Toute l'actualité de la Cybersécurité
New BlackForce Phishing Kit Lets Attackers Steal Credentials Using MitB Attacks and Bypass MFA
2025-12-12 10:41:50
A sophisticated phishing tool called BlackForce has emerged as a serious threat to organizations worldwide. First observed in August 2025, this professional-grade kit allows criminals to steal login information...
From Breach Fatigue to Brand Loyalty: Winning Customer Confidence in an Era of Constant Threats
2025-12-12 10:27:10
The Trust Crisis No One's Talking About Every breach, leak, or phishing attack doesn't just affect the targeted company—it reverberates across the broader consumer landscape. Each new headline chips...
How private is your VPN?
2025-12-12 10:25:00
After years of trying VPNs for myself, privacy-minded family members, and a few mission-critical projects, here's what I wish everyone knew.
Securing GenAI in the Browser: Policy, Isolation, and Data Controls That Actually Work
2025-12-12 10:18:00
The browser has become the main interface to GenAI for most enterprises: from web-based LLMs and copilots, to GenAI‑powered extensions and agentic browsers like ChatGPT Atlas. Employees are leveraging...
Deux failles dans Forticloud SSO à corriger
2025-12-12 10:04:04
Encore une alerte pour les administrateurs systèmes qui se servent de SSO (single sign-on) Forticloud pour authentifier l’accès aux (...)
Beware of Fake Leonardo DiCaprio Movie Torrent File Drops Agent Tesla Malware
2025-12-12 10:01:54
A new threat is targeting movie lovers who search for the latest films online. Cybercriminals are now using the popularity of Leonardo DiCaprio’s new film, One Battle After Another, to spread the...
Following the digital trail: what happens to data stolen in a phishing attack
2025-12-12 10:00:39
Kaspersky experts detail the journey of the victims' data after a phishing attack. We break down the use of email-based phishing kits, Telegram bots, and customized administration panels.
MITRE Releases Top 25 Most Dangerous Software Weaknesses of 2025
2025-12-12 09:51:34
MITRE has unveiled its 2025 Common Weakness Enumeration (CWE™) Top 25 Most Dangerous Software Weaknesses list, highlighting the root causes behind 39,080 Common Vulnerability and Exposure (CVE™) records...
CISA orders feds to patch actively exploited Geoserver flaw
2025-12-12 09:48:31
CISA has ordered U.S. federal agencies to patch a critical GeoServer vulnerability now actively exploited in XML External Entity (XXE) injection attacks. [...]
U.S. CISA adds an OSGeo GeoServer flaw to its Known Exploited Vulnerabilities catalog
2025-12-12 09:24:42
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds an OSGeo GeoServer flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an...
Ashen Lepus Hacker Group Attacks Eastern Diplomatic Entities With New AshTag Malware
2025-12-12 09:13:31
A Hamas‑affiliated threat group known as Ashen Lepus, also tracked as WIRTE, has launched a new espionage campaign against governmental and diplomatic entities across the Middle East. The group uses...
Fusion Broadcom-VMware : le CISPE muscle son recours en annulation
2025-12-12 09:09:27
Le CISPE estime que la dette et les promesses de croissance liées à l'opération auguraient de l'évolution de la politique commerciale.
The post Fusion Broadcom-VMware : le CISPE muscle son recours...
Apache Struts 2 DoS Vulnerability Let Attackers Crash Server
2025-12-12 09:04:39
A critical denial-of-service vulnerability has been discovered in Apache Struts 2, affecting multiple versions of the popular web application framework. The vulnerability, identified as CVE-2025-64775,...
New React RSC Vulnerabilities Enable DoS and Source Code Exposure
2025-12-12 08:55:00
The React team has released fixes for two new types of flaws in React Server Components (RSC) that, if successfully exploited, could result in denial-of-service (DoS) or source code exposure.
The team...
MITRE shares 2025's top 25 most dangerous software weaknesses
2025-12-12 08:43:16
MITRE has shared this year's top 25 list of the most dangerous software weaknesses behind over 39,000 security vulnerabilities disclosed between June 2024 and June 2025. [...]
React2Shell Exploitation Escalates into Large-Scale Global Attacks, Forcing Emergency Mitigation
2025-12-12 08:41:00
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has urged federal agencies to patch the recent React2Shell vulnerability by December 12, 2025, amid reports of widespread exploitation.
The...
Windows Remote Access Connection Manager Vulnerabilities Let Attackers Escalate Privileges
2025-12-12 08:35:50
Two critical privilege escalation flaws were disclosed in the Windows Remote Access Connection Manager on December 9, 2025. The vulnerabilities, tracked as CVE-2025-62472 and CVE-2025-62474, allow authorized...
Turn me on, turn me off: Zigbee assessment in industrial environments
2025-12-12 08:00:17
Kaspersky expert describes the Zigbee wireless protocol and presents two application-level attack vectors that allow Zigbee endpoints to be turned on and off.
CISA Warns of OSGeo GeoServer 0-Day Vulnerability Exploited in Attacks
2025-12-12 07:26:01
An urgent warning about a critical security flaw in OSGeo GeoServer, a widely used open-source geographic data-sharing server. CISA has added the vulnerability to its Known Exploited Vulnerabilities (KEV)...
MKVCinemas streaming piracy service with 142M visits shuts down
2025-12-12 07:14:31
An anti-piracy coalition has dismantled one of India's most popular streaming piracy services, which has provided free access to movies and TV shows to millions over the past two years. [...]
Hamas-Linked Hackers Probe Middle Eastern Diplomats
2025-12-12 07:00:00
Hamas's best hackers have been maturing, building better malware, and spreading their attacks more widely across the region.
CISA Flags Actively Exploited GeoServer XXE Flaw in Updated KEV Catalog
2025-12-12 05:01:00
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a high-severity security flaw impacting OSGeo GeoServer to its Known Exploited Vulnerabilities (KEV) catalog, based on...
Oracle Linux 9 ELSA-2025-23087 Grafana Moderate Threat Advisory
2025-12-12 04:58:25
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:
Oracle Linux 8: ELSA-2025-23128 Firefox Important Vulnerabilities
2025-12-12 04:57:23
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
Oracle Linux 8: ELSA-2025-23086 LUKSMeta Moderate Metadata Handling Fix
2025-12-12 04:57:21
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
Oracle Linux 8: ELSA-2025-23062 ruby Moderate Denial of Service
2025-12-12 04:57:19
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
Oracle Linux 7: ELSA-2025-21404 lasso Critical Type Confusion CVE-47151
2025-12-12 04:55:27
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:
New Vulnerabilities in React Server Components Allow DoS Attacks and Source Code Leaks
2025-12-12 02:25:09
Less than a week after addressing a critical Remote Code Execution (RCE) vulnerability, the React team has disclosed three additional security flaws affecting React Server Components (RSC). Security researchers...
Fedora 42: yarnpkg Command Injection Fix CVE-2025-64756 Advisory
2025-12-12 01:46:26
Fix CVE-2205-64756.