Toute l'actualité de la Cybersécurité


Ukraine Hackers Attacking Russian Aerospace Companies and Other Defence-Related Sectors

2025-12-02 20:06:19
Ukraine-linked hackers are stepping up cyberattacks against Russian aerospace and wider defence-related companies, using new custom malware to steal designs, schedules, and internal emails. The campaign...

Lire la suite »

ChatGPT is down worldwide, conversations dissapeared for users

2025-12-02 19:52:16
OpenAI's AI-powered ChatGPT is down worldwide, and the reason is unclear. [...]

Lire la suite »

Hackers Leverage Evilginx to Undermine MFA Security Mimicking Legitimate SSO Sites

2025-12-02 19:40:42
Hackers are turning to Evilginx, a powerful adversary-in-the-middle tool, to get around multi-factor authentication and take over cloud accounts. The framework acts as a reverse proxy between the victim...

Lire la suite »

Announcing Rapid7's Next-Gen SIEM Buyer's Guide

2025-12-02 19:38:51
AI dominates headlines, yet one cornerstone of security operations keeps evolving to meet today's threats. Security Information and Event Management (SIEM) has come a long way from basic logging. Modern...

Lire la suite »

1,6 million de données volées après un piratage de France Travail

2025-12-02 19:06:32
Déjà piratée en juillet dernier, l'agence pour l'emploi a encore eté victime d'une cyberattaque et les données personnelles (...)

Lire la suite »

Shai-Hulud 2.0 NPM malware attack exposed up to 400,000 dev secrets

2025-12-02 19:06:20
The second Shai-Hulud attack last week exposed around 400,000 raw secrets after infecting hundreds of packages in the NPM (Node Package Manager) registry and publishing stolen data in 30,000 GitHub repositories....

Lire la suite »

Salty2FA and Tycoon2FA Phishing Kits Attacking Enterprise Users to Steal Login Credentials

2025-12-02 18:18:54
A new type of phishing attack that combines two different phishing kits: Salty2FA and Tycoon2FA. This marks a significant change in the Phishing-as-a-Service (PhaaS) landscape. While phishing kits typically...

Lire la suite »

Everest Ransomware Claims ASUS Breach and 1TB Data Theft

2025-12-02 18:10:58
Everest ransomware group claims it breached ASUS, stealing over 1TB of data including camera source code. ASUS has been given 21 hours to respond via Qtox.

Lire la suite »

“Sleeper” browser extensions woke up as spyware on 4 million devices

2025-12-02 17:49:51
After seven years of acting like normal add-ons, five popular Chrome and Edge extensions with millions of installs suddenly turned malicious.

Lire la suite »

India Orders Messaging Apps to Work Only With Active SIM Cards to Prevent Fraud and Misuse

2025-12-02 17:46:00
India's Department of Telecommunications (DoT) has issued directions to app-based communication service providers to ensure that the platforms cannot be used without an active SIM card linked to the user's...

Lire la suite »

Gouvernance des données et IA au menu du Databricks Summit

2025-12-02 17:30:55
Plus de 2 000 personnes se sont données rendez-vous ce mardi à l’Arena la Défense (92) pour assister à l’évènement (...)

Lire la suite »

Researchers Expose Lazarus Recruitment Pipeline Live on Camera Through Honeypot Operation

2025-12-02 17:29:08
A collaborative investigation by Mauro Eldritch of BCA LTD, ANYRUN, and NorthScan has provided unprecedented visibility into how North Korean threat actors from the Lazarus Group recruit and operate against...

Lire la suite »

How to build forward-thinking cybersecurity teams for tomorrow

2025-12-02 17:00:00
To secure the future, we must future-proof our cybersecurity talent and develop teams that are agile, innovative, and perpetually learning. The post How to build forward-thinking cybersecurity teams for...

Lire la suite »

Cardano's 14-Hour Stress Test: How the Network Took a Hit and Healed Itself

2025-12-02 16:57:38
Cardano suffered a 14 hour, self-repairing chain fork on November 21st, 2025. This is the largest degradation of service for Cardano in its 8 years of operation. A serialization bug caused a unidirectional...

Lire la suite »

When the Models Forget You: The Hidden Brand Failure No One Is Monitoring Yet

2025-12-02 16:37:44
Generative models shape first impressions before users ever show up, and their memory drifts long before your metrics do. Most teams monitor the market but never audit the engines that introduce them....

Lire la suite »

NK Hackers Push 200 Malicious npm Packages with OtterCookie Malware

2025-12-02 16:34:09
North Korean hackers escalated the "Contagious Interview" attack, flooding the npm registry with over 200 malicious packages to install OtterCookie malware. This attack targets blockchain and Web3 developers...

Lire la suite »

AI Cybersecurity: The Sword and Shield of the Next Cyber Frontier

2025-12-02 16:30:08
The age of human hacking is over. Microsoft's 2025 report confirms LLMs are automating attacks faster than defenders can react. Welcome to the algorithmic battlefield.

Lire la suite »

Pourquoi OpenAI décrète l'« alerte rouge » face à Google

2025-12-02 16:24:53
Bousculée par les dernières avancées de Google et d'Anthropic, OpenAI suspend ses projets annexes pour sauver le soldat ChatGPT. The post Pourquoi OpenAI décrète l’« alerte rouge » face à...

Lire la suite »

Air fryer app caught asking for voice data (re-air) (Lock and Code S06E24)

2025-12-02 16:22:00
This week on the Lock and Code podcast, we revisit three stories about smart devices that want to collect more data than people may know.

Lire la suite »

Microsoft Defender portal outage disrupts threat hunting alerts

2025-12-02 16:10:06
Microsoft is working to mitigate an ongoing incident that has been blocking access to some Defender XDR portal capabilities for the past 10 hours. [...]

Lire la suite »

The HackerNoon Newsletter: How Will We Distinguish Truth From Fiction? (12/2/2025)

2025-12-02 16:02:39
How are you, hacker? 🪐 What's happening in tech today, December 2, 2025? The HackerNoon Newsletter brings the HackerNoon ...

Lire la suite »

Prompt-Powered Personas: How AI Finally Fixes the Messy World of User Profiling

2025-12-02 16:02:30
Prompt‑powered personas are fast, data-backed, and cheap to use. They can be used to build user profiles and provide real-time feedback. They're also a powerful tool for analysing and analysing data....

Lire la suite »

Solar Reality - A Radical Reassessment of Life, Intelligence, and Causality

2025-12-02 15:39:14
Physics says we live inside a star's atmosphere. Biology ignores it. Why recognizing the Sun as the "Ontological Core" changes everything.

Lire la suite »

SaaS et chiffrement : Microsoft 365 ciblé par un appel à la vigilance

2025-12-02 15:27:08
L'association privatim - qui réunit des autorités de protection des données - rappelle les risques qu'induit le chiffrement fournisseur. The post SaaS et chiffrement : Microsoft 365 ciblé par un appel...

Lire la suite »

Les pirates de Contagious Interview trompent les développeurs

2025-12-02 15:19:53
Les chercheurs de Socket, à l’origine de la découverte de la campagne Contagious Interview, ont livré plus de détails (...)

Lire la suite »

MuddyWater strikes Israel with advanced MuddyViper malware

2025-12-02 15:19:27
Iran-linked threat actor MuddyWater targeted multiple Israeli sectors with a new MuddyViper backdoor in recent attacks. ESET researchers uncovered a new MuddyWater campaign targeting Israeli organizations...

Lire la suite »

Inside ODT Trade Desk's Mission to Bring Private Banking Standards to Cryptocurrency

2025-12-02 15:18:43
Discover how ODT Trade Desk is transforming crypto compliance with biometric security, blockchain forensics, and white-glove service. Chief Compliance Officer Kristi Evans and founder Bryan Trepanier...

Lire la suite »

USN-7903-1: Django vulnerabilities

2025-12-02 15:14:35
It was discovered that Django incorrectly handled certain characters in the FilteredRelation object. An attacker could possibly use this issue to execute arbitrary SQL commands. This issue only affected...

Lire la suite »

Cybercrime Goes SaaS: Renting Tools, Access, and Infrastructure

2025-12-02 15:10:20
Cybercrime has fully shifted to a subscription model, with phishing kits, Telegram OTP bots, infostealer logs, and even RATs now rented like SaaS tools. Varonis explains how this "crime-as-a-service"...

Lire la suite »

Researchers Capture Lazarus APT's Remote-Worker Scheme Live on Camera

2025-12-02 15:02:00
A joint investigation led by Mauro Eldritch, founder of BCA LTD, conducted together with threat-intel initiative NorthScan and ANY.RUN, a solution for interactive malware analysis and threat intelligence,...

Lire la suite »

GlassWorm Returns with 24 Malicious Extensions Impersonating Popular Developer Tools

2025-12-02 15:01:00
The supply chain campaign known as GlassWorm has once again reared its head, infiltrating both Microsoft Visual Studio Marketplace and Open VSX with 24 extensions impersonating popular developer tools...

Lire la suite »

SmartTube YouTube App for Android TV Compromised Following Exposure of Signing Keys

2025-12-02 15:00:14
The Android TV community faces a significant security crisis as SmartTube, a popular third-party YouTube client, has been compromised due to exposed signing keys. Security researchers have identified...

Lire la suite »

North Korea lures engineers to rent identities in fake IT worker scheme

2025-12-02 14:57:26
In an unprecedented intelligence operation, security researchers exposed how North Korean IT recruiters target and lure developers into renting their identities for illicit fundraising. [...]

Lire la suite »

3 failles zero-day CVSS 9.3 dans PickleScan : JFrog alerte l'écosystème PyTorch et la chaîne logistique IA

2025-12-02 14:44:22
JFrog Ltd., la société Liquid Software et créatrice de la plateforme JFrog Software Supply Chain, a annoncé aujourd’hui la découverte de trois vulnérabilités zero-day (chacune notée CVSS...

Lire la suite »

Preventing PR Nightmares: How to Build Communications Strategy Early

2025-12-02 14:42:25
From "holding statements" to "post-crisis storytelling": A complete 8-step checklist to turning a PR disaster into a leadership moment.

Lire la suite »

Cyber Startup Frenetik Launches with Patented Deception Technology That Bets Against the AI Arms Race

2025-12-02 13:01:03
Bethesda, USA / Maryland, 2nd December 2025, CyberNewsWire

Lire la suite »

AI Adoption Surges While Governance Lags — Report Warns of Growing Shadow Identity Risk

2025-12-02 12:01:04
Baltimore, MD, 2nd December 2025, CyberNewsWire

Lire la suite »

Google fixes two Android zero days exploited in attacks, 107 flaws

2025-12-02 14:36:44
Google has released the December 2025 Android security bulletin, addressing 107 vulnerabilities, including two flaws actively exploited in targeted attacks. [...]

Lire la suite »

New Arkanix Stealer Attacking Users to Steal VPN Accounts, Screenshots and Wi-Fi Credentials

2025-12-02 14:32:07
The Arkanix stealer is a new malware family now spreading in the wild. It targets home users and small offices that rely on VPN clients and wireless networks for daily work. Once active, it focuses on...

Lire la suite »

Whispering poetry at AI can make it break its own rules

2025-12-02 14:18:00
Malicious prompts rewritten as poems have been found to bypass AI guardrails. Which models resisted and which failed the poetic jailbreak test?

Lire la suite »

Malicious npm Package Uses Hidden Prompt and Script to Evade AI Security Tools

2025-12-02 14:17:00
Cybersecurity researchers have disclosed details of an npm package that attempts to influence artificial intelligence (AI)-driven security scanners. The package in question is eslint-plugin-unicorn-ts-2,...

Lire la suite »

Candiru's DevilsTongue Spyware Attacking Windows Users in Multiple Countries

2025-12-02 14:15:36
Candiru, an Israeli-based spyware vendor, has deployed sophisticated malware infrastructure across multiple countries to target high-value individuals including politicians, journalists, and business...

Lire la suite »

Trois ans après, l'IA générative a inauguré un âge d'or pour les cybercriminels

2025-12-02 14:11:44
Le dimanche 30 novembre marquait les trois ans du lancement de ChatGPT auprès du public. Depuis cette date, l’IA générative (GenAI) d’OpenAI a transformé notre manière de travailler,...

Lire la suite »

Souveraineté, rapidité et SaaS : trois leviers essentiels pour une gouvernance des identités de confiance

2025-12-02 14:09:35
À l'heure où les entreprises cherchent à conjuguer sécurité, conformité et agilité, la gestion des identités et des accès s'impose comme un pilier stratégique de la gouvernance IT. Longtemps...

Lire la suite »

Les priorités des DSI à l'ère de l'IA seront l'inférence, le NaaS 2.0 et la sécurité pour le quantique en 2026

2025-12-02 14:07:34
Ces priorités sont présentées par Colt après avoir consulté les entreprises et mené des études prédictives sur l'évolution du marché pour l'année prochaine. Tribune – Colt Technology...

Lire la suite »

Firefly évalue la résilience des applications critiques dans le cloud

2025-12-02 14:06:34
Récemment des pannes majeures ont frappé les principaux fournisseurs cloud, perturbant des services utilisés par des millions d’utilisateurs (...)

Lire la suite »

Ubuntu 25.10: Unbound Critical Regression Fix CVE-2025-11411 USN-7855-2

2025-12-02 14:05:53
USN-7855-1 introduced a regression in Unbound

Lire la suite »

Gradium lève 60 millions € pour industrialiser l'IA vocale

2025-12-02 14:03:40
La startup Gradium annonce une levée de fonds record de 60 millions € en amorçage et dévoile une technologie de rupture visant à remplacer les systèmes vocaux actuels par des modèles natifs. The...

Lire la suite »

How Falcon Finance's B Platform Just Added Its First Non-Dollar Sovereign Asset

2025-12-02 14:02:34
Falcon Finance integrated tokenized Mexican government bills (CETES) as collateral for its USDf stablecoin, marking the first non-US sovereign asset in its B+ system. The move diversifies beyond US...

Lire la suite »

Fake Calendly invites spoof top brands to hijack ad manager accounts

2025-12-02 14:00:00
An ongoing phishing campaign impersonates popular brands, such as Unilever, Disney, MasterCard, LVMH, and Uber, in Calendly-themed lures to steal Google Workspace and Facebook business account credentials....

Lire la suite »

Rapid7 Helps Lower Your Cost to Assurance for HITRUST

2025-12-02 14:00:00
Organizations across regulated sectors are under growing pressure to prove their security readiness. At the same time, traditional assurance approaches rely on periodic audits and manual evidence collection....

Lire la suite »

Ethical Hacker: Coolest Job In 2026

2025-12-02 13:58:47
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Dec. 2, 2025 – Read the full story in Bolde The working world is far weirder, cooler, and more creative than...

Lire la suite »

How Myriad and Trust Wallet Built the First Native Prediction Market for 220M Users

2025-12-02 13:47:44
Myriad became the first prediction market integrated directly into Trust Wallet's new Predictions feature, giving it access to 220 million users. The integration comes after Myriad reached 0 million...

Lire la suite »

Microsoft: KB5070311 triggers File Explorer white flash in dark mode

2025-12-02 13:39:51
Microsoft has confirmed that the KB5070311 preview update is triggering bright white flashes when launching the File Explorer in dark mode on Windows 11 systems. [...]

Lire la suite »

Iran-Linked Hackers Hits Israeli Sectors with New MuddyViper Backdoor in Targeted Attacks

2025-12-02 13:37:00
Israeli entities spanning academia, engineering, local government, manufacturing, technology, transportation, and utilities sectors have emerged as the target of a new set of attacks undertaken by Iranian...

Lire la suite »

USN-7855-2: Unbound regression

2025-12-02 13:15:02
USN-7855-1 fixed vulnerabilities in Unbound. It was discovered that the fix for CVE-2025-11411 was incomplete. This update fixes the problem. Original advisory details: Yuxiao Wu, Yunyi Zhang, Baojun...

Lire la suite »

DPRK's 'Contagious Interview' Spawns Malicious Npm Package Factory

2025-12-02 13:02:14
North Korean attackers have delivered more than 197 malicious packages with 31K-plus downloads since Oct. 10, as part of ongoing state-sponsored activity to compromise software developers.

Lire la suite »

University of Pennsylvania confirms new data breach after Oracle hack

2025-12-02 12:55:59
​The University of Pennsylvania (Penn) has confirmed a new data breach after attackers stole documents containing personal information from its Oracle E-Business Suite servers in August. [...]

Lire la suite »

Case Study: How a Payment Link Doubled Orders for an E-Commerce Product in an Emerging Market

2025-12-02 12:05:20
This piece distills hands-on design lessons from building for markets where cash dominates, buying starts in WhatsApp, POIs replace addresses, and digital trust is fragile. It outlines how designers can...

Lire la suite »

‘Korea's Amazon' Coupang discloses a data breach impacting 34M customers

2025-12-02 12:04:40
Coupang disclosed a five-month data breach that exposed the personal information of nearly 34 million South Korean customers. South Korean e-commerce giant disclosed a data breach affecting nearly 34...

Lire la suite »

A NICE Retrospective on Shaping Cybersecurity's Future

2025-12-02 12:00:00
Rodney Petersen has served as the Director of NICE at the National Institute for Standards and Technology (NIST) for the past eleven years where his focus has been on advancing cybersecurity education...

Lire la suite »

Une faille Teams désactive Defender dans Office 365

2025-12-02 11:58:48
Dans de très nombreuses entreprises, Teams est devenu un outil central pour les communications et le partage de fichiers. Mais la solution collaborative (...)

Lire la suite »

How to Build a Public Case Creation Portal on Salesforce Experience Cloud

2025-12-02 11:55:14
A call center facing heavy case volume built a Salesforce Experience Cloud self-service portal that automated case creation, routing, and acknowledgment. The result: fewer calls, faster intake, improved...

Lire la suite »

Proxyearth Tool Lets Anyone Trace Users in India with Just a Mobile Number

2025-12-02 11:44:30
Proxyearth is a new site that shows names, Aadhaar numbers, and live locations of users in India using only mobile numbers, raising serious privacy and security concerns.

Lire la suite »

Google patches 107 Android flaws, including two being actively exploited

2025-12-02 11:37:46
Google's December update fixes two Android bugs that criminals are actively exploiting. Update as soon as you can.

Lire la suite »

SecAlerts Cuts Through the Noise with a Smarter, Faster Way to Track Vulnerabilities

2025-12-02 11:30:00
Vulnerability management is a core component of every cybersecurity strategy. However, businesses often use thousands of software without realising it (when was the last time you checked?), and keeping...

Lire la suite »

Windows 11 KB5070311 update fixes File Explorer freezes, search issues

2025-12-02 11:19:31
​​Microsoft has released the KB5070311 preview cumulative update for Windows 11 systems, which includes 49 changes, including fixes for File Explorer freezes and search issues. [...]

Lire la suite »

Google's latest Android security update fixes two actively exploited flaws

2025-12-02 10:23:07
Google's latest Android security update fixes 107 flaws across multiple components, including two vulnerabilities actively exploited in the wild. Google's new Android update patches 107 vulnerabilities,...

Lire la suite »

Kaspersky Security Bulletin 2025. Statistics

2025-12-02 10:07:03
Kaspersky Security Bulletin contains statistics on various cyberthreats for the period from November 2024 to October 2025, which are based on anonymized data voluntarily provided by Kaspersky users via...

Lire la suite »

What makes a responsible cyber actor: introducing the Pall Mall industry consultation on good practice

2025-12-02 09:30:15
Calling vulnerability researchers, exploit developers and others in the offensive cyber industry to share their views.

Lire la suite »

L'USF dans l'attente de l'offre SAP dans le cloud de confiance

2025-12-02 08:51:34
Le club des utilisateurs SAP francophones, l'USF, tire un bilan positif du sommet franco-allemand sur la souveraineté numérique, qui s'est (...)

Lire la suite »

Google Patches 107 Android Flaws, Including Two Framework Bugs Exploited in the Wild

2025-12-02 07:17:00
Google on Monday released monthly security updates for the Android operating system, including two vulnerabilities that it said have been exploited in the wild. The patch addresses a total of 107 security...

Lire la suite »

Sonesta International Hotels Implements Industry-Leading Cloud Security Through AccuKnox Collaboration

2025-12-02 06:30:20
Menlo Park, USA, 2nd December 2025, CyberNewsWire

Lire la suite »

The CSA Cloud Controls Matrix v4.1: Strengthening the Future of Cloud Security

2025-12-02 04:26:22
Since its introduction in 2010, the Cloud Controls Matrix (CCM) has become a cornerstone of cloud security and compliance worldwide. Adopted across industries and geographies, it has enabled cloud service...

Lire la suite »

Out-of-Bounds Read Bugs Add Quiet Pressure on Linux Security

2025-12-02 03:35:08
Out-of-bounds reads sit quietly in Linux security. You don't always see them until the code steps past a buffer and hands back a piece of memory it was never supposed to touch. The leak might look small,...

Lire la suite »

CISA Adds Actively Exploited ScadaBR XSS Bug to KEV, Raising Linux Security Concerns

2025-12-02 03:21:14
CISA added CVE-2021-26829 to its Known Exploited Vulnerabilities catalog after confirming that attackers are already using the ScadaBR stored XSS flaw in real environments. The news barely made a ripple...

Lire la suite »

Ubuntu 25.10 OpenJDK Critical Security Risks USN-7900-1 CVE-2025-53057

2025-12-02 01:57:29
Several security issues were fixed in CRaC JDK 17.

Lire la suite »

Ubuntu 25.10: CRaC JDK 25 Important XML External Entity Advisory 2025-53066

2025-12-02 01:57:28
Several security issues were fixed in CRaC JDK 25.

Lire la suite »

Ubuntu 25.10: Crucial Security Fix for OpenJDK 21 USN-7901-1 CVE-2025-53057

2025-12-02 01:57:26
Several security issues were fixed in CRaC JDK 21.

Lire la suite »

Fedora 42: python-spotipy Update 2025-9501cd4d8c to Version 2.25.2

2025-12-02 01:34:25
update to version 2.25.2

Lire la suite »

Fedora 42: Unbound Critical Fix for CVE-2025-11411 Advisory 2025-38b1c0f3b5

2025-12-02 01:34:24
Update to 1.24.2 (rhbz#2417261) Additional fix for CVE-2025-11411 https://nlnetlabs.nl/projects/unbound/download/#unbound-1-24-2

Lire la suite »

Law enforcement shuts down Cryptomixer in major crypto crime takedown

2025-12-02 00:27:47
Authorities seized M in Bitcoin after takedown of Cryptomixer, a service used to launder cybercrime proceeds. Europol announced the seizure of M in Bitcoin after shutting down Cryptomixer, a crypto-mixing...

Lire la suite »

Multiples vulnérabilités dans les produits VMware (02 décembre 2025)

02/12/2025
De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Lire la suite »

Multiples vulnérabilités dans Google Android (02 décembre 2025)

02/12/2025
De multiples vulnérabilités ont été découvertes dans Google Android. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité...

Lire la suite »