Toute l'actualité de la Cybersécurité
CyberVolk Hackers Group With New VolkLocker Payloads Attacks both Linux and Windows Systems
2025-12-12 12:15:29
CyberVolk, a pro-Russia hacktivist group, has reemerged with a new ransomware platform called VolkLocker following a period of dormancy in 2025. The group, first documented in late 2024 for conducting...
New ConsentFix Attack Let Attackers Hijack Microsoft Accounts by Leveraging Azure CLI
2025-12-12 11:55:43
A sophisticated new phishing attack technique called “ConsentFix” that combines OAuth consent phishing with ClickFix-style prompts to compromise Microsoft accounts without requiring passwords...
NANOREMOTE Malware Leverages Google Drive API for Command-and-Control (C2) to Attack Windows Systems
2025-12-12 11:34:47
A sophisticated new Windows backdoor named NANOREMOTE emerged in October 2025, presenting a significant threat to enterprise environments by leveraging legitimate cloud infrastructure for malicious purposes....
New Windows RasMan zero-day flaw gets free, unofficial patches
2025-12-12 11:28:06
Free unofficial patches are available for a new Windows zero-day vulnerability that allows attackers to crash the Remote Access Connection Manager (RasMan) service. [...]
Elastic detects stealthy NANOREMOTE malware using Google Drive as C2
2025-12-12 11:11:36
Elastic found a new Windows backdoor, NANOREMOTE, similar to FINALDRAFT/REF7707, using the Google Drive API for C2. Elastic Security Labs researchers uncovered NANOREMOTE, a new Windows backdoor that...
New BlackForce Phishing Kit Lets Attackers Steal Credentials Using MitB Attacks and Bypass MFA
2025-12-12 10:41:50
A sophisticated phishing tool called BlackForce has emerged as a serious threat to organizations worldwide. First observed in August 2025, this professional-grade kit allows criminals to steal login information...
From Breach Fatigue to Brand Loyalty: Winning Customer Confidence in an Era of Constant Threats
2025-12-12 10:27:10
The Trust Crisis No One's Talking About Every breach, leak, or phishing attack doesn't just affect the targeted company—it reverberates across the broader consumer landscape. Each new headline chips...
How private is your VPN?
2025-12-12 10:25:00
After years of trying VPNs for myself, privacy-minded family members, and a few mission-critical projects, here's what I wish everyone knew.
Securing GenAI in the Browser: Policy, Isolation, and Data Controls That Actually Work
2025-12-12 10:18:00
The browser has become the main interface to GenAI for most enterprises: from web-based LLMs and copilots, to GenAI‑powered extensions and agentic browsers like ChatGPT Atlas. Employees are leveraging...
Beware of Fake Leonardo DiCaprio Movie Torrent File Drops Agent Tesla Malware
2025-12-12 10:01:54
A new threat is targeting movie lovers who search for the latest films online. Cybercriminals are now using the popularity of Leonardo DiCaprio’s new film, One Battle After Another, to spread the...
Following the digital trail: what happens to data stolen in a phishing attack
2025-12-12 10:00:39
Kaspersky experts detail the journey of the victims' data after a phishing attack. We break down the use of email-based phishing kits, Telegram bots, and customized administration panels.
MITRE Releases Top 25 Most Dangerous Software Weaknesses of 2025
2025-12-12 09:51:34
MITRE has unveiled its 2025 Common Weakness Enumeration (CWE™) Top 25 Most Dangerous Software Weaknesses list, highlighting the root causes behind 39,080 Common Vulnerability and Exposure (CVE™) records...
CISA orders feds to patch actively exploited Geoserver flaw
2025-12-12 09:48:31
CISA has ordered U.S. federal agencies to patch a critical GeoServer vulnerability now actively exploited in XML External Entity (XXE) injection attacks. [...]
U.S. CISA adds an OSGeo GeoServer flaw to its Known Exploited Vulnerabilities catalog
2025-12-12 09:24:42
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds an OSGeo GeoServer flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an...
Ashen Lepus Hacker Group Attacks Eastern Diplomatic Entities With New AshTag Malware
2025-12-12 09:13:31
A Hamas‑affiliated threat group known as Ashen Lepus, also tracked as WIRTE, has launched a new espionage campaign against governmental and diplomatic entities across the Middle East. The group uses...
Apache Struts 2 DoS Vulnerability Let Attackers Crash Server
2025-12-12 09:04:39
A critical denial-of-service vulnerability has been discovered in Apache Struts 2, affecting multiple versions of the popular web application framework. The vulnerability, identified as CVE-2025-64775,...
New React RSC Vulnerabilities Enable DoS and Source Code Exposure
2025-12-12 08:55:00
The React team has released fixes for two new types of flaws in React Server Components (RSC) that, if successfully exploited, could result in denial-of-service (DoS) or source code exposure.
The team...
MITRE shares 2025's top 25 most dangerous software weaknesses
2025-12-12 08:43:16
MITRE has shared this year's top 25 list of the most dangerous software weaknesses behind over 39,000 security vulnerabilities disclosed between June 2024 and June 2025. [...]
React2Shell Exploitation Escalates into Large-Scale Global Attacks, Forcing Emergency Mitigation
2025-12-12 08:41:00
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has urged federal agencies to patch the recent React2Shell vulnerability by December 12, 2025, amid reports of widespread exploitation.
The...
Windows Remote Access Connection Manager Vulnerabilities Let Attackers Escalate Privileges
2025-12-12 08:35:50
Two critical privilege escalation flaws were disclosed in the Windows Remote Access Connection Manager on December 9, 2025. The vulnerabilities, tracked as CVE-2025-62472 and CVE-2025-62474, allow authorized...
Turn me on, turn me off: Zigbee assessment in industrial environments
2025-12-12 08:00:17
Kaspersky expert describes the Zigbee wireless protocol and presents two application-level attack vectors that allow Zigbee endpoints to be turned on and off.
CISA Warns of OSGeo GeoServer 0-Day Vulnerability Exploited in Attacks
2025-12-12 07:26:01
An urgent warning about a critical security flaw in OSGeo GeoServer, a widely used open-source geographic data-sharing server. CISA has added the vulnerability to its Known Exploited Vulnerabilities (KEV)...
MKVCinemas streaming piracy service with 142M visits shuts down
2025-12-12 07:14:31
An anti-piracy coalition has dismantled one of India's most popular streaming piracy services, which has provided free access to movies and TV shows to millions over the past two years. [...]
The TechBeat: How AIStor's Prompt API Lets Healthcare Professionals “Talk” to Their Data (12/12/2025)
2025-12-12 07:11:01
How are you, hacker?
🪐Want to know what's trending right now?:
The Techbeat by HackerNoon has got you covered with fresh content from our trending stories of the day! Set email preference here.
...
Hamas-Linked Hackers Probe Middle Eastern Diplomats
2025-12-12 07:00:00
Hamas's best hackers have been maturing, building better malware, and spreading their attacks more widely across the region.
Obscura Brings Bulletproofs++ to the Beldex Mainnet for Sustainable Scaling
2025-12-12 06:01:28
Beldex introduced the Obscura hardfork, which went live on December 7, 2025, at block height 4939540.
The upgrade includes multiple refinements, but its core improvement is the integration of Bulletproofs++....
ScreenSafe: A Technical Chronicle of On-Device AI and Privacy-First Architecture
2025-12-12 06:00:31
The Problem: Cloud-based moderation violates privacy, but on-device AI hits hostile OS limits—specifically the iOS Share Extension memory ceiling (120MB) and Android's Binder IPC limit (1MB).
The Solution:...
Model.fit is More Complex Than it Looks
2025-12-12 06:00:31
Linear regression's closed-form solution looks simple, but computing inverse matrix is numerically dangerous. Ill-conditioned matrices, floating-point limits, and squaring the condition number in XᵀX...
Lessons From Hands-on Research on High-Velocity AI Development
2025-12-12 05:57:11
The main constraint on AI-assisted development was not model capability but how context was structured and exposed.
3 Common Misconceptions Fintech Founders Have About Engineering Teams
2025-12-12 05:50:05
Fintech founders often make assumptions about how software development works. Agile frameworks let you adjust plans after every iteration. As your product grows, so does the complexity of its functionality...
Designing AI-Ready Infrastructure: What Modern Data Centers Actually Need
2025-12-12 05:49:28
You can buy racks of accelerators, but unless the entire power, cooling, and networking stack is prepared, those boxes turn into very expensive space heaters.
How I Built a “Bicameral” AI Agent That Uses Australian Lasers to Make Decisions When Logic Fails
2025-12-12 05:39:23
Quantum chaos = random AIBy giving an AI a direct line to the quantum vacuum, we aren't just making a random number generator. We are building a machine that can break its own chains of causality.
How GenAI is Reshaping the Modern Data Architecture
2025-12-12 05:33:02
In today's world, most of the enterprises are building LLM based GenAI solutions with document and database vectors. This is the moment almost every enterprise reaches: the GenAI works, but the data...
How to Dive into a New Domain and Ship a High-Load System Fast
2025-12-12 05:28:24
Remember: it's difficult at first, but soon you'll be swimming like a fish in water.
Your Brain Isn't Broken—Your Map Is:
2025-12-12 05:20:34
Buddhist cognitive science deals with your "structure of meaning." The mind is an interpretive engine, not a mechanical device. Your “Map” Is Built From Patterns, Not Neurons.
UK Government to Start Tracking All Crypto Transactions
2025-12-12 05:16:07
HMRC will use this data to cross-check against information provided in self-assessment tax returns. Robin Thatcher, founder of CryptoTaxHelp, said he expects an increase in targeted compliance checks.
CISA Flags Actively Exploited GeoServer XXE Flaw in Updated KEV Catalog
2025-12-12 05:01:00
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a high-severity security flaw impacting OSGeo GeoServer to its Known Exploited Vulnerabilities (KEV) catalog, based on...
Oracle Linux 10: Ruby Moderate Security Advisory ELSA-2025-23141
2025-12-12 05:00:37
The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:
Oracle 10: ELSA-2025-23139 Libsoup3 Moderate Security Update
2025-12-12 05:00:35
The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:
Oracle Linux 10: Grafana Moderate CVE-2025-58183 ELSA-2025-23088
2025-12-12 05:00:34
The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:
Oracle Linux 10: ELSA-2025-23083 Wireshark Important Update for DoS Risk
2025-12-12 05:00:32
The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:
Oracle Linux 10: Tomcat Important Risk Update ELSA-2025-23050
2025-12-12 05:00:30
The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:
Oracle Linux 9 ELSA-2025-23087 Grafana Moderate Threat Advisory
2025-12-12 04:58:25
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: