Toute l'actualité de la Cybersécurité
L'IT insuffisamment maitrisée par les étudiants en licence
2025-12-10 15:26:37
Le constat peut surprendre. En France, les étudiants de premier cycle universitaire ne maîtrisent pas suffisamment les outils numériques. (...)
L'Agentic AI Foundation veut imposer les standards de l'IA autonome
2025-12-10 15:17:38
OpenAI, Anthropic et Block s'allient au sein de l'Agentic AI Foundation (AAIF), pour éviter la fragmentation d'un marché stratégique. Plusieurs poids lourds de l'IT participent à l'initiative.
The...
Une faille critique dans Apache Tika plus étendue que prévu
2025-12-10 15:16:56
En août dernier, l’utilitaire d’extraction de documents XML Apache Tika a corrigé la faille référencée CVE-2025-54988, (...)
Why a secure software development life cycle is critical for manufacturers
2025-12-10 15:00:10
Recent supply-chain breaches show how attackers exploit development tools, compromised credentials, and malicious NPM packages to infiltrate manufacturing and production environments. Acronis explains...
Guillaume Poupard en partance pour Orange
2025-12-10 14:55:48
Selon nos confrères de L’informé, Guillaume Poupard est sur le départ de Docaposte où il occupait le poste de directeur (...)
New Spiderman phishing service targets dozens of European banks
2025-12-10 14:53:00
A new phishing kit called Spiderman is being used to target customers of dozens of European banks and cryptocurrency holders with pixel-perfect cloned sites impersonating brands and organizations....
What's Next for SOC in 2026: Get the Early-Adopter Advantage
2025-12-10 14:33:41
Cybersecurity is about to hit a turning point in 2026. Attackers aren't only testing AI but also building campaigns around it. Their tooling is getting faster, more adaptive, and far better...
IA de défense : Airbus décroche un contrat de 50 millions €
2025-12-10 14:33:19
Airbus va intégrer l'intelligence artificielle développée par l'Agence ministérielle pour l'IA de défense ( AMIAD) dans les systèmes d'armes et d'information des forces armées françaises.
The...
Numspot ouvre sa plateforme cloud à d'autres fournisseurs et aux NCP
2025-12-10 14:28:30
Depuis 2022, Numspot ne cesse d’évoluer. A sa création, le fournisseur rassemblant Bouygues Telecom, Docaposte, Dassault Systèmes (...)
Réseaux sociaux interdits en Australie : l'argument « protection » tient-il face aux données scientifiques ?
2025-12-10 14:13:51
L'Australie devient le premier pays au monde à interdire l'accès aux réseaux sociaux aux moins de 16 ans. Cette mesure, censée lutter contre la crise de santé mentale chez les jeunes, soulève...
Hack the Box Starting Point: Crocodile
2025-12-10 14:03:53
Time for our next Tier 1 box, Crocodile looks like it will be covering a few of the different tools we've been getting familiar with rather than introducing any new ones. Scrolling through the questions...
Outbound HTB Walkthrough / Solution — Exploiting Roundcube Webmail CVE-2025–49113 and Rooting via…
2025-12-10 14:01:42
Outbound HTB Writeup — Roundcube CVE-2025–49113 ExploitIntroductionIn this HackTheBox lab, Outbound, I explored a real-world scenario involving a Roundcube webmail server. The objective was to...
The Phishing Pond TryHackMe Writeup
2025-12-10 14:01:19
The Phishing Pond — TryHackMe Walkthrough Identifying Real-World Phishing EmailsRoom IntroductionThe Phishing Pond is designed to build practical phishing-detection skills through a set of real-world...
I Spied on Hackers So You Don't Have To: How Dark Web Chatter Led to a $Cloud Misconfiguration Bug…
2025-12-10 14:00:57
Free Link🎈Continue reading on InfoSec Write-ups »
Black Hat Welcomes Suzy Pallett as New Brand President
2025-12-10 13:58:20
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Dec. 10, 2025 –Listen to the podcast If you’re in the cybersecurity field working anywhere in Europe, then...
All About Android Pentesting
2025-12-10 13:53:40
All About Android Pentesting: A Complete MethodologyHello Hackers, I hope you guys are doing well and hunting lots of bugs and dollars!Android is everywhere. Billions of devices, millions of apps, and...
Fake Leonardo DiCaprio Movie Torrent Drops Agent Tesla Through Layered PowerShell Chain
2025-12-10 13:48:56
After noticing a spike in detections involving what looked like a movie torrent for One Battle After Another, Bitdefender researchers started an investigation and discovered that it was a complex infection...
Vulnerability Management Home Lab
2025-12-10 13:45:49
Hello Cybersecurity enthusiasts, today I'm going to showcase a demo of a project which involves scanning vulnerabilities using Nessus. Now for the ones who don't know what Nessus is, it is a vulnerability...
eJPT Review (2025): A Great Starting Point, But It's Showing Its Age
2025-12-10 13:35:56
https://ine.com/security/certifications/ejpt-certificationAs a red team operator, I decided to take the eLearnSecurity Junior Penetration Tester (eJPT) exam to see how it holds up in today's cybersecurity...
0-Day Hunting Guide ️♂️: Recon Techniques Nobody Talks About
2025-12-10 13:34:46
Hey there, hacker 👋 — Vipul here from The Hacker’s Log. If you think 0-day hunting is only for elite hackers, let me stop you right here.Continue reading on InfoSec...
Three PCIe Encryption Weaknesses Expose PCIe 5.0+ Systems to Faulty Data Handling
2025-12-10 13:32:00
Three security vulnerabilities have been disclosed in the Peripheral Component Interconnect Express (PCIe) Integrity and Data Encryption (IDE) protocol specification that could expose a local attacker...
How My Custom IDOR Hunter Made Me k (And Saved My Clicking Finger) ️
2025-12-10 13:28:08
Free Link 🎈Continue reading on InfoSec Write-ups »
Linux Privilege Escalation: Practical Guide to Kernel Exploits, Sudo, SUID, Capabilities, Cron…
2025-12-10 13:26:35
A practical breakdown of the most common privilege-escalation paths found in Linux systems.Continue reading on InfoSec Write-ups »
Darknet néonazi : un marché de meurtre démantelé
2025-12-10 12:51:33
Un Germano-Polonais est accusé d'avoir géré sur le darknet une plateforme d'assassinats politiques financés en cryptomonnaies, visant des responsables politiques....
GhostFrame phishing kit fuels widespread attacks against millions
2025-12-10 12:41:26
GhostFrame uses dynamic subdomains and hidden iframes to help attackers slip past basic security tools.
Akira : le FBI chiffre 250 millions de rançons
2025-12-10 12:35:19
Akira : près de 250 millions de dollars de rançons, un héritage Conti et une offensive coordonnée FBI–CISA–Europol contre ses attaques via VPN et accès à distance....
Ukrainian hacker charged with helping Russian hacktivist groups
2025-12-10 12:26:32
U.S. prosecutors have charged a Ukrainian national for her role in cyberattacks targeting critical infrastructure worldwide, including U.S. water systems, election systems, and nuclear facilities, on...
Threat Actors Weaponize ChatGPT and Grok Conversations to Deploy AMOS Stealer
2025-12-10 12:13:06
Threat actors are now leveraging the trust users place in AI platforms like ChatGPT and Grok to distribute the Atomic macOS Stealer (AMOS). A new campaign discovered by Huntress on December 5, 2025, reveals...
Sanctions contre l'hébergement russe pro-ransomware
2025-12-10 12:08:39
Washington et ses alliés sanctionnent Media Land et Aeza, hébergeurs russes pro-ransomware, et publient un guide pour contrer l'hébergement inviolable....
Deux suspects Scattered Spider face à la justice
2025-12-10 11:56:44
Deux jeunes Britanniques liés à Scattered Spider nient toute implication dans l'attaque contre TfL, sur fond de coopérations NCA–FBI et de charges passibles de la perpétuité....
Webinar: How Attackers Exploit Cloud Misconfigurations Across AWS, AI Models, and Kubernetes
2025-12-10 11:54:00
Cloud security is changing. Attackers are no longer just breaking down the door; they are finding unlocked windows in your configurations, your identities, and your code.
Standard security tools often...
Warning: WinRAR Vulnerability CVE-2025-6218 Under Active Attack by Multiple Threat Groups
2025-12-10 11:54:00
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a security flaw impacting the WinRAR file archiver and compression utility to its Known Exploited Vulnerabilities (KEV)...
Fuite massive chez Coupang, 33,7 millions de comptes exposés
2025-12-10 11:38:28
Fuite géante chez Coupang : 33,7 millions de comptes exposés et le modèle sud-coréen de protection des données sous pression....
Microsoft Outlook Vulnerability Let Attackers Execute Malicious Code Remotely
2025-12-10 11:22:23
Microsoft has patched a critical remote code execution (RCE)vulnerability in Outlook that could allow attackers to execute malicious code on vulnerable systems. The flaw, tracked as CVE-2025-62562, was...
Cryptomixer perquisitionné, 29 millions en bitcoins saisis
2025-12-10 11:14:32
Cryptomixer démantelé : Europol, la Suisse et l'Allemagne frappent un mixeur bitcoin clé du blanchiment crypto et saisissent plus de 25 millions d'euros....
Faux site TickMill : un hub d'arnaque démantelé
2025-12-10 11:01:30
Le Justice stoppe un faux site TickMill birman et cible les réseaux d'arnaque crypto liés aux centres d'escroquerie régionaux....
North Korean Hackers Exploit React2Shell Vulnerability in the Wild to Deploy EtherRAT
2025-12-10 11:00:28
A novel, highly sophisticated malware strain targeting vulnerable React Server Components, signaling a significant evolution in how state-sponsored threat actors are exploiting the critical React2Shell...
01flip: Multi-Platform Ransomware Written in Rust
2025-12-10 11:00:12
01flip is a new ransomware family fully written in Rust. Activity linked to 01flip points to alleged dark web data leaks.
The post 01flip: Multi-Platform Ransomware Written in Rust appeared first on...
Why Mathematicians Still Struggle to Define Equality in the Computer Age
2025-12-10 11:00:04
The article unpacks why the everyday mathematical idea of equality is far more subtle than it appears, showing how attempts to formalize it in theorem provers like Lean reveal gaps between mathematical...
Unnecessary Risk: The Persistence of Open Source Vulnerabilities
2025-12-10 11:00:01
Log4Shell was supposed to be the wake-up call that changed everything. Four years later, the data says otherwise.
Not a Lucid Web3 Dream Anymore: x402, ERC-8004, A2A, and The Next Wave of AI Commerce
2025-12-10 10:50:13
This article is divided into four parts, each of which builds the context you need for the next.
Part 1 explains how x402 fits into existing Web2 and enterprise billing flows, and how it can move companies...
The Future of AI Infrastructure: Consolidation for Giants, Vertical Solutions for Startups
2025-12-10 10:36:10
John Wang is the Head of Neo Ecosystem Growth and Managing Director of Neo Ecofund. His latest focus on SpoonOS represents a bold bet on democratizing AI infrastructure. SpoonOS recently launched the...
Patch Tuesday décembre 2025 : une faille critique exploitée à corriger rapidement
2025-12-10 10:33:26
Les administrateurs système et les équipes sécurité ont encore un peu de travail pour ce mois décembre avec le traditionnel (...)
Ukrainian Woman in US Custody for Aiding Russian NoName057 Hacker Group
2025-12-10 10:10:59
Ukrainian national Victoria Dubranova is in U.S. custody, accused of supporting Russian hacker group NoName057 in cyberattacks on critical infrastructure. She has pleaded not guilty.
FortiSandbox OS command injection Vulnerability Let Attackers execute Malicious code
2025-12-10 10:07:03
Fortinet has released a critical security update for its FortiSandbox analysis appliances to fix a dangerous vulnerability. If left unpatched, this flaw could allow attackers to take control of the underlying...
Debian: pdns-recursor Critical Denial of Service Vulnerability DSA-6077-1
2025-12-10 09:49:13
Insufficient validation of incoming notifies over TCP in PDNS Recursor, a resolving name server, could result in denial of service. For the stable distribution (trixie), this problem has been fixed in...
Windows PowerShell 0-Day Vulnerability Let Attackers Execute Malicious Code
2025-12-10 09:48:52
Security update addressing a dangerous Windows PowerShell vulnerability that allows attackers to execute malicious code on affected systems. The vulnerability, tracked as CVE-2025-54100, was publicly...
La nécessaire vigilance des systèmes OT/IOT et embarqués
2025-12-10 09:35:23
La forte exposition aux cyber-risques des acteurs industriels et organisations utilisant des systèmes OT/IOT et embarqués est au cœur de l'actualité. Dans ce contexte, il est fondamental de prendre...
U.S. CISA adds Microsoft Windows and WinRAR flaws to its Known Exploited Vulnerabilities catalog
2025-12-10 09:33:51
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Windows and WinRAR flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security...
Can a Crypto Founder Be Punished Twice for the Same Crime? The Anatoly Legkodymov Extradition Case
2025-12-10 09:29:11
Anatoly Legkodymov, founder of peer-to-peer exchange Bitzlato, spent 18 months in pretrial detention before pleading guilty to operating an unlicensed money transmission business. A federal judge ruled...
A Simple Guide to KZG Commitments and Why Ethereum Needs Them to Scale
2025-12-10 09:17:43
This article demystifies polynomial commitment schemes and explains how KZG lets provers commit to polynomials and later prove evaluations with tiny, verifiable proofs. It then shows how zk-rollups, Proto-Danksharding...
CISA Warns of WinRAR 0-Day RCE Vulnerability Exploited in Attacks
2025-12-10 08:59:30
A high-priority warning regarding a critical security flaw in WinRAR, the popular file compression tool used by millions of Windows users. The vulnerability, tracked as CVE-2025-6218, is currently being...
Why Real-World Data Breaks AI Systems Long Before the Models Fail
2025-12-10 08:59:09
AI systems which require dependable output results need to verify their input data before they start processing new information entries. Real-time traffic patterns in live environments surpass the capabilities...
Les profils en IA, data et cybersécurité sont durs à recruter
2025-12-10 08:55:34
Les informaticiens et informaticiennes, notamment ceux et celles avec des compétences pointues et spécialisées en data, IA ou cybersécurité (...)
Debian: libpng1.6 Critical Info Leak & DoS Vulnerabilities DSA-6076-1
2025-12-10 08:54:19
Several vulnerabilities were reported in the libpng PNG library, which could lead to information leaks, denial of service or potentially the execution of arbitrary code if a specially crafted image is...
Microsoft Issues Security Fixes for 56 Flaws, Including Active Exploit and Two Zero-Days
2025-12-10 08:50:00
Microsoft closed out 2025 with patches for 56 security flaws in various products across the Windows platform, including one vulnerability that has been actively exploited in the wild.
Of the 56 flaws,...
Microsoft Patch Tuesday security updates for December 2025 fixed an actively exploited zero-day
2025-12-10 08:47:02
Microsoft Patch Tuesday security updates for December 2025 address 57 vulnerabilities, including three critical flaws. Microsoft Patch Tuesday security updates for December 2025 addressed 57 vulnerabilities...
SUSE: go1.25 Important Resource Consumption Risk 2025:4336-1
2025-12-10 08:30:14
* bsc#1244485 * bsc#1245878 * bsc#1254227 * bsc#1254430 * bsc#1254431
openSUSE: Addressing go1.25 Resource Issues and Crypto Vulnerabilities
2025-12-10 08:30:14
An update that solves two vulnerabilities and has three security fixes can now be installed.
SUSE: go1.24 Vital Security Updates for Resources CVE-2025-61727, 61729
2025-12-10 08:30:09
* bsc#1236217 * bsc#1245878 * bsc#1254430 * bsc#1254431
openSUSE: Critical Security Update for go1.24, CVE-2025-61727, 61729
2025-12-10 08:30:09
An update that solves two vulnerabilities and has two security fixes can now be installed.
Gemini Zero-Click Vulnerability Let Attackers Access Gmail, Calendar, and Docs
2025-12-10 08:01:05
A critical zero-click vulnerability dubbed “GeminiJack” in Google Gemini Enterprise and previously Vertex AI Search that let attackers steal sensitive corporate data from Gmail, Calendar,...
New Portuguese Law Shields Ethical Hackers from Prosecution
2025-12-10 08:00:25
Portugal updates its cybercrime law (Decree Law 125/2025) to grant ethical hackers a 'safe harbour' from prosecution. Learn the strict rules researchers must follow, including immediate disclosure to...
Patch Tuesday - December 2025
2025-12-10 07:50:42
Microsoft is publishing a relatively light 54 new vulnerabilities this December 2025 Patch Tuesday, which is significantly lower than we have come to expect over the past couple of years. Today's list...
The Screen Is the API
2025-12-10 07:36:39
While llms.txt helps AI read the web and APIs help them connect, neither solves the infinite customization found in the economically important tasks in enterprise software. The real solution lies in computer-use...
The Analyst Behind DIRECTV's Churn Reduction Strategy
2025-12-10 07:29:59
Wael Breich, an analytics leader at DIRECTV, transforms raw subscriber data into retention and revenue strategy. His work links engagement to survival rates, builds scalable churn models, and enables...
The 'Sudo' Problem: Why Google is Locking Down AI Agents Before They Break the Web
2025-12-10 07:14:46
Google has released a whitepaper on how they are architecting security for Chrome's new Agentic capabilities.
Automating Incident Response: How to Reduce Malware Forensics Time by 99% with Python and VirusTotal
2025-12-10 07:14:45
The average time to resolve a cyber incident is 43 days. Manually analyzing 5,000 files takes 80 hours. We will build a pipeline that aggressively removes "Safe" files using three layers.
Can Your AI Actually Use a Computer? A 2025 Map of Computer‑Use Benchmarks
2025-12-10 07:14:40
This article maps today's computer use benchmarks across three layers (UI grounding, web agents, full OS use), shows how a few anchors like ScreenSpot, Mind2Web, REAL, OSWorld and CUB are emerging,...
The Rise of Centralized IAM: Managing Identities in a Digital World
2025-12-10 07:14:35
Centralized Identity and Access Management (IAM) can handle both human and non-human identities. IAM platforms assign necessary permissions, monitor activities, and ensure all identities are managed securely...
Fortinet, Ivanti, and SAP Issue Urgent Patches for Authentication and Code Execution Flaws
2025-12-10 04:50:00
Fortinet, Ivanti, and SAP have moved to address critical security flaws in their products that, if successfully exploited, could result in an authentication bypass and code execution.
The Fortinet vulnerabilities...
Microsoft 365 Services Disruption in Australia: Users Face Access Issues in Accessing Services
2025-12-10 03:53:47
Users across Australia are currently grappling with significant disruptions to critical business tools as Microsoft 365 services experience a widespread outage. The incident, which began on the morning...
Windows Cloud Files Mini Filter Driver 0-Day Vulnerability Exploited in the Wild
2025-12-10 03:06:37
Microsoft has released urgent security updates to address a zero-day vulnerability in the Windows Cloud Files Mini Filter Driver (cldflt.sys) that is currently being exploited in the wild. Assigned the...
Japanese Firms Suffer Long Tail of Ransomware Damage
2025-12-10 00:00:00
Ransomware actors have targeted manufacturers, retailers, and the Japanese government, with many organizations requiring months to recover.
Multiples vulnérabilités dans les produits Fortinet (10 décembre 2025)
10/12/2025
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation...
Multiples vulnérabilités dans les produits Adobe (10 décembre 2025)
10/12/2025
De multiples vulnérabilités ont été découvertes dans les produits Adobe. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation...
Multiples vulnérabilités dans les produits Intel (10 décembre 2025)
10/12/2025
De multiples vulnérabilités ont été découvertes dans les produits Intel. Elles permettent à un attaquant de provoquer une élévation de privilèges et une atteinte à la confidentialité des données....
Multiples vulnérabilités dans les produits Mozilla (10 décembre 2025)
10/12/2025
De multiples vulnérabilités ont été découvertes dans les produits Mozilla. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation...
Multiples vulnérabilités dans Ivanti Endpoint Manager (EPM) (10 décembre 2025)
10/12/2025
De multiples vulnérabilités ont été découvertes dans Ivanti Endpoint Manager (EPM). Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance,...
Vulnérabilité dans les produits Bitdefender (10 décembre 2025)
10/12/2025
Une vulnérabilité a été découverte dans les produits Bitdefender. Elle permet à un attaquant de provoquer une élévation de privilèges et une atteinte à l'intégrité des données.
Vulnérabilité dans les produits Moxa (10 décembre 2025)
10/12/2025
Une vulnérabilité a été découverte dans les produits Moxa. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
Multiples vulnérabilités dans Microsoft Office (10 décembre 2025)
10/12/2025
De multiples vulnérabilités ont été découvertes dans Microsoft Office. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance.
Multiples vulnérabilités dans Microsoft Windows (10 décembre 2025)
10/12/2025
De multiples vulnérabilités ont été découvertes dans Microsoft Windows. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation...
Vulnérabilité dans Microsoft Azure Monitor Agent (10 décembre 2025)
10/12/2025
Une vulnérabilité a été découverte dans Microsoft Azure Monitor Agent. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.
Multiples vulnérabilités dans les produits Microsoft (10 décembre 2025)
10/12/2025
De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges...