Toute l'actualité de la Cybersécurité
2026 Cybersecurity Predictions
2025-12-15 19:00:00
Whatever you think will happen… will happen faster and with more acronyms than ever before.
New PCPcat Exploiting React2Shell Vulnerability to compromise 59,000+ Servers
2025-12-15 17:46:48
A new malware campaign called PCPcat has successfully compromised more than 59,000 servers in under 48 hours through targeted exploitation of critical vulnerabilities in Next.js and React frameworks....
xHunt APT Hackers Attacking Microsoft Exchange and IIS Web Servers to Deploy Custom Backdoors
2025-12-15 17:21:06
The xHunt advanced persistent threat group has firmly established itself as a sophisticated cyber-espionage actor, orchestrating targeted campaigns against organizations in Kuwait. Since its emergence...
IBM recentre Terraform sur le langage HCL
2025-12-15 17:14:06
IBM ne prend plus en charge le CDK pour Terraform, qui permettait de définir des infrastructures à l'aide de langages de programmation.
The post IBM recentre Terraform sur le langage HCL appeared first...
Jaguar Land Rover Confirms Employee Data Stolen in August Cyberattack
2025-12-15 17:10:21
Jaguar Land Rover (JLR), the iconic British luxury automaker, has finally disclosed that a cyberattack in August compromised sensitive data on current and former employees. This marks the company’s...
USN-7909-5: Linux kernel (Raspberry Pi) vulnerabilities
2025-12-15 17:04:41
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM32 architecture;
...
USN-7933-1: Linux kernel (KVM) vulnerabilities
2025-12-15 17:01:57
Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered
that the Linux kernel contained insufficient branch predictor isolation
between a guest and a userspace hypervisor for certain...
700Credit data breach impacts 5.8 million vehicle dealership customers
2025-12-15 16:49:03
700Credit, a U.S.-based financial services and fintech company, will start notifying more than 5.8 million people that their personal information has been exposed in a data breach incident. [...]
JumpCloud Remote Assist for Windows Agent Flaw Let Attackers Escalate Privilege
2025-12-15 16:48:00
The JumpCloud Remote Assist vulnerability (CVE-2025-34352) exposes Windows systems to local privilege escalation and denial-of-service attacks. Discovered by XM Cyber researcher Hillel Pinto, the flaw...
GitHub Scanner for React2Shell (CVE-2025-55182) Turns Out to Be Malware
2025-12-15 16:34:57
A GitHub repository posing as a vulnerability scanner for CVE-2025-55182, also referred to as “React2Shell,” was exposed as…
Why Partner Data Became My Toughest Engineering Problem
2025-12-15 16:34:54
Partner systems slow down when data definitions drift. Real stability returns only when the model is cleaned up and workflows align around a single, consistent structure.
Threat Actors Advertising ‘MioLab MacOS' Infostealer on an Underground Forum
2025-12-15 16:30:25
A new malware threat targeting macOS users has emerged on underground cybercrime forums, with threat actors marketing a sophisticated information-stealing tool called “MioLab MacOS.” This...
USN-7931-3: Linux kernel (Real-time) vulnerabilities
2025-12-15 16:15:07
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Cryptographic API;
...
The HackerNoon Newsletter: Can ChatGPT Outperform the Market? Week 19 (12/15/2025)
2025-12-15 16:02:15
How are you, hacker?
🪐 What's happening in tech today, December 15, 2025?
The
HackerNoon Newsletter
brings the HackerNoon
...
From AI-Supported to AI-First: What We've Learned Re-Engineering How We Build Software
2025-12-15 15:59:59
Engineering has shifted from AI-assisted coding to fully AI-first development. Engineers now define intent and constraints while AI implements, tests, and iterates—delivering faster, higher-quality...
New Android Malware Frogblight Mimics as Official Government Websites to Collect SMS and Device Details
2025-12-15 15:52:27
A sophisticated Android banking Trojan named Frogblight has emerged as a significant threat targeting Turkish users, employing deceptive tactics to steal banking credentials and personal data. Discovered...
Pig butchering is the next “humanitarian global crisis” (Lock and Code S06E25)
2025-12-15 15:39:34
This week on the Lock and Code podcast, we speak with Erin West about pig butchering scams and the efforts to stop this new, global crisis.
Flaw in Hacktivist Ransomware Lets Victims Decrypt Own Files
2025-12-15 15:33:15
A new version of VolkLocker, wielded by the pro-Russia RaaS group CyberVolk, has some key enhancements but one fatal flaw.
NVIDIA Merlin Vulnerabilities Let Attackers Execute Malicious Code and Trigger DoS Condition
2025-12-15 15:19:14
Security patches for the Merlin framework addressing two high-severity deserialization vulnerabilities. That could allow attackers to execute arbitrary code and launch denial-of-service attacks on affected...
Apache StreamPark Vulnerability Let Attackers Access Sensitive Data
2025-12-15 15:17:06
A critical security vulnerability has been discovered in Apache StreamPark that could allow attackers to decrypt sensitive information and gain unauthorized system access. The vulnerability stems from...
Critical pgAdmin Vulnerability Let Attackers Execute Shell Commands on the Host
2025-12-15 15:13:04
A severe security vulnerability has been uncovered in pgAdmin 4, the popular open-source PostgreSQL database management tool. Tracked as CVE-2025-13780, this critical flaw allows attackers to bypass security...
Microsoft Recent Update Breaks VPS Access for Windows Subsystem for Linux Users
2025-12-15 15:10:16
Microsoft’s October 2025 non-security update is disrupting virtual private server (VPS) access for Windows Subsystem for Linux (WSL) users, particularly those relying on third-party VPNs for enterprise...
USN-7932-1: libsoup vulnerability
2025-12-15 15:05:29
It was discovered libsoup incorrectly handled memory when handling specific
HTTP/2 read and cancel sequences. An attacker could possibly use this issue
to cause a denial of service.
2025's Top Phishing Trends and What They Mean for Your Security Strategy
2025-12-15 15:05:15
Phishing attacks in 2025 increasingly moved beyond email, with attackers using social platforms, search ads, and browser-based techniques to bypass MFA and steal sessions. Push Security outlines key phishing...
Atlassian fixed maximum severity flaw CVE-2025-66516 in Apache Tika
2025-12-15 15:03:44
Atlassian released security updates to address dozens of flaws, including multiple critical-severity vulnerabilities. Atlassian addressed dozens of vulnerabilities impacting its products, including multiple...
Bpifrance et Nuneum lancent un accélérateur pour les petites SSII
2025-12-15 15:03:18
Porté par la banque publique d’investissement Bpifrance et le syndicat des SSII et des éditeurs de logiciels Numeum, Accélérateur (...)
Top 25 des faiblesses logicielles : le casse-tête méthodologique de MITRE
2025-12-15 15:02:21
MITRE a à nouveau fait évoluer la méthodologie de son top des faiblesses logicielles pour limiter la remontée d'éléments de trop haut niveau.
The post Top 25 des faiblesses logicielles : le casse-tête...
HackerNoon and GPTZero Partner to Bring AI Transparency and Preserve What's Human in Tech Publishing
2025-12-15 15:00:03
HackerNoon has partnered with GPTZero, the best AI detector on RAID with 95.7% accuracy. All new submissions will be analyzed using GPTzero. HackerNoon editors review over 5,000 monthly submissions from...
La DGSI resigne avec Palantir pour 3 ans
2025-12-15 14:42:05
Depuis les attentats de 2015, la France a renforcé les capacités de surveillance terroriste de la Direction Générale de la (...)
Microsoft: Recent Windows updates break VPN access for WSL users
2025-12-15 14:34:31
Microsoft says that recent Windows 11 security updates are causing VPN networking failures for enterprise users running Windows Subsystem for Linux. [...]
FreePBX Patches Critical SQLi, File-Upload, and AUTHTYPE Bypass Flaws Enabling RCE
2025-12-15 14:32:00
Multiple security vulnerabilities have been disclosed in the open-source private branch exchange (PBX) platform FreePBX, including a critical flaw that could result in an authentication bypass under certain...
USN-7931-2: Linux kernel (FIPS) vulnerabilities
2025-12-15 14:31:25
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Cryptographic API;
...
Unpacking VStarcam firmware for fun and profit
2025-12-15 14:19:22
One important player in the PPPP protocol business is VStarcam. At the very least they've already accumulated an impressive portfolio of security issues. Like exposing system configuration including...
USN-7931-1: Linux kernel vulnerabilities
2025-12-15 14:18:49
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Cryptographic API;
...
The "API First" Illusion: Why Your "Simple" Endpoints Turn Into Technical Debt (And How to Fix It)
2025-12-15 14:00:05
In a microservices world, your API *is* the product. Bad API design isn't just ugly code; it's architectural entropy. The "Contract-First" Enforcer forces Large Language Models to stop being "code generators"...
Mastercard's Deputy Chief Security Officer Alissa (Dr Jay) Abdullah, PhD on AI & Cybersecurity
2025-12-15 13:47:01
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Dec. 15, 2025 –Watch the YouTube video Thanks to artificial intelligence (AI), cybercrime and, as a result, cybersecurity...
Next Gen Awareness Training: KnowBe4 Unveils Custom Deepfake Training
2025-12-15 13:43:30
In today’s world, it can be hard for awareness training to keep up with the modern threats that are constantly emerging. Today, KnowBe4 has announced a new custom deepfake training experience to...
PayPal closes loophole that let scammers send real emails with fake purchase notices
2025-12-15 13:41:57
Scammers exploited a PayPal subscriptions feature to send legitimate emails from service@paypal.com, using fake purchase notifications to push tech support scams.
USN-7930-2: Linux kernel (FIPS) vulnerabilities
2025-12-15 13:41:42
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Cryptographic API;
...
16TB of MongoDB Database Exposes 4.3 Billion Lead Gen Records
2025-12-15 13:36:45
Cybersecurity researchers discovered an unsecured 16TB database exposing 4.3 billion professional records, including names, emails, and LinkedIn data. Learn what happened, why this massive data leak enables...
USN-7930-1: Linux kernel vulnerabilities
2025-12-15 13:25:56
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Cryptographic API;
...
Des correctifs officieux réparent une faille critique dans RasMan de Windows
2025-12-15 13:21:49
Microsoft se dit conscient du problème, mais il estime que les clients ayant appliqué les correctifs de sécurité du mois d’octobre (...)
Mitigating malware and ransomware attacks
2025-12-15 13:04:57
How to defend organisations against malware or ransomware attacks.
How To Send .NET Crash Dumps To Slack From ECS Fargate Task
2025-12-15 13:01:16
Get .NET crash dumps from AWS ECS Fargate automatically: leverage Amazon EFS, Amazon S3, AWS DataSync, and AWS Lambda to make debugging easier for your dev team.
USN-7929-1: usbmuxd vulnerability
2025-12-15 12:54:55
It was discovered that usbmuxd incorrectly handled certain paths received
with the SavePairRecord command. A local attacker could possibly use this
issue to delete and write files named *.plist in arbitrary...
Hamas Linked Hackers Using AshTag Malware Against Diplomatic Offices
2025-12-15 12:51:10
New report by Unit 42 reveals the Hamas-linked Ashen Lepus (WIRTE) group is using the AshTag malware suite to target Middle Eastern diplomatic and government entities with advanced, hidden tactics.
Google links more Chinese hacking groups to React2Shell attacks
2025-12-15 12:46:50
Over the weekend, Google's threat intelligence team linked five more Chinese hacking groups to attacks exploiting the maximum-severity "React2Shell" remote code execution vulnerability. [...]
⚡ Weekly Recap: Apple 0-Days, WinRAR Exploit, LastPass Fines, .NET RCE, OAuth Scams & More
2025-12-15 12:24:00
If you use a smartphone, browse the web, or unzip files on your computer, you are in the crosshairs this week. Hackers are currently exploiting critical flaws in the daily software we all rely on—and...
Data breaches: guidance for individuals and families
2025-12-15 12:08:52
How to protect yourself from the impact of data breaches
A Browser Extension Risk Guide After the ShadyPanda Campaign
2025-12-15 11:55:00
In early December 2025, security researchers exposed a cybercrime campaign that had quietly hijacked popular Chrome and Edge browser extensions on a massive scale.
A threat group dubbed ShadyPanda spent...
Intégration de données : les hyperscalers s'imposent en vase clos
2025-12-15 11:35:12
AWS, Google et Microsoft se sont fait une place sur le marché de l'intégration de données... avec des offres largement centrées sur leurs écosystèmes respectifs.
The post Intégration de données...
U.S. fintech and data services firm 700Credit suffered a data breach impacting at least 5.6 million people
2025-12-15 11:23:02
A data breach at 700Credit exposed the names, addresses, dates of birth, and Social Security numbers of at least 5.6 million people. 700Credit is a U.S. fintech and data services company that provides...
Coupang CEO Steps Down After Data Breach Hits 33.7 Million Users
2025-12-15 11:22:06
South Korean e-commerce giant Coupang faces intense scrutiny after CEO Park Dae-jun resigns over a data breach that exposed 33.7 million customer accounts. Read about the police raids, US lawsuit, and...
UX Research for Agile AI Product Development of Intelligent Collaboration Software Platforms
2025-12-15 11:13:30
UX researchers need new product frameworks when AI enters collaboration tools. I've developed a five-dimension approach that captures what velocity metrics miss: cognitive load, trust calibration, collaborative...
French Interior Ministry confirms cyberattack on email servers
2025-12-15 11:06:10
The French Interior Minister confirmed on Friday that the country's Ministry of the Interior was breached in a cyberattack that compromised e-mail servers. [...]
ServiceNow en passe d'acquérir Armis pour 7 Md$
2025-12-15 10:49:59
La période de fin d’année est souvent propice aux emplettes. ServiceNow aurait, selon Bloomberg, jeté son dévolu (...)
The Paradox of the 3.4 Million: Why You Can't Find a Job in a “Desperate” Industry
2025-12-15 10:49:51
** Not a Member?? CLICK HERE to read Full-Story**Continue reading on InfoSec Write-ups »
How I Bypassed Voucher Limits Using a Race Condition Vulnerability
2025-12-15 10:49:46
So last night I played a CTF. Of course, it was free and with no prize. I know you are not here to listen my bla bla bla about my CTF…Continue reading on InfoSec Write-ups »
How a Simple SSTI Turned Into ,000 and RCE
2025-12-15 10:49:41
📌 Free LinkContinue reading on InfoSec Write-ups »
Why Monitoring Outbound Connections Is the Fastest Way to Detect a Compromised Linux Server
2025-12-15 10:49:38
Most Linux security monitoring focuses on inbound activity: SSH attempts, firewall rules, authentication failures, exposed services.That makes sense — until you investigate real-world compromises.In...
I Finally Accepted That I'm Not Everyone's Cup of Tea — And That Changed Everything ☕
2025-12-15 10:49:30
I Finally Accepted That I'm Not Everyone's Cup of Tea — And That Changed Everything ☕For a long time, I thought something was wrong with me.Why didn't everyone like me? Why did some people...
I Didn't Hack Anything — The App Gave Me Admin Access by Itself
2025-12-15 10:49:26
Hey there!😁Continue reading on InfoSec Write-ups »
Beyond Credentials: The Hidden Ecosystem of InfoStealers and the Log Economy
2025-12-15 10:49:22
Imagine a potential scenario that would keep security engineers up at night. An employee in your organization adheres to all the rules. The organization uses a 16-character complex password and multi-factor...
Command and Control & Tunnelling via DNS
2025-12-15 10:49:12
An attacker has compromised a server. They try to connect out, but every port is blocked by a restrictive firewall…Except one: Port 53 (DNS).For most networks, DNS is the one protocol that is always...
Command and Control & Tunnelling via ICMP
2025-12-15 10:49:09
ICMP tunneling is a technique that uses the ICMP (Internet Control Message Protocol) to send data between two computers in a way that hides the data inside regular network traffic, like ping requests...
Precious HTB Machine Walk-Though!
2025-12-15 10:49:09
Executive SummaryContinue reading on InfoSec Write-ups »
Gigamon présente 5 tendances de la cybersécurité pour 2026 : la visibilité devient un facteur critique
2025-12-15 10:44:06
La cybercriminalité ne dort jamais. Et il serait illusoire d'espérer une amélioration l'an prochain, d'autant que les attaques pilotées par l'IA continueront d'accentuer la pression. Dans...
Kaspersky ICS CERT, la branche de recherche en cybersécurité industrielle de Kaspersky, partage ses tendances et perspectives pour le secteur en 2026
2025-12-15 10:41:12
L’année 2025 a été marquée par une pression constante sur les environnements industriels, avec une complexification croissante des menaces mondiales. Le Kaspersky Security Bulletin révèle...
SHADOW IA : Comment sécuriser votre SI face à l'IA invisible
2025-12-15 10:36:18
68% des employés qui utilisent des outils comme ChatGPT ou d'autres IA génératives le font à l'insu de leurs responsables directs ou sans en informer leur DSI. Tout comme le shadow IT, le shadow...
Inside a Low-Cost, Serverless Data Lineage System Built on AWS
2025-12-15 10:18:29
A real-time data/ML platform builder builds a tool to help teams find out what's wrong with an attribute. The tool is serverless, low-maintenance, and queries terabytes in seconds. It's fast when it reads...
Comment une campagne de phishing utilise « Evilginx » pour cibler les universités américaines
2025-12-15 10:12:11
Une étude sur le DNS met en lumière plus de 70 domaines utilisés dans une campagne de contournement de l'authentification multifactorielle (MFA) qui a duré plusieurs mois et ciblé des établissements...
ICO Issues Post Office Public Reprimand Instead of Fine Over Data Breach
2025-12-15 10:06:36
The post office has once again come under scrutiny after avoiding a fine for a data breach. In the data breach, more than 500 former post office workers who were wrongfully convicted during the Horizon...
Automating Content Tagging in Laravel Using OpenAI Embeddings and Cron Jobs
2025-12-15 10:04:14
AI embeddings can automatically determine the topic of a blog post and assign the appropriate tags without the need for human intervention. This guide demonstrates how to create a complete Laravel AI...
SantaStealer is Coming to Town: A New, Ambitious Infostealer Advertised on Underground Forums
2025-12-15 10:02:50
SummaryRapid7 Labs has identified a new malware-as-a-service information stealer being actively promoted through Telegram channels and on underground hacker forums. The stealer is advertised under the...
CERT-FR recommends completely deactivate Wi-Fi whenever it's not in use
2025-12-15 10:01:01
The CERT-FR (French Computer Emergency Response Team) is advising iPhone and Android users to fully disable Wi-Fi to reduce risk. CERT-FR warns iPhone and Android users to fully disable Wi-Fi to reduce...
Critical React2Shell Vulnerability (CVE-2025-55182) Analysis: Surge in Attacks Targeting RSC-Enabled Services Worldwide
2025-12-15 09:44:38
Torrance, United States / California, December 12th, 2025, CyberNewsWire In December 2025, CVE-2025-55182 (React2Shell), a vulnerability in React…
From Generative AI to Agentic AI: A Reality Check
2025-12-15 09:35:17
Opens with a 3 AM failure in a “fully autonomous” deployment to show why agentic AI is hard in practice
Clarifies the difference between reactive generative AI and goal-driven agentic AI using the...
Phantom Stealer Spread by ISO Phishing Emails Hitting Russian Finance Sector
2025-12-15 09:24:00
Cybersecurity researchers have disclosed details of an active phishing campaign that's targeting a wide range of sectors in Russia with phishing emails that deliver Phantom Stealer via malicious ISO optical...
What I Learned from Scanning Dozens of Small Government Websites (and Why the Same Bugs Keep Coming)
2025-12-15 09:23:00
I built an open-source scanner and pointed it at small U.S. government websites. The same five security mistakes kept showing up: weak HTTPS, no CSP, leaky test files, insecure cookies and outdated JS...
Microsoft: December security updates cause Message Queuing failures
2025-12-15 09:04:59
Microsoft has confirmed that the December 2025 security updates are breaking Message Queuing (MSMQ) functionality, affecting enterprise applications and Internet Information Services (IIS) websites. [...]...
Cheops conjugue souveraineté, sécurité et IA
2025-12-15 09:04:24
« C'est la première fois que Cheops réalise un Tour de France dans 11 villes avec ses partenaires technologiques (ndlr : (...)
Google double la surveillance de Gemini dans Chrome
2025-12-15 08:55:31
Après avoir reconnu que son agent de navigation Chrome alimenté par Gemini pouvait être amené à effectuer des actions (...)
Cyber deception trials: what we've learned so far
2025-12-15 08:17:28
An update on the NCSC's trials to test the real-world efficacy of cyber deception solutions.
A week in security (December 8 – December 14)
2025-12-15 08:03:00
A list of topics we covered in the week of December 8 to December 14 of 2025
Frogblight threatens you with a court case: a new Android banker targets Turkish users
2025-12-15 07:00:57
Kaspersky researchers have discovered a new Android banking Trojan targeting Turkish users and posing as an app for accessing court case files via an official government webpage. The malware is being...
VolkLocker Ransomware Exposed by Hard-Coded Master Key Allowing Free Decryption
2025-12-15 05:33:00
The pro-Russian hacktivist group known as CyberVolk (aka GLORIAMIST) has resurfaced with a new ransomware-as-a-service (RaaS) offering called VolkLocker that suffers from implementation lapses in test...
Fedora 43: Firefox Update 2025-f20b9f321d - Aarch64 Crashes Fixed
2025-12-15 01:28:41
Fixed aarch64 crashes Updated to latest upstream (146.0)
Fedora 42: Firefox Aarch64 Crash Fix Advisory 2025-4984e74557
2025-12-15 01:10:47
Fixed aarch64 crashes Updated to latest upstream (146.0)
Chromium Medium Problems in Password Manager and Toolbar for Fedora 42
2025-12-15 01:10:47
Update to 143.0.7499.109 * High: Under coordination * Medium CVE-2025-14372: Use after free in Password Manager * Medium CVE-2025-14373: Inappropriate implementation in Toolbar
Debian 11: ruby-sidekiq DLA-4407-1 CVE-2021-30151 XSS Risk
2025-12-15 00:50:16
ruby-sidekiq, a simple, efficient background processing for Ruby, had a couple of vulnerabilities as follows: CVE-2021-30151 Sidekiq allows XSS via the queue name of the live-poll feature when Internet...
Debian 11: ruby-git Critical Command Injection Vulnerabilities DLA-4406-1
2025-12-15 00:46:04
A couple of vulnerabilities were reported against ruby-git, a Ruby interface to the Git revision control system, that could lead to a command injection and execution of an arbitrary ruby code by having...
Vulnérabilité dans strongSwan (15 décembre 2025)
15/12/2025
Une vulnérabilité a été découverte dans StrongSwan. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
Multiples vulnérabilités dans les produits Apple (15 décembre 2025)
15/12/2025
De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation...
Multiples vulnérabilités dans Roundcube (15 décembre 2025)
15/12/2025
De multiples vulnérabilités ont été découvertes dans Roundcube. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et une injection de code indirecte à...
Multiples vulnérabilités dans les produits Elastic (15 décembre 2025)
15/12/2025
De multiples vulnérabilités ont été découvertes dans les produits Elastic. Elles permettent à un attaquant de provoquer une injection de code indirecte à distance (XSS) et un contournement de la...