Toute l'actualité de la Cybersécurité
Comet Browser Flaw Lets Hidden API Run Commands on Users' Devices
2025-11-20 12:30:57
SquareX warns Perplexity's Comet AI browser contains a hidden MCP API that bypasses security, allowing attackers to install malware and seize full device control.
Threat Actors Allegedly Selling Microsoft Office 0-Day RCE Vulnerability on Hacking Forums
2025-11-20 12:17:01
A threat actor known as Zeroplayer has reportedly listed a zero-day remote code execution (RCE) vulnerability, combined with a sandbox escape, targeting Microsoft Office and Windows systems for sale on...
Développement d'applications IA : une demande sectorielle pour l'heure insatisfaite
2025-11-20 12:14:36
En matière de développement d'apps IA, Gartner relève un décalage entre les besoins sectoriels et la capacité des offreurs à y répondre.
The post Développement d’applications IA : une demande...
Threat Actors Pioneering a New Operational Model That Combines Digital and Physical Threats
2025-11-20 11:50:46
Nation-state actors are fundamentally changing how they conduct military operations. The boundary between digital attacks and physical warfare is disappearing rapidly. Instead of treating cybersecurity...
Inside the dark web job market
2025-11-20 11:37:00
This report examines how employment and recruitment function on the dark web, based on over 2,000 job-related posts collected from shadow forums between January 2023 and June 2025.
CTM360 Exposes a Global WhatsApp Hijacking Campaign: HackOnChat
2025-11-20 11:30:00
CTM360 has identified a rapidly expanding WhatsApp account-hacking campaign targeting users worldwide via a network of deceptive authentication portals and impersonation pages. The campaign, internally...
Critical N-able N-central Vulnerabilities Allow attacker to interact with legacy APIs and read sensitive files
2025-11-20 11:24:01
N-able’s N-central remote management and monitoring (RMM) platform faces critical security risks following the discovery of multiple vulnerabilities. According to Horizon3.ai, it allows unauthenticated...
Critical Twonky Server Vulnerabilities Let Attackers Bypass Authentication
2025-11-20 11:18:52
Twonky Server version 8.5.2 contains two critical authentication bypass vulnerabilities that allow unauthenticated attackers to gain full administrative access to the media server software. Rapid7 discovered...
Mozilla Firefox 145 Rolls Out With Advanced Fingerprint Protection
2025-11-20 11:06:54
Taking another leap towards securing users' digital privacy, Mozilla rolls out Firefox 145 with enhanced…
Mozilla Firefox 145 Rolls Out With Advanced Fingerprint Protection on Latest Hacking News...
New Sturnus Android Trojan Quietly Captures Encrypted Chats and Hijacks Devices
2025-11-20 11:04:00
Cybersecurity researchers have disclosed details of a new Android banking trojan called Sturnus that enables credential theft and full device takeover to conduct financial fraud.
"A key differentiator...
Un copier-coller de code fragilise plusieurs frameworks d'inférence
2025-11-20 11:01:11
La sécurité de l’IA prend une place de plus en plus importante au fur et à mesure que la technologie se développe. Des (...)
Why the World's Vulnerability Index Cannot Keep Up
2025-11-20 11:00:02
The Common Vulnerabilities and Exposures (CVE) system has been called the backbone of modern cybersecurity. For decades, it's been the shared language connecting scanners, advisories, compliance...
Crypto mixer founders sent to prison for laundering over 7 million
2025-11-20 10:49:37
The founders of the Samourai Wallet (Samourai) cryptocurrency mixing service have been sent to prison for helping criminals launder over 7 million. [...]
Cyber-enabled kinetic targeting: Iran-linked actor uses cyber operations to support physical attacks
2025-11-20 10:28:13
Iran-linked actors mapped ship AIS data ahead of a missile strike attempt, highlighting the rise of cyber operations enabling real-world attacks. Iran-linked threat actors mapped ship Automatic Identification...
Researchers Disclosed Analysis of Rhadamanthys Loader's Anti-Sandboxing and Anti-AV Emulation Features
2025-11-20 10:27:35
Rhadamanthys has emerged as one of the most dangerous stealer malware programs since its first appearance in 2022. This advanced threat continues to challenge security teams with its ability to steal...
Avec Delos Cloud, SAP assure la continuité des services Azure en Europe
2025-11-20 10:23:22
A l’occasion du sommet franco-allemand sur la souveraineté numérique qui s’est déroulé à Berlin le 17 novembre, (...)
Blockchain and Node.js abused by Tsundere: an emerging botnet
2025-11-20 10:00:13
Kaspersky GReAT experts discovered a new campaign featuring the Tsundere botnet. Node.js-based bots abuse web3 smart contracts and are spread via MSI installers and PowerShell scripts.
ML Tool Spots 80% of Vulnerability-Inducing Commits Ahead of Time
2025-11-20 10:00:03
This article outlines a machine-learning approach that predicts vulnerable code changes before submission, demonstrates high precision on large open-source datasets, and calls for community-wide sharing...
Multi-threat Android malware Sturnus steals Signal, WhatsApp messages
2025-11-20 10:00:00
A new Android banking trojan named Sturnus can capture communication from end-to-end encrypted messaging platforms like Signal, WhatsApp, and Telegram, as well as take complete control of the device....
NSA Issues Guidance for ISPs and Network Defenders to Combat Malicious Activity
2025-11-20 09:41:42
The National Security Agency (NSA), in collaboration with the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and multiple international partners, has released a comprehensive cybersecurity...
Le partenariat SAP-Mistral AI trouve un relais dans l'administration publique
2025-11-20 09:23:51
En partenariat depuis mi-2024, SAP et Mistral AI vont signer un accord-cadre avec Paris et Berlin pour servir les administrations publiques.
The post Le partenariat SAP-Mistral AI trouve un relais dans...
Ollama Vulnerabilities Let Attackers Execute Arbitrary Code by Parsing of Malicious Model Files
2025-11-20 09:16:05
A severe vulnerability in Ollama, one of GitHub’s most popular open-source projects, with over 155,000 stars. The flaw enables attackers to execute arbitrary code on systems running vulnerable versions...
How Developer Credential Theft Is Fueling the Next Wave of Cyberattacks
2025-11-20 09:00:03
This article reviews major research on software supply chain attacks, their rising reliance on developer credential compromise, existing mitigation techniques, and how new models aim to predict vulnerable...
CISA Warns of Google Chrome 0-Day Vulnerability Exploited in Attacks
2025-11-20 08:58:51
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert about a zero-day vulnerability in Google Chrome, actively exploited by threat actors. CVE-2025-13223 is a flaw...
Les pratiques cloud d'AWS et Microsoft dans le viseur de l'Europe
2025-11-20 08:55:46
A souveraineté, souveraineté et demie ! Le sommet franco-allemand sur la souveraineté numérique européenne, qui réunit (...)
Les cybercriminels créent plus de 30 sites web frauduleux utilisant COP 30 comme appât pour tromper leurs victimes
2025-11-20 08:16:33
Kaspersky alerte sur l’émergence d’escroqueries exploitant l’engouement autour de la conférence pour dérober des données personnelles et des informations confidentielles. Tribune...
pi GPT Tool Turns Your Raspberry Pi into A ChatGPT Powered AI-managed device
2025-11-20 08:07:56
pi GPT, a custom integration for OpenAI’s ChatGPT that transforms everyday Raspberry Pi devices into fully managed AI-powered workstations. Announced on November 18, 2025, this tool empowers developers,...
Iran-Linked Hackers Mapped Ship AIS Data Days Before Real-World Missile Strike Attempt
2025-11-20 07:35:00
Threat actors with ties to Iran engaged in cyber warfare as part of efforts to facilitate and enhance physical, real-world attacks, a trend that Amazon has called cyber-enabled kinetic targeting.
The...
Agent 365 : après l'orchestration, Microsoft promet l'encadrement de l'IA agentique
2025-11-20 07:11:15
Sous la bannière Agent 365, Microsoft adapte son socle Entra-Purview-Defender pour constituer un plan de contrôle - mais pas d'orchestration - des agents IA.
The post Agent 365 : après l’orchestration,...
The TechBeat: Can 25 Superhumans Run a 0M Freight Operation? T3RA's AI Visionary Mukesh Kumar Thinks So (11/20/2025)
2025-11-20 07:11:02
How are you, hacker?
🪐Want to know what's trending right now?:
The Techbeat by HackerNoon has got you covered with fresh content from our trending stories of the day! Set email preference here.
...
China-Nexus APT Group Leverages DLL Sideloading Technique to Attack Government and Media Sectors
2025-11-20 05:50:10
A targeted cyber espionage campaign has emerged across Southeast Asia, specifically affecting government and media organizations in countries surrounding the South China Sea. The campaign, which has been...
The Digital Steroid – AI + HITL+ Process Mindset
2025-11-20 05:45:58
AI agents are advancing rapidly, but without strong processes, domain expertise, and human-in-the-loop oversight, they risk catastrophic errors. Using supply chain examples, this article shows why organizations...
Beckett Collectibles - 541,132 breached accounts
2025-11-20 05:41:12
In November 2025, Beckett Collectibles experienced a data breach accompanied by website content defacement. The stolen data was later advertised for sale on a prominent hacking forum, with portions subsequently...
Jonathane Ricci: Law, Perception, and Power – Why Reputation Is the New Currency
2025-11-20 05:36:27
Reputation now functions as a volatile global currency—shaping access to capital, trust, and opportunity. Legal expert Jonathane Ricci outlines how digital narratives outpace evidence, why traditional...
Anbarasu Arivoli Honored with TITAN Business Award and Distinguished IT Innovator of the Year
2025-11-20 05:32:40
Anbarasu Arivoli is recognized with the TITAN Business Award and Distinguished IT Innovator of the Year for advancing large-scale AI automation, microservice design, and enterprise chatbot frameworks....
How Arpita Soni Is Building the Future of Intelligent, Autonomous Enterprises
2025-11-20 05:25:16
Arpita Soni is a global transformation leader modernizing regulated industries through AI-driven automation, generative AI, quality engineering, and enterprise data systems. Her frameworks deliver up...
How TempAI's Copilot Supports Sales Teams in Real Time
2025-11-20 05:11:37
TempAI fills a major gap in sales tech by offering real-time call guidance instead of after-the-fact summaries. Built by CEO Tim Gunderson, Offline Studio, and James Hamilton, the platform acts like an...
TamperedChef Malware Spreads via Fake Software Installers in Ongoing Global Campaign
2025-11-20 04:06:00
Threat actors are leveraging bogus installers masquerading as popular software to trick users into installing malware as part of a global malvertising campaign dubbed TamperedChef.
The end goal of the...
Eurofiber - 10,003 breached accounts
2025-11-20 02:44:14
In November 2025, Eurofiber France disclosed a data breach of its ticket management platform. Data containing 10k unique email addresses and a smaller number of names and phone numbers was subsequently...
Vultr - 187,872 breached accounts
2025-11-20 01:22:52
In March 2023, the "AI-first global cloud platform" Vultr disclosed a security incident at a third-party vendor. Dating back to the previous year, the incident was attributed to the ActiveCampaign email...
Understanding The GENIUS Act: What You Need to Know
2025-11-20 00:23:22
The GENIUS Act is an American law passed on July 18th, 2025 to create clear national rules for stablecoins. The Act clarifies who can issue stablecoins, how they must be backed and how consumers are protected....
OpenAI says its latest GPT-5.1 Codex can code independently for hours
2025-11-20 00:00:00
OpenAI has started rolling out GPT 5.1-Codex-Max on Codex with a better performance on coding tasks. [...]