Toute l'actualité de la Cybersécurité
Hackers Using Leverage Tuoni C2 Framework Tool to Stealthily Deliver In-Memory Payloads
2025-11-19 15:30:17
A new wave of cyberattacks has emerged using the Tuoni Command and Control (C2) framework, a sophisticated tool that allows threat actors to deploy malicious payloads directly into system memory. This...
Fortinet Issues Fixes as FortiWeb Takeover Flaw Sees Active Attacks
2025-11-19 15:29:28
Two FortiWeb vulnerabilities, including a critical unauthenticated bypass (CVE-2025-64446), are under attack. Check logs for rogue admin accounts and upgrade immediately.
Obscure MCP API in Comet Browser Breaches User Trust, Enabling Full Device Control via AI Browsers
2025-11-19 14:01:15
Palo Alto, California, 19th November 2025, CyberNewsWire
New WrtHug campaign hijacks thousands of end-of-life ASUS routers
2025-11-19 14:35:15
Thousands of ASUS WRT routers, mostly end-of-life or outdated devices, have been hijacked in a global campaign called Operation WrtHug that exploits six vulnerabilities. [...]
Adobe rachète Semrush pour 1,9 milliard $
2025-11-19 14:31:40
Adobe rachète Semrush pour 1,9 milliard $, afin d'intégrer l'analyse des moteurs de recherche et des LLM à ses outils.
The post Adobe rachète Semrush pour 1,9 milliard $ appeared first on Silicon.fr....
Microsoft Investigating Copilot Issue On Processing Files
2025-11-19 14:25:53
Microsoft has launched an investigation into a widespread issue affecting Microsoft Copilot in Microsoft 365, where users are experiencing significant limitations when performing actions on files. The...
OVHcloud en Allemagne : ce qu'il y a en attendant la région 3-AZ
2025-11-19 14:25:17
OVHcloud va ouvrir une région 3-AZ en Allemagne. Il peut capitaliser sur son assise établie en 20 ans sur place, malgré certains projets non concrétisés.
The post OVHcloud en Allemagne : ce qu’il...
The hidden risks in your DevOps stack data—and how to address them
2025-11-19 14:20:29
DevOps repos on GitHub, GitLab, Bitbucket, and Azure DevOps face risks from weak access controls, misconfigurations, outages, and accidental deletions. GitProtect provides automated, immutable backups...
The Cloudflare Outage May Be a Security Roadmap
2025-11-19 14:07:03
An intermittent outage at Cloudflare on Tuesday briefly knocked many of the Internet's top destinations offline. Some affected Cloudflare customers were able to pivot away from the platform temporarily...
Critical Railway Braking Systems Open to Tampering
2025-11-19 14:00:00
It only takes recycled cans, copper, and cheap gadgets off the Web to trick a train conductor into doing something dangerous.
La Cour des comptes incite l'Etat à accélérer sur l'IA
2025-11-19 13:50:37
Le premier président de la Cour des comptes, Pierre Moscovici, a l’art de la litote en présentant le rapport sur la stratégie (...)
CISA gives govt agencies 7 days to patch new Fortinet flaw
2025-11-19 13:44:56
CISA has ordered U.S. government agencies to secure their systems within a week against another vulnerability in Fortinet's FortiWeb web application firewall, which was exploited in zero-day attacks....
Destructive Akira Ransomware Attack with a Single Click on CAPTCHA in Malicious Website
2025-11-19 13:43:58
A global data storage and infrastructure company fell victim to a severe ransomware attack orchestrated by Howling Scorpius, the group responsible for distributing Akira ransomware. The incident began...
U.S. CISA adds a new Fortinet FortiWeb flaw to its Known Exploited Vulnerabilities catalog
2025-11-19 13:43:03
U.S. CISA has added a second Fortinet FortiWeb vulnerability in just a few days to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added...
Avec Agent 365, Microsoft contrôle les agents IA
2025-11-19 13:37:57
À mesure que les entreprises déploient des agents IA en plus grand nombre, les équipes IT devront les gérer et les sécuriser (...)
Mastercard's Hacker Warning: Beware of Deals, Discounts, & Data Thieves
2025-11-19 13:29:08
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Nov. 19, 2025 – Read the full story from Mastercard New survey highlights urgent need for safe retail practices...
New Nova Stealer Attacking macOS Users by Swapping Legitimate Apps to Steal Cryptocurrency Wallet Data
2025-11-19 13:14:34
A new malware campaign targeting macOS users has emerged with a dangerous focus on cryptocurrency wallet theft. The malware, called Nova Stealer, uses a clever approach to trick victims by replacing genuine...
Meet ShinySp1d3r: New Ransomware-as-a-Service created by ShinyHunters
2025-11-19 13:01:09
An in-development build of the upcoming ShinySp1d3r ransomware-as-a-service platform has surfaced, offering a preview of the upcoming extortion operation. [...]
WrtHug Exploits Six ASUS WRT Flaws to Hijack Tens of Thousands of EoL Routers Worldwide
2025-11-19 13:00:00
A newly discovered campaign has compromised tens of thousands of outdated or end-of-life (EoL) ASUS routers worldwide, predominantly in Taiwan, the U.S., and Russia, to rope them into a massive network.
The...
Attackers are using “Sneaky 2FA” to create fake sign-in windows that look real
2025-11-19 12:50:09
The Phishing-as-a-Service kit Sneaky 2FA was found to use Browser-in-the-browser attacks to steal login credentials.
SecurityMetrics Wins “Data Leak Detection Solution of the Year” in 2025 CyberSecurity Breakthrough Awards Program
2025-11-19 12:45:49
Orem, United States, November 18th, 2025, CyberNewsWire SecurityMetrics, a leading innovator in compliance and cybersecurity, today announced that…
New ShadowRay Attack Exploit Ray AI-Framework Vulnerability to Attack AI Systems
2025-11-19 12:36:43
Cybersecurity researchers have uncovered an active global hacking campaign leveraging a known flaw in Ray, an open-source AI framework widely used for managing distributed computing tasks. Dubbed ShadowRay...
CISA Warns of Fortinet FortiWeb OS Command Injection Vulnerability Exploited in the Wild
2025-11-19 12:19:06
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about a critical vulnerability affecting Fortinet FortiWeb appliances that threat actors are currently exploiting...
California man admits to laundering crypto stolen in 0M heist
2025-11-19 12:13:34
A 45-year-old from Irvine, California, has pleaded guilty to laundering at least million stolen in a massive 0 million cryptocurrency heist. [...]
Microsoft Teams New Feature Let Users Report Messages Incorrectly Flagged as Security Threats
2025-11-19 12:13:09
Microsoft is introducing a new capability in Teams that allows users to report messages they believe were mistakenly flagged as security threats. The feature represents a significant step toward improving...
Multiple Vulnerabilities in D-Link EoL/EoS Routers Allows Remote Code Execution Attacks
2025-11-19 12:04:05
Multiple critical vulnerabilities affect D-Link DIR-878 routers across all models and firmware revisions. These devices reached the end of life on January 31, 2021. They will no longer receive security...
New npm Malware Campaign Verifies if the Visitor is a Victim or a Researcher Before Triggering Infection
2025-11-19 12:02:23
A sophisticated malware campaign targeting the npm ecosystem has emerged, deploying a clever detection system that distinguishes between regular users and security researchers. The threat actor, operating...
Cline Bot AI Agent Vulnerable to Data Theft and Code Execution
2025-11-19 11:59:03
Mindgard reveals 4 critical security flaws in the popular Cline Bot AI coding agent. Learn how prompt injection can hijack the tool for API key theft and remote code execution.
Application Containment: How to Use Ringfencing to Prevent the Weaponization of Trusted Software
2025-11-19 11:55:00
The challenge facing security leaders is monumental: Securing environments where failure is not an option. Reliance on traditional security postures, such as Endpoint Detection and Response (EDR) to chase...
Microsoft a bloqué une attaque DDoS record de 15 Tbps
2025-11-19 11:32:20
La plus grande attaque DDoS jamais enregistrée à ce jour a été bloquée par Microsoft. Liée au botnet Aisuru IoT, (...)
Stratégie IA : la France en tête du peloton européen…mais loin du compte
2025-11-19 11:29:59
Le rapport de la Cour des comptes révèle les failles d'une stratégie nationale sur IA, ambitieuse mais sous-financée.
The post Stratégie IA : la France en tête du peloton européen…mais loin...
Researchers Push for Pre-Submit Security to Reduce Android Code Flaws
2025-11-19 11:00:02
This study reveals that Android's vulnerability-fixing latency significantly exceeds traditional update timelines and argues for a shift from detection to prevention through a machine-learning-driven...
Cloudflare blames this week's massive outage on database issues
2025-11-19 10:54:54
On Tuesday, Cloudflare experienced its worst outage in 6 years, blocking access to many websites and online platforms for almost 6 hours after a change to database access controls triggered a cascading...
Sharenting: are you leaving your kids' digital footprints for scammers to find?
2025-11-19 10:30:05
Our children build digital lives long before they understand them. Here's how to shrink their online footprint and stay smart about “sharenting.”
How to Achieve Ultra-Fast Response Time in Your SOC
2025-11-19 10:20:20
ANY.RUN shows how early clarity, automation and shared data help SOC teams cut delays and speed up response during heavy alert loads.
Panne Cloudflare : ce qui s'est passé dans le système anti-bots
2025-11-19 10:19:33
La panne chez Cloudflare a été déclenchée par une erreur de configuration dans une base de données alimentant le système de gestion des bots.
The post Panne Cloudflare : ce qui s’est passé...
New Crypto Mutuum Finance (MUTM) Raises Over M Ahead of Q4 2025 V1 Protocol Release
2025-11-19 10:17:01
Mutuum Finance is developing a decentralized lending protocol built around a dual-market structure. The system will support pooled lending through its liquidity engine and also offer an isolated marketplace...
Bridewell CEO gives cyber predictions for 2026
2025-11-19 10:01:34
As global economic pressures increase and budgets across both public and private sectors are cut, Anthony Young, CEO at Bridewell, a company that provides cybersecurity services to CNI organisations,...
CredShields Joins Forces With Checkmarx to Bring Smart Contract Security to Enterprise AppSec
2025-11-19 10:00:38
Checkmarx and CredShields aim to redefine enterprise application security for the decentralized era. Nearly half of the largest DeFi breaches trace back to smart contract flaws. Research indicates that...
IT threat evolution in Q3 2025. Mobile statistics
2025-11-19 10:00:34
The report features statistics on mobile threats for the third quarter of 2025, along with interesting findings and trends from the quarter, including an increase in ransomware activity in Germany, and...
IT threat evolution in Q3 2025. Non-mobile statistics
2025-11-19 10:00:02
The report presents key trends and statistics on malware that targets personal computers running Windows and macOS, as well as Internet of Things (IoT) devices, during the third quarter of 2025.
EdgeStepper Implant Reroutes DNS Queries to Deploy Malware via Hijacked Software Updates
2025-11-19 10:00:00
The threat actor known as PlushDaemon has been observed using a previously undocumented Go-based network backdoor codenamed EdgeStepper to facilitate adversary-in-the-middle (AitM) attacks.
EdgeStepper...
‘PlushDaemon' hackers hijack software updates in supply-chain attacks
2025-11-19 10:00:00
The China-aligned advanced persistent threat (APT) tracked as 'PlushDaemon' is hijacking software update traffic to deliver malicious payloads to its targets. [...]
ServiceNow AI Agents Can Be Tricked Into Acting Against Each Other via Second-Order Prompts
2025-11-19 09:59:00
Malicious actors can exploit default configurations in ServiceNow's Now Assist generative artificial intelligence (AI) platform and leverage its agentic capabilities to conduct prompt injection attacks.
The...
Introducing Filecoin Onchain Cloud: Verifiable, Developer-Owned Infrastructure
2025-11-19 09:39:14
Filecoin Onchain Cloud offers verifiable storage, fast retrieval, and fully onchain programmable payments. Early integrations are from the ERC-8004 community, KYVE, Monad, Safe, Akave, Storacha, Geo Podcasts,...
Boosting Linux Security with DevOps Platforms for Automation and Compliance
2025-11-19 09:35:47
Most production workloads still land on Linux. That hasn't changed. What's shifted is how teams manage those systems at scale''especially when speed and compliance need to keep pace. That's where DevOps...
New Study Shows Random Forest Models Can Spot 80% of Vulnerabilities Before Code Merge
2025-11-19 09:00:07
The study evaluates a machine-learning framework for predicting vulnerable code changes, showing Random Forest delivers the highest accuracy, robust performance across reduced feature sets, and significantly...
Piratage de Jaguar Land Rover : 2 Md€ de pertes au compteur
2025-11-19 08:39:47
Les estimations les plus pessimistes des experts n'étaient pas exagérées. Même si les périmètres évalués (...)
CredShields Joins Forces with Checkmarx to Bring Smart Contract Security to Enterprise AppSec Programs
2025-11-19 08:20:59
Singapore, Singapore, 19th November 2025, CyberNewsWire
Study Shows Android Vulnerabilities Can Take Up to 5 Years to Fully Fix
2025-11-19 08:00:03
This article analyzes nearly a decade of Android CVEs, revealing that vulnerabilities often take 3–5 years to fully resolve. Native system components and kernel code account for most fixes, while human...
Eurofiber confirms November 13 hack, data theft, and extortion attempt
2025-11-19 07:36:05
Eurofiber says hackers exploited a flaw on November 13, breached its ticket and customer portals, stole data, and attempted extortion. On November 13, threat actors exploited a vulnerability to breach...
The TechBeat: Court Finds OpenAI in Violation of German Copyright Law, Orders Damages (11/19/2025)
2025-11-19 07:11:06
How are you, hacker?
🪐Want to know what's trending right now?:
The Techbeat by HackerNoon has got you covered with fresh content from our trending stories of the day! Set email preference here.
...
Inside the Data Pipeline Behind Classifying Android Security Flaws
2025-11-19 07:00:02
The article explains how researchers collect, label, and link Android vulnerabilities, their fixes, and the underlying vulnerability-inducing code to create a dataset for evaluating security-bug classifiers....
New FortiWeb zero-day CVE-2025-58034 under attack patched by Fortinet
2025-11-19 06:55:54
Fortinet patched a new FortiWeb zero-day, tracked as CVE-2025-58034, which attackers are actively exploiting. Fortinet patched a new FortiWeb zero-day, tracked as CVE-2025-58034 (CVSS score 6.7), which...
How Lightweight ML Models Predict Vulnerable Code Changes
2025-11-19 06:30:03
This article outlines a lightweight machine-learning framework designed to classify vulnerability-prone code changes using six common classifiers and a rich set of feature types spanning human behavior,...
Fortinet Warns of New FortiWeb CVE-2025-58034 Vulnerability Exploited in the Wild
2025-11-19 04:20:00
Fortinet has warned of a new security flaw in FortiWeb that it said has been exploited in the wild.
The medium-severity vulnerability, tracked as CVE-2025-58034, carries a CVSS score of 6.7 out of a maximum...
Mageia 9: Thunderbird Important Race Condition Spoofing MGASA-2025-0305
2025-11-19 03:16:59
MGASA-2025-0305 - Updated thunderbird packages fix security vulnerabilities
Mageia 9: CUPS-Filters Critical Heap Overflow Fix MGASA-2025-0304
2025-11-19 03:16:57
MGASA-2025-0304 - Updated cups-filters packages fix security vulnerabilities
Mageia 9: Flatpak Critical Access Issue Advisory MGASA-2025-0303
2025-11-19 03:16:56
MGASA-2025-0303 - Updated flatpak & bubblewrap packages fix security vulnerability
Security Is A Practice, Not A One-Time Project
2025-11-19 02:01:09
Security isn't a one-time task; it's a continuous practice. It's built through daily habits, consistent testing, and the right tools that strengthen your defenses over time. Treating security as...
The Post-Hype Playbook: Unhashed CEO Mia P on Marketing Web3 Credibility
2025-11-19 01:53:38
Mrig Pandey, CEO of Unhashed, talks about the changing landscape of web3 marketing. He says that the era of Web3 marketing is fast coming to an end. Instead, effective web3 communication is anchored on...
Fedora 41: Chromium High CVE-2025-13042 Inappropriate Implementation Threat
2025-11-19 01:22:09
Update to 142.0.7444.162 * High CVE-2025-13042: Inappropriate implementation in V8
Fedora 41: Firefox 145.0 Critical DoS Update 2025-ba7105c612
2025-11-19 01:22:08
Updated to latest upstream (145.0) Added fix for mzbz#1990430 (crashes) Updated to latest upstream (144.0)
The Complete Guide to Creating Your Ideal Customer Profile (With Canva Example)
2025-11-19 00:46:31
Building your Ideal Customer Profile (ICP) is an essential part of building a successful business. To make it practical, we'll use Canva (the global design tool) as our example.
Anatomy of an Akira Ransomware Attack: When a Fake CAPTCHA Led to 42 Days of Compromise
2025-11-19 00:00:01
Unit 42 outlines a Howling Scorpius attack delivering Akira ransomware that originated from a fake CAPTCHA and led to a 42-day compromise.
The post Anatomy of an Akira Ransomware Attack: When a Fake CAPTCHA...
Multiples vulnérabilités dans les produits SolarWinds (19 novembre 2025)
19/11/2025
De multiples vulnérabilités ont été découvertes dans les produits SolarWinds. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une injection...
Multiples vulnérabilités dans les produits HPE Aruba Networking (19 novembre 2025)
19/11/2025
De multiples vulnérabilités ont été découvertes dans les produits HPE Aruba Networking. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance,...
Multiples vulnérabilités dans Microsoft Edge (19 novembre 2025)
19/11/2025
De multiples vulnérabilités ont été découvertes dans Microsoft Edge. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur. Microsoft indique que...
Multiples vulnérabilités dans les produits Fortinet (19 novembre 2025)
19/11/2025
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation...
Multiples vulnérabilités dans les produits VMware (19 novembre 2025)
19/11/2025
De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Multiples vulnérabilités dans les produits Atlassian (19 novembre 2025)
19/11/2025
De multiples vulnérabilités ont été découvertes dans les produits Atlassian. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité...