Toute l'actualité de la Cybersécurité


North Korean Hackers Exploiting npm, GitHub, and Vercel to Deliver OtterCookie Malware

2025-11-27 13:40:20
A major security threat has emerged targeting software developers worldwide. North Korean state-sponsored threat actors, operating under the “Contagious Interview” campaign, are systematically...

Lire la suite »

Cronos Kicks Off K Global Hackathon Focused on AI-Powered On-Chain Payments

2025-11-27 13:39:16
Cronos launches x402 PayTech Hackathon with K prize pool to drive AI-powered on-chain payments using agent tech and Crypto.com tools.

Lire la suite »

Gitlab Patches Multiple Vulnerabilities that Enable Authentication Bypass and DoS Attacks

2025-11-27 13:37:01
GitLab has released critical security updates for its Community Edition (CE) and Enterprise Edition (EE) to address multiple high-severity vulnerabilities. The patches, rolled out in versions 18.6.1, 18.5.3,...

Lire la suite »

Hackers Actively Exploiting IoT Vulnerabilities to Deploy New ShadowV2 Malware

2025-11-27 13:08:23
During late October 2025, a new malware campaign dubbed ShadowV2 emerged, coinciding with a global AWS disruption. This sophisticated threat actively exploits vulnerabilities in IoT devices to assemble...

Lire la suite »

IA en santé : Inria et Doctolib s'associent

2025-11-27 12:58:52
Inria et Doctolib s'associent pour créer une équipe de recherche commune dédiée à la recherche allant du diagnostic assisté à l'accompagnement personnalisé des patients. The post IA en santé...

Lire la suite »

De nombreux identifiants exposés sur des sites de codage

2025-11-27 12:38:29
Identifiants, clés d’authentification, données de configuration, tokens et clés d’API sont potentiellement exposés (...)

Lire la suite »

Gemini 3 Pro : à J+10, un enthousiasme plus tempéré

2025-11-27 12:21:13
L'enthousiasme suscité par le premier modèle de la famille Gemini 3 perdure, mais se révèle plus modéré qu'au lancement. The post Gemini 3 Pro : à J+10, un enthousiasme plus tempéré appeared...

Lire la suite »

OpenAI API User Data Exposed in Mixpanel Breach, ChatGPT Unaffected

2025-11-27 12:19:02
OpenAI confirmed a third-party data breach via Mixpanel, exposing limited API user metadata like names, emails and browser…

Lire la suite »

Malicious Chrome Extension Silently Steal and Injects Hidden SOL Fees Into Solana Swaps

2025-11-27 11:36:43
A new threat has emerged in the Solana trading community. Security researchers have discovered a malicious Chrome extension named Crypto Copilot that appears to offer convenient trading features but secretly...

Lire la suite »

Angular HTTP Client Vulnerability Exposes XSRF Token to an Attacker-Controlled Domain

2025-11-27 11:35:35
A critical security vulnerability has been discovered in the Angular framework that could allow attackers to steal sensitive user security tokens. The vulnerability, tracked as CVE-2025-66035, affects...

Lire la suite »

OpenAI discloses API customer data breach via Mixpanel vendor hack

2025-11-27 11:27:06
OpenAI is notifying some ChatGPT API customers that limited identifying information was exposed following a breach at its third-party analytics provider Mixpanel. [...]

Lire la suite »

ByteToBreach Cybercriminal Selling Sensitive Global Data from Airlines, Banks, and Governments

2025-11-27 11:03:41
A cybercriminal operating under the alias ByteToBreach has emerged as a notable threat actor in the underground market, actively selling and leaking sensitive data from airlines, banks, universities,...

Lire la suite »

Meet TOON, the Format Helping LLMs Shed JSON's Extra Weight

2025-11-27 10:54:11
TOON is a token-optimized, lossless alternative to JSON that reduces prompt size, boosts retrieval accuracy, and streamlines how structured data is fed to LLMs. This guide explains what it is, why it...

Lire la suite »

Threat Actors Leverage Fake Update Lures to Deliver SocGholish Malware

2025-11-27 10:39:33
Threat actors continue to exploit a dangerous vulnerability in user behavior by deploying fake software updates to deliver the SocGholish malware. This malware delivery framework has evolved significantly...

Lire la suite »

ThreatsDay Bulletin: AI Malware, Voice Bot Flaws, Crypto Laundering, IoT Attacks — and 20 More Stories

2025-11-27 10:03:00
Hackers have been busy again this week. From fake voice calls and AI-powered malware to huge money-laundering busts and new scams, there's a lot happening in the cyber world. Criminals are getting creative...

Lire la suite »

Antitrust Pressure Builds Across the AI Chip Supply Chain

2025-11-27 10:00:02
This article traces how antitrust scrutiny is expanding across the AI supply chain—covering semiconductor mergers, GPU dominance, price-fixing scandals, cloud oversight, and the geopolitical policies...

Lire la suite »

OpenAI Discloses Mixpanel Data Breach – Name, Email Address and Operating System Details Exposed

2025-11-27 09:32:10
The company has publicly revealed a security incident involving Mixpanel, a third-party analytics provider previously used to monitor activity on platform.openai.com, the frontend for its API product....

Lire la suite »

Designing Reliable API Systems: Exception Handling with Spring Boot's ControllerAdvice

2025-11-27 09:06:31
This article shows how centralized exception handling in Spring Boot—using @ControllerAdvice, custom exceptions, and a unified error model—creates cleaner, more reliable REST APIs while eliminating...

Lire la suite »

How Big Tech Is Locking In the Frontier AI Supply Chain

2025-11-27 09:00:15
This section maps the integration landscape of the frontier AI supply chain, defining relevant product markets for AI labs, cloud providers, chip designers, fabricators and lithography firms, and distinguishing...

Lire la suite »

Hackers Actively Attacking Telecommunications & Media Industry to Deploy Malicious Payloads

2025-11-27 08:45:32
Cybercriminals are launching increasingly sophisticated attacks against the telecommunications and media industry, focusing their efforts on deploying malicious payloads that compromise critical infrastructure....

Lire la suite »

New ASUS firmware patches critical AiCloud vulnerability

2025-11-27 08:33:32
ASUS released new firmware to address multiple vulnerabilities, including a critical authentication bypass flaw in routers with AiCloud enabled. ASUS has issued new firmware addressing nine security vulnerabilities,...

Lire la suite »

The TechBeat: The Fatal Math Error Killing Every AI Architecture - Including The New Ones (11/27/2025)

2025-11-27 07:10:54
How are you, hacker? 🪐Want to know what's trending right now?: The Techbeat by HackerNoon has got you covered with fresh content from our trending stories of the day! Set email preference here. ...

Lire la suite »

Gainsight Expands Impacted Customer List Following Salesforce Security Alert

2025-11-27 07:03:00
Gainsight has disclosed that the recent suspicious activity targeting its applications has affected more customers than previously thought. The company said Salesforce initially provided a list of 3 impacted...

Lire la suite »

Hackers Exploiting Fake Battlefield 6 Popularity to Deploy Stealers and C2 Agents

2025-11-27 07:00:55
Since its release in October, Battlefield 6 has become one of the year’s most anticipated game launches. However, cybercriminals have quickly seized on this popularity to distribute malicious software....

Lire la suite »

The DIY 5G Router Hack That Turns a Raspberry Pi Into a Pocket-Sized Powerhouse

2025-11-27 06:26:36
Build a powerful 5G router using a Raspberry Pi 5 and OpenWRT. This step-by-step guide shows you how to add mobile connectivity and create a pocket-sized network powerhouse.

Lire la suite »

Solving Aurora DSQL's IAM Token Problem: A New SeaTunnel Sink Connector for Seamless Data Migration

2025-11-27 06:25:18
High-performance, secure, real-time sync made simple.

Lire la suite »

AI for Developers: What Works, What Doesn't, and Why On-Prem Still Matters

2025-11-27 06:13:33
In 2025, AI in software engineering has officially moved past the hype cycle. 84% of respondents now use or intend to use AI in their development process. 51% of professional developers rely on such tools...

Lire la suite »

Building Scalable SaaS: My Real-World Journey Using spatie/laravel-multitenancy for Multi-Tenant Arc

2025-11-27 06:12:52
This article breaks down how I've used this package in real production systems, what worked, what didn't, and the lessons I learned.

Lire la suite »

GPUs Trade Complexity for Massive Parallelism: What Every Machine Learning Engineer Should Know

2025-11-27 05:54:50
The goal of this article is to show the fundamental differences between CPU threads and GPU threads. It will also show how GPUs deliberately simplify per-thread control to pack in far more parallelism....

Lire la suite »

Why the Next Wave of AI Value Will Come from “Boring” Operations Work

2025-11-27 05:53:08
According to Karl Pinto, a veteran enterprise leader who has spent nearly two decades in incident management and digital operations, the true transformation is unfolding quietly in the background.

Lire la suite »

From Hypotheses to High-Value Calls: How Juan Solares Scales Customer Insights at Essential

2025-11-27 05:51:22
Solares's playbook suggests that systematic approaches to customer development function less as bureaucratic overhead and more as competitive advantages for lean teams.

Lire la suite »

China Software Developer Network - 6,414,990 breached accounts

2025-11-27 05:49:56
In 2011, the China Software Developer Network (CSDN) suffered a data breach that exposed over 6M user records. The data included email addresses alongside usernames and plain text passwords.

Lire la suite »

UNC2891 Hackers Use Linux Malware in Major Banking Security Heists

2025-11-27 02:47:22
UNC2891 has been working its way through gaps in ATM security and broader banking security by slipping small hardware implants into places most teams assume are locked down. Investigators found Raspberry...

Lire la suite »

Docker-BuildKit Memory Allocation Fix in Fedora 41: FEDORA-2025-1ccd7dbf40

2025-11-27 01:13:38
Update to release v0.26.1 Update to release v0.26.0 Resolves: rhbz#2412681, rhbz#2412761 Upstream new features and fixes dependency override for moby/policy-helper needed for license (default

Lire la suite »

Fedora 41: docker-buildx Critical Mem Exhaustion Fix CVE-2025-58185

2025-11-27 01:13:38
Update to release v0.30.1 Upstream fix Update to release v0.30.0 Resolves: rhbz#2413270 Resolves: rhbz#2407614, rhbz#2407881, rhbz#2408158, rhbz#2409066

Lire la suite »

Fedora 42: docker-buildkit CVE-2025-58183 Critical Unbounded Allocation

2025-11-27 01:00:15
Update to release v0.26.1 Update to release v0.26.0 Resolves: rhbz#2412681, rhbz#2412761 Upstream new features and fixes dependency override for moby/policy-helper needed for license (default

Lire la suite »

Fedora 43: 7zip Critical Directory Traversal RCE CVE-2025-11001

2025-11-27 00:48:05
Various CVE fixes, most importantly CVE-2025-11001 This also backports the Debian patch (PR unfortunately stalled upstream, with no communication from upstream developers) to not echo passwords when dealing...

Lire la suite »