Toute l'actualité de la Cybersécurité
Metasploit Wrap-Up 12/05/2025
2025-12-05 20:58:04
Twonky Auth Bypass, RCEs and RISC-V Reverse Shell PayloadsThis was another fantastic week in terms of PR contribution to the Metasploit Framework. Rapid7's very own Ryan Emmons recently disclosed CVE-2025-13315...
India Rolls Back App Mandate Amid Surveillance Concerns
2025-12-05 20:06:26
Remember when Apple put that U2 album in everyone's music libraries? India wanted to do that to all of its citizens, but with a cybersecurity app. It wasn't a good idea.
Microsoft named a leader in the 2025 Gartner® Magic Quadrant™ for Email Security
2025-12-05 20:00:00
Microsoft has been named a Leader in the 2025 Gartner® Magic Quadrant™ for Email Security, which we believe highlights the innovative capabilities of Microsoft Defender for Office 365.
The post Microsoft...
Barts Health NHS discloses data breach after Oracle zero-day hack
2025-12-05 18:55:26
Barts Health NHS Trust has announced that Clop ransomware actors have stolen files from a database by exploiting a vulnerability in its Oracle E-business Suite software. [...]
Salt Security Unveils New AI-Powered Capabilities, Expanding API Visibility and Protecting Emerging MCP Infrastructure
2025-12-05 18:22:12
Salt Security used the stage at AWS re:Invent this week to unveil two major enhancements to its API Protection Platform, introducing a generative AI interface powered by Amazon Bedrock and extending its...
Zero-Click Agentic Browser Attack Can Delete Entire Google Drive Using Crafted Emails
2025-12-05 17:53:00
A new agentic browser attack targeting Perplexity's Comet browser that's capable of turning a seemingly innocuous email into a destructive action that wipes a user's entire Google Drive contents, findings...
Keeper Security Appoints New Chief Revenue Officer
2025-12-05 17:49:25
Keeper Security has announced the appointment of Tim Strickland as Chief Revenue Officer (CRO). Strickland will lead Keeper's global revenue organisation, driving go-to-market strategy, customer growth...
Sprocket Security Earns Repeat Recognition in G2's Winter 2025 Relationship Index for Penetration Testing
2025-12-05 15:24:38
Madison, United States, 5th December 2025, CyberNewsWire
Criminal IP to Host Webinar: Beyond CVEs – From Visibility to Action with ASM
2025-12-05 15:00:40
Torrance, California, USA, 5th December 2025, CyberNewsWire
Netflix Acquires Warner Bros. Studios and HBO in Landmark .7 Billion Megadeal
2025-12-05 16:56:41
Netflix has struck a transformative deal to acquire Warner Bros. studios, HBO, and HBO Max from Warner Bros. Discovery (WBD) in a cash-and-stock transaction valued at .7 billion. The move catapults...
As Ethereum (ETH) Struggles in Q4 This New Altcoin Surges 250% Hits 95% Phase 6 Allocation
2025-12-05 16:55:40
Mutuum Finance is building a decentralized lending system focused on predictable returns, clear borrowing rules and tighter safety controls. The platform uses two lending environments, letting users supply...
La Cour des comptes tacle le SI des services d'incendie et secours
2025-12-05 16:53:19
La modernisation des systèmes d’information des SIS (services d’incendie et secours) présents dans plusieurs régions de (...)
Paribu Acquires CoinMENA, MENA's Largest Local Crypto Exchange
2025-12-05 16:48:29
Türkiye's leading digital asset platform Paribu has acquired CoinMENA, the largest local crypto exchange in the Middle East and North Africa (MENA) The deal represents Türkiy'S largest fintech transaction...
One-Person Production: Wondershare Filmora V15 Empowers Solo Creators With AI
2025-12-05 16:43:24
AI is transforming the video-making process of creators. Learn how WondershareFilmora V15 helps individual creators edit smarter using powerful AI.
La gestion des accès se détache des mots de passe
2025-12-05 16:39:25
Gartner perçoit une adoption répandue de l'authentification sans mot de passe dans le cadre des solutions autonomes de gestion des accès.
The post La gestion des accès se détache des mots de passe...
FBI warns of virtual kidnapping scams using altered social media photos
2025-12-05 16:37:28
The FBI warns of criminals altering images shared on social media and using them as fake proof of life photos in virtual kidnapping ransom scams. [...]
So You Want to Build a Writing Career?
2025-12-05 16:30:03
This comprehensive guide covers everything from finding your voice to mastering SEO. Learn how to turn your writing into a career asset with HackerNoon.
Critical XXE Bug CVE-2025-66516 (CVSS 10.0) Hits Apache Tika, Requires Urgent Patch
2025-12-05 16:23:00
A critical security flaw has been disclosed in Apache Tika that could result in an XML external entity (XXE) injection attack.
The vulnerability, tracked as CVE-2025-66516, is rated 10.0 on the CVSS scoring...
Threat Actors Deploying CoinMiner Malware via USB Drives Infecting Workstations
2025-12-05 16:19:36
Cybercriminals are actively spreading CoinMiner malware through USB drives, targeting workstations across South Korea to mine Monero cryptocurrency. This ongoing campaign uses deceptive shortcut files...
Beyond the Hype: New Study Finds AI Slashes Professional Task Time by 80% The deba...
2025-12-05 16:15:05
Anthropic study shows how people are using AI today. The average task would take a human professional about 90 minutes (1.4 hours) to complete without AI assistance. The researchers calculate that this...
The HackerNoon Newsletter: Why Gemini 3.0 is a Great Builder But Still Needs a Human in the Loop (12/5/2025)
2025-12-05 16:01:42
How are you, hacker?
🪐 What's happening in tech today, December 5, 2025?
The
HackerNoon Newsletter
brings the HackerNoon
...
MuddyWater Hackers Using UDPGangster Backdoor to Attack Windows Systems Evading Network Defenses
2025-12-05 15:53:30
A sophisticated cyber threat has emerged targeting Windows systems across multiple countries in the Middle East. UDPGangster, a UDP-based backdoor, represents a dangerous new weapon in the arsenal of...
Cloudflare Outage Traced to Emergency React2Shell Patch Deployment
2025-12-05 15:38:52
Cloudflare’s global network suffered a brief but widespread disruption this morning, lasting approximately 25 minutes, due to an internal change in its Web Application Firewall (WAF) designed to...
Threat Landscape Grows Increasingly Dangerous for Manufacturers
2025-12-05 15:34:58
Manufacturers are the top target for cyberattacks in 2025 because of their still-plentiful cybersecurity gaps and a lack of expertise.
New Variant of ClayRat Android Spyware Seize Full Device Control
2025-12-05 15:21:55
The dangerous ClayRat Android spyware has evolved, gaining the ability to steal PINs, record screens, and disable security by abusing Accessibility Services. Users must beware of fake apps spreading through...
AWS Execution Roles Enable Subtle Privilege Escalation in SageMaker and EC2
2025-12-05 15:15:30
A persistent privilege escalation technique in AWS that allows attackers with limited permissions to execute code under higher-privileged execution roles on EC2 instances and SageMaker notebook instances....
React2Shell Vulnerability Under Attack From China-Nexus Groups
2025-12-05 15:14:26
A maximum-severity vulnerability affecting the React JavaScript library has been exploited in the wild, further stressing the need to patch now.
Hackers Using CastleRAT Malware to Attack Windows Systems and Gain Remote Access
2025-12-05 15:03:45
A new Remote Access Trojan known as CastleRAT has emerged as a growing threat to Windows systems worldwide. First observed around March 2025, this malware enables attackers to gain complete remote control...
A Practical Guide to Continuous Attack Surface Visibility
2025-12-05 15:00:10
Passive scan data goes stale fast as cloud assets shift daily, leaving teams blind to real exposures. Sprocket Security shows how continuous, automated recon gives accurate, up-to-date attack surface...
How to Build Resilient APIs With Resilience4j Circuit Breaker in Spring Boot
2025-12-05 15:00:04
Learn how to make your microservice calls resilient using the Circuit Breaker pattern with Resilience4j and Spring Boot. The pattern: Detects a failing dependency, stops sending requests to it, returns...
CISOs Should Be Asking These Quantum Questions Today
2025-12-05 15:00:00
As quantum quietly moves beyond lab experiment and into production workflows, here's what enterprise security leaders should be focused on, according to Lineswala.
EU fines X 0 million over deceptive blue checkmarks
2025-12-05 14:41:01
The European Commission has fined X €120 million (0 million) for violating transparency obligations under the Digital Services Act (DSA). [...]
Russian Hackers Spoof European Events in Targeted Phishing Attacks
2025-12-05 14:32:35
Russian threat actors are running a new wave of phishing campaigns that spoof major European security events to quietly steal cloud credentials. Invitations that look legitimate, often tied to conferences...
Critical Apache Tika Core Vulnerability Exploited by Uploading Malicious PDF
2025-12-05 14:22:08
A critical security vulnerability in Apache Tika has been discovered that allows attackers to compromise systems by uploading specially crafted PDF files. Organizations worldwide are urged to patch immediately....
Encore une panne mondiale pour Cloudflare
2025-12-05 14:19:15
Bis repetita. Plusieurs sites n’étaient plus accessibles ce matin : Linkedin, Canva, Doctolib,… Ils ont eu l’impression (...)
The Shift from Ad-Hoc Competitive Research to Always-On Competitive Intelligence in B2B SaaS
2025-12-05 14:11:42
Traditional competitive research cycles can't keep up with the speed of modern SaaS markets. Always-on CI—powered by AI monitoring, structured insights, and real-time updates—helps PMMs and GTM...
Chinese Hackers Have Started Exploiting the Newly Disclosed React2Shell Vulnerability
2025-12-05 14:10:00
Two hacking groups with ties to China have been observed weaponizing the newly disclosed security flaw in React Server Components (RSC) within hours of it becoming public knowledge.
The vulnerability...
Voices of the Experts: What to Expect from Our Predictions Webinar
2025-12-05 14:02:10
Every year, Rapid7 brings together some of the most experienced minds in cybersecurity to pause, zoom out, and take stock of where the threat landscape is heading. Last year's predictions webinar sparked...
Cloudflare tombe en panne en intervenant sur une faille critique
2025-12-05 13:57:55
Panne brève mais remarquée chez Cloudflare, qui l'impute à une mesure prise pour atténuer l'effet d'une faille critique.
The post Cloudflare tombe en panne en intervenant sur une faille critique appeared...
Cloudflare blames today's outage on React2Shell mitigations
2025-12-05 13:53:26
Cloudflare has blamed today's outage on the emergency patching of a critical React remote code execution vulnerability, which is now actively exploited in attacks. [...]
Here's What GPA You Need To Study In The Cybersecurity Field
2025-12-05 13:49:36
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Dec. 5, 2025 – Read the full story in Bolde High school students and parents, listen up! Some fields are skyrocketing...
Hausse des prix de Microsoft 365 pour les entreprises en 2026
2025-12-05 13:45:34
Alors que les solutions bureautiques et collaboratives souveraines se multiplient en France (Hexagone, Leviia Next, Oodrive Work et Meet, Private (...)
Leaks show Intellexa burning zero-days to keep Predator spyware running
2025-12-05 13:31:54
A fresh investigation uncovers how Predator spyware still reaches victims through high-priced, newly bought zero-days.
PromptPwnd Vulnerability Exposes AI driven build systems to Data Theft
2025-12-05 13:25:53
Aikido Security exposes a new AI prompt injection flaw in GitHub/GitLab pipelines, letting attackers steal secrets. Major companies affected.
JPCERT/CC Reports Widespread Exploitation of Array Networks AG Gateway Vulnerability
2025-12-05 13:19:55
Array Networks AG gateways have been under active exploitation since August 2025 due to a command injection flaw, JPCERT/CC warns. A command injection flaw in Array Networks AG Series gateways, affecting...
Pharma firm Inotiv discloses data breach after ransomware attack
2025-12-05 13:05:52
American pharmaceutical firm Inotiv is notifying thousands of people that they're personal information was stolen in an August 2025 ransomware attack. [...]
Des kits de phishing as a service affaiblissent le MFA
2025-12-05 11:52:17
Des chercheurs de la société Any.Run ont découvert une campagne de phishing très efficace. Elle repose sur la combinaison de (...)
Vulnérabilité critique « React2Shell » (CVSS 10)
2025-12-05 11:51:38
Voici l’analyse et les conclusions de l'équipe JFrog Security Research concernant les vulnérabilités critiques React2Shell (CVE-2025-55182 et CVE-2025-66478). Tribune – Avec un taux de...
Trois ans après, que devient le catalogue Gaia-X du CISPE ?
2025-12-05 11:47:45
Fin 2022, le CISPE présentait un démonstrateur de son catalogue de services « compatibles Gaia-X ». Il a connu plusieurs incarnations depuis.
The post Trois ans après, que devient le catalogue Gaia-X...
Intellexa Leaks Reveal Zero-Days and Ads-Based Vector for Predator Spyware Delivery
2025-12-05 11:47:00
A human rights lawyer from Pakistan's Balochistan province received a suspicious link on WhatsApp from an unknown number, marking the first time a civil society member in the country was targeted by Intellexa's...
"Getting to Yes": An Anti-Sales Guide for MSPs
2025-12-05 11:30:00
Most MSPs and MSSPs know how to deliver effective security. The challenge is helping prospects understand why it matters in business terms. Too often, sales conversations stall because prospects are overwhelmed,...
Critical React2Shell flaw actively exploited in China-linked attacks
2025-12-05 11:26:07
Multiple China-linked threat actors began exploiting the React2Shell vulnerability (CVE-2025-55182) affecting React and Next.js just hours after the max-severity issue was disclosed. [...]
BRICKSTORM backdoor exposed: CISA warns of advanced China-backed intrusions
2025-12-05 11:03:50
CISA details BRICKSTORM, a China-linked backdoor used by China-linked APTs to secure long-term persistence on compromised systems. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has...
Ubuntu 22.04: Linux Kernel Azure Important Security Flaws USN-7910-2
2025-12-05 11:03:10
Several security issues were fixed in the Linux kernel.
USN-7910-2: Linux kernel (Azure) vulnerabilities
2025-12-05 10:59:35
Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered
that the Linux kernel contained insufficient branch predictor isolation
between a guest and a userspace hypervisor for certain...
Ubuntu 22.04: Important Linux Kernel Updates Addressing Security Flaws
2025-12-05 10:56:16
Several security issues were fixed in the Linux kernel.
Pour étendre l'observabilité, LogicMonitor acquiert Catchpoint
2025-12-05 10:56:08
Afin de répondre à la complexité des infrastructures IA et des charges de travail distribuées, LogicMonitor a annoncé (...)
USN-7909-4: Linux kernel vulnerabilities
2025-12-05 10:51:05
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM32 architecture;
...
Ubuntu 22.04 LTS: Linux Kernel Critical Security Vulnerability USN-7889-5
2025-12-05 10:47:37
Several security issues were fixed in the Linux kernel.
USN-7889-5: Linux kernel (IBM) vulnerabilities
2025-12-05 10:41:47
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Media drivers;
...
Ubuntu 25.10: Linux GCP Kernel Critical Security Issues USN-7906-2
2025-12-05 10:38:20
Several security issues were fixed in the Linux kernel.
USN-7906-2: Linux kernel (GCP) vulnerabilities
2025-12-05 10:31:43
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- x86 architecture;
...
A Simple Hardware Question Exposes the Limits of Today's LLMs
2025-12-05 10:29:00
An engineer compares an LLM's fabricated claims about printheads with real-world data, revealing why statistical models fail at physical reasoning—and why technical decisions should never rely on...
Building the "TCP/IP" of Modern Messaging: Architecting a Universal Communication Highway
2025-12-05 10:20:47
Modern messaging apps are protocol based, which is why we need a Universal Messaging Highway (UMH) that abstracts platform complexities. The UMH acts as a platform agnostic communication interface designed...
Django 6.0 Is Here: Background Tasks, Partials, and Why We Might Finally Delete Celery
2025-12-05 09:44:56
Django 6.0 delivers long-awaited native features—lightweight background tasks, first-class template partials, and built-in CSP—marking a major shift toward a more modern, full-stack framework. This...
Why More VARs and SIs Are Embedding Melissa Into Their Enterprise Solutions
2025-12-05 09:32:25
Melissa helps VARs and SIs deliver faster, more accurate, and compliant solutions through powerful verification APIs, global datasets, and plug-and-play integrations. Partners reduce rework, strengthen...
Cloudflare down, websites offline with 500 Internal Server Error
2025-12-05 09:12:15
Cloudflare is down, as websites are crashing with a 500 Internal Server Error. Cloudflare is investigating the reports. [...]
Free .cv Domains for Everyone: A Tiny Island Nation Is Rewriting the Future of Professional Profiles
2025-12-05 09:00:04
Cape Verde wants to turn its country code, .cv, into a global identity layer for the AI era. Its partner operator Ola.cv believes profiles should live on the open internet, not inside a corporate network....
LVMH avance prudemment sur les agents IA
2025-12-05 08:51:49
Après 5 ans de travail sur la data, l'IA et l'IA générative, le groupe LVMH franchit progressivement une nouvelle étape en (...)
Enhancing Linux Email Security: Identify Malicious Attachments Effectively
2025-12-05 08:41:09
Suspicious emails rarely confess in the body. The clues live in headers, MIME parts, and tiny inconsistencies between what a message claims and what it actually delivers. If your team can read those signals...
Galaxy Z TriFold : Samsung joue la carte « station de travail »
2025-12-05 08:28:04
Avec son premier smartphone à double pliage, Samsung choisit l'angle « station de travail portable », à l'appui d'un mode desktop autonome.
The post Galaxy Z TriFold : Samsung joue la carte « station...
CISA Reports PRC Hackers Using BRICKSTORM for Long-Term Access in U.S. Systems
2025-12-05 08:14:00
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday released details of a backdoor named BRICKSTORM that has been put to use by state-sponsored threat actors from the People's...
JPCERT Confirms Active Command Injection Attacks on Array AG Gateways
2025-12-05 05:40:00
A command injection vulnerability in Array Networks AG Series secure access gateways has been exploited in the wild since August 2025, according to an alert issued by JPCERT/CC this week.
The vulnerability,...
Secure Boot: Strengthening Linux System Integrity from the Firmware Up
2025-12-05 03:19:52
Secure Boot sits at the point where firmware and operating system trust intersect, and it decides what code is allowed to start the machine. Most systems treat it like background plumbing, but it has...
Oracle Identity Manager Pre-Auth RCE
2025-12-05 03:15:17
What is the Vulnerability?
CVE-2025-61757 is a critical pre-authentication remote code execution vulnerability in Oracle Identity Manager's REST...
Fedora 42: libcoap Security Update 2025-6a43695048 for Denial of Service
2025-12-05 02:43:01
Update to security release 4.3.5a
Fedora 42: timg Memory-Safety Fixes Update FEDORA-2025-f0df882417
2025-12-05 02:43:00
Rebuilt with latest patched stb_image: memory-safety fixes
Multiples vulnérabilités dans NetApp ONTAP (05 décembre 2025)
05/12/2025
De multiples vulnérabilités ont été découvertes dans NetApp ONTAP. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité...
Multiples vulnérabilités dans les produits Nextcloud (05 décembre 2025)
05/12/2025
De multiples vulnérabilités ont été découvertes dans les produits Nextcloud. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une...
Vulnérabilité dans Apache Struts (05 décembre 2025)
05/12/2025
Une vulnérabilité a été découverte dans Apache Struts. Elle permet à un attaquant de provoquer un déni de service à distance.
Vulnérabilité dans Python (05 décembre 2025)
05/12/2025
Une vulnérabilité a été découverte dans Python. Elle permet à un attaquant de provoquer un déni de service à distance.
Multiples vulnérabilités dans Microsoft Edge (05 décembre 2025)
05/12/2025
De multiples vulnérabilités ont été découvertes dans Microsoft Edge. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité et un problème de sécurité non...
Multiples vulnérabilités dans Microsoft CBL Mariner (05 décembre 2025)
05/12/2025
De multiples vulnérabilités ont été découvertes dans Microsoft CBL Mariner. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Multiples vulnérabilités dans Apache HTTP Server (05 décembre 2025)
05/12/2025
De multiples vulnérabilités ont été découvertes dans Apache HTTP Server. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une falsification...
Multiples vulnérabilités dans les produits IBM (05 décembre 2025)
05/12/2025
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service...
Multiples vulnérabilités dans le noyau Linux de SUSE (05 décembre 2025)
05/12/2025
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une...
Multiples vulnérabilités dans le noyau Linux de Red Hat (05 décembre 2025)
05/12/2025
De multiples vulnérabilités ont été découvertes dans le noyau Linux de Red Hat. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service...
Multiples vulnérabilités dans le noyau Linux d'Ubuntu (05 décembre 2025)
05/12/2025
De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une...