:41
Cybersecurity is about to hit a turning point in 2026. Attackers aren't only testing AI but also building campaigns around it. Their tooling is getting faster, more adaptive, and far better...
IA de défense : Airbus décroche un contrat de 50 millions €
2025-12-10 14:33:19
Airbus va intégrer l'intelligence artificielle développée par l'Agence ministérielle pour l'IA de défense ( AMIAD) dans les systèmes d'armes et d'information des forces armées françaises.
The...
USN-7919-1: GNU binutils vulnerabilities
2025-12-10 14:31:33
It was discovered that GNU binutils' dump_dwarf_section function could be
manipulated to perform an out-of-bounds read. A local attacker could
possibly use this issue to cause GNU binutils to crash, resulting...
Numspot ouvre sa plateforme cloud à d'autres fournisseurs et aux NCP
2025-12-10 14:28:30
Depuis 2022, Numspot ne cesse d’évoluer. A sa création, le fournisseur rassemblant Bouygues Telecom, Docaposte, Dassault Systèmes (...)
Réseaux sociaux interdits en Australie : l'argument « protection » tient-il face aux données scientifiques ?
2025-12-10 14:13:51
L'Australie devient le premier pays au monde à interdire l'accès aux réseaux sociaux aux moins de 16 ans. Cette mesure, censée lutter contre la crise de santé mentale chez les jeunes, soulève...
Hack the Box Starting Point: Crocodile
2025-12-10 14:03:53
Time for our next Tier 1 box, Crocodile looks like it will be covering a few of the different tools we've been getting familiar with rather than introducing any new ones. Scrolling through the questions...
Outbound HTB Walkthrough / Solution — Exploiting Roundcube Webmail CVE-2025–49113 and Rooting via…
2025-12-10 14:01:42
Outbound HTB Writeup — Roundcube CVE-2025–49113 ExploitIntroductionIn this HackTheBox lab, Outbound, I explored a real-world scenario involving a Roundcube webmail server. The objective was to...
The Phishing Pond TryHackMe Writeup
2025-12-10 14:01:19
The Phishing Pond — TryHackMe Walkthrough Identifying Real-World Phishing EmailsRoom IntroductionThe Phishing Pond is designed to build practical phishing-detection skills through a set of real-world...
I Spied on Hackers So You Don't Have To: How Dark Web Chatter Led to a $Cloud Misconfiguration Bug…
2025-12-10 14:00:57
Free Link🎈Continue reading on InfoSec Write-ups »
Universal Properties In Algebraic Geometry
2025-12-10 14:00:08
Universal properties beautifully describe localisations in theory, but in practice they can't carry the full weight of algebraic geometry. When formalising proofs in Lean, mathematicians discovered...
The Problem With Grothendieck's Use Of Equality
2025-12-10 14:00:02
The article examines how Grothendieck's casual identification of canonically isomorphic objects with true equalities—especially in EGA and later texts like Milne's—creates a silent gap between...
Black Hat Welcomes Suzy Pallett as New Brand President
2025-12-10 13:58:20
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Dec. 10, 2025 –Listen to the podcast If you’re in the cybersecurity field working anywhere in Europe, then...
All About Android Pentesting
2025-12-10 13:53:40
All About Android Pentesting: A Complete MethodologyHello Hackers, I hope you guys are doing well and hunting lots of bugs and dollars!Android is everywhere. Billions of devices, millions of apps, and...
Fake Leonardo DiCaprio Movie Torrent Drops Agent Tesla Through Layered PowerShell Chain
2025-12-10 13:48:56
After noticing a spike in detections involving what looked like a movie torrent for One Battle After Another, Bitdefender researchers started an investigation and discovered that it was a complex infection...
Vulnerability Management Home Lab
2025-12-10 13:45:49
Hello Cybersecurity enthusiasts, today I'm going to showcase a demo of a project which involves scanning vulnerabilities using Nessus. Now for the ones who don't know what Nessus is, it is a vulnerability...
Why Soccerverse's FIFPRO Deal Could Change Blockchain Gaming Forever
2025-12-10 13:45:20
Soccerverse and FIFPRO announce sports licensing deal for Web3 gaming. Soccerverse has rights to player names and images across major footballing nations. FIF PRO's network encompasses players from over...
eJPT Review (2025): A Great Starting Point, But It's Showing Its Age
2025-12-10 13:35:56
https://ine.com/security/certifications/ejpt-certificationAs a red team operator, I decided to take the eLearnSecurity Junior Penetration Tester (eJPT) exam to see how it holds up in today's cybersecurity...
0-Day Hunting Guide ️♂️: Recon Techniques Nobody Talks About
2025-12-10 13:34:46
Hey there, hacker 👋 — Vipul here from The Hacker’s Log. If you think 0-day hunting is only for elite hackers, let me stop you right here.Continue reading on InfoSec...
Three PCIe Encryption Weaknesses Expose PCIe 5.0+ Systems to Faulty Data Handling
2025-12-10 13:32:00
Three security vulnerabilities have been disclosed in the Peripheral Component Interconnect Express (PCIe) Integrity and Data Encryption (IDE) protocol specification that could expose a local attacker...
Beyond the Hype: Pranav Pawar On How to Build Reliable AI in Production
2025-12-10 13:29:59
This piece explores how engineer Pranav Pawar builds AI systems that survive real-world complexity. From deal-sourcing at Bain to healthcare automation and now orchestrating multi-agent marketing systems...
How My Custom IDOR Hunter Made Me k (And Saved My Clicking Finger) ️
2025-12-10 13:28:08
Free Link 🎈Continue reading on InfoSec Write-ups »
Linux Privilege Escalation: Practical Guide to Kernel Exploits, Sudo, SUID, Capabilities, Cron…
2025-12-10 13:26:35
A practical breakdown of the most common privilege-escalation paths found in Linux systems.Continue reading on InfoSec Write-ups »
Category Theory Explains a Common Oversight in Everyday Mathematics, Study Finds
2025-12-10 13:00:02
Mathematicians routinely treat different product constructions—like
(𝐴×𝐵) × 𝐶
(A×B)×C and
𝐴× (𝐵×𝐶)
A×(B×C)—as identical, even though they're only isomorphic. This piece...
Feds: Pro-Russia Hactivists Target US Critical Infrastructure
2025-12-10 12:56:02
So far the attacks, which compromise virtual network computing (VNC) connections in OT systems, have not been particularly destructive, but this could change as they evolve.
Darknet néonazi : un marché de meurtre démantelé
2025-12-10 12:51:33
Un Germano-Polonais est accusé d'avoir géré sur le darknet une plateforme d'assassinats politiques financés en cryptomonnaies, visant des responsables politiques....
GhostFrame phishing kit fuels widespread attacks against millions
2025-12-10 12:41:26
GhostFrame uses dynamic subdomains and hidden iframes to help attackers slip past basic security tools.
Akira : le FBI chiffre 250 millions de rançons
2025-12-10 12:35:19
Akira : près de 250 millions de dollars de rançons, un héritage Conti et une offensive coordonnée FBI–CISA–Europol contre ses attaques via VPN et accès à distance....
SUSE Linux Micro 6.2: Openssh Moderate Code Execution Issues 2025:21128-1
2025-12-10 12:30:35
* bsc#1251198 * bsc#1251199 Cross-References: * CVE-2025-61984
SUSE: python-Jinja2 Moderate Sandbox Breakout CVE-2025-27516 2025:1004-2
2025-12-10 12:30:07
* bsc#1238879 Cross-References: * CVE-2025-27516
SUSE: gnutls Moderate Buffer Overflow Vuln 2025:4346-1 CVE-2025-9820
2025-12-10 12:30:05
* bsc#1254132 Cross-References: * CVE-2025-9820
BTCC Exchange Brings 400+ Perpetual Futures to TradingView: What Traders Need to Know
2025-12-10 12:29:34
BTCC integrates 400+ futures pairs with TradingView's 100M user platform, enabling direct chart-to-trade execution for crypto traders.
Ukrainian hacker charged with helping Russian hacktivist groups
2025-12-10 12:26:32
U.S. prosecutors have charged a Ukrainian national for her role in cyberattacks targeting critical infrastructure worldwide, including U.S. water systems, election systems, and nuclear facilities, on...
Threat Actors Weaponize ChatGPT and Grok Conversations to Deploy AMOS Stealer
2025-12-10 12:13:06
Threat actors are now leveraging the trust users place in AI platforms like ChatGPT and Grok to distribute the Atomic macOS Stealer (AMOS). A new campaign discovered by Huntress on December 5, 2025, reveals...
Sanctions contre l'hébergement russe pro-ransomware
2025-12-10 12:08:39
Washington et ses alliés sanctionnent Media Land et Aeza, hébergeurs russes pro-ransomware, et publient un guide pour contrer l'hébergement inviolable....
Inside the Logic of “Products” and Equality in Set Theory
2025-12-10 12:00:15
The article explores how universal properties uniquely characterize mathematical objects, explains why different constructions can still represent “the same” product, and shows how set-theoretic foundations...
Deux suspects Scattered Spider face à la justice
2025-12-10 11:56:44
Deux jeunes Britanniques liés à Scattered Spider nient toute implication dans l'attaque contre TfL, sur fond de coopérations NCA–FBI et de charges passibles de la perpétuité....
Webinar: How Attackers Exploit Cloud Misconfigurations Across AWS, AI Models, and Kubernetes
2025-12-10 11:54:00
Cloud security is changing. Attackers are no longer just breaking down the door; they are finding unlocked windows in your configurations, your identities, and your code.
Standard security tools often...
Warning: WinRAR Vulnerability CVE-2025-6218 Under Active Attack by Multiple Threat Groups
2025-12-10 11:54:00
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a security flaw impacting the WinRAR file archiver and compression utility to its Known Exploited Vulnerabilities (KEV)...
Fuite massive chez Coupang, 33,7 millions de comptes exposés
2025-12-10 11:38:28
Fuite géante chez Coupang : 33,7 millions de comptes exposés et le modèle sud-coréen de protection des données sous pression....
The Shift No One Saw Coming: Why Technical Sellers Are Leaving Zoominfo for Onfire
2025-12-10 11:29:59
Technical sales teams are moving from ZoomInfo to Onfire because job titles no longer predict buying authority in engineering-led orgs. Onfire provides buyer intelligence based on real technical activity—Slack,...
Microsoft Outlook Vulnerability Let Attackers Execute Malicious Code Remotely
2025-12-10 11:22:23
Microsoft has patched a critical remote code execution (RCE)vulnerability in Outlook that could allow attackers to execute malicious code on vulnerable systems. The flaw, tracked as CVE-2025-62562, was...
North Korean Hackers Exploit React2Shell Vulnerability in the Wild to Deploy EtherRAT
2025-12-10 11:00:28
A novel, highly sophisticated malware strain targeting vulnerable React Server Components, signaling a significant evolution in how state-sponsored threat actors are exploiting the critical React2Shell...
01flip: Multi-Platform Ransomware Written in Rust
2025-12-10 11:00:12
01flip is a new ransomware family fully written in Rust. Activity linked to 01flip points to alleged dark web data leaks.
The post 01flip: Multi-Platform Ransomware Written in Rust appeared first on...
Unnecessary Risk: The Persistence of Open Source Vulnerabilities
2025-12-10 11:00:01
Log4Shell was supposed to be the wake-up call that changed everything. Four years later, the data says otherwise.
Patch Tuesday décembre 2025 : une faille critique exploitée à corriger rapidement
2025-12-10 10:33:26
Les administrateurs système et les équipes sécurité ont encore un peu de travail pour ce mois décembre avec le traditionnel (...)
Ukrainian Woman in US Custody for Aiding Russian NoName057 Hacker Group
2025-12-10 10:10:59
Ukrainian national Victoria Dubranova is in U.S. custody, accused of supporting Russian hacker group NoName057 in cyberattacks on critical infrastructure. She has pleaded not guilty.
FortiSandbox OS command injection Vulnerability Let Attackers execute Malicious code
2025-12-10 10:07:03
Fortinet has released a critical security update for its FortiSandbox analysis appliances to fix a dangerous vulnerability. If left unpatched, this flaw could allow attackers to take control of the underlying...
Debian: pdns-recursor Critical Denial of Service Vulnerability DSA-6077-1
2025-12-10 09:49:13
Insufficient validation of incoming notifies over TCP in PDNS Recursor, a resolving name server, could result in denial of service. For the stable distribution (trixie), this problem has been fixed in...
Windows PowerShell 0-Day Vulnerability Let Attackers Execute Malicious Code
2025-12-10 09:48:52
Security update addressing a dangerous Windows PowerShell vulnerability that allows attackers to execute malicious code on affected systems. The vulnerability, tracked as CVE-2025-54100, was publicly...
La nécessaire vigilance des systèmes OT/IOT et embarqués
2025-12-10 09:35:23
La forte exposition aux cyber-risques des acteurs industriels et organisations utilisant des systèmes OT/IOT et embarqués est au cœur de l'actualité. Dans ce contexte, il est fondamental de prendre...
U.S. CISA adds Microsoft Windows and WinRAR flaws to its Known Exploited Vulnerabilities catalog
2025-12-10 09:33:51
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Windows and WinRAR flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security...
CISA Warns of WinRAR 0-Day RCE Vulnerability Exploited in Attacks
2025-12-10 08:59:30
A high-priority warning regarding a critical security flaw in WinRAR, the popular file compression tool used by millions of Windows users. The vulnerability, tracked as CVE-2025-6218, is currently being...
Les profils en IA, data et cybersécurité sont durs à recruter
2025-12-10 08:55:34
Les informaticiens et informaticiennes, notamment ceux et celles avec des compétences pointues et spécialisées en data, IA ou cybersécurité (...)
Debian: libpng1.6 Critical Info Leak & DoS Vulnerabilities DSA-6076-1
2025-12-10 08:54:19
Several vulnerabilities were reported in the libpng PNG library, which could lead to information leaks, denial of service or potentially the execution of arbitrary code if a specially crafted image is...
Microsoft Issues Security Fixes for 56 Flaws, Including Active Exploit and Two Zero-Days
2025-12-10 08:50:00
Microsoft closed out 2025 with patches for 56 security flaws in various products across the Windows platform, including one vulnerability that has been actively exploited in the wild.
Of the 56 flaws,...
Microsoft Patch Tuesday security updates for December 2025 fixed an actively exploited zero-day
2025-12-10 08:47:02
Microsoft Patch Tuesday security updates for December 2025 address 57 vulnerabilities, including three critical flaws. Microsoft Patch Tuesday security updates for December 2025 addressed 57 vulnerabilities...
SUSE: go1.25 Important Resource Consumption Risk 2025:4336-1
2025-12-10 08:30:14
* bsc#1244485 * bsc#1245878 * bsc#1254227 * bsc#1254430 * bsc#1254431
New Portuguese Law Shields Ethical Hackers from Prosecution
2025-12-10 08:00:25
Portugal updates its cybercrime law (Decree Law 125/2025) to grant ethical hackers a 'safe harbour' from prosecution. Learn the strict rules researchers must follow, including immediate disclosure to...
Patch Tuesday - December 2025
2025-12-10 07:50:42
Microsoft is publishing a relatively light 54 new vulnerabilities this December 2025 Patch Tuesday, which is significantly lower than we have come to expect over the past couple of years. Today's list...
Fortinet, Ivanti, and SAP Issue Urgent Patches for Authentication and Code Execution Flaws
2025-12-10 04:50:00
Fortinet, Ivanti, and SAP have moved to address critical security flaws in their products that, if successfully exploited, could result in an authentication bypass and code execution.
The Fortinet vulnerabilities...
List of 8 new domains
2025-12-10 00:00:00
.fr bordereau-leboncoin[.fr] (registrar: Hostinger operations UAB)
conseiller-sg[.fr] (registrar: PDR Ltd. d/b/a PublicDomainRegistry.com)
factures-marches[.fr] (registrar: Hostinger operations UAB)
finances-gouv-brif[.fr]...
Japanese Firms Suffer Long Tail of Ransomware Damage
2025-12-10 00:00:00
Ransomware actors have targeted manufacturers, retailers, and the Japanese government, with many organizations requiring months to recover.
Multiples vulnérabilités dans les produits Fortinet (10 décembre 2025)
10/12/2025
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation...
Multiples vulnérabilités dans les produits Adobe (10 décembre 2025)
10/12/2025
De multiples vulnérabilités ont été découvertes dans les produits Adobe. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation...
Multiples vulnérabilités dans les produits Intel (10 décembre 2025)
10/12/2025
De multiples vulnérabilités ont été découvertes dans les produits Intel. Elles permettent à un attaquant de provoquer une élévation de privilèges et une atteinte à la confidentialité des données....
Multiples vulnérabilités dans les produits Mozilla (10 décembre 2025)
10/12/2025
De multiples vulnérabilités ont été découvertes dans les produits Mozilla. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation...
Multiples vulnérabilités dans Ivanti Endpoint Manager (EPM) (10 décembre 2025)
10/12/2025
De multiples vulnérabilités ont été découvertes dans Ivanti Endpoint Manager (EPM). Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance,...
Vulnérabilité dans les produits Bitdefender (10 décembre 2025)
10/12/2025
Une vulnérabilité a été découverte dans les produits Bitdefender. Elle permet à un attaquant de provoquer une élévation de privilèges et une atteinte à l'intégrité des données.
Vulnérabilité dans les produits Moxa (10 décembre 2025)
10/12/2025
Une vulnérabilité a été découverte dans les produits Moxa. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
Multiples vulnérabilités dans Microsoft Office (10 décembre 2025)
10/12/2025
De multiples vulnérabilités ont été découvertes dans Microsoft Office. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance.
Multiples vulnérabilités dans Microsoft Windows (10 décembre 2025)
10/12/2025
De multiples vulnérabilités ont été découvertes dans Microsoft Windows. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation...
Vulnérabilité dans Microsoft Azure Monitor Agent (10 décembre 2025)
10/12/2025
Une vulnérabilité a été découverte dans Microsoft Azure Monitor Agent. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.
Multiples vulnérabilités dans les produits Microsoft (10 décembre 2025)
10/12/2025
De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges...