Toute l'actualité de la Cybersécurité
Shai-Hulud v2 Campaign Spreads From npm to Maven, Exposing Thousands of Secrets
2025-11-26 18:08:00
The second wave of the Shai-Hulud supply chain attack has spilled over to the Maven ecosystem after compromising more than 830 packages in the npm registry.
The Socket Research Team said it identified...
Multiple London councils' IT systems disrupted by cyberattack
2025-11-26 17:26:11
The Royal Borough of Kensington and Chelsea (RBKC) and the Westminster City Council (WCC) announced that they are experiencing service disruptions following a cybersecurity issue. [...]
Meet Rey, the Admin of ‘Scattered Lapsus$ Hunters'
2025-11-26 17:22:36
A prolific cybercriminal group that calls itself "Scattered LAPSUS$ Hunters" made headlines regularly this year by stealing data from and publicly mass extorting dozens of major corporations. But the...
L'Anssi analyse les menaces liées à la téléphonie mobile
2025-11-26 17:20:37
L'augmentation croissante des usages liés aux smartphones aussi bien à titre personnel que professionnel suscite l’intérêt (...)
Black Friday 2025: Smarter, Faster and AI-Powered Scams Drive a Surge in Cyber Threats
2025-11-26 17:11:27
As retailers prepare for another record-breaking Black Friday, cybersecurity experts are warning that this year's threats are not only bigger than ever but far more intelligent, automated and difficult...
This Black Friday & Holiday Season, HackerNoon Has Your Tech Marketing Covered 🎁 💚
2025-11-26 17:00:06
This Black Friday and holiday season, get 10% off ALL HackerNoon services—including subscriptions. From business blogging and targeted ads to writing contests and press releases, now's the time to execute...
AI Meeting Assistants Are Rising – But Is Your Data Safe? A Deep Look at TicNote AI
2025-11-26 16:57:55
AI meeting assistants have become essential tools for professionals who want fast, accurate, and automated transcription. Yet behind…
How User Education Can Become the Strongest Link in Casino Security
2025-11-26 16:52:42
Casino security used to be pretty straightforward. You had cameras watching the floor and security guards watching for suspicious players. These days, things are way more complicated. Casinos deal with...
Microsoft Teams Flaw in Guest Chat Exposes Users to Malware Attacks
2025-11-26 16:13:27
New research from Ontinue exposes a major security flaw in Microsoft Teams B2B Guest Access. Learn how attackers bypass all Defender for Office 365 protections with a single invite.
The HackerNoon Newsletter: Inside My ,000 Homelab: How I Rebuilt Big Tech Services in a Tiny Rack (11/26/2025)
2025-11-26 16:02:15
How are you, hacker?
🪐 What's happening in tech today, November 26, 2025?
The
HackerNoon Newsletter
brings the HackerNoon
...
'Dark LLMs' Aid Petty Criminals, But Underwhelm Technically
2025-11-26 16:01:35
As in the wider world, AI is not quite living up to the hype in the cyber underground. But it's definitely helping low-level cybercriminals do competent work.
The Untold Story of Digital Transformation in Manufacturing
2025-11-26 16:00:00
Digital transformation in manufacturing isn't just technology—it's cultural change. Prahlad Chowdhury drives impact through mentorship, strategic alignment, disciplined architecture, and deep Industry...
How Do Digital Payments Impact Consumer Confidence?
2025-11-26 15:59:59
A major financial services provider rebuilt its legacy compliance system into a secure, automated, cloud-based platform to protect digital payments. The new architecture improves audit readiness, strengthens...
Water Gamayun APT Hackers Exploit MSC EvilTwin Vulnerability to Inject Malicious Code
2025-11-26 15:58:14
Water Gamayun, a persistent threat group, has recently intensified its efforts by exploiting a newly identified MSC EvilTwin vulnerability (CVE-2025-26633) in Windows systems. This malware campaign is...
Prompt Injections Loom Large Over ChatGPT's Atlas Browser
2025-11-26 15:52:49
It's the law of unintended consequences: equipping browsers with agentic AI opens the door to an exponential volume of prompt injections.
11 Best Enterprise Remote Access Software – 2025
2025-11-26 15:17:44
In today's hyper-connected business landscape, enterprise remote access software is no longer a luxury it’s a necessity. Organizations are embracing hybrid and remote work models, requiring secure,...
The Industrial Internet: How BaRupOn Is Powering the Future of AI Infrastructure
2025-11-26 15:14:59
BaRupOn is building the first “Beyond Giga Site,” a self-sustaining industrial ecosystem powering AI, manufacturing, and data centers with on-site natural gas, micro-nuclear, solar, and battery systems....
Microsoft Security Keys May Require PIN After Recent Windows Updates
2025-11-26 15:12:58
Microsoft has confirmed that FIDO2 security keys on Windows 11 may now prompt users to set up a PIN during authentication following specific recent updates, aligning with WebAuthn standards for enhanced...
USN-7894-1: EDK II vulnerabilities
2025-11-26 15:05:43
It was discovered that EDK II was susceptible to a predictable TCP Initial
Sequence Number. An attacker could possibly use this issue to gain
unauthorized access. This issue only affected Ubuntu 22.04...
Did Apple Miss the AI Moment - or Is Its Timing Just Right?
2025-11-26 15:00:00
Apple arrived late to the AI boom, but prediction markets show confidence in its slow, privacy-first approach. Traders expect Apple Intelligence to stay free and see major acquisitions like Perplexity...
Enterprises Aren't Confident They Can Secure Non-Human Identities (NHIs)
2025-11-26 15:00:00
More than half of organizations surveyed aren't sure they can secure non-human identities (NHIs), underscoring the lag between the rollout of these identities and the tools to protect them.
Multiple London councils faced a cyberattack
2025-11-26 14:59:10
Multiple London councils, including Chelsea and Westminster, faced a cyberattack that may have exposed resident data. Authorities are actively investigating the incident. A cyberattack struck multiple...
INE Expands Cross-Skilling Innovations
2025-11-26 14:01:16
Cary, North Carolina, USA, 26th November 2025, CyberNewsWire
Microsoft: Security keys may prompt for PIN after recent updates
2025-11-26 14:43:57
Microsoft warned users on Tuesday that FIDO2 security keys may prompt them to enter a PIN when signing in after installing Windows updates released since the September 2025 preview update. [...]
Qilin Ransomware Turns South Korean MSP Breach Into 28-Victim 'Korean Leaks' Data Heist
2025-11-26 14:31:00
South Korea's financial sector has been targeted by what has been described as a sophisticated supply chain attack that led to the deployment of Qilin ransomware.
"This operation combined the capabilities...
Scaling SOC Team Expertise With AI-powered Insights for Faster, Easier Understanding of Threats
2025-11-26 14:25:07
Building analyst expertise is a race against time that many Security Operations Centers (SOCs) are losing. New hires often require over six months to handle complex incidents with confidence, creating...
Malicious Prettier Extension on VSCode Marketplace Delivers Anivia Stealer Malware to Exfiltrate Login Credentials
2025-11-26 14:16:35
A dangerous malware campaign has targeted thousands of developers through a fake extension on the Visual Studio Code Marketplace. On November 21, 2025, security researchers discovered a malicious extension...
Fake LinkedIn jobs trick Mac users into downloading Flexible Ferret malware
2025-11-26 14:11:26
Scammers are using fake jobs and a phony video update to infect Mac users with a multi-stage stealer designed for long-term access and data theft.
La CISA redouble son alerte sur les messages non chiffrés
2025-11-26 14:10:16
Comme l'année dernière à la même époque, l'Agence américaine pour la cybersécurité et la sécurité (...)
When and Why to Use Ethnography
2025-11-26 14:00:04
The article explains what makes ethnography distinct, why it focuses on meaning and everyday practice, how it complements other research methods, and where to turn for further reading.
How CTEM Helps Cyber Teams to Become More Proactive
2025-11-26 13:56:32
How CTEM Helps Cyber Teams to Become More Proactive Software, infrastructure, and third-party services change far faster than quarterly audit cycles, which increases the risk of data and infrastructure...
USN-7893-1: Valkey vulnerabilities
2025-11-26 13:51:48
Benny Isaacs, Nir Brakha, and Sagi Tzadik discovered that Valkey incorrectly
handled memory when running Lua scripts. An authenticated attacker could
use this vulnerability to trigger a use-after-free...
FBI Warns of Fake Internet Crime Complaint Center (IC3) Website Used for Phishing Attacks
2025-11-26 13:44:08
The Federal Bureau of Investigation (FBI) has issued urgent warnings about cybercriminals spoofing the official Internet Crime Complaint Center (IC3) website to conduct phishing attacks and steal sensitive...
Akira Ransomware Uses SonicWall VPN Exploit to Exfiltrate Sensitive Data
2025-11-26 13:30:22
The Akira ransomware group has begun weaponizing vulnerabilities in SonicWall SSL VPN devices, turning merger-and-acquisition (M&A) processes into high-speed launchpads for cyberattacks. This trend...
How Ethnography Navigates Trust, Consent, and Power in Software Teams
2025-11-26 13:30:19
Ethnographic research inside software teams demands strict ethical awareness—balancing trust, informed consent, privacy, organizational sensitivities, and disclosure practices to protect individual...
Microsoft to secure Entra ID sign-ins from script injection attacks
2025-11-26 13:26:06
Starting in mid-to-late October 2026, Microsoft will enhance the security of the Entra ID authentication system against external script injection attacks. [...]
USN-7892-1: H2O vulnerability
2025-11-26 13:24:12
It was discovered that H2O exhibited poor server resource management in its
HTTP/2 protocol. An attacker could possibly use this issue to cause H2O to
crash, resulting in a denial of service.
Trois ans après, que devient le Health Data Hub européen ?
2025-11-26 13:12:48
Il y a environ 3 ans, était engagé le développement de l'Espace européen des données de santé. Le point sur les avancées et sur la roadmap.
The post Trois ans après, que devient le Health Data...
Samourai Wallet Founders Jailed in 7M Crypto Laundering Case
2025-11-26 13:12:38
Samourai Wallet founders Keonne Rodriguez and William Hill were sentenced to 4 and 5 years for laundering 7M via their crypto mixer.
New “JackFix” Attack Leverages Windows Updates into Executing Malicious Commands
2025-11-26 13:05:43
A sophisticated ClickFix campaign dubbed “JackFix” that uses fake adult websites to hijack screens with realistic Windows Update prompts, tricking users into running multistage malware payloads....
How to Turn Messy Developer Observations into Publishable Ethnography
2025-11-26 13:00:04
This chapter explains how software engineering ethnographers move from rich field observations to publishable results. It outlines reflective, inductive analysis using memos, codes, categories, triangulation,...
USN-7891-1: rust-openssl vulnerabilities
2025-11-26 12:56:31
Matt Mastracci discovered that rust-openssl was incorrectly handling server
lifetimes in certain functions. An attacker could possibly use this issue
to cause a denial of service or run arbitrary memory...
Hackers Exploit NTLM Authentication Flaws to Target Windows Systems
2025-11-26 12:41:09
More than two decades after its initial discovery, the NTLM authentication protocol continues to plague Windows systems worldwide. What started in 2001 as a theoretical vulnerability has evolved into...
Optimizing Linux Security 2026: Key Strategies for Modern Threats
2025-11-26 12:01:18
Recent years have demonstrated a notable shift in the cybersecurity landscape, with Linux systems increasingly targeted by adversaries. Once considered relatively immune to malware threats, Linux servers...
Pourquoi OpenAI doit trouver 207 milliards $ pour survivre, selon HSBC
2025-11-26 11:56:37
Le coût exorbitant des centres de données va forcer OpenAI à chercher 207 milliards $ de financement supplémentaires d'ici 2030, selon l'analyse de HSBC.
The post Pourquoi OpenAI doit trouver 207...
When Your M Security Detection Fails: Can your SOC Save You?
2025-11-26 11:55:00
Enterprises today are expected to have at least 6-8 detection tools, as detection is considered a standard investment and the first line of defense. Yet security leaders struggle to justify dedicating...
ASUS warns of new critical auth bypass flaw in AiCloud routers
2025-11-26 11:41:00
ASUS has released new firmware to patch nine security vulnerabilities, including a critical authentication bypass flaw in routers with AiCloud enabled. [...]
Emergency alerts go dark after cyberattack on OnSolve CodeRED
2025-11-26 11:17:17
Cyberattack on OnSolve CodeRED disrupted emergency alert services for U.S. state, local, police, and fire agencies. A cyberattack on the OnSolve CodeRED alert platform disrupted emergency notification...
Fake Battlefield 6 Downloads Are Spreading Malware, Stealing Player Data
2025-11-26 11:14:13
Bitdefender Labs found fake Battlefield 6 pirated copies and trainers spreading aggressive malware, C2 agents, and infostealers, designed to steal player data and crypto-wallets.
Wallix acquiert Malizen, spécialiste de l'UBA
2025-11-26 11:12:58
Wallix vient d'acquérir Malizen, une start-up française spécialisée dans l'analyse du comportement des utilisateurs (User Behaviour (...)
Webinar: Learn to Spot Risks and Patch Safely with Community-Maintained Tools
2025-11-26 11:10:00
If you're using community tools like Chocolatey or Winget to keep systems updated, you're not alone. These platforms are fast, flexible, and easy to work with—making them favorites for IT teams. But...
Chrome Extension Caught Injecting Hidden Solana Transfer Fees Into Raydium Swaps
2025-11-26 11:10:00
Cybersecurity researchers have discovered a new malicious extension on the Chrome Web Store that's capable of injecting a stealthy Solana transfer into a swap transaction and transferring the funds to...
Dell dopé par la demande de serveurs IA
2025-11-26 11:08:45
Porté par une demande pour ses serveurs équipés de puces Nvidia, Dell relève ses perspectives annuelles malgré des tensions sur le coût des composants.
The post Dell dopé par la demande de serveurs...
Microsoft dévoile son SLM agentique Fara-7B pour PC
2025-11-26 11:06:33
Microsoft intègre davantage l'IA agentique dans les PC grâce à Fara-7B, un modèle capable d'automatiser entièrement des (...)
The Golden Scale: 'Tis the Season for Unwanted Gifts
2025-11-26 11:00:30
Unit 42 shares further updates of cybercrime group Scattered LAPSUS$ Hunters. Secure your organization this holiday season.
The post The Golden Scale: 'Tis the Season for Unwanted Gifts appeared...
How the AI Supply Chain Evolved From Transistors to Frontier Models
2025-11-26 11:00:03
This article traces the evolution of the AI supply chain—from the invention of the transistor to today's GPU-driven frontier models—explaining the essential inputs, scaling laws, semiconductor ecosystem,...
openSUSE Leap 16.0: 573 Critical Kernel Vulnerabilities Found 2025-20081-1
2025-11-26 10:17:11
An update that solves 573 vulnerabilities and has 669 bug fixes can now be installed.
Passwork 7: Self-hosted password and secrets manager for enterprise teams
2025-11-26 10:12:17
Passwork 7 unifies enterprise password and secrets management in a self-hosted platform. Organizations can automate credential workflows and test the full system with a free trial and up to 50% Black...
Etat de la menace informatique sur les équipements mobiles
2025-11-26 10:11:28
Etat de la menace informatique sur les équipements mobiles
anssiadm
mer 26/11/2025 - 10:11
L'omniprésence, l'usage systématique des smartphones et la multiplication...
Getronics se relance en misant sur la sécurité et le digital workplace
2025-11-26 10:05:07
Après des difficultés rencontrées il y a quelques années suite à une série d’acquisitions (Pomeroy aux (...)
How Big Tech Built the Modern AI Supply Chain
2025-11-26 10:00:05
This article maps the modern AI supply chain—from chips to cloud to foundation models—examining how market concentration, vertical integration, and strategic alliances shape frontier AI development,...
Old tech, new vulnerabilities: NTLM abuse, ongoing exploitation in 2025
2025-11-26 10:00:02
This article covers NTLM relay, credential forwarding, and other NTLM-related vulnerabilities and cyberattacks discovered in 2025.
Ubuntu 24.04 LTS: Linux Real-Time Kernel Critical Problems USN-7889-3
2025-11-26 09:51:33
Several security issues were fixed in the Linux kernel.
USN-7889-3: Linux kernel (Real-time) vulnerabilities
2025-11-26 09:41:47
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Media drivers;
...
Understanding the 80/20 Rule in Linux Vulnerability Management
2025-11-26 09:17:52
Linux administrators deal with steady pressure from patching, configuration changes, and the slow accumulation of technical debt. Environments rarely break because of one vulnerability.
Dissecting a new malspam chain delivering Purelogs infostealer
2025-11-26 09:02:14
The AISI Research Center’s Cybersecurity Observatory publishes the report “Dissecting a new malspam chain delivering Purelogs infostealer” – November 25, 2025. Organizational and...
As AI Accelerates, Regulators Race to Understand a Rapidly Integrating Supply Chain
2025-11-26 09:00:05
This paper maps the modern AI supply chain, analyzing 25 leading companies, 300 relationships, major mergers, and antitrust actions to show how vertical integration, strategic partnerships, and government...
Ubuntu 24.04: Linux Kernel Critical Security Update USN-7889-2
2025-11-26 08:59:09
Several security issues were fixed in the Linux kernel.
USN-7889-2: Linux kernel (FIPS) vulnerabilities
2025-11-26 08:54:05
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Media drivers;
...
Ubuntu 24.04 LTS: Kernel Severity Critical Data Integrity Threat USN-7879-3
2025-11-26 08:48:30
Several security issues were fixed in the Linux kernel.
USN-7879-3: Linux kernel vulnerabilities
2025-11-26 08:34:26
It was discovered that improper initialization of CPU cache memory could
allow a local attacker with hypervisor access to overwrite SEV-SNP guest
memory resulting in loss of data integrity. (CVE-2024-36331)
Several...
openSUSE: Kernel Important Bluetooth Disconnect Flaw 2025:4242-1
2025-11-26 08:30:12
An update that solves one vulnerability can now be installed.
SUSE Linux Enterprise 15 SP4: 2025:4242-1 Important Bluetooth Threat Fix
2025-11-26 08:30:11
* bsc#1251983 Cross-References: * CVE-2023-53673
RomCom Uses SocGholish Fake Update Attacks to Deliver Mythic Agent Malware
2025-11-26 08:28:00
The threat actors behind a malware family known as RomCom targeted a U.S.-based civil engineering company via a JavaScript loader dubbed SocGholish to deliver the Mythic Agent.
"This is the first time...
NTLM Relaying to HTTPS
2025-11-26 08:00:00
NTLM is the legacy authentication protocol in Windows environment. In the past few years, I've had the opportunity to write on this blog about NTLM Relaying to DCOM (twice), to AD CS (ESC11) and to MSSQL....
Iran Exploits Cyber Domain to Aid Kinetic Strikes
2025-11-26 05:30:00
The country deploys "cyber-enabled kinetic targeting" prior to — and following — real-world missile attacks against ships and land-based targets.
FBI Reports 2M in ATO Fraud as Researchers Cite Growing AI Phishing and Holiday Scams
2025-11-26 04:29:00
The U.S. Federal Bureau of Investigation (FBI) has warned that cybercriminals are impersonating financial institutions with an aim to steal money or sensitive information to facilitate account takeover...
Vulnérabilité dans Postfix (26 novembre 2025)
26/11/2025
Une vulnérabilité a été découverte dans Postfix. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
Vulnérabilité dans Synology ActiveProtect Agent (26 novembre 2025)
26/11/2025
Une vulnérabilité a été découverte dans Synology ActiveProtect Agent. Elle permet à un attaquant de provoquer une atteinte à l'intégrité des données.