Toute l'actualité de la Cybersécurité
Ukraine Hackers Attacking Russian Aerospace Companies and Other Defence-Related Sectors
2025-12-02 20:06:19
Ukraine-linked hackers are stepping up cyberattacks against Russian aerospace and wider defence-related companies, using new custom malware to steal designs, schedules, and internal emails. The campaign...
ChatGPT is down worldwide, conversations dissapeared for users
2025-12-02 19:52:16
OpenAI's AI-powered ChatGPT is down worldwide, and the reason is unclear. [...]
Hackers Leverage Evilginx to Undermine MFA Security Mimicking Legitimate SSO Sites
2025-12-02 19:40:42
Hackers are turning to Evilginx, a powerful adversary-in-the-middle tool, to get around multi-factor authentication and take over cloud accounts. The framework acts as a reverse proxy between the victim...
Announcing Rapid7's Next-Gen SIEM Buyer's Guide
2025-12-02 19:38:51
AI dominates headlines, yet one cornerstone of security operations keeps evolving to meet today's threats. Security Information and Event Management (SIEM) has come a long way from basic logging. Modern...
1,6 million de données volées après un piratage de France Travail
2025-12-02 19:06:32
Déjà piratée en juillet dernier, l'agence pour l'emploi a encore eté victime d'une cyberattaque et les données personnelles (...)
Shai-Hulud 2.0 NPM malware attack exposed up to 400,000 dev secrets
2025-12-02 19:06:20
The second Shai-Hulud attack last week exposed around 400,000 raw secrets after infecting hundreds of packages in the NPM (Node Package Manager) registry and publishing stolen data in 30,000 GitHub repositories....
Salty2FA and Tycoon2FA Phishing Kits Attacking Enterprise Users to Steal Login Credentials
2025-12-02 18:18:54
A new type of phishing attack that combines two different phishing kits: Salty2FA and Tycoon2FA. This marks a significant change in the Phishing-as-a-Service (PhaaS) landscape. While phishing kits typically...
Everest Ransomware Claims ASUS Breach and 1TB Data Theft
2025-12-02 18:10:58
Everest ransomware group claims it breached ASUS, stealing over 1TB of data including camera source code. ASUS has been given 21 hours to respond via Qtox.
“Sleeper” browser extensions woke up as spyware on 4 million devices
2025-12-02 17:49:51
After seven years of acting like normal add-ons, five popular Chrome and Edge extensions with millions of installs suddenly turned malicious.
India Orders Messaging Apps to Work Only With Active SIM Cards to Prevent Fraud and Misuse
2025-12-02 17:46:00
India's Department of Telecommunications (DoT) has issued directions to app-based communication service providers to ensure that the platforms cannot be used without an active SIM card linked to the user's...
Gouvernance des données et IA au menu du Databricks Summit
2025-12-02 17:30:55
Plus de 2 000 personnes se sont données rendez-vous ce mardi à l’Arena la Défense (92) pour assister à l’évènement (...)
Researchers Expose Lazarus Recruitment Pipeline Live on Camera Through Honeypot Operation
2025-12-02 17:29:08
A collaborative investigation by Mauro Eldritch of BCA LTD, ANYRUN, and NorthScan has provided unprecedented visibility into how North Korean threat actors from the Lazarus Group recruit and operate against...
How to build forward-thinking cybersecurity teams for tomorrow
2025-12-02 17:00:00
To secure the future, we must future-proof our cybersecurity talent and develop teams that are agile, innovative, and perpetually learning.
The post How to build forward-thinking cybersecurity teams for...
Cardano's 14-Hour Stress Test: How the Network Took a Hit and Healed Itself
2025-12-02 16:57:38
Cardano suffered a 14 hour, self-repairing chain fork on November 21st, 2025. This is the largest degradation of service for Cardano in its 8 years of operation. A serialization bug caused a unidirectional...
When the Models Forget You: The Hidden Brand Failure No One Is Monitoring Yet
2025-12-02 16:37:44
Generative models shape first impressions before users ever show up, and their memory drifts long before your metrics do. Most teams monitor the market but never audit the engines that introduce them....
NK Hackers Push 200 Malicious npm Packages with OtterCookie Malware
2025-12-02 16:34:09
North Korean hackers escalated the "Contagious Interview" attack, flooding the npm registry with over 200 malicious packages to install OtterCookie malware. This attack targets blockchain and Web3 developers...
AI Cybersecurity: The Sword and Shield of the Next Cyber Frontier
2025-12-02 16:30:08
The age of human hacking is over. Microsoft's 2025 report confirms LLMs are automating attacks faster than defenders can react. Welcome to the algorithmic battlefield.
Pourquoi OpenAI décrète l'« alerte rouge » face à Google
2025-12-02 16:24:53
Bousculée par les dernières avancées de Google et d'Anthropic, OpenAI suspend ses projets annexes pour sauver le soldat ChatGPT.
The post Pourquoi OpenAI décrète l’« alerte rouge » face à...
Air fryer app caught asking for voice data (re-air) (Lock and Code S06E24)
2025-12-02 16:22:00
This week on the Lock and Code podcast, we revisit three stories about smart devices that want to collect more data than people may know.
Microsoft Defender portal outage disrupts threat hunting alerts
2025-12-02 16:10:06
Microsoft is working to mitigate an ongoing incident that has been blocking access to some Defender XDR portal capabilities for the past 10 hours. [...]
The HackerNoon Newsletter: How Will We Distinguish Truth From Fiction? (12/2/2025)
2025-12-02 16:02:39
How are you, hacker?
🪐 What's happening in tech today, December 2, 2025?
The
HackerNoon Newsletter
brings the HackerNoon
...
Prompt-Powered Personas: How AI Finally Fixes the Messy World of User Profiling
2025-12-02 16:02:30
Prompt‑powered personas are fast, data-backed, and cheap to use. They can be used to build user profiles and provide real-time feedback. They're also a powerful tool for analysing and analysing data....
Solar Reality - A Radical Reassessment of Life, Intelligence, and Causality
2025-12-02 15:39:14
Physics says we live inside a star's atmosphere. Biology ignores it. Why recognizing the Sun as the "Ontological Core" changes everything.
SaaS et chiffrement : Microsoft 365 ciblé par un appel à la vigilance
2025-12-02 15:27:08
L'association privatim - qui réunit des autorités de protection des données - rappelle les risques qu'induit le chiffrement fournisseur.
The post SaaS et chiffrement : Microsoft 365 ciblé par un appel...
Les pirates de Contagious Interview trompent les développeurs
2025-12-02 15:19:53
Les chercheurs de Socket, à l’origine de la découverte de la campagne Contagious Interview, ont livré plus de détails (...)
MuddyWater strikes Israel with advanced MuddyViper malware
2025-12-02 15:19:27
Iran-linked threat actor MuddyWater targeted multiple Israeli sectors with a new MuddyViper backdoor in recent attacks. ESET researchers uncovered a new MuddyWater campaign targeting Israeli organizations...
Inside ODT Trade Desk's Mission to Bring Private Banking Standards to Cryptocurrency
2025-12-02 15:18:43
Discover how ODT Trade Desk is transforming crypto compliance with biometric security, blockchain forensics, and white-glove service. Chief Compliance Officer Kristi Evans and founder Bryan Trepanier...
USN-7903-1: Django vulnerabilities
2025-12-02 15:14:35
It was discovered that Django incorrectly handled certain characters in the
FilteredRelation object. An attacker could possibly use this issue to
execute arbitrary SQL commands. This issue only affected...
Cybercrime Goes SaaS: Renting Tools, Access, and Infrastructure
2025-12-02 15:10:20
Cybercrime has fully shifted to a subscription model, with phishing kits, Telegram OTP bots, infostealer logs, and even RATs now rented like SaaS tools. Varonis explains how this "crime-as-a-service"...
Researchers Capture Lazarus APT's Remote-Worker Scheme Live on Camera
2025-12-02 15:02:00
A joint investigation led by Mauro Eldritch, founder of BCA LTD, conducted together with threat-intel initiative NorthScan and ANY.RUN, a solution for interactive malware analysis and threat intelligence,...
GlassWorm Returns with 24 Malicious Extensions Impersonating Popular Developer Tools
2025-12-02 15:01:00
The supply chain campaign known as GlassWorm has once again reared its head, infiltrating both Microsoft Visual Studio Marketplace and Open VSX with 24 extensions impersonating popular developer tools...
SmartTube YouTube App for Android TV Compromised Following Exposure of Signing Keys
2025-12-02 15:00:14
The Android TV community faces a significant security crisis as SmartTube, a popular third-party YouTube client, has been compromised due to exposed signing keys. Security researchers have identified...
North Korea lures engineers to rent identities in fake IT worker scheme
2025-12-02 14:57:26
In an unprecedented intelligence operation, security researchers exposed how North Korean IT recruiters target and lure developers into renting their identities for illicit fundraising. [...]
3 failles zero-day CVSS 9.3 dans PickleScan : JFrog alerte l'écosystème PyTorch et la chaîne logistique IA
2025-12-02 14:44:22
JFrog Ltd., la société Liquid Software et créatrice de la plateforme JFrog Software Supply Chain, a annoncé aujourd’hui la découverte de trois vulnérabilités zero-day (chacune notée CVSS...
Preventing PR Nightmares: How to Build Communications Strategy Early
2025-12-02 14:42:25
From "holding statements" to "post-crisis storytelling": A complete 8-step checklist to turning a PR disaster into a leadership moment.
Cyber Startup Frenetik Launches with Patented Deception Technology That Bets Against the AI Arms Race
2025-12-02 13:01:03
Bethesda, USA / Maryland, 2nd December 2025, CyberNewsWire
AI Adoption Surges While Governance Lags — Report Warns of Growing Shadow Identity Risk
2025-12-02 12:01:04
Baltimore, MD, 2nd December 2025, CyberNewsWire
Google fixes two Android zero days exploited in attacks, 107 flaws
2025-12-02 14:36:44
Google has released the December 2025 Android security bulletin, addressing 107 vulnerabilities, including two flaws actively exploited in targeted attacks. [...]
New Arkanix Stealer Attacking Users to Steal VPN Accounts, Screenshots and Wi-Fi Credentials
2025-12-02 14:32:07
The Arkanix stealer is a new malware family now spreading in the wild. It targets home users and small offices that rely on VPN clients and wireless networks for daily work. Once active, it focuses on...
Whispering poetry at AI can make it break its own rules
2025-12-02 14:18:00
Malicious prompts rewritten as poems have been found to bypass AI guardrails. Which models resisted and which failed the poetic jailbreak test?
Malicious npm Package Uses Hidden Prompt and Script to Evade AI Security Tools
2025-12-02 14:17:00
Cybersecurity researchers have disclosed details of an npm package that attempts to influence artificial intelligence (AI)-driven security scanners.
The package in question is eslint-plugin-unicorn-ts-2,...
Candiru's DevilsTongue Spyware Attacking Windows Users in Multiple Countries
2025-12-02 14:15:36
Candiru, an Israeli-based spyware vendor, has deployed sophisticated malware infrastructure across multiple countries to target high-value individuals including politicians, journalists, and business...
Trois ans après, l'IA générative a inauguré un âge d'or pour les cybercriminels
2025-12-02 14:11:44
Le dimanche 30 novembre marquait les trois ans du lancement de ChatGPT auprès du public. Depuis cette date, l’IA générative (GenAI) d’OpenAI a transformé notre manière de travailler,...
Souveraineté, rapidité et SaaS : trois leviers essentiels pour une gouvernance des identités de confiance
2025-12-02 14:09:35
À l'heure où les entreprises cherchent à conjuguer sécurité, conformité et agilité, la gestion des identités et des accès s'impose comme un pilier stratégique de la gouvernance IT. Longtemps...
Les priorités des DSI à l'ère de l'IA seront l'inférence, le NaaS 2.0 et la sécurité pour le quantique en 2026
2025-12-02 14:07:34
Ces priorités sont présentées par Colt après avoir consulté les entreprises et mené des études prédictives sur l'évolution du marché pour l'année prochaine. Tribune – Colt Technology...
Firefly évalue la résilience des applications critiques dans le cloud
2025-12-02 14:06:34
Récemment des pannes majeures ont frappé les principaux fournisseurs cloud, perturbant des services utilisés par des millions d’utilisateurs (...)
Ubuntu 25.10: Unbound Critical Regression Fix CVE-2025-11411 USN-7855-2
2025-12-02 14:05:53
USN-7855-1 introduced a regression in Unbound
Gradium lève 60 millions € pour industrialiser l'IA vocale
2025-12-02 14:03:40
La startup Gradium annonce une levée de fonds record de 60 millions € en amorçage et dévoile une technologie de rupture visant à remplacer les systèmes vocaux actuels par des modèles natifs.
The...
How Falcon Finance's B Platform Just Added Its First Non-Dollar Sovereign Asset
2025-12-02 14:02:34
Falcon Finance integrated tokenized Mexican government bills (CETES) as collateral for its USDf stablecoin, marking the first non-US sovereign asset in its B+ system. The move diversifies beyond US...
Fake Calendly invites spoof top brands to hijack ad manager accounts
2025-12-02 14:00:00
An ongoing phishing campaign impersonates popular brands, such as Unilever, Disney, MasterCard, LVMH, and Uber, in Calendly-themed lures to steal Google Workspace and Facebook business account credentials....
Rapid7 Helps Lower Your Cost to Assurance for HITRUST
2025-12-02 14:00:00
Organizations across regulated sectors are under growing pressure to prove their security readiness. At the same time, traditional assurance approaches rely on periodic audits and manual evidence collection....
Ethical Hacker: Coolest Job In 2026
2025-12-02 13:58:47
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Dec. 2, 2025 – Read the full story in Bolde The working world is far weirder, cooler, and more creative than...
How Myriad and Trust Wallet Built the First Native Prediction Market for 220M Users
2025-12-02 13:47:44
Myriad became the first prediction market integrated directly into Trust Wallet's new Predictions feature, giving it access to 220 million users. The integration comes after Myriad reached 0 million...
Microsoft: KB5070311 triggers File Explorer white flash in dark mode
2025-12-02 13:39:51
Microsoft has confirmed that the KB5070311 preview update is triggering bright white flashes when launching the File Explorer in dark mode on Windows 11 systems. [...]
Iran-Linked Hackers Hits Israeli Sectors with New MuddyViper Backdoor in Targeted Attacks
2025-12-02 13:37:00
Israeli entities spanning academia, engineering, local government, manufacturing, technology, transportation, and utilities sectors have emerged as the target of a new set of attacks undertaken by Iranian...
USN-7855-2: Unbound regression
2025-12-02 13:15:02
USN-7855-1 fixed vulnerabilities in Unbound. It was discovered that the fix
for CVE-2025-11411 was incomplete. This update fixes the problem.
Original advisory details:
Yuxiao Wu, Yunyi Zhang, Baojun...
DPRK's 'Contagious Interview' Spawns Malicious Npm Package Factory
2025-12-02 13:02:14
North Korean attackers have delivered more than 197 malicious packages with 31K-plus downloads since Oct. 10, as part of ongoing state-sponsored activity to compromise software developers.
University of Pennsylvania confirms new data breach after Oracle hack
2025-12-02 12:55:59
The University of Pennsylvania (Penn) has confirmed a new data breach after attackers stole documents containing personal information from its Oracle E-Business Suite servers in August. [...]
Case Study: How a Payment Link Doubled Orders for an E-Commerce Product in an Emerging Market
2025-12-02 12:05:20
This piece distills hands-on design lessons from building for markets where cash dominates, buying starts in WhatsApp, POIs replace addresses, and digital trust is fragile. It outlines how designers can...
‘Korea's Amazon' Coupang discloses a data breach impacting 34M customers
2025-12-02 12:04:40
Coupang disclosed a five-month data breach that exposed the personal information of nearly 34 million South Korean customers. South Korean e-commerce giant disclosed a data breach affecting nearly 34...
A NICE Retrospective on Shaping Cybersecurity's Future
2025-12-02 12:00:00
Rodney Petersen has served as the Director of NICE at the National Institute for Standards and Technology (NIST) for the past eleven years where his focus has been on advancing cybersecurity education...
Une faille Teams désactive Defender dans Office 365
2025-12-02 11:58:48
Dans de très nombreuses entreprises, Teams est devenu un outil central pour les communications et le partage de fichiers. Mais la solution collaborative (...)
How to Build a Public Case Creation Portal on Salesforce Experience Cloud
2025-12-02 11:55:14
A call center facing heavy case volume built a Salesforce Experience Cloud self-service portal that automated case creation, routing, and acknowledgment. The result: fewer calls, faster intake, improved...
Proxyearth Tool Lets Anyone Trace Users in India with Just a Mobile Number
2025-12-02 11:44:30
Proxyearth is a new site that shows names, Aadhaar numbers, and live locations of users in India using only mobile numbers, raising serious privacy and security concerns.
Google patches 107 Android flaws, including two being actively exploited
2025-12-02 11:37:46
Google's December update fixes two Android bugs that criminals are actively exploiting. Update as soon as you can.
SecAlerts Cuts Through the Noise with a Smarter, Faster Way to Track Vulnerabilities
2025-12-02 11:30:00
Vulnerability management is a core component of every cybersecurity strategy. However, businesses often use thousands of software without realising it (when was the last time you checked?), and keeping...
Windows 11 KB5070311 update fixes File Explorer freezes, search issues
2025-12-02 11:19:31
Microsoft has released the KB5070311 preview cumulative update for Windows 11 systems, which includes 49 changes, including fixes for File Explorer freezes and search issues. [...]
Google's latest Android security update fixes two actively exploited flaws
2025-12-02 10:23:07
Google's latest Android security update fixes 107 flaws across multiple components, including two vulnerabilities actively exploited in the wild. Google's new Android update patches 107 vulnerabilities,...
Kaspersky Security Bulletin 2025. Statistics
2025-12-02 10:07:03
Kaspersky Security Bulletin contains statistics on various cyberthreats for the period from November 2024 to October 2025, which are based on anonymized data voluntarily provided by Kaspersky users via...
What makes a responsible cyber actor: introducing the Pall Mall industry consultation on good practice
2025-12-02 09:30:15
Calling vulnerability researchers, exploit developers and others in the offensive cyber industry to share their views.
L'USF dans l'attente de l'offre SAP dans le cloud de confiance
2025-12-02 08:51:34
Le club des utilisateurs SAP francophones, l'USF, tire un bilan positif du sommet franco-allemand sur la souveraineté numérique, qui s'est (...)
Google Patches 107 Android Flaws, Including Two Framework Bugs Exploited in the Wild
2025-12-02 07:17:00
Google on Monday released monthly security updates for the Android operating system, including two vulnerabilities that it said have been exploited in the wild.
The patch addresses a total of 107 security...
Sonesta International Hotels Implements Industry-Leading Cloud Security Through AccuKnox Collaboration
2025-12-02 06:30:20
Menlo Park, USA, 2nd December 2025, CyberNewsWire
The CSA Cloud Controls Matrix v4.1: Strengthening the Future of Cloud Security
2025-12-02 04:26:22
Since its introduction in 2010, the Cloud Controls Matrix (CCM) has become a cornerstone of cloud security and compliance worldwide. Adopted across industries and geographies, it has enabled cloud service...
Out-of-Bounds Read Bugs Add Quiet Pressure on Linux Security
2025-12-02 03:35:08
Out-of-bounds reads sit quietly in Linux security. You don't always see them until the code steps past a buffer and hands back a piece of memory it was never supposed to touch. The leak might look small,...
CISA Adds Actively Exploited ScadaBR XSS Bug to KEV, Raising Linux Security Concerns
2025-12-02 03:21:14
CISA added CVE-2021-26829 to its Known Exploited Vulnerabilities catalog after confirming that attackers are already using the ScadaBR stored XSS flaw in real environments. The news barely made a ripple...
Ubuntu 25.10 OpenJDK Critical Security Risks USN-7900-1 CVE-2025-53057
2025-12-02 01:57:29
Several security issues were fixed in CRaC JDK 17.
Ubuntu 25.10: CRaC JDK 25 Important XML External Entity Advisory 2025-53066
2025-12-02 01:57:28
Several security issues were fixed in CRaC JDK 25.
Ubuntu 25.10: Crucial Security Fix for OpenJDK 21 USN-7901-1 CVE-2025-53057
2025-12-02 01:57:26
Several security issues were fixed in CRaC JDK 21.
Fedora 42: python-spotipy Update 2025-9501cd4d8c to Version 2.25.2
2025-12-02 01:34:25
update to version 2.25.2
Fedora 42: Unbound Critical Fix for CVE-2025-11411 Advisory 2025-38b1c0f3b5
2025-12-02 01:34:24
Update to 1.24.2 (rhbz#2417261) Additional fix for CVE-2025-11411 https://nlnetlabs.nl/projects/unbound/download/#unbound-1-24-2
Law enforcement shuts down Cryptomixer in major crypto crime takedown
2025-12-02 00:27:47
Authorities seized M in Bitcoin after takedown of Cryptomixer, a service used to launder cybercrime proceeds. Europol announced the seizure of M in Bitcoin after shutting down Cryptomixer, a crypto-mixing...
Multiples vulnérabilités dans les produits VMware (02 décembre 2025)
02/12/2025
De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Multiples vulnérabilités dans Google Android (02 décembre 2025)
02/12/2025
De multiples vulnérabilités ont été découvertes dans Google Android. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité...