Toute l'actualité de la Cybersécurité
Microsoft refuse de corriger une faille de proxy http dans .NET
2025-12-11 14:37:52
A l’occasion de la Black Hat en Europe qui s’est tenue à Londres du 8 au 11 décembre, Piotr Bazydło un chercheur de (...)
ThreatsDay Bulletin: Spyware Alerts, Mirai Strikes, Docker Leaks, ValleyRAT Rootkit — and 20 More Stories
2025-12-11 13:40:00
This week's cyber stories show how fast the online world can turn risky. Hackers are sneaking malware into movie downloads, browser add-ons, and even software updates people trust. Tech giants and governments...
Plate-forme Data : comment la Matmut a fait son entrée chez S3NS
2025-12-11 13:26:25
La Matmut a migré sa plate-forme data d'un socle Spark-Hadoop on-prem à un environnement BigQuery chez S3NS. Elle partage ses perspectives.
The post Plate-forme Data : comment la Matmut a fait son entrée...
Hackers exploit unpatched Gogs zero-day to breach 700 servers
2025-12-11 13:19:50
An unpatched zero-day vulnerability in Gogs, a popular self-hosted Git service, has enabled attackers to gain remote code execution on Internet-facing instances and compromise hundreds of servers. [...]...
NANOREMOTE Malware Uses Google Drive API for Hidden Control on Windows Systems
2025-12-11 13:16:00
Cybersecurity researchers have disclosed details of a new fully-featured Windows backdoor called NANOREMOTE that uses the Google Drive API for command-and-control (C2) purposes.
According to a report...
Charming Kitten Leak Exposes Key Personnel, Front Companies, and Thousands of Compromised Systems
2025-12-11 13:09:25
Fresh leaks from the Iranian state‑backed group Charming Kitten, also tracked as APT35, have exposed key personnel, front companies, and thousands of compromised systems spread across five continents....
Scammers Sent 40,000 E-Signature Phishing Emails to 6,000 Firms in Just 2 Weeks
2025-12-11 12:46:42
Phishing campaign: Scammers sent over 40,000 spoofed SharePoint, DocuSign and e-sign emails to companies, hiding malicious links behind trusted redirect services.
INE Highlights Enterprise Shift Toward Hands-On Training Amid Widening Skills Gaps
2025-12-11 12:43:15
Cary, North Carolina, USA, 11th December 2025, CyberNewsWire
Aviz Networks lance une distribution Sonic pour les entreprises
2025-12-11 12:32:31
Comment faciliter le déploiement de Sonic auprès des entreprises. Aviz Networks a peut être trouvé la solution en lançant (...)
Hackers Leveraging LLM Shared Chats to Steal Your Passwords and Crypto
2025-12-11 12:14:42
A new malware campaign has emerged that exploits legitimate AI platforms to deliver malicious code directly to unsuspecting users. Threat actors are using sponsored Google search results to redirect users...
Hunting for Mythic in network traffic
2025-12-11 12:00:52
We analyze the network activity of the Mythic framework, focusing on agent-to-C2 communication, and use signature and behavioral analysis to create detection rules for Network Detection and Response (NDR)...
New “SOAPwn” .NET Vulnerabilities Expose Barracuda, Ivanti and Microsoft Appliances to RCE Attack
2025-12-11 11:58:55
New research into legacy .NET Framework SOAP client code has uncovered “SOAPwn,” a class of vulnerabilities. That can be weaponized for remote code execution (RCE) across multiple enterprise...
Another Chrome zero-day under attack: update now
2025-12-11 11:58:47
If we're lucky, this update will close out 2025's run of Chrome zero-days. This one is a V8 type-confusion issue already being exploited in the wild.
Critical Vulnerability in Multiple India-Based CCTV Cameras Let Attackers Video and Account Credentials
2025-12-11 11:58:16
A severe security vulnerability affecting multiple India-based CCTV camera manufacturers has been disclosed. Potentially allowing attackers to access video feeds and steal account credentials without...
The Impact of Robotic Process Automation (RPA) on Identity and Access Management
2025-12-11 11:30:00
As enterprises refine their strategies for handling Non-Human Identities (NHIs), Robotic Process Automation (RPA) has become a powerful tool for streamlining operations and enhancing security. However,...
Google Cloud lance des serveurs MCP managés pour ses services
2025-12-11 11:26:03
Petit à petit, l’automatisation s’invite dans le développement des agents IA et, en particulier, dans leur manière d’interagir (...)
Coupang CEO Resigns Following Major Data Breach Exposing 34 Million Customers
2025-12-11 11:16:45
South Korea's largest online retailer, Coupang, has been rocked by a massive data breach that exposed the personal details of nearly 34 million customers, forcing CEO Park Dae-jun to resign amid mounting...
Ne tombez pas dans le Monde à l'envers : des escrocs tentent d'hameçonner les fans de Stranger Things
2025-12-11 11:14:01
Alors que la nouvelle saison de Stranger Things arrive sur les plateformes de streaming, les experts en cybersécurité de Kaspersky lancent un avertissement aux fans. Un pic d’escroqueries a été...
Cybersécurité en PME : Pourquoi la sécurité est l'affaire de tous
2025-12-11 11:07:53
Dans l'imaginaire collectif, la cybersécurité évoque encore des salles obscures remplies de serveurs, des lignes de code à perte de vue et des ingénieurs penchés sur des écrans clignotants. En...
Hamas-Affiliated Ashen Lepus Targets Middle Eastern Diplomatic Entities With New AshTag Malware Suite
2025-12-11 11:00:38
Hamas-affiliated threat actor Ashen Lepus (aka WIRTE) is conducting espionage with its new AshTag malware suite against Middle Eastern government entities.
The post Hamas-Affiliated Ashen Lepus Targets...
GitLab Patches Multiple Vulnerabilities that Allows Attackers to Trigger XSS and DoS Attack
2025-12-11 11:00:03
Critical security patches on December 10, 2025, addressing ten significant vulnerabilities across its Community Edition and Enterprise Edition platforms. GitLab has released updated versions 18.6.2, 18.5.4,...
WIRTE Leverages AshenLoader Sideloading to Install the AshTag Espionage Backdoor
2025-12-11 11:00:00
An advanced persistent threat (APT) known as WIRTE has been attributed to attacks targeting government and diplomatic entities across the Middle East with a previously undocumented malware suite dubbed...
High-Severity Jenkins Vulnerability Allows Unauthenticated DoS via HTTP CLI
2025-12-11 10:59:12
Patches released by Jenkins address a significant denial-of-service (DoS) vulnerability affecting millions of organizations. That rely on the popular automation server for continuous integration and deployment...
Unpatched Gogs Zero-Day Exploited Across 700+ Instances Amid Active Attacks
2025-12-11 10:30:00
A high-severity unpatched security vulnerability in Gogs has come under active exploitation, with more than 700 compromised instances accessible over the internet, according to new findings from Wiz.
The...
Top 10 Data Anonymization Solutions for 2026
2025-12-11 10:27:55
Every business today has to deal with private information – whether it is about customers, employees, or financial…
ValleyRAT Malware Uses Stealthy Driver Install to Bypass Windows 11 Protections
2025-12-11 10:17:44
ValleyRAT, also known as Winos or Winos4.0, has emerged as one of the most sophisticated backdoors targeting organizations worldwide. This modular malware family represents a significant threat to Windows...
Adam M. Root: How to Architect Agentic AI Workflows That Scale Across the Enterprise
2025-12-11 10:14:59
Enterprises struggle to scale agentic AI because they chase tools instead of defining real problems. Adam M. Root argues that human expertise, strong questions, and strategic frameworks like PURSUIT—not...
Microsoft fixes Windows Explorer white flashes in dark mode
2025-12-11 10:09:52
Microsoft has fixed a known issue that caused bright white flashes when launching File Explorer in dark mode on Windows 11 systems after installing the KB5070311 optional update. [...]
Copilot's No-Code AI Agents Liable to Leak Company Data
2025-12-11 10:00:00
Microsoft puts the power of AI in the hands of everyday non-technical Joes. It's a nice idea, and a surefire recipe for security issues.
2 Chinese Hackers Trained in Cisco Program Now Leading Sophisticated Attacks on Cisco Devices
2025-12-11 09:35:30
The cybersecurity world faces an ironic threat as two Chinese hackers who once excelled in Cisco’s training program are now leading sophisticated attacks against the company’s devices. Yuyang...
CastleLoader Malware Now Uses Python Loader to Bypass Security
2025-12-11 09:28:08
Cybersecurity researchers at Blackpoint Cyber discovered a new, evasive CastleLoader malware variant using Python and ClickFix social engineering to deliver RATs and info-stealers directly from memory....
Avec SecNumCloud en perspective, Numspot voit au-delà d'OUTSCALE
2025-12-11 09:18:05
Numspot se positionne désormais en plate-forme « portable » et s'oriente vers des partenariats avec des fournisseurs européens de cloud d'infrastructure.
The post Avec SecNumCloud en perspective,...
New Multi-Platform 01flip Ransomware Supports Multi-platform Architecture, Including Windows and Linux
2025-12-11 09:16:44
Security researchers at Palo Alto Networks discovered a new ransomware threat in June 2025 that marks a significant shift in malware development tactics. The 01flip ransomware family emerges as a fully...
Deutsche Börse se dote d'un centre dédié à l'IA responsable
2025-12-11 09:12:17
« Nous voulons garantir la transparence, la gouvernance et la conformité dans un environnement hautement réglementé, sans pour (...)
Evroc et Suse lancent une offre cloud européenne sur Kubernetes
2025-12-11 09:02:54
Suivant le regain d'intérêt pour des offres IT européennes, Evroc et Suse apportent leur pierre à l'édifice. Les (...)
Un pack Trend Micro pour sécuriser les développements IA
2025-12-11 08:49:22
A l'occasion de l'évènement d'AWS re: Invent 2025 qui s'est déroulé la semaine dernière, Trend Micro a annoncé (...)
ITS Integra absorbe QosGuard
2025-12-11 08:49:06
L'infogéreur et opérateur cloud ITS Integra, filiale d'ITS Group, enrichit son portefeuille de services autour de l'amélioration de (...)
Pro-Russia Hacktivist Support: Ukrainian Faces US Charges
2025-12-11 08:29:54
Ukrainian Victoria Dubranova, 33, faces US charges for aiding pro-Russia hacktivist groups CARR and NoName057(16) in global cyberattacks. A Ukrainian woman, Victoria Dubranova (33), has been charged in...
Threat Actors Leverage ChatGPT to Attack Mac Devices With AMOS InfoStealer
2025-12-11 08:14:56
A new AMOS InfoStealer campaign is abusing trust in ChatGPT to infect Mac devices under the guise of simple troubleshooting help. Victims search for a fix to a sound problem, click a sponsored ChatGPT...
Google fixes eighth Chrome zero-day exploited in attacks in 2025
2025-12-11 08:01:21
Google has released emergency updates to fix another Chrome zero-day vulnerability exploited in the wild, marking the eighth such security flaw patched since the start of the year. [...]
Cyber deception trials: what we've learned so far
2025-12-11 07:55:27
An update on the NCSC's trials to test the real-world efficacy of cyber deception solutions.
Ubuntu 25.10: libpng Denial of Service Vulnerability USN-7924-1
2025-12-11 07:35:13
Several security issues were fixed in libpng.
It didn't take long: CVE-2025-55182 is now under active exploitation
2025-12-11 07:30:41
Threat actors are now exploiting CVE-2025-55182, and attacks are poised to grow. Here's what you need to know about the vulnerability, how our honeypots are being targeted, what malware is being deployed,...
Apple's Design Lightning Rod Just Joined Meta. What Now?
2025-12-11 07:21:40
Alan Dye, the man who has spent the last decade shaping how Apple's software looks and feels, is heading to Meta.
Ubuntu 22.04 LTS: Qt Critical Denial of Service Risk 2025:7923-1
2025-12-11 07:19:04
Qt could be made to crash or run programs as your login if it opened a specially crafted file.
The TechBeat: Exploiting EIP-7702 Delegation in the Ethernaut Cashback Challenge — A Step-by-Step Writeup (12/11/2025)
2025-12-11 07:10:52
How are you, hacker?
🪐Want to know what's trending right now?:
The Techbeat by HackerNoon has got you covered with fresh content from our trending stories of the day! Set email preference here.
...
Chrome Targeted by Active In-the-Wild Exploit Tied to Undisclosed High-Severity Flaw
2025-12-11 07:09:00
Google on Wednesday shipped security updates for its Chrome browser to address three security flaws, including one it said has come under active exploitation in the wild.
The vulnerability, rated high...
Swift's #Predicate Explained: How Type-Safe Filtering Works in SwiftData
2025-12-11 07:01:17
Swift's new #Predicate macro turns query filtering into a type-safe, compile-time-checked process for SwiftData, but it requires comparing scalar identifiers—not whole objects—to generate valid...
Oracle: Unbreakable Enterprise Kernel Important Update ELSA-2025-28040
2025-12-11 06:51:34
The following updated rpms for have been uploaded to the Unbreakable Linux Network:
Oracle Linux 10: ELSA-2025-23052 Tomcat9 Important RCE Issues
2025-12-11 06:49:28
The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:
Oracle Linux 10: Firefox Important Security Fixes ELSA-2025-23035
2025-12-11 06:49:26
The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:
Oracle Linux 10 ELSA-2025-23008 MySQL 8.4 Moderate Security Advisory
2025-12-11 06:49:25
The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:
A Step-By-Step Guide to Activating IIS Client Certificate Mapping in Windows 11
2025-12-11 06:37:17
This guide walks you through enabling IIS Client Certificate Mapping Authentication on Windows 11 via Windows Features, explains how One-to-One and Many-to-One mappings work, and answers key questions...
AI Is Rewriting People's Lives Online. Some Are Fighting Back With Structured Identities.
2025-12-11 06:31:47
Companies are turning to AI systems to surface information about job candidates, business partners and public figures. More people are being reshaped, misidentified or erased entirely by the same systems...
Why I'm Tired of Productivity Wellness (And What It's Doing to Our Minds)
2025-12-11 06:25:10
"Doing good work" has morphed into a performance identity and a subscription economy. Everything is presented as "your best self," "beautiful systems," "better you," and "powerful morning routines"
Authorization in the Age of AI Agents: Beyond All-or-Nothing Access Control
2025-12-11 06:23:36
Authorization is the process of determining *what* you're allowed to do. It's the invisible security perimeter around every digital interaction you have. If authorization fails, everything fails.
How to Enable Long Paths on Windows 11 and Fix Error 0x80010135
2025-12-11 06:21:18
Windows 11 can bypass the legacy 260-character file path limit by enabling Long Paths through either the Settings menu or the Registry Editor. This guide walks through both methods, explains common errors...
Introducing Flatopia: How to Generate Your Own Sitcom with Python and Manim
2025-12-11 06:18:07
Opensource TV show sitcom and code to make your own episodes.
GitLab Cofounder-backed Kilo Code Raises M to Build an Open-source, Model-agnostic Copilot Rival
2025-12-11 06:15:28
Launched in March, 2025, Kilo Code is an open source coding agent that can be configured for a range of tasks.
I Don't Trust AI to Write My Code—But I Let It Read Everything
2025-12-11 06:09:15
I'm a senior full-stack developer who still cringes at AI-generated code in production. But tools like Copilot, Cursor, and Claude already save me hours every week – not by writing code for me, but...
Active Attacks Exploit Gladinet's Hard-Coded Keys for Unauthorized Access and Code Execution
2025-12-11 05:56:00
Huntress is warning of a new actively exploited vulnerability in Gladinet's CentreStack and Triofox products stemming from the use of hard-coded cryptographic keys that have affected nine organizations...
USN-7924-1: libpng vulnerabilities
2025-12-11 05:26:40
It was discovered that libpng incorrectly handled memory when processing
certain PNG files, which could result in an out-of-bounds memory access.
If a user or automated system were tricked into opening...
USN-7923-1: Qt vulnerability
2025-12-11 04:18:33
It was discovered that Qt did not correctly handle certain memory
operations. If a user or automated system were tricked into opening a
specially crafted file, an attacker could possibly use this issue...
HTB Academy: Windows CMD and PowerShell
2025-12-11 03:06:01
I did say that I needed to work on my Windows sys admin skills and also my PowerShell-fu and so here I am. As per the usual when it comes to my Academy content, I will just be covering the skill assessment...