Toute l'actualité de la Cybersécurité


Fallacy Failure Attack

2025-11-26 22:37:00
AI Security Insights for November 2025

Lire la suite »

Shai-Hulud v2 Campaign Spreads From npm to Maven, Exposing Thousands of Secrets

2025-11-26 18:08:00
The second wave of the Shai-Hulud supply chain attack has spilled over to the Maven ecosystem after compromising more than 830 packages in the npm registry. The Socket Research Team said it identified...

Lire la suite »

Multiple London councils' IT systems disrupted by cyberattack

2025-11-26 17:26:11
The Royal Borough of Kensington and Chelsea (RBKC) and the Westminster City Council (WCC) announced that they are experiencing service disruptions following a cybersecurity issue. [...]

Lire la suite »

Meet Rey, the Admin of ‘Scattered Lapsus$ Hunters'

2025-11-26 17:22:36
A prolific cybercriminal group that calls itself "Scattered LAPSUS$ Hunters" made headlines regularly this year by stealing data from and publicly mass extorting dozens of major corporations. But the...

Lire la suite »

L'Anssi analyse les menaces liées à la téléphonie mobile

2025-11-26 17:20:37
L'augmentation croissante des usages liés aux smartphones aussi bien à titre personnel que professionnel suscite l’intérêt (...)

Lire la suite »

Black Friday 2025: Smarter, Faster and AI-Powered Scams Drive a Surge in Cyber Threats

2025-11-26 17:11:27
As retailers prepare for another record-breaking Black Friday, cybersecurity experts are warning that this year's threats are not only bigger than ever but far more intelligent, automated and difficult...

Lire la suite »

This Black Friday & Holiday Season, HackerNoon Has Your Tech Marketing Covered 🎁 💚

2025-11-26 17:00:06
This Black Friday and holiday season, get 10% off ALL HackerNoon services—including subscriptions. From business blogging and targeted ads to writing contests and press releases, now's the time to execute...

Lire la suite »

AI Meeting Assistants Are Rising – But Is Your Data Safe? A Deep Look at TicNote AI

2025-11-26 16:57:55
AI meeting assistants have become essential tools for professionals who want fast, accurate, and automated transcription. Yet behind…

Lire la suite »

How User Education Can Become the Strongest Link in Casino Security

2025-11-26 16:52:42
Casino security used to be pretty straightforward. You had cameras watching the floor and security guards watching for suspicious players. These days, things are way more complicated. Casinos deal with...

Lire la suite »

Microsoft Teams Flaw in Guest Chat Exposes Users to Malware Attacks

2025-11-26 16:13:27
New research from Ontinue exposes a major security flaw in Microsoft Teams B2B Guest Access. Learn how attackers bypass all Defender for Office 365 protections with a single invite.

Lire la suite »

The HackerNoon Newsletter: Inside My ,000 Homelab: How I Rebuilt Big Tech Services in a Tiny Rack (11/26/2025)

2025-11-26 16:02:15
How are you, hacker? 🪐 What's happening in tech today, November 26, 2025? The HackerNoon Newsletter brings the HackerNoon ...

Lire la suite »

'Dark LLMs' Aid Petty Criminals, But Underwhelm Technically

2025-11-26 16:01:35
As in the wider world, AI is not quite living up to the hype in the cyber underground. But it's definitely helping low-level cybercriminals do competent work.

Lire la suite »

The Untold Story of Digital Transformation in Manufacturing

2025-11-26 16:00:00
Digital transformation in manufacturing isn't just technology—it's cultural change. Prahlad Chowdhury drives impact through mentorship, strategic alignment, disciplined architecture, and deep Industry...

Lire la suite »

How Do Digital Payments Impact Consumer Confidence?

2025-11-26 15:59:59
A major financial services provider rebuilt its legacy compliance system into a secure, automated, cloud-based platform to protect digital payments. The new architecture improves audit readiness, strengthens...

Lire la suite »

Water Gamayun APT Hackers Exploit MSC EvilTwin Vulnerability to Inject Malicious Code

2025-11-26 15:58:14
Water Gamayun, a persistent threat group, has recently intensified its efforts by exploiting a newly identified MSC EvilTwin vulnerability (CVE-2025-26633) in Windows systems. This malware campaign is...

Lire la suite »

Prompt Injections Loom Large Over ChatGPT's Atlas Browser

2025-11-26 15:52:49
It's the law of unintended consequences: equipping browsers with agentic AI opens the door to an exponential volume of prompt injections.

Lire la suite »

11 Best Enterprise Remote Access Software – 2025

2025-11-26 15:17:44
In today's hyper-connected business landscape, enterprise remote access software is no longer a luxury it’s a necessity. Organizations are embracing hybrid and remote work models, requiring secure,...

Lire la suite »

The Industrial Internet: How BaRupOn Is Powering the Future of AI Infrastructure

2025-11-26 15:14:59
BaRupOn is building the first “Beyond Giga Site,” a self-sustaining industrial ecosystem powering AI, manufacturing, and data centers with on-site natural gas, micro-nuclear, solar, and battery systems....

Lire la suite »

Microsoft Security Keys May Require PIN After Recent Windows Updates

2025-11-26 15:12:58
Microsoft has confirmed that FIDO2 security keys on Windows 11 may now prompt users to set up a PIN during authentication following specific recent updates, aligning with WebAuthn standards for enhanced...

Lire la suite »

USN-7894-1: EDK II vulnerabilities

2025-11-26 15:05:43
It was discovered that EDK II was susceptible to a predictable TCP Initial Sequence Number. An attacker could possibly use this issue to gain unauthorized access. This issue only affected Ubuntu 22.04...

Lire la suite »

Did Apple Miss the AI Moment - or Is Its Timing Just Right?

2025-11-26 15:00:00
Apple arrived late to the AI boom, but prediction markets show confidence in its slow, privacy-first approach. Traders expect Apple Intelligence to stay free and see major acquisitions like Perplexity...

Lire la suite »

Enterprises Aren't Confident They Can Secure Non-Human Identities (NHIs)

2025-11-26 15:00:00
More than half of organizations surveyed aren't sure they can secure non-human identities (NHIs), underscoring the lag between the rollout of these identities and the tools to protect them.

Lire la suite »

Multiple London councils faced a cyberattack

2025-11-26 14:59:10
Multiple London councils, including Chelsea and Westminster, faced a cyberattack that may have exposed resident data. Authorities are actively investigating the incident. A cyberattack struck multiple...

Lire la suite »

INE Expands Cross-Skilling Innovations

2025-11-26 14:01:16
Cary, North Carolina, USA, 26th November 2025, CyberNewsWire

Lire la suite »

Microsoft: Security keys may prompt for PIN after recent updates

2025-11-26 14:43:57
Microsoft warned users on Tuesday that FIDO2 security keys may prompt them to enter a PIN when signing in after installing Windows updates released since the September 2025 preview update. [...]

Lire la suite »

Qilin Ransomware Turns South Korean MSP Breach Into 28-Victim 'Korean Leaks' Data Heist

2025-11-26 14:31:00
South Korea's financial sector has been targeted by what has been described as a sophisticated supply chain attack that led to the deployment of Qilin ransomware. "This operation combined the capabilities...

Lire la suite »

Scaling SOC Team Expertise With AI-powered Insights for Faster, Easier Understanding of Threats

2025-11-26 14:25:07
Building analyst expertise is a race against time that many Security Operations Centers (SOCs) are losing. New hires often require over six months to handle complex incidents with confidence, creating...

Lire la suite »

Malicious Prettier Extension on VSCode Marketplace Delivers Anivia Stealer Malware to Exfiltrate Login Credentials

2025-11-26 14:16:35
A dangerous malware campaign has targeted thousands of developers through a fake extension on the Visual Studio Code Marketplace. On November 21, 2025, security researchers discovered a malicious extension...

Lire la suite »

Fake LinkedIn jobs trick Mac users into downloading Flexible Ferret malware

2025-11-26 14:11:26
Scammers are using fake jobs and a phony video update to infect Mac users with a multi-stage stealer designed for long-term access and data theft.

Lire la suite »

La CISA redouble son alerte sur les messages non chiffrés

2025-11-26 14:10:16
Comme l'année dernière à la même époque, l'Agence américaine pour la cybersécurité et la sécurité (...)

Lire la suite »

When and Why to Use Ethnography

2025-11-26 14:00:04
The article explains what makes ethnography distinct, why it focuses on meaning and everyday practice, how it complements other research methods, and where to turn for further reading.

Lire la suite »

How CTEM Helps Cyber Teams to Become More Proactive

2025-11-26 13:56:32
How CTEM Helps Cyber Teams to Become More Proactive Software, infrastructure, and third-party services change far faster than quarterly audit cycles, which increases the risk of data and infrastructure...

Lire la suite »

USN-7893-1: Valkey vulnerabilities

2025-11-26 13:51:48
Benny Isaacs, Nir Brakha, and Sagi Tzadik discovered that Valkey incorrectly handled memory when running Lua scripts. An authenticated attacker could use this vulnerability to trigger a use-after-free...

Lire la suite »

FBI Warns of Fake Internet Crime Complaint Center (IC3) Website Used for Phishing Attacks

2025-11-26 13:44:08
The Federal Bureau of Investigation (FBI) has issued urgent warnings about cybercriminals spoofing the official Internet Crime Complaint Center (IC3) website to conduct phishing attacks and steal sensitive...

Lire la suite »

Akira Ransomware Uses SonicWall VPN Exploit to Exfiltrate Sensitive Data

2025-11-26 13:30:22
The Akira ransomware group has begun weaponizing vulnerabilities in SonicWall SSL VPN devices, turning merger-and-acquisition (M&A) processes into high-speed launchpads for cyberattacks. This trend...

Lire la suite »

How Ethnography Navigates Trust, Consent, and Power in Software Teams

2025-11-26 13:30:19
Ethnographic research inside software teams demands strict ethical awareness—balancing trust, informed consent, privacy, organizational sensitivities, and disclosure practices to protect individual...

Lire la suite »

Microsoft to secure Entra ID sign-ins from script injection attacks

2025-11-26 13:26:06
Starting in mid-to-late October 2026, Microsoft will enhance the security of the Entra ID authentication system against external script injection attacks. [...]

Lire la suite »

USN-7892-1: H2O vulnerability

2025-11-26 13:24:12
It was discovered that H2O exhibited poor server resource management in its HTTP/2 protocol. An attacker could possibly use this issue to cause H2O to crash, resulting in a denial of service.

Lire la suite »

Trois ans après, que devient le Health Data Hub européen ?

2025-11-26 13:12:48
Il y a environ 3 ans, était engagé le développement de l'Espace européen des données de santé. Le point sur les avancées et sur la roadmap. The post Trois ans après, que devient le Health Data...

Lire la suite »

Samourai Wallet Founders Jailed in 7M Crypto Laundering Case

2025-11-26 13:12:38
Samourai Wallet founders Keonne Rodriguez and William Hill were sentenced to 4 and 5 years for laundering 7M via their crypto mixer.

Lire la suite »

New “JackFix” Attack Leverages Windows Updates into Executing Malicious Commands

2025-11-26 13:05:43
A sophisticated ClickFix campaign dubbed “JackFix” that uses fake adult websites to hijack screens with realistic Windows Update prompts, tricking users into running multistage malware payloads....

Lire la suite »

How to Turn Messy Developer Observations into Publishable Ethnography

2025-11-26 13:00:04
This chapter explains how software engineering ethnographers move from rich field observations to publishable results. It outlines reflective, inductive analysis using memos, codes, categories, triangulation,...

Lire la suite »

USN-7891-1: rust-openssl vulnerabilities

2025-11-26 12:56:31
Matt Mastracci discovered that rust-openssl was incorrectly handling server lifetimes in certain functions. An attacker could possibly use this issue to cause a denial of service or run arbitrary memory...

Lire la suite »

Hackers Exploit NTLM Authentication Flaws to Target Windows Systems

2025-11-26 12:41:09
More than two decades after its initial discovery, the NTLM authentication protocol continues to plague Windows systems worldwide. What started in 2001 as a theoretical vulnerability has evolved into...

Lire la suite »

Optimizing Linux Security 2026: Key Strategies for Modern Threats

2025-11-26 12:01:18
Recent years have demonstrated a notable shift in the cybersecurity landscape, with Linux systems increasingly targeted by adversaries. Once considered relatively immune to malware threats, Linux servers...

Lire la suite »

Pourquoi OpenAI doit trouver 207 milliards $ pour survivre, selon HSBC

2025-11-26 11:56:37
Le coût exorbitant des centres de données va forcer OpenAI à chercher 207 milliards $ de financement supplémentaires d'ici 2030, selon l'analyse de HSBC. The post Pourquoi OpenAI doit trouver 207...

Lire la suite »

When Your M Security Detection Fails: Can your SOC Save You?

2025-11-26 11:55:00
Enterprises today are expected to have at least 6-8 detection tools, as detection is considered a standard investment and the first line of defense. Yet security leaders struggle to justify dedicating...

Lire la suite »

ASUS warns of new critical auth bypass flaw in AiCloud routers

2025-11-26 11:41:00
ASUS has released new firmware to patch nine security vulnerabilities, including a critical authentication bypass flaw in routers with AiCloud enabled. [...]

Lire la suite »

Emergency alerts go dark after cyberattack on OnSolve CodeRED

2025-11-26 11:17:17
Cyberattack on OnSolve CodeRED disrupted emergency alert services for U.S. state, local, police, and fire agencies. A cyberattack on the OnSolve CodeRED alert platform disrupted emergency notification...

Lire la suite »

Fake Battlefield 6 Downloads Are Spreading Malware, Stealing Player Data

2025-11-26 11:14:13
Bitdefender Labs found fake Battlefield 6 pirated copies and trainers spreading aggressive malware, C2 agents, and infostealers, designed to steal player data and crypto-wallets.

Lire la suite »

Wallix acquiert Malizen, spécialiste de l'UBA

2025-11-26 11:12:58
Wallix vient d'acquérir Malizen, une start-up française spécialisée dans l'analyse du comportement des utilisateurs (User Behaviour (...)

Lire la suite »

Webinar: Learn to Spot Risks and Patch Safely with Community-Maintained Tools

2025-11-26 11:10:00
If you're using community tools like Chocolatey or Winget to keep systems updated, you're not alone. These platforms are fast, flexible, and easy to work with—making them favorites for IT teams. But...

Lire la suite »

Chrome Extension Caught Injecting Hidden Solana Transfer Fees Into Raydium Swaps

2025-11-26 11:10:00
Cybersecurity researchers have discovered a new malicious extension on the Chrome Web Store that's capable of injecting a stealthy Solana transfer into a swap transaction and transferring the funds to...

Lire la suite »

Dell dopé par la demande de serveurs IA

2025-11-26 11:08:45
Porté par une demande pour ses serveurs équipés de puces Nvidia, Dell relève ses perspectives annuelles malgré des tensions sur le coût des composants. The post Dell dopé par la demande de serveurs...

Lire la suite »

Microsoft dévoile son SLM agentique Fara-7B pour PC

2025-11-26 11:06:33
Microsoft intègre davantage l'IA agentique dans les PC grâce à Fara-7B, un modèle capable d'automatiser entièrement des (...)

Lire la suite »

The Golden Scale: 'Tis the Season for Unwanted Gifts

2025-11-26 11:00:30
Unit 42 shares further updates of cybercrime group Scattered LAPSUS$ Hunters. Secure your organization this holiday season. The post The Golden Scale: 'Tis the Season for Unwanted Gifts appeared...

Lire la suite »

How the AI Supply Chain Evolved From Transistors to Frontier Models

2025-11-26 11:00:03
This article traces the evolution of the AI supply chain—from the invention of the transistor to today's GPU-driven frontier models—explaining the essential inputs, scaling laws, semiconductor ecosystem,...

Lire la suite »

openSUSE Leap 16.0: 573 Critical Kernel Vulnerabilities Found 2025-20081-1

2025-11-26 10:17:11
An update that solves 573 vulnerabilities and has 669 bug fixes can now be installed.

Lire la suite »

Passwork 7: Self-hosted password and secrets manager for enterprise teams

2025-11-26 10:12:17
Passwork 7 unifies enterprise password and secrets management in a self-hosted platform. Organizations can automate credential workflows and test the full system with a free trial and up to 50% Black...

Lire la suite »

Etat de la menace informatique sur les équipements mobiles

2025-11-26 10:11:28
Etat de la menace informatique sur les équipements mobiles anssiadm mer 26/11/2025 - 10:11 L'omniprésence, l'usage systématique des smartphones et la multiplication...

Lire la suite »

Getronics se relance en misant sur la sécurité et le digital workplace

2025-11-26 10:05:07
Après des difficultés rencontrées il y a quelques années suite à une série d’acquisitions (Pomeroy aux (...)

Lire la suite »

How Big Tech Built the Modern AI Supply Chain

2025-11-26 10:00:05
This article maps the modern AI supply chain—from chips to cloud to foundation models—examining how market concentration, vertical integration, and strategic alliances shape frontier AI development,...

Lire la suite »

Old tech, new vulnerabilities: NTLM abuse, ongoing exploitation in 2025

2025-11-26 10:00:02
This article covers NTLM relay, credential forwarding, and other NTLM-related vulnerabilities and cyberattacks discovered in 2025.

Lire la suite »

Ubuntu 24.04 LTS: Linux Real-Time Kernel Critical Problems USN-7889-3

2025-11-26 09:51:33
Several security issues were fixed in the Linux kernel.

Lire la suite »

USN-7889-3: Linux kernel (Real-time) vulnerabilities

2025-11-26 09:41:47
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Media drivers; ...

Lire la suite »

Understanding the 80/20 Rule in Linux Vulnerability Management

2025-11-26 09:17:52
Linux administrators deal with steady pressure from patching, configuration changes, and the slow accumulation of technical debt. Environments rarely break because of one vulnerability.

Lire la suite »

Dissecting a new malspam chain delivering Purelogs infostealer

2025-11-26 09:02:14
The AISI Research Center’s Cybersecurity Observatory publishes the report “Dissecting a new malspam chain delivering Purelogs infostealer” – November 25, 2025. Organizational and...

Lire la suite »

As AI Accelerates, Regulators Race to Understand a Rapidly Integrating Supply Chain

2025-11-26 09:00:05
This paper maps the modern AI supply chain, analyzing 25 leading companies, 300 relationships, major mergers, and antitrust actions to show how vertical integration, strategic partnerships, and government...

Lire la suite »

Ubuntu 24.04: Linux Kernel Critical Security Update USN-7889-2

2025-11-26 08:59:09
Several security issues were fixed in the Linux kernel.

Lire la suite »

USN-7889-2: Linux kernel (FIPS) vulnerabilities

2025-11-26 08:54:05
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Media drivers; ...

Lire la suite »

Ubuntu 24.04 LTS: Kernel Severity Critical Data Integrity Threat USN-7879-3

2025-11-26 08:48:30
Several security issues were fixed in the Linux kernel.

Lire la suite »

USN-7879-3: Linux kernel vulnerabilities

2025-11-26 08:34:26
It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. (CVE-2024-36331) Several...

Lire la suite »

openSUSE: Kernel Important Bluetooth Disconnect Flaw 2025:4242-1

2025-11-26 08:30:12
An update that solves one vulnerability can now be installed.

Lire la suite »

SUSE Linux Enterprise 15 SP4: 2025:4242-1 Important Bluetooth Threat Fix

2025-11-26 08:30:11
* bsc#1251983 Cross-References: * CVE-2023-53673

Lire la suite »

RomCom Uses SocGholish Fake Update Attacks to Deliver Mythic Agent Malware

2025-11-26 08:28:00
The threat actors behind a malware family known as RomCom targeted a U.S.-based civil engineering company via a JavaScript loader dubbed SocGholish to deliver the Mythic Agent. "This is the first time...

Lire la suite »

NTLM Relaying to HTTPS

2025-11-26 08:00:00
NTLM is the legacy authentication protocol in Windows environment. In the past few years, I've had the opportunity to write on this blog about NTLM Relaying to DCOM (twice), to AD CS (ESC11) and to MSSQL....

Lire la suite »

Iran Exploits Cyber Domain to Aid Kinetic Strikes

2025-11-26 05:30:00
The country deploys "cyber-enabled kinetic targeting" prior to — and following — real-world missile attacks against ships and land-based targets.

Lire la suite »

FBI Reports 2M in ATO Fraud as Researchers Cite Growing AI Phishing and Holiday Scams

2025-11-26 04:29:00
The U.S. Federal Bureau of Investigation (FBI) has warned that cybercriminals are impersonating financial institutions with an aim to steal money or sensitive information to facilitate account takeover...

Lire la suite »

Vulnérabilité dans Postfix (26 novembre 2025)

26/11/2025
Une vulnérabilité a été découverte dans Postfix. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.

Lire la suite »

Vulnérabilité dans Synology ActiveProtect Agent (26 novembre 2025)

26/11/2025
Une vulnérabilité a été découverte dans Synology ActiveProtect Agent. Elle permet à un attaquant de provoquer une atteinte à l'intégrité des données.

Lire la suite »