Toute l'actualité de la Cybersécurité
New ErrTraffic service enables ClickFix attacks via fake browser glitches
2025-12-30 21:08:28
A new cybercrime tool called ErrTraffic allows threat actors to automate ClickFix attacks by generating 'fake glitches' on compromised websites to lure users into downloading payloads or following malicious...
Coupang announces .17B compensation plan for 33.7M data breach victims
2025-12-30 20:46:04
Coupang will spend about .17B to compensate 33.7 million users affected by a data breach, providing purchase vouchers to those impacted. Coupang announced it will spend about .17 billion to compensate...
Massive Magecart with 50+ Malicious Scripts Hijacking Checkout and Account Creation Flows
2025-12-30 19:13:39
A large-scale web skimming operation has emerged across the internet, targeting online shoppers and account holders with unprecedented scope. Security researchers have identified an over 50-script global...
Hackers Advertised VOID ‘AV Killer' with Kernel-level Termination Claims
2025-12-30 18:44:53
The cybercriminal threat actor known as Crypt4You has recently emerged on underground forums and dark web marketplaces, advertising a sophisticated tool named VOID KILLER. This malicious software operates...
ESET Warns AI-driven Malware Attack and Rapidly Growing Ransomware Economy
2025-12-30 18:10:37
The cybersecurity landscape has reached a critical turning point as artificial intelligence moves from theoretical threat to operational reality. In their H2 2025 Threat Report, ESET researchers have...
European Space Agency Confirms Breach of Servers Outside the Corporate Network
2025-12-30 17:32:18
The European Space Agency (ESA) has confirmed a cybersecurity breach affecting a limited number of external servers, marking a rare public admission of vulnerability in the continent’s premier space...
Hackers Infiltrated Maven Central Masquerading as a Legitimate Jackson JSON Library
2025-12-30 17:12:01
A new malware campaign has successfully infiltrated Maven Central, one of the most trusted repositories for Java developers, by masquerading as a legitimate Jackson JSON library extension. The malicious...
HackerNoon to AI: We're Here for Answers, Not a Relationship
2025-12-30 17:00:00
This week's 3 Tech Polls breaks down how the HackerNoon community feels about AI voice and tone, with accuracy overwhelmingly prioritized over personality. The newsletter also explores market skepticism...
How Visionary Architect Prasad Bhalkikar Transformed Fortune 500 Enterprises
2025-12-30 16:44:30
Prasad Bhalkikar's career showcases how visionary enterprise architecture drives large-scale transformation. From leading cloud migrations and microservices adoption to mentoring high-performing teams...
CSA Issues Alert on Critical SmarterMail Bug Allowing Remote Code Execution
2025-12-30 16:28:00
The Cyber Security Agency of Singapore (CSA) has issued a bulletin warning of a maximum-severity security flaw in SmarterTools SmarterMail email software that could be exploited to achieve remote code...
European Space Agency confirms breach of "external servers"
2025-12-30 16:26:56
The European Space Agency (ESA) confirmed that attackers recently breached servers outside its corporate network, which contained what it described as "unclassified" information on collaborative engineering...
The HackerNoon Newsletter: What the Heck is GizmoSQL? (12/30/2025)
2025-12-30 16:02:30
How are you, hacker?
🪐 What's happening in tech today, December 30, 2025?
The
HackerNoon Newsletter
brings the HackerNoon
...
La mairie de Lens paralysée et LockBit 5.0 joue au Père-Noël
2025-12-30 15:48:04
Lens victime d'une intrusion : services municipaux dégradés, téléphonie et portail famille touchés, plainte déposée. Pendant ce temps, LockBit 5.0 fête Noël....
Zoom Stealer browser extensions harvest corporate meeting intelligence
2025-12-30 15:41:53
A newly discovered campaign, which researchers call Zoom Stealer, is affecting 2.2 million Chrome, Firefox, and Microsoft Edge users through 18 extensions that collect online meeting-related data like...
Cyber-IA expo 2026 : l'IA au coeur de la cybersécurité
2025-12-30 15:32:41
Cyber-IA expo 2026 à Paris : cyber et IA, NIS2, démonstrations, gouvernance et édition Munich annoncée....
Cyber show paris 2026, la cyber au cœur du business
2025-12-30 15:28:28
Cyber Show Paris 2026 : décideurs, santé, coupure Internet et influence étrangère, au prisme cyber, à Paris....
US cybersecurity experts plead guilty to BlackCat ransomware attacks
2025-12-30 15:25:17
Two former employees of cybersecurity incident response companies Sygnia and DigitalMint have pleaded guilty to targeting U.S. companies in BlackCat (ALPHV) ransomware attacks in 2023. [...]
Mustang Panda deploys ToneShell via signed kernel-mode rootkit driver
2025-12-30 15:22:51
China-linked APT Mustang Panda used a signed kernel-mode rootkit driver to load shellcode and deploy its ToneShell backdoor. China-linked APT Mustang Panda (aka Hive0154, HoneyMyte, Camaro Dragon, RedDelta or Bronze...
HoneyMyte (aka Mustang Panda) Deploys ToneShell Backdoor in New Attacks
2025-12-30 15:22:48
HoneyMyte (Mustang Panda) is back with a new ToneShell backdoor. Read how this stealthy attack blinds Microsoft Defender to target government entities in Asia.
The New “Front Door” of Care: What Support Agents Know About Members That Clinics Don't
2025-12-30 15:17:11
Transcom: First signs of member confusion don't appear during clinical visits. They surface earlier, in support conversations that reveal where care journeys break down. Transcom works with health systems...
How Supercell Powers its Massive Social Network with ScyllaDB
2025-12-30 14:59:59
Supercell scaled real-time, cross-game social features for hundreds of millions of players using ScyllaDB Cloud. With just two engineers, they built Supercell ID for account management, chat, presence,...
Chinese Hackers Use Rootkit to Hide ToneShell Malware Activity
2025-12-30 14:52:48
A Chinese-linked threat group tied to the HoneyMyte, also known as Mustang Panda or Bronze President, is using a new kernel rootkit to hide its ToneShell backdoor. The campaign has hit government networks...
Plakar structure la sauvegarde en mode open source
2025-12-30 14:52:23
Reposant sur un projet open source démarré il y a 10 ans par Gilles Chehade (ingénieur systèmes, ancien de Scality, (...)
Chaos à Shanghai après le sabotage d'une billetterie
2025-12-30 14:48:42
Shanghai : sabotage d'une billetterie avant un événement, accès via identifiant fuité et poursuites contre un ex-associé....
CISA orders feds to patch MongoBleed flaw exploited in attacks
2025-12-30 14:40:13
CISA ordered U.S. federal agencies to patch an actively exploited MongoDB vulnerability (MongoBleed) that can be exploited to steal credentials, API keys, and other sensitive data. [...]
Systèmes d'alerte US perturbés après une attaque CodeRED
2025-12-30 14:39:23
Cyberattaque CodeRED : alertes d'urgence stoppées dans plus de dix États, fuite de mots de passe et bascule vers IPAWS....
The Top Cybersecurity Predictions For 2026
2025-12-30 14:35:02
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Dec. 30, 2025 –Read the full story in Government Technology Dan Lohrmann, internationally recognized cybersecurity...
Encore une faille critique zero day dans les pare-feux WatchGuard Firebox
2025-12-30 14:29:05
Alerte urgente de WatchGuard sur ses pare-feux Firebox après la découverte d’une vulnérabilité critique exploitée (...)
Des pirates Wi-Fi condamnés après des attaques dans des aéroports
2025-12-30 14:24:31
Australie : Michael Clapsis condamné pour attaques Wi-Fi “jumeau malveillant” en aéroports et en vol, et vol de données....
Freedom Mobile touché par une fuite via un sous-traitant
2025-12-30 14:06:40
Freedom Mobile confirme une fuite via un compte sous-traitant, données d'identité exposées, risque accru de phishing fin 2025....
Debian LTS: php-zip Important PHAR Deserialization 2025-4428-2
2025-12-30 14:01:16
Two vulnerabilities were discovered in php-dompdf, a PHP library to convert HTML to PDF. CVE-2021-3838 php-dompdf is vulnerable to PHAR deserialization due to a lack of checking on the protocol before...
L'Epita ouvre un bachelor en cybersécurité à Rennes
2025-12-30 13:56:54
Avec l’ouverture à la rentrée prochaine d’un bachelor en cybersécurité à Rennes, l’école d’informatique (...)
New Tech Deployments That Cyber Insurers Recommend for 2026
2025-12-30 13:56:23
An analysis of cyber-insurance claims data shows which cyber defenses actually work for policyholders. Here are six technologies that will pay off for companies in 2026.
Guide to Auditing UFW Firewall Rules on Long-Term Linux Environments
2025-12-30 13:54:37
Over time, it's common for the same service to be allowed by more than one rule. An older broad rule may still match traffic first, while newer, more restrictive rules below it are never evaluated.
Washington traque deux opérateurs cyber liés aux Gardiens Iraniens
2025-12-30 13:16:41
Récompense US contre deux opérateurs cyber iraniens, entre intrusions, influence électorale, IA et hack-and-leak....
From Failure Data to Futureproof Design: The Engineer Turning Battery Risks into Predictive Safety
2025-12-30 12:29:59
Engineer Aravind Reddy Boozula reframes battery failure as intelligence. By combining physics-based models with machine learning, he designs battery systems that detect risk early, adapt to real-world...
EmEditor Homepage Download Button Served Malware for 4 Days
2025-12-30 11:58:48
Warning for EmEditor users: A third-party breach tampered with the official download link between Dec 19–22, 2025. Learn how to identify the fake installer and protect your data from infostealer malware....
Critical Vulnerability in SmarterMail Let Attackers Execute Remote Code
2025-12-30 11:57:33
SmarterTools has issued an urgent security advisory addressing a critical vulnerability in SmarterMail that could allow attackers to execute remote code on mail servers. The flaw, tracked as CVE-2025-52691,...
CISA Warns of MongoDB Server Vulnerability(CVE-2025-14847) Exploited in Attacks
2025-12-30 11:35:06
CISA has added a critical MongoDB Server vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, warning that the flaw is being actively exploited in cyberattacks. CVE-2025-14847 affects MongoDB...
Lithuanian suspect arrested over KMSAuto malware that infected 2.8M systems
2025-12-30 11:26:46
A Lithuanian national was arrested for allegedly spreading KMSAuto malware that stole clipboard data and infected 2.8 million Windows and Office systems. A Lithuanian man (29) was arrested for allegedly...
Debian 11: Serious Buffer Overflow Flaw Detected in osslsigncode DLA-4426-1
2025-12-30 11:16:57
A Buffer Overflow vulnerability has been found in osslsigncode, a OpenSSL based Authenticode signing tool for PE/MSI/Java CAB files, which possibly allows an malicious attacker to execute arbitrary code...
Silver Fox Targets Indian Users With Tax-Themed Emails Delivering ValleyRAT Malware
2025-12-30 10:46:00
The threat actor known as Silver Fox has turned its focus to India, using income tax-themed lures in phishing campaigns to distribute a modular remote access trojan called ValleyRAT (aka Winos 4.0).
"This...
Quel futur pour l'infrastructure cloud Microsoft Azure
2025-12-30 10:38:34
Alors que 2025 se termine, il semble opportun d'examiner comment le cloud Azure de Microsoft prévoit d'aborder la seconde moitié de la décennie. (...)
2025 exposed the risks we ignored while rushing AI
2025-12-30 10:02:11
We explore how the rapid rise of Artificial Intelligence (AI) is putting users at risk.
70,000+ MongoDB Servers Vulnerable to MongoBleed Exploit – PoC Released
2025-12-30 09:57:39
A critical vulnerability in MongoDB Server is putting tens of thousands of databases worldwide at risk. Dubbed MongoBleed and tracked as CVE-2025-14847, this high-severity flaw allows unauthenticated...
How to Integrate AI into Modern SOC Workflows
2025-12-30 09:30:00
Artificial intelligence (AI) is making its way into security operations quickly, but many practitioners are still struggling to turn early experimentation into consistent operational value. This is because...
How I Found 7 Logical Bugs in the com-olho CTF Feature
2025-12-30 08:52:35
Welcome back! You might remember that in the last blog I talked about 7 bugs in a small part of a website — this blog is about that.And sorry, I don't have any proof images this time (as always),...
DAST Automation Using BurpSuite MCP
2025-12-30 08:52:27
Recently Portswigger team introduced Burp MCP, which help to automate the Dynamic security assessment with one prompt. Recently MCP is booming, which is really amazing.We have automated most of the SAST...
Droid-Warden CTF by INE : How I Finished First Under Pressure
2025-12-30 08:45:38
Droid-Warden CTF by INE : How I Finished First Under PressureINE's Android Pentesting CTF · Medium · 14 days ChallengeA Note Before the Technical WalkthroughThere was a moment during this CTF where...
PortSwigger Academy Lab: Information disclosure on debug page
2025-12-30 08:45:09
Description: This lab contains a debug page that discloses sensitive information about the application. To solve the lab, obtain and submit the SECRET_KEY environment variable.Upon accessing the lab,...
Insecure Deserialization → RCE
2025-12-30 08:44:59
In this blog, we will discuss insecure deserialization and how we can achieve RCEContinue reading on InfoSec Write-ups »
PortSwigger Academy Lab: Information disclosure in error messages
2025-12-30 08:44:05
Description: This lab's verbose error messages reveal that it is using a vulnerable version of a third-party framework. To solve the lab, obtain and submit the version number of this framework.Upon...
Google Appspot XSS CTF Walkthrough
2025-12-30 08:43:14
XSS, DOM Manipulation, Input Reflection — A complete step-by-step walkthrough of Google’s XSS Game demonstrating real-world cross-site…Continue reading on InfoSec Write-ups...
How AI Shaped My Preparation for the CREST CPSA — Preparation tips, Mock test, Study Plan
2025-12-30 08:39:35
How AI Shaped My Preparation for the CREST CPSA — Preparation tips, Mock test, Study PlanHello All. I recently cleared the CREST CPSA exam and while preparing i too faced the same issue that you...
Mustang Panda Uses Signed Kernel-Mode Rootkit to Load TONESHELL Backdoor
2025-12-30 08:35:00
The Chinese hacking group known as Mustang Panda has leveraged a previously undocumented kernel-mode rootkit driver to deliver a new variant of backdoor dubbed TONESHELL in a cyber attack detected in...
U.S. CISA adds a flaw in MongoDB Server to its Known Exploited Vulnerabilities catalog
2025-12-30 08:33:56
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a MongoDB Server flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a...
SUSE: libpng16 Moderate Buffer Overflow and Over-Read Issues 2025:4533-1
2025-12-30 08:30:11
An update that solves four vulnerabilities can now be installed.
openSUSE: Critical DPDK22 Denial Of Service Vulnerability CVE-2025-23259
2025-12-30 08:30:07
An update that solves one vulnerability and has one security fix can now be installed.
SUSE: Important Denial of Service Issue in DPDK22 Resolved CVE-2025-23259
2025-12-30 08:30:06
An update that solves one vulnerability and has one security fix can now be installed.
The TechBeat: The Hidden Cost of AI: Why It's Making Workers Smarter, but Organisations Dumber (12/30/2025)
2025-12-30 07:10:54
How are you, hacker?
🪐Want to know what's trending right now?:
The Techbeat by HackerNoon has got you covered with fresh content from our trending stories of the day! Set email preference here.
...
From Code to Capital: The Tech Architecture Driving the Stablecoin and Tokenization Revolution
2025-12-30 04:49:23
In 2024, stablecoin transfer volumes will eclipse the combined settlement volume of traditional payment providers by more than 7%. This figure represents a fundamental inversion of the financial hierarchy....
Slop Isn't the Problem. It's the Symptom.
2025-12-30 04:39:35
"Slop" isn't the root problem. It's a symptom of output outpacing interpretation. As tech enables faster, higher-volume production, meaning and shared understanding fail to keep up. This leadsto subtle...
The ,000 PDF No One Reads: Why Your Security Audits Are Failing
2025-12-30 04:39:15
Security isn't about generating paperwork; it's about finding the cracks before the water gets in.
What the Heck is GizmoSQL?
2025-12-30 04:37:26
GizmoSQL is an open-source, in-process analytical database engine designed for OLAP workloads. It is a small server that runs DuckDB, with the Arrow Flight SQL protocol wrapped around it so that you can...
The Death of the Click: Winning the Era of AEO
2025-12-30 04:36:10
As AI agents like Perplexity and SearchGPT replace traditional search, CMOs must shift from SEO to Answer Engine Optimization (AEO). This article explores the technical transition to RAG, the rise of...
Important CVE Rebuild for Fedora 42 with golang-github-evanw-esbuild
2025-12-30 01:14:46
Rebuild for CVEs
Chinese state hackers use rootkit to hide ToneShell malware activity
2025-12-30 00:08:42
A new sample of the ToneShell backdoor, typically seen in Chinese cyberespionage campaigns, has been delivered through a kernel-mode loader in attacks against government organizations. [...]
List of 18 new domains
2025-12-30 00:00:00
.fr assurance-ameli[.fr] (registrar: Dynadot Inc)
cleobetrafr[.fr] (registrar: NETIM)
dudespin-france[.fr] (registrar: GANDI)
dudespin-officiel[.fr] (registrar: GANDI)
france3-regions[.fr] (registrar:...