Toute l'actualité de la Cybersécurité
Sextortion emails: how to protect yourself
2025-12-08 16:44:29
Advice in response to the increase in sextortion scams
Shopping and paying safely online
2025-12-08 16:40:12
Tips to help you purchase items safely and avoid fraudulent websites.
How to recover an infected device
2025-12-08 16:33:45
Advice for those concerned a device has been infected.
Mitigating malware and ransomware attacks
2025-12-08 16:31:33
How to defend organisations against malware or ransomware attacks.
Recovering a hacked account
2025-12-08 16:28:06
A step by step guide to recovering online accounts.
Early Years practitioners: using cyber security to protect your settings
2025-12-08 16:26:12
How to protect sensitive information about your setting and the children in your care from accidental damage and online criminals.
Data breaches: guidance for individuals and families
2025-12-08 16:24:56
How to protect yourself from the impact of data breaches
New GhostFrame Super Stealthy Phishing Kit Attacks Millions of Users Worldwide
2025-12-08 16:15:49
A sophisticated new phishing kit called GhostFrame has already been used to launch over 1 million attacks. First discovered in September 2025 by Security researchers at Barracuda, this stealthy tool represents...
INE Earns G2 Winter 2026 Badges Across Global Markets
2025-12-08 15:16:40
Cary, North Carolina, USA, 8th December 2025, CyberNewsWire
FBI Warns of Hackers Altering Photos Found on Social Media to Use as Fake Proof
2025-12-08 16:11:13
A new alert warns people about a growing scam that uses altered photos to trick families into paying fake ransom demands. In a notice titled Alert Number: I-120525-PSA, dated December 5, 2025. The FBI...
How to spot scammers claiming to be from the NCSC
2025-12-08 15:47:27
Check that you're talking to a genuine NCSC employee, and not a criminal.
QuasarRAT Core Functionalities Along with Encrypted Configuration and Obfuscation Techniques Exposed
2025-12-08 15:29:28
QuasarRAT, initially surfacing in 2014 under the alias xRAT, began its lifecycle as a legitimate remote administration tool for Windows environments. Over the last decade, however, its open-source nature...
How phishers hide banking scams behind free Cloudflare Pages
2025-12-08 15:26:29
We found a campaign that hosts fake login pages on Cloudflare Pages and sends the stolen info straight to Telegram.
How Agentic BAS AI Turns Threat Headlines Into Defense Strategies
2025-12-08 15:02:12
Picus Security explains why relying on LLM-generated attack scripts is risky and how an agentic approach maps real threat intel to safe, validated TTPs. Their breakdown shows how teams can turn headline...
NVIDIA and Lakera AI Propose Unified Framework for Agentic System Safety
2025-12-08 14:55:32
As artificial intelligence systems become more autonomous, their ability to interact with digital tools and data introduces complex new risks. Recognizing this challenge, researchers from NVIDIA and Lakera...
Oracle EBS zero-day used by Clop to breach Barts Health NHS
2025-12-08 14:53:05
Clop ransomware stole data from Barts Health NHS after exploiting a zero-day in its Oracle E-Business Suite. Barts Health NHS confirmed that Clop ransomware group stole data by exploiting zero-day CVE-2025-61882...
Hackers Can Leverage Delivery Receipts on WhatsApp and Signal to Extract User Private Information
2025-12-08 14:24:43
Security researchers have exposed a critical privacy flaw dubbed “Careless Whisper” that lets attackers monitor user activity on WhatsApp and Signal through silent delivery receipts, without...
Hackers Leverage Multiple Ad Networks to Attack Adroid Users With Triada Malware
2025-12-08 14:20:30
Mobile security continues to face significant challenges as sophisticated malware campaigns evolve to bypass traditional defenses. The Triada Trojan, a persistent threat to Android users for nearly a...
IBM rachète Confluent pour 11 milliards $
2025-12-08 14:13:34
En s'emparant de Confluent, spécialiste du streaming de données en temps réel, IBM renforce son offre pour déployer l'IA générative et agentique en entreprise.
The post IBM rachète Confluent pour...
CISA Adds Critical React2Shell Vulnerability to KEV Catalog Following Active Exploitation
2025-12-08 14:11:37
A critical vulnerability affecting Meta React Server Components has been added to the Known Exploited Vulnerabilities catalog, signalling widespread active exploitation by CISA. Tracked as CVE-2025-55182,...
IBM renforce la protection DNS pour le trafic multicloud
2025-12-08 13:48:13
Pour éviter les pannes liées au DNS, IBM s’est associé à AWS pour dévoiler Cloud Sync en proposant une synchronisation (...)
Critical Cal.com Vulnerability Let Attackers Bypass Authentication Via Fake TOTP Codes
2025-12-08 13:45:35
A severe authentication bypass vulnerability has been discovered in cal.com, the popular open-source scheduling platform. Allowing attackers to gain unauthorized access to user accounts by submitting...
US Accounts for 44% of Cyber Attacks; Financial Gain Targets Public Administration
2025-12-08 13:41:57
The United States continues to face an unprecedented surge in cyber threats, accounting for nearly half of all documented cyber attacks globally between 2024 and 2025. Recent data from the Cyber Events...
AWS: China-linked threat actors weaponized React2Shell hours after disclosure
2025-12-08 13:37:42
Multiple China-linked threat actors began exploiting the CVE-2025-55182, aka React2Shell flaw, within hours, AWS Security warns. Multiple China-linked threat actors began exploiting the CVE-2025-55182,...
3 Real-World Penetration Testing Lessons For CISOS and Cybersecurity Teams
2025-12-08 13:31:55
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Dec. 8, 2025 – Read the full story from BreachLock Penetration testing is an offensive security testing methodology...
Scammers harvesting Facebook photos to stage fake kidnappings, warns FBI
2025-12-08 13:17:18
Family photos pulled from social media are being used as "proof-of-life" in virtual kidnapping scams, the FBI warns.
USN-7914-1: WebKitGTK vulnerabilities
2025-12-08 13:17:04
Several security issues were discovered in the WebKitGTK Web and JavaScript
engines. If a user were tricked into viewing a malicious website, a remote
attacker could exploit a variety of issues related...
Space Bears Ransomware Claims Comcast Data Theft Through Quasar Breach
2025-12-08 13:13:11
Space Bears ransowmare claims it obtained Comcast files through a breach at Quasar Inc, with threats to publish the data and separate leaks promised from Quasar itself.
Prompt injection is not SQL injection (it may be worse)
2025-12-08 13:02:30
There are crucial differences between prompt and SQL injection which – if not considered – can undermine mitigations.
⚡ Weekly Recap: USB Malware, React2Shell, WhatsApp Worms, AI IDE Bugs & More
2025-12-08 12:44:00
It's been a week of chaos in code and calm in headlines. A bug that broke the internet's favorite framework, hackers chasing AI tools, fake apps stealing cash, and record-breaking cyberattacks —...
L'UE sanctionne X : première amende historique dans le cadre du DSA
2025-12-08 11:59:46
L'amende de 120 millions € infligée à X par l'UE est une sanction inédite qui marque un tournant dans la régulation numérique européenne.
The post L’UE sanctionne X : première amende historique...
How Can Retailers Cyber-Prepare for the Most Vulnerable Time of the Year?
2025-12-08 11:58:00
The holiday season compresses risk into a short, high-stakes window. Systems run hot, teams run lean, and attackers time automated campaigns to get maximum return. Multiple industry threat reports show...
Des cyber-espions chinois ciblent avec persistance vCenter de VMware
2025-12-08 11:49:21
De plus en plus de cybercriminels s’en prennent aux environnements virtuels en particulier ceux de VMware. Selon un rapport de la Cisa (cybersecurity (...)
{ Tribune Expert } – Sécuriser la GenAI commence par un inventaire clair et une visibilité réelle sur ses composants
2025-12-08 11:18:26
La majorité des organisations manquent encore d'un inventaire fiable de leurs actifs IA, qu'il s'agisse de modèles internes ou de solutions tierces intégrées rapidement.
The post { Tribune Expert...
'Broadside' Mirai Variant Targets Maritime Logistics Sector
2025-12-08 11:17:12
"Broadside" is targeting a critical flaw in DVR systems to conduct command injection attacks, which can hijack devices to achieve persistence and move laterally.
Over 70 Domains Used in Months-Long Phishing Spree Against US Universities
2025-12-08 11:15:58
Infoblox Threat Intel reports a campaign that used the Evilginx phishing kit to bypass Multi-Factor Authentication (MFA) and steal credentials from 18 US universities between April and November 2025.
Evertrust lève 10 M€ pour s'imposer en leader de la PKI et du CLM
2025-12-08 11:02:05
Evertrust, spécialiste de la confiance numérique, vise le leadership européen avec l'appui d'un fonds américain, sur un marché porté par le raccourcissement de la durée de vie des certificats numériques.
The...
Android Malware FvncBot, SeedSnatcher, and ClayRat Gain Stronger Data Theft Features
2025-12-08 11:00:00
Cybersecurity researchers have disclosed details of two new Android malware families dubbed FvncBot and SeedSnatcher, as another upgraded version of ClayRat has been spotted in the wild.
The findings...
La faille React2Shell exploitée activement par des cybercriminels
2025-12-08 10:38:21
Ce n’était qu’une question de jours pour voir la faille React2Shell exploitée par des groupes de cybercriminels. Des chercheurs (...)
Cybersécurité et téléphonie IP : un examen approfondi s'impose
2025-12-08 10:22:06
Bien que la téléphonie IP soit souvent négligée en matière de sécurité, la protection des téléphones IP demeure une priorité constante. Les vulnérabilités potentielles peuvent également servir...
Proxmox lance une version stable de Datacenter Manager
2025-12-08 09:59:12
Après une version alpha en décembre 2024 puis une beta en septembre dernier, Proxmox a dégainé la version stable 1.0 de (...)
A method to assess 'forgivable' vs 'unforgivable' vulnerabilities
2025-12-08 09:58:58
Research from the NCSC designed to eradicate vulnerability classes and make the top-level mitigations easier to implement.
How to Build a Wi-Fi-Controlled USB Keyboard With an ESP32
2025-12-08 09:56:27
You can easily build a custom Wi-Fi-controlled USB keyboard using an ESP32-S2. Perfect for remote key presses, gaming macros, or custom HID devices. Hardware is cheap, software is simple, and the code...
Building Multi-Agent Systems That Communicate Reliably with the A2A Protocol
2025-12-08 09:45:03
Multi-agent systems often fail because agents don't speak the same language. This article explores Google's A2A (Agent-to-Agent) Protocol as the "universal translator" solution. We build "StoryLab," a...
Sneeit WordPress RCE Exploited in the Wild While ICTBroadcast Bug Fuels Frost Botnet Attacks
2025-12-08 09:15:00
A critical security flaw in the Sneeit Framework plugin for WordPress is being actively exploited in the wild, per data from Wordfence.
The remote code execution vulnerability in question is CVE-2025-6389...
Un assureur, un outil scolaire et de nouvelles fédérations sportives ciblées par un pirate
2025-12-08 09:14:29
Un pirate vise fédérations sportives, assureur et site éducatif, révélant de graves failles de cybersécurité dans l'écosystème français....
U.S. CISA adds a Meta React Server Components flaw to its Known Exploited Vulnerabilities catalog
2025-12-08 09:01:13
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Meta React Server Components flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security...
From Polymers to Composites: Venkata Repaka's Blueprint for Smarter Lightweighting
2025-12-08 08:44:59
Automotive lightweighting has become essential for vehicle efficiency, performance, and EV range. With over 20 years in engineering, Venkata N Chandra Sekhar Repaka demonstrates how advanced polymers,...
Bpost : un service de la poste piraté, 30 Go de données diffusées
2025-12-08 08:38:27
Fuite bpost : 30,46 Go de données structurées publiées par les nouveaux pirates du groupe Tridentlocker via un fournisseur....
Google Pixel : une mise à jour corrige plusieurs failles déjà exploitées par des hackers
2025-12-08 08:03:20
Les utilisateurs de smartphones Google Pixel doivent installer au plus vite la mise à jour de sécurité de décembre. Celle-ci corrige un total de 107 failles de sécurité, dont deux qui sont déjà...
A week in security (December 1 – December 7)
2025-12-08 08:03:00
A list of topics we covered in the week of December 1 to December 7 of 2025
Why So Much AI, Yet So Little Profit? A Closer Look at What Businesses Keep Missing
2025-12-08 07:59:59
Gartner's latest research shows a major gap between soaring AI adoption and actual financial ROI. Most AI fails because it isn't integrated into workflows, relies on poor data, stays stuck in pilots,...
The TechBeat: Why DataOps Is Becoming Everyone's Job—and How to Excel at It (12/8/2025)
2025-12-08 07:10:58
How are you, hacker?
🪐Want to know what's trending right now?:
The Techbeat by HackerNoon has got you covered with fresh content from our trending stories of the day! Set email preference here.
...
How Sunil Dua Uses Layered Systems Mapping to Transform Nonprofit Tech
2025-12-08 06:59:59
Nonprofits often face fragmented tech stacks that hinder mission delivery. Sunil Dua's Layered Systems Mapping provides a blueprint to align systems, data, and processes for clarity, integration, and...
MuddyWater Deploys UDPGangster Backdoor in Targeted Turkey-Israel-Azerbaijan Campaign
2025-12-08 06:46:00
The Iranian hacking group known as MuddyWater has been observed leveraging a new backdoor dubbed UDPGangster that uses the User Datagram Protocol (UDP) for command-and-control (C2) purposes.
The cyber...
Ravi Shankar Garapati Advances Intelligent Automotive Systems with AI and Cloud Integration Model
2025-12-08 06:44:59
Ravi Shankar Garapati's research introduces an AI-enabled, cloud-based predictive maintenance framework for connected vehicles. By analyzing telematics data with machine learning and visualizing insights...
Why EdTech Fails Neurodiverse Students and How Shafaq Bajwa Aims to Fix It
2025-12-08 05:59:59
Shafaq Bajwa, a data scientist turned special needs classroom assistant, exposes the gap between scalable EdTech and the real needs of neurodiverse learners. Her experience shows that independence, data,...
Sourcegraph Bets on Ads to Pay for AI Coding
2025-12-08 00:59:59
From Netflix to Spotify, ad-supported tiers are a staple component of the digital economy, offering product access in exchange for your eyeballs (figuratively speaking).
Multiples vulnérabilités dans MISP (08 décembre 2025)
08/12/2025
De multiples vulnérabilités ont été découvertes dans MISP. Elles permettent à un attaquant de provoquer une injection de code indirecte à distance (XSS).
Multiples vulnérabilités dans Traefik (08 décembre 2025)
08/12/2025
De multiples vulnérabilités ont été découvertes dans Traefik. Elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et un...
Multiples vulnérabilités dans les produits Microsoft (08 décembre 2025)
08/12/2025
De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.