Toute l'actualité de la Cybersécurité

Microsoft Outlook stops displaying inline SVG images used in attacks

2025-10-02 18:13:37
Microsoft says Outlook for Web and the new Outlook for Windows will no longer display risky inline SVG images that are being used in attacks. [...]

Clop menace de publier des données de clients Oracle E-Business Suite

2025-10-02 18:03:08
Bluff ou réalité ? Le groupe derrière le ransomware Clop mène une campagne d'extorsion sur les clients de la suite e-business (...)

CERT-UA warns UAC-0245 targets Ukraine with CABINETRAT backdoor

2025-10-02 18:01:26
CERT-UA warns UAC-0245 targets Ukraine with CABINETRAT backdoor via malicious Excel XLL add-ins spotted in Sept 2025. The Computer Emergency Response Team of Ukraine (CERT-UA) warned of cyberattacks by...

Your Meta AI conversations may come back as ads in your feed

2025-10-02 17:55:36
Meta has announced it will start using your interactions with its generative AI to serve targeted ads.

Microsoft to Launch New Secure Default Settings for Exchange and Teams APIs

2025-10-02 17:39:53
Microsoft is updating its security policies to require administrator consent for new third-party applications seeking access to Exchange and Teams content. These “Secure by Default” changes,...

DrayTek warns of remote code execution bug in Vigor routers

2025-10-02 17:37:46
Networking hardware maker DrayTek released an advisory to warn about a security vulnerability in several Vigor router models that could allow remote, unauthenticated actors to execute perform arbitrary...

There Are More CVEs, But Cyber Insurers Aren't Altering Policies

2025-10-02 17:03:47
With nearly 47,000 CVEs expected by the end of the year, organizations must balance comprehensive vulnerability management with strategic cyber insurance policy selection to effectively navigate this...

Microsoft named a Leader in the IDC MarketScape for XDR

2025-10-02 17:00:00
Microsoft has been named a Leader in IDC's inaugural category for Worldwide Extended Detection and Response (XDR) Software for 2025, recognized for its deep integration, intelligent automation, and...

Top 10 Best Digital Risk Protection (DRP) Platforms in 2025

2025-10-02 16:58:39
In 2025, businesses are facing unprecedented challenges in the digital risk landscape. With cyber threats evolving rapidly, organizations need advanced solutions to detect, assess, and mitigate risks...

Top 10 Best Cyber Threat Intelligence Companies in 2025

2025-10-02 16:37:54
Cybersecurity has become one of the most vital aspects of the digital-first world, where organizations face advanced and persistent threats daily. The need for Cyber Threat Intelligence (CTI) companies...

For One NFL Team, Tackling Cyber Threats Is Basic Defense

2025-10-02 16:31:10
The NFL's cyberattack surface is expanding at an unprecedented rate. To find out more, we spoke with a cyber defense coordinator from the Cleveland Browns.

Top 10 Best End-to-End Threat Intelligence Compaines in 2025

2025-10-02 16:29:26
In today's fast-paced digital landscape, cyber attacks have become more complex, frequent, and damaging than ever before. Businesses, governments, and organizations need stronger solutions to protect...

Discord, la nouvelle agora numérique des manifestants

2025-10-02 16:09:46
Discord devient l'outil stratégique des mobilisations. Au Maroc, le mouvement GenZ212 illustre la fusion entre contestation de rue et cyberspace....

Red Hat Investigates Widespread Breach of Private GitLab Repositories

2025-10-02 15:46:58
A threat actor claimed 28,000 private repositories had been compromised, and the Linux software maker said it had "initiated necessary remediation steps."

Alexander Jabbour on Building Real-Time Sales AI From 0-to-1 at Rilla

2025-10-02 15:44:59
Alexander Jabbour, Engineering Lead at Rilla, built a real-time AI sales coaching platform that turns reactive feedback into live guidance. Overcoming technical hurdles in audio streaming, low-latency...

Closing the Gaps: Protecting Your Pipeline from Open Source Malware

2025-10-02 15:36:49
Open source software is the backbone of modern development, powering everything from business applications to AI-driven systems. But with that growth has come a new frontier of risk: open source...

HackerOne paid million in bug bounties over the past year

2025-10-02 15:35:44
Bug bounty platform HackerOne announced that it paid out million in rewards to white-hat hackers worldwide over the past 12 months. [...]

USN-7802-1: Linux kernel (Azure) vulnerabilities

2025-10-02 15:30:41
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; ...

Shaping the Future of Healthcare Through AI and Cloud Data Engineering

2025-10-02 15:29:59
Independent researcher Sanjay Nakharu Prasad Kumar highlights how AI and cloud data engineering are redefining healthcare. Predictive analytics, advanced diagnostic imaging, and AI-driven clinical decision...

Solana And BNB Grow Steady While Pepeto Presale Explodes With .8M Raised

2025-10-02 15:14:59
Pepeto (PEPETO) is exploding in presale with .8M raised and tools like PepetoSwap and cross-chain support, drawing hype as the “BNB of memecoins.” Solana (SOL) shows strong ETF-backed growth with...

Brave browser surpasses the 100 million active monthly users mark

2025-10-02 15:07:56
Brave browser this September has reached 101 million monthly active users and 42 million daily active users, hitting a new record in the project's history. [...]

USN-7797-2: Linux kernel vulnerabilities

2025-10-02 15:05:53
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Virtio block driver; ...

The Digital Campus Challenge: Why Universities Need to Reassess Cyber Risks

2025-10-02 15:00:55
In February 2024, several British universities were hit by a major DDoS attack. In the past, a disruption to connectivity would mostly have been a problem for the university itself, but... The post The...

Your Startup Won't Scale Until You Close the Validation Gap

2025-10-02 15:00:07
Startups often struggle in the “validation gap”—the space between having a real product and convincing the world it matters. Big names like Airbnb and Netflix once faced it too. The way out? Publish...

Breaking Records and Redefining Innovation: The Billion-Dollar Rise of Jeremy Roma

2025-10-02 14:59:59
Jeremy Roma disrupted fintech with a decentralized crowdfunding platform that surpassed B in growth and empowered over 200,000 users, creating 100+ millionaires. He later launched a 0M-backed sports...

USN-7796-3: Linux kernel (Azure) vulnerabilities

2025-10-02 14:47:20
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Framebuffer layer; ...

Confucius Hackers Hit Pakistan With New WooperStealer and Anondoor Malware

2025-10-02 14:44:00
The threat actor known as Confucius has been attributed to a new phishing campaign that has targeted Pakistan with malware families like WooperStealer and Anondoor. "Over the past decade, Confucius has...

USN-7796-2: Linux kernel (FIPS) vulnerabilities

2025-10-02 14:41:16
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Framebuffer layer; ...

USN-7795-2: Linux kernel (FIPS) vulnerabilities

2025-10-02 14:31:40
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Ext4 file system; ...

Sur fond de licenciements, Tehtris évince sa PDG

2025-10-02 14:27:04
En difficulté, la start-up française Tehtris spécialisée dans la cybersécurité change de gouvernance avec un (...)

USN-7793-4: Linux kernel (Real-time) vulnerabilities

2025-10-02 14:20:58
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Packet sockets; ...

Microsoft Defender bug triggers erroneous BIOS update alerts

2025-10-02 14:20:12
Microsoft is working to resolve a bug that causes Defender for Endpoint to incorrectly tag some devices' BIOS (Basic Input/Output System) firmware as outdated, prompting users to update it. [...]

New Obex Tool Blocks EDR Dynamic Libraries From Loading at Runtime

2025-10-02 14:18:18
A new proof-of-concept (PoC) tool named Obex has been released, offering a method to prevent Endpoint Detection and Response (EDR) and other monitoring solutions’ dynamic-link libraries (DLLs) from...

Allianz Life data breach impacted 1.5 Million people

2025-10-02 14:13:43
Allianz Life breach exposed data of 1.5M people, including names, addresses, birth dates, and Social Security numbers stolen from a cloud CRM. In July, Allianz Life disclosed a breach where hackers...

USN-7793-3: Linux kernel (FIPS) vulnerabilities

2025-10-02 14:12:07
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Packet sockets; ...

YoLink IoT Gateway Vulnerabilities Put Home Security at Risk

2025-10-02 14:05:20
Four critical zero-day flaws found in the YoLink Smart Hub allow remote physical access, threatening your home security. See the urgent steps you must take now.

USN-7793-2: Linux kernel (Oracle) vulnerabilities

2025-10-02 14:04:26
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Packet sockets; ...

PoC exploit Released for VMware Workstation guest-to-host escape Vulnerability

2025-10-02 14:00:35
A proof-of-concept (PoC) exploit has been released for a critical vulnerability chain in VMware Workstation that allows an attacker to escape from a guest virtual machine and execute arbitrary code on...

Your Service Desk is the New Attack Vector—Here's How to Defend It.

2025-10-02 14:00:10
Service desks are prime targets. A practical, NIST-aligned workflow for help desk user verification that stops social engineering without slowing support. Learn how role- & points-based verification workflows...

Phishing Is Moving From Email to Mobile. Is Your Security?

2025-10-02 14:00:00
With SMS, voice, and QR-code phishing incidents on the rise, it's time to take a closer look at securing the mobile user.

USN-7801-1: Linux kernel (HWE) vulnerabilities

2025-10-02 13:56:04
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; ...

USN-7800-1: Linux kernel (Raspberry Pi Real-time) vulnerabilities

2025-10-02 13:46:50
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; ...

Dette technique et sécurité au menu d'Openstack Flamingo

2025-10-02 13:42:51
15 ans après sa création, Openstack opère un grand chantier pour combler sa dette technique. A l’occasion de sa version (...)

Une application VPN mobile sur quatre échoue aux contrôles de confidentialité, Zimperium alerte sur les risques cachés pour les entreprises

2025-10-02 13:23:08
L’analyse, par zLabs, de 800 applications VPN gratuites révèle que 25 % d’entre elles n'ont pas de politique de confidentialité, abusent dangereusement des autorisations et manquent de...

Quand le faux devient crédible : les deepfakes, une menace pour les entreprises

2025-10-02 13:20:04
Contenus audios, vidéos ou textes : les deepfakes franchissent un cap inquiétant. Pour les entreprises, ces manipulations par IA sont devenues un nouveau vecteur d'attaque. Une illusion numérique,...

Scam Facebook groups send malicious Android malware to seniors

2025-10-02 13:09:30
Cybercriminals are targeting older Facebook users with fake community and travel groups that push malicious Android apps.

Alert: Malicious PyPI Package soopsocks Infects 2,653 Systems Before Takedown

2025-10-02 13:07:00
Cybersecurity researchers have flagged a malicious package on the Python Package Index (PyPI) repository that claims to offer the ability to create a SOCKS5 proxy service, while also providing a stealthy...

Google Patches “Gemini Trifecta” Vulnerabilities in Gemini AI Suite

2025-10-02 13:06:30
Cybersecurity firm Tenable found three critical flaws allowing prompt injection and data exfiltration from Google's Gemini AI. Learn why AI assistants are the new weak link.

Rethinking NHI Security: The Essential Shift to Zero Trust Security and Ephemeral Identities

2025-10-02 13:00:37
As identity security becomes increasingly critical in cybersecurity, the focus has shifted from safeguarding human identities to protecting Non-Human Identities (NHIs)—such as API keys, service accounts,...

'Confucius' Cyberspy Evolves From Stealers to Backdoors in Pakistan

2025-10-02 13:00:00
The long-running South Asian advanced persistent threat (APT) group is advancing its objectives against Pakistani targets, with a shift to deploying Python-based surveillance malware.

How We Built a Gaming Platform That Never Takes Your Money (But Still Makes Millions)

2025-10-02 12:59:59
Slotozilla solved the paradox of building a casino-scale platform without real-money play. Hosting 40,000+ slots from 200+ providers, it handles hundreds of thousands of anonymous sessions daily. With...

RFC 9794: a new standard for post-quantum terminology

2025-10-02 12:45:24
The NCSC's contribution to the Internet Engineering Task Force will help to make the internet more secure.

The Risks of AI-Generated Software Development

2025-10-02 12:37:04
Get details on how AI is introducing new risk to software.

Sophos: Defeat Cyberattacks With Cybersecurity-as-a-Service

2025-10-02 12:34:44
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Oct. 2, 2025 – Watch the YouTube video CEO Joe Levy explains how Sophos defeats cyberattacks with an...

Automating Pentest Delivery: 7 Key Workflows for Maximum Impact

2025-10-02 11:55:00
Penetration testing is critical to uncovering real-world security weaknesses. With the shift into continuous testing and validation, it is time we automate the delivery of these results. The way results...

Why Gossiping to All Peers Might Be the Smartest Move for Small Networks

2025-10-02 11:30:06
This article breaks down three smart optimizations for improving node synchronization in blockchain and distributed systems. First, gossiping to all peers accelerates sync when networks are small and...

ThreatsDay Bulletin: CarPlay Exploit, BYOVD Tactics, SQL C2 Attacks, iCloud Backdoor Demand & More

2025-10-02 11:30:00
From unpatched cars to hijacked clouds, this week's Threatsday headlines remind us of one thing — no corner of technology is safe. Attackers are scanning firewalls for critical flaws, bending vulnerable...

Google Mandiant Probes New Oracle Extortion Wave Possibly Linked to Cl0p Ransomware

2025-10-02 11:25:00
Google Mandiant and Google Threat Intelligence Group (GTIG) have disclosed that they are tracking a new cluster of activity possibly linked to a financially motivated threat actor known as Cl0p. The malicious...

Fuite et RaaS : le groupe Nova expose ses victimes

2025-10-02 11:06:28
Le groupe Nova revendique 23 victimes, vend un RaaS et publie 80 Go de données universitaires. Analyse cyber et renseignement....

How to Close Threat Detection Gaps: Your SOC's Action Plan

2025-10-02 11:00:00
Running a SOC often feels like drowning in alerts. Every morning, dashboards light up with thousands of signals; some urgent, many irrelevant. The job is to find the real threats fast enough to keep cases...

Ubuntu: Linux Kernel Azure Important Security Issues USN-7798-1

2025-10-02 10:57:26
Several security issues were fixed in the Linux kernel.

Android spyware campaigns impersonate Signal and ToTok messengers

2025-10-02 10:53:18
Two new spyware campaigns that researchers call ProSpy and ToSpy lured Android users with fake upgrades or plugins for the Signal and ToTok messaging apps to steal sensitive data. [...]

Ubuntu 24.04: Linux-realtime Critical Kernel Update Vulnerable 2025:0012

2025-10-02 10:50:08
Several security issues were fixed in the Linux kernel.

Cybercrime group claims to have breached Red Hat ‘s private GitHub repositories

2025-10-02 10:37:05
The cybercrime group calling itself the Crimson Collective claimed to have compromised Red Hat ‘s private GitHub repositories. The Crimson Collective claimed it had stolen 570GB from Red Hat 's...

Malicious ZIP Files Use Windows Shortcuts to Drop Malware

2025-10-02 10:19:09
Cybersecurity firm Blackpoint Cyber reveals a new spear phishing campaign targeting executives. Learn how attackers use fraudulent document ZIPs containing malicious shortcut files, leveraging 'living...

AIOZ Stream Delivers Peer-to-Peer On-Demand Video Powered by DePIN

2025-10-02 10:00:04
Recently, AIOZ Network released AIOZ Stream, a protocol designed to make streaming as configurable as any modern software service. Instead of hard‑wired revenue shares and opaque delivery, teams get...

Ubuntu 16.04 LTS: USN-7797-1 Linux Kernel Critical Flaws Detected

2025-10-02 09:53:33
Several security issues were fixed in the Linux kernel.

Solo Leveling Levels Up: Korean Billion-Dollar Megafranchise Goes Onchain With Story

2025-10-02 09:47:49
Korea's highest-grossing webnovel and webtoon, and the most-watched anime in Crunchyroll history, announces a partnership with Story. Solo Leveling is exploring the issuance of a tokenized real-world...

Ubuntu 18.04 LTS: USN-7796-1 Critical Linux Kernel Security Issues

2025-10-02 09:38:32
Several security issues were fixed in the Linux kernel.

Gossip Protocol Replication, Multi-Signatures, and M-of-N Consensus Explained

2025-10-02 09:30:06
This article explains how distributed systems maintain trust and consistency using gossip-based replication, partial and multi-signature proofs, and M-of-N network connections. The gossip protocol ensures...

Ubuntu 20.04 LTS: Linux Kernel Critical Kernel Flaw Update USN-7795-1

2025-10-02 09:25:12
Several security issues were fixed in the Linux kernel.

Warning: Beware of Android Spyware Disguised as Signal Encryption Plugin and ToTok Pro

2025-10-02 09:24:00
Cybersecurity researchers have discovered two Android spyware campaigns dubbed ProSpy and ToSpy that impersonate apps like Signal and ToTok to target users in the United Arab Emirates (U.A.E.). Slovak...

Red Hat Data Breach – Threat Actors Claim Breach of 28K Private GitHub Repositories

2025-10-02 09:19:39
An extortion group known as the Crimson Collective claims to have breached Red Hat's private GitHub repositories, making off with nearly 570GB of compressed data from 28,000 internal repositories. This...

CISA: Critical Sudo Flaw CVE-2025-32463 Requires Immediate Action

2025-10-02 09:15:48
CISA has added CVE-2025-32463 to its Known Exploited Vulnerabilities catalog, a flaw in sudo that affects nearly every Linux distribution. The bug allows a limited account to escalate to root, which is...

Cyberattaque au Sénégal : la DGID visée par le groupe Black Shrantac

2025-10-02 09:05:13
La DGID du Sénégal victime d'une cyberattaque Black Shrantac : 1 To de données fiscales et administratives volées, enjeux critiques pour l'État et les citoyens....

Smarter AI Training with Few-Shot Natural Language Tasks

2025-10-02 09:00:07
AdaMix, a parameter-efficient fine-tuning method, outperforms full model fine-tuning in few-shot NLU tasks across benchmarks like GLUE. Using prompt-based strategies without extra validation or unlabeled...

Android Spyware in the UAE Masquerades as ... Spyware

2025-10-02 09:00:00
In a clever, messed-up twist on brand impersonation, attackers are passing off their spyware as a notorious UAE government surveillance app.

Small Businesses and Ransomware: Navigating the AI Era Threat

2025-10-02 08:57:33
Ransomware has evolved from a niche hacker tactic into a mainstream threat, and small businesses are increasingly in…

Sendit tricked kids, harvested their data, and faked messages, FTC claims

2025-10-02 08:50:47
Sendit and its CEO are accused of preying on young users—signing them up illegally, misusing their data, and tricking them with bogus messages and hidden fees.

TOTOLINK X6000R Routers Hit by Three Vulnerabilities Allowing Remote Code Execution

2025-10-02 08:36:42
Three critical security flaws were discovered in firmware version V9.4.0cu.1360_B20241207 of the TOTOLINK X6000R router released on March 28, 2025. These vulnerabilities range from argument injection...

SUSE: python-Django Critical SQL Injection and Path Traversal 2025:03446-1

2025-10-02 08:30:23
* bsc#1250485 * bsc#1250487 Cross-References: * CVE-2025-59681

Multisig, Hashes, and the Math Behind Trustless Record Keeping

2025-10-02 08:30:08
This article explains the append process in distributed systems: how nodes locally create records with cryptographic hashes, signatures, and timestamps; how records are validated and updated during replication;...

Chrome Security Update Patches 21 Vulnerabilities that Allow Attackers to Execute Arbitrary Code

2025-10-02 08:29:17
Google has released Chrome 141 to address 21 security vulnerabilities, including critical flaws that could allow attackers to crash browsers and potentially execute malicious code. The update, rolling...

Termix Docker Image Leaking SSH Credentials (CVE-2025-59951)

2025-10-02 08:22:12
A critical vulnerability in the official Termix Docker image puts users at risk of exposing sensitive SSH credentials. The flaw allows anyone with network access to retrieve stored host addresses, usernames,...

Le MOOC « SecNumacadémie » en cours d'évolution

2025-10-02 07:42:35
Le MOOC « SecNumacadémie » en cours d'évolution anssiadm jeu 02/10/2025 - 07:42 Le MOOC de l'ANSSI SecNumacadémie va évoluer et ne sera plus disponible sur la...

China-linked APT Phantom Taurus uses Net-Star malware in espionage campaigns against key sectors

2025-10-02 07:40:57
China-linked APT Phantom Taurus targets government and telecom orgs with Net-Star malware for espionage, using unique tactics over two years. China-nexus APT Phantom Taurus has targeted government and...

Red Hat confirms security incident after hackers breach GitLab instance

2025-10-02 06:15:17
An extortion group calling itself the Crimson Collective claims to have stolen nearly 570GB of compressed data across 28,000 internal development respositories, with the company confirming it was a breach...

Microsoft Outlook for Windows Bug Leads to Crash While Opening Email

2025-10-02 06:07:47
Microsoft has confirmed it is investigating a significant bug in the classic Outlook for Windows desktop client that causes the application to fail upon launch. The issue, which appears to be linked to...

Chrome Security Update Addressing 21 Vulnerabilities

2025-10-02 05:43:18
The Chrome team has released Chrome 141.0.7390.54/55 to the stable channel for Windows, Mac, and Linux, rolling out over the coming days and weeks. This update delivers critical security fixes,...

Microsoft Outlook Bug on Windows Devices Results in Repeated Email Crashes

2025-10-02 05:29:48
Microsoft is currently investigating a significant bug affecting classic Outlook for Windows that prevents users from accessing their email accounts. The issue manifests as a persistent error message...

Splunk Enterprise Flaws Allow Attackers to Run Unauthorized JavaScript Code

2025-10-02 05:18:22
Splunk released security advisories addressing multiple vulnerabilities affecting various versions of Splunk Enterprise and Splunk Cloud Platform. The flaws range from cross-site scripting (XSS) vulnerabilities...

Google Drive Desktop Gets AI-Powered Ransomware Detection to Block Cyberattacks

2025-10-02 04:54:25
Google has unveiled a groundbreaking AI-powered ransomware detection system for its Drive desktop application, representing a significant advancement in cybersecurity protection for organizations worldwide....

Multiple Splunk Enterprise Vulnerabilities Let Attackers Execute Unauthorized JavaScript code

2025-10-02 04:07:32
Splunk has released patches for multiple vulnerabilities in its Enterprise and Cloud Platform products, some of which could allow attackers to execute unauthorized JavaScript code, access sensitive information,...

Clop extortion emails claim theft of Oracle E-Business Suite data

2025-10-02 03:13:58
Mandiant and Google are tracking a new extortion campaign where executives at multiple companies received emails claiming that sensitive data was stolen from their Oracle E-Business Suite systems [...]...

List of 30 new domains

2025-10-02 00:00:00
.fr 500casinoapp365[.fr] (registrar: Hosting Concepts B.V. d/b/a Openprovider) 500casinobonus777[.fr] (registrar: Hosting Concepts B.V. d/b/a Openprovider) 500casinobonus[.fr] (registrar: Hosting Concepts...

Multiples vulnérabilités dans Google Chrome (02 octobre 2025)

02/10/2025
De multiples vulnérabilités ont été découvertes dans Google Chrome. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et un problème de sécurité non...

Multiples vulnérabilités dans les produits Splunk (02 octobre 2025)

02/10/2025
De multiples vulnérabilités ont été découvertes dans les produits Splunk. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation...