Toute l'actualité de la Cybersécurité
Amazon: Ongoing cryptomining campaign uses hacked AWS accounts
2025-12-17 21:48:33
Amazon's AWS GuardDuty security team is warning of an ongoing crypto-mining campaign that targets its Elastic Compute Cloud (EC2) and Elastic Container Service (ECS) using compromised credentials for...
'Cellik' Android RAT Leverages Google Play Store
2025-12-17 21:38:50
The remote access Trojan lets an attacker remotely control a victim's phone and can generate malicious apps from inside the Play Store.
Key Commitment Issues in S3 Encryption Clients
2025-12-17 21:32:34
Bulletin ID: AWS-2025-032 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/12/17 12:15 PM PST
We identify the following CVEs:
CVE-2025-14763 - Key Commitment Issues in...
Critical vulnerabilities in Fortinet CVE-2025-59718, CVE-2025-59719 exploited in the wild
2025-12-17 21:00:00
OverviewA recently disclosed pair of vulnerabilities affecting Fortinet devices—CVE-2025-59718 and CVE-2025-59719—are drawing urgent attention after confirmation of their active exploitation in the...
USN-7940-1: Linux kernel (Azure FIPS) vulnerabilities
2025-12-17 20:58:49
Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered
that the Linux kernel contained insufficient branch predictor isolation
between a guest and a userspace hypervisor for certain...
SonicWall warns of actively exploited flaw in SMA 100 AMC
2025-12-17 19:36:14
SonicWall warned users to patch a SMA1000 AMC flaw that was exploited as a zero-day privilege escalation vulnerability in attacks. SonicWall urged customers to address a vulnerability, tracked as CVE-2025-40602,...
Kimsuky Hackers Attacking Users via Weaponized QR Code to Deliver Malicious Mobile App
2025-12-17 19:26:33
The North Korean state-linked threat group Kimsuky has expanded its attack methods by distributing a dangerous mobile malware through weaponized QR codes, targeting users through sophisticated phishing...
WhatsApp device linking abused in account hijacking attacks
2025-12-17 19:14:30
Threat actors are abusing the legitimate device-linking feature to hijack WhatsApp accounts via pairing codes in a campaign dubbed GhostPairing. [...]
Test for React2Shell with Application Security using New Functionality
2025-12-17 19:06:44
Following disclosure of the React2Shell vulnerability (CVE-2025-55182), a maximum-severity Remote Code Execution (RCE) in React Server Components (RSC) a.k.a. the Flight protocol, security teams are assessing...
Cisco warns of unpatched AsyncOS zero-day exploited in attacks
2025-12-17 18:45:36
Cisco warned customers today of an unpatched, maximum-severity Cisco AsyncOS zero-day actively exploited in attacks targeting Secure Email Gateway (SEG) and Secure Email and Web Manager (SEWM) appliances....
Operation ForumTrol Known for Exploiting Chrome 0-Day Attacking Users With New Phishing Campaign
2025-12-17 18:33:43
Operation ForumTrol, an advanced persistent threat group, has launched a new targeted phishing campaign against Russian political scientists and researchers. This sophisticated operation continues the...
SonicWall Fixes Actively Exploited CVE-2025-40602 in SMA 100 Appliances
2025-12-17 18:17:00
SonicWall has rolled out fixes to address a security flaw in Secure Mobile Access (SMA) 100 series appliances that it said has been actively exploited in the wild.
The vulnerability, tracked as CVE-2025-40602...
14 Malicious NuGet Packages Found Stealing Crypto Wallets and Ad Data
2025-12-17 18:13:14
ReversingLabs discovers 14 malicious NuGet packages, including Netherеum.All, using homoglyphs and fake downloads to steal crypto wallets and Google Ads data.
Kimwolf Botnet Hijacks 1.8 Million Android TVs, Launches Large-Scale DDoS Attacks
2025-12-17 18:09:00
A new distributed denial-of-service (DDoS) botnet known as Kimwolf has enlisted a massive army of no less than 1.8 million infected devices comprising Android-based TVs, set-top boxes, and tablets, and...
The Steve Morgan Show
2025-12-17 17:54:42
Brought to you by Evolution Equity Partners Coming Jan. 2026 The Steve Morgan Show is a podcast series featuring conversations with some of the world’s most intriguing people, including renowned...
Sonicwall warns of new SMA1000 zero-day exploited in attacks
2025-12-17 17:44:18
SonicWall warned customers today to patch a vulnerability in the SonicWall SMA1000 Appliance Management Console (AMC) that was chained in zero-day attacks to escalate privileges. [...]
New deepfake training from KnowBe4 – see it in action!
2025-12-17 17:27:19
KnowBe4, the world-renowned platform that comprehensively addresses human and agentic AI risk management, has announced a new custom deepfake training experience to defend against advanced cybersecurity...
5 SOC Analyst Tips for Super-Fast Triage
2025-12-17 17:21:33
Every extra minute spent guessing during triage puts your SOC at risk. When it's unclear what a file does, whether it's malicious, or how urgent it is, real threats slip through...
Hackers Could Take Control of Car Dashboard by Hacking Its Modem
2025-12-17 17:16:08
Modern vehicles are increasingly defined by their connectivity, transforming them into sophisticated IoT devices on wheels. While this digital evolution enhances the driving experience, it introduces...
10 Best AI Video Enhancers in 2025 to Instantly Boost Video Quality
2025-12-17 17:00:35
Looking for the best AI video enhancer in 2025? Explore top AI tools to upscale videos, restore clarity, reduce noise, and achieve stunning 4K quality in just a few clicks.
Access Fabric: A modern approach to identity and network access
2025-12-17 17:00:00
An Access Fabric is a unified access security solution that continuously decides who can access what, from where, and under what conditions—in real time.
The post Access Fabric: A modern approach to...
How Altitude Finance Turned Bitcoin Into a Million Lending Infrastructure
2025-12-17 16:44:37
Altitude Finance CEO explains how Bitcoin-collateralized lending achieves 2.63% rates and M TVL while surviving 18 months without user fund losses.
Attackers Use Stolen AWS Credentials in Cryptomining Campaign
2025-12-17 16:33:22
Threat actors wielding stolen AWS Identity and Access Management (IAM) credentials leverage Amazon EC and EC2 infrastructure across multiple customer environments.
Critical React2Shell flaw exploited in ransomware attacks
2025-12-17 16:09:51
A ransomware gang exploited the critical React2Shell vulnerability (CVE-2025-55182) to gain initial access to corporate networks and deployed the file-encrypting malware less than a minute later. [...]...
Pour sécuriser l'IA, Red Hat acquiert Chattebox Labs
2025-12-17 16:09:22
Red Hat, une filiale d’IBM, monte en puissance sur l’IA et vient de renforcer la sécurité de cette technologie en annonçant (...)
The HackerNoon Newsletter: Stop the Generative AI Arms Race Before It Stops Us (12/17/2025)
2025-12-17 16:03:10
How are you, hacker?
🪐 What's happening in tech today, December 17, 2025?
The
HackerNoon Newsletter
brings the HackerNoon
...
Two Chrome flaws could be triggered by simply browsing the web: Update now
2025-12-17 16:02:52
Google's patched two flaws in Chrome, both of which can be triggered remotely when a user loads specially crafted web content.
Data Strategy for MaGGIe: Bridging the Gap in Matting Resources
2025-12-17 16:00:07
To address the lack of public task-specific data, MaGGIe utilizes synthesized training sets from instance-agnostic sources for robust evaluation and generalization.
Microsoft Desktop Windows Manager Out-Of-Bounds Vulnerability Let Attackers Escalate Privileges
2025-12-17 15:52:48
Microsoft has confirmed a critical out-of-bounds vulnerability in the Desktop Window Manager (DWM) that allows local attackers to escalate privileges to SYSTEM on affected Windows systems. The vulnerability,...
MaGGIe's Coarse Alpha Matte Prediction: Temporal Feature Aggregation
2025-12-17 15:45:07
MaGGIe ensures temporal consistency in video matting using bidirectional Conv-GRU to fuse feature maps and predict coarse alpha mattes
Home working: preparing your organisation and staff
2025-12-17 15:44:47
How to make sure your organisation is prepared for home working.
MaGGIe Architecture: Efficient Mask-Guided Instance Matting
2025-12-17 15:30:03
MaGGIe introduces an efficient framework using Cross-Attention, Self-Attention, and Sparse Convolutions for mask-guided instance matting, ensuring high accuracy and low latency.
APT28 Targets Ukrainian UKR-net Users in Long-Running Credential Phishing Campaign
2025-12-17 15:30:00
The Russian state-sponsored threat actor known as APT28 has been attributed to what has been described as a "sustained" credential-harvesting campaign targeting users of UKR[.]net, a webmail and news...
Comment se créent les failles au sein d'un système d'informations ?
2025-12-17 15:25:51
Lorsqu'une faille de sécurité est découverte au sein d'un système d'information (SI), la réaction est souvent la même : chercher une cause purement technique comme un bug, une mauvaise configuration...
Data breaches: guidance for individuals and families
2025-12-17 15:16:01
How to protect yourself from the impact of data breaches
Evolution of Matting: From Traditional Sampling to MaGGIe's Instance Approach
2025-12-17 15:15:03
While prior methods struggle with trimap inaccuracies or single-object assumptions, MaGGIe offers efficient instance matting and enhanced temporal consistency.
Pourquoi la découverte d'un boîtier sur un ferry a déclenché une opération de contre-espionnage
2025-12-17 15:13:09
Un système malicieux probablement installé par ordre d'une puissance étrangère à été découvert à bord d'un ferry italien sur un port français. Il aurait pu permettre de prendre le contrôle...
New ClickFix Attack Uses Fake Browser Fix to Install DarkGate Malware
2025-12-17 15:10:14
Researchers at Point Wild have discovered a new ClickFix attack campaign that tricks users into manually installing DarkGate malware via fake browser extension alerts. Learn how this attack bypasses security...
Turning Your Data Swamp into Gold: A Developer's Guide to NLP on Legacy Logs
2025-12-17 15:00:31
The NLP Cleaning Pipeline is a tool to clean, vectorize, and analyze unstructured "free-text" logs. It uses Python 3.9+ and Scikit-Learn for vectorization and similarity metrics. The pipeline uses Unicode...
Inside a Practitioner Survey on Modern Code Review Priorities
2025-12-17 15:00:26
Based on a survey of experienced software practitioners, this study finds strong support for code review research focused on code quality, defects, and process outcomes, while human, organizational, and...
MaGGIe: Achieving Temporal Consistency in Video Instance Matting
2025-12-17 15:00:07
MaGGIe is an efficient framework for multi-instance human matting using sparse convolution and transformer attention to ensure temporal consistency in videos.
Sextortion emails: how to protect yourself
2025-12-17 14:57:16
Advice in response to the increase in sextortion scams
Attaque DDoS MegaMedusa : éclairage technique NETSCOUT
2025-12-17 14:56:35
L'équipe ASERT de NETSCOUT a récemment analysé comment la Threat Intelligence peut contribuer à neutraliser l'efficacité d'une campagne d'attaques DDoS. Le cas de MegaMedusa démontre concrètement...
GNV ferry fantastic under cyberattack probe amid remote hijack fears
2025-12-17 14:54:17
French prosecutors probe a suspected cyberattack on GNV ferry Fantastic, raising concerns of a possible remote hijack. French prosecutors are investigating a suspected cyberattack on the GNV ferry Fantastic,...
New ForumTroll Phishing Attacks Target Russian Scholars Using Fake eLibrary Emails
2025-12-17 14:54:00
The threat actor linked to Operation ForumTroll has been attributed to a fresh set of phishing attacks targeting individuals within Russia, according to Kaspersky.
The Russian cybersecurity vendor said...
La DGSI saisit un boîtier espion placé dans un bateau de croisière
2025-12-17 14:43:51
Les navires sont dotés de systèmes d’information complexes : navigation (système de visualisation de cartes marines et GPS), (...)
Marketplaces sommées d'agir contre la pédocriminalité
2025-12-17 14:43:46
Réunion du 16 décembre : Sarah El Haïry exige des marketplaces des mesures durables contre la pédocriminalité en ligne....
Cybersécurité 2026 : les organisations sous la pression des Jeux et de l'IA
2025-12-17 14:34:25
Mimecast, leader mondial de la cybersécurité qui redéfinit la manière dont les organisations sécurisent les risques humains, annonce ses prédictions en matière de menaces cyber pour l'année...
Pourquoi OpenAI recrute George Osborne ?
2025-12-17 14:33:37
L'ancien ministre des Finances britannique, George Osborne, prend la tête de " OpenAI for Countries" pour déployer le projet Stargate à l'échelle internationale.
The post Pourquoi OpenAI recrute...
WatchGuard propose une voie simple vers une sécurité Zero Trust moderne
2025-12-17 14:32:09
Une décennie de complexité Zero Trust enfin simplifiée grâce à une approche unifiée conçue pour les MSP et les organisations de toutes tailles. Tribune – WatchGuard® Technologies, leader...
Sécurité VMware : le témoignage d'Object First après les attaques Brickstorm
2025-12-17 14:28:01
Suite aux récentes attaques ciblant les environnements VMware vSphere, Object First a pensé que son témoignage et des conseils simples pourraient retenir l'attention de vos lecteurs. Tribune Object...
Avec Alpha, Sophia Antipolis accélère dans l'IA et la cybersécurité
2025-12-17 14:21:59
Sophia Antipolis, qui regroupe plus de 2 500 entreprises et 43 000 employés, continue de se développer en tant qu’épicentre (...)
C'est « très grave » et « sans précédent » : pourquoi la cyberattaque visant le ministère de l'Intérieur inquiète autant
2025-12-17 14:15:38
Par représailles, un groupe de hackers est parvenu à s'infiltrer dans l'intranet du ministère de l'Intérieur et menace de diffuser ses bases de données les plus sensibles. Cette affaire révèle...
Dynamic EASM Discovery: Continuous Discovery for a Changing Attack Surface
2025-12-17 14:06:15
Staying ahead of what's exposed, automatically.The modern enterprise doesn't stand still. New domains are registered, acquisitions bring inherited infrastructure, cloud workloads spin up and down...
Microsoft Asks IT Admins to Contact for Fix Related to Windows IIS Failure Issues
2025-12-17 14:05:28
Microsoft has confirmed that its December 2025 Windows security update (KB5071546, OS Build 19045.6691) is causing Message Queuing (MSMQ) failures, leading to widespread IIS site crashes. First reported...
How to Fix 3 Common AWS Serverless Performance Killers (Lambda, S3, SQS)
2025-12-17 14:00:04
A real-world high-traffic Content Management System (CMS) migration failed its performance requirements. The system handles article creation, image processing, and digital distribution. It relies heavily...
Your MFA Is Costing You Millions. It Doesn't Have To.
2025-12-17 14:00:00
Passwords and app-based MFA add hidden costs through lost productivity, frequent resets, and risk of phishing and social engineering attacks. Token explains how wireless biometric, passwordless authentication...
{Tribune Expert } – Stratégie IA : et s'il était question d'adopter une pensée bimodale ?
2025-12-17 13:54:40
Une stratégie IA ne concerne pas l'IA en elle-même. Elle doit aider les entreprises à atteindre des performances exponentielles et de tirer son épingle du jeu dans un marché de plus en plus compétitif...
Women In Cybersecurity Report, Winter 2025
2025-12-17 13:44:55
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Dec. 17, 2025 –Watch the YouTube video The Women in Cybersecurity Report, a 12-minute video hosted...
Inside a purchase order PDF phishing campaign
2025-12-17 13:38:00
A “purchase order” PDF blocked by Malwarebytes led to a credential-harvesting phishing site. So we analyzed the attack and where the data went next.
Study Finds Most Code Review Research Lacks Real-World Validation
2025-12-17 13:00:03
Based on an analysis of 244 primary studies, this mapping study shows that modern code review research is growing steadily but remains heavily focused on open source data and tool proposals, with limited...
Chinese Hackers Using Custom ShadowPad IIS Listener Module to Turn Compromised Servers into Active Nodes
2025-12-17 12:42:22
The group employs a custom ShadowPad IIS Listener module to transform compromised servers into a resilient, distributed relay network. This approach allows attackers to route malicious traffic through...
Microsoft asks admins to reach out for Windows IIS failures fix
2025-12-17 12:30:32
Microsoft has asked businesses to reach out for advice on how to temporarily mitigate a Message Queuing (MSMQ) issue causing enterprise apps and Internet Information Services (IIS) sites to fail....
How to Build Real-World Drone Avatars with WebRTC and Python
2025-12-17 12:30:03
Drone Avatar is the next evolution of "Telework". The drone Avatar system requires three distinct layers: The Edge (The Drone), The Pipe (The Network), and The Core (The UTM Traffic Management)
Askul data breach exposed over 700,000 records after ransomware attack
2025-12-17 12:19:31
Askul disclosed that an October RansomHouse ransomware attack compromised over 700,000 records at the Japanese e-commerce and logistics firm. Askul is a Japanese e-commerce and logistics company best...
Singularity Linux Kernel Rootkit with New Feature Prevents Detection
2025-12-17 12:19:17
Singularity, a sophisticated Linux kernel rootkit designed for Linux kernel versions 6.x, has gained significant attention from the cybersecurity community for its advanced stealth mechanisms and powerful...
Hackers Claim Stealing 94GB of Pornhub Premium User Watch Histories
2025-12-17 12:13:51
Cybercriminal group ShinyHunters targets former Pornhub Premium users in a massive 94GB data extortion campaign. Learn about the stolen data details, the involvement of a smishing attack, and the conflicting...
Après la cyberattaque, le ministre de l'Intérieur reconnait un vol de données
2025-12-17 12:04:10
L’affaire de la cyberattaque de la place Beauvau prend une autre tournure après l’interview du ministre de l’Intérieur (...)
CISA Adds Fortinet Vulnerability to KEV Catalog After Active Exploitation
2025-12-17 11:46:00
CISA has officially added CVE-2025-59718 to its Known Exploited Vulnerabilities (KEV) catalog on December 16, 2025. Designating a critical deadline of December 23, 2025, for organizations to apply necessary...
New Moonwalk++ PoC Shows How Malware Can Spoof Windows Call Stacks and Evade Elastic-Inspired Rules
2025-12-17 11:40:21
A sophisticated proof-of-concept demonstrating how malware can bypass advanced call stack detection mechanisms increasingly adopted by enterprise security vendors like Elastic. The new Moonwalk++ technique...
Fix SOC Blind Spots: See Threats to Your Industry & Country in Real Time
2025-12-17 11:30:00
Modern security teams often feel like they're driving through fog with failing headlights. Threats accelerate, alerts multiply, and SOCs struggle to understand which dangers matter right now for their...
Russian state hackers targeted Western critical infrastructure for years, Amazon says
2025-12-17 11:27:02
Amazon disclosed a years-long Russian state-backed cyber campaign targeting Western critical infrastructure from 2021 to 2025. Amazon Threat Intelligence reports a long-running Russian state-backed campaign...
LMI 28 Personnalité IT de l'année 2025 : Martine Gouriet d'EDF
2025-12-17 11:17:25
Dans LMI Mag 28, nous vous proposons des retours d’expérience de DSI et décideurs IT autour de la cybersécurité et de (...)
China-Linked Ink Dragon Hacks Governments Using ShadowPad and FINALDRAFT Malware
2025-12-17 11:12:00
The threat actor known as Jewelbug has been increasingly focusing on government targets in Europe since July 2025, even as it continues to attack entities located in Southeast Asia and South America.
Check...
From Linear to Complex: An Upgrade in RansomHouse Encryption
2025-12-17 11:00:54
Operators behind RansomHouse, a ransomware-as-a-service (RaaS) group, have upgraded their encryption methods from single-phase to complex and layered.
The post From Linear to Complex: An Upgrade in RansomHouse...
Cyberattaque au ministère de l'Intérieur : des fichiers sensibles consultés
2025-12-17 10:46:27
Une intrusion dans les messageries du ministère de l'Intérieur a permis d'accéder aux fichiers de police TAJ et FPR, avec l'extraction de quelques dizaines de fiches confirmée par le ministre Laurent...
Operation ForumTroll continues: Russian political scientists targeted using plagiarism reports
2025-12-17 10:00:51
Kaspersky's GReAT experts have uncovered a new wave of cyberattacks by the ForumTroll APT group, targeting Russian political scientists and delivering the Tuoni framework to their devices.
Piratage chez SFR : encore un accés non autorisé !
2025-12-17 09:44:59
Alerte SFR : accès non autorisé à un outil fixe, données clients possiblement exposées, CNIL saisie, plainte déposée....
Avec le verre, Ewigbyte veut figer les données pour toujours
2025-12-17 09:02:58
Ewigbyte ambitionne de rebattre les cartes de l’archivage avec son stockage sur verre, visant directement le domaine (...)
SUSE: Moderate Security Update for Xen CVE-2025-58149 Released Today
2025-12-17 08:30:12
An update that solves one vulnerability, contains one feature and has one security fix can now be installed.
U.S. CISA adds a flaw in multiple Fortinet products to its Known Exploited Vulnerabilities catalog
2025-12-17 08:17:07
U.S. CISA adds a vulnerability impacting multiple products to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Fortinet Multiple Products...
GhostPoster Malware Found in 17 Firefox Add-ons with 50,000+ Downloads
2025-12-17 08:14:00
A new campaign named GhostPoster has leveraged logo files associated with 17 Mozilla Firefox browser add-ons to embed malicious JavaScript code designed to hijack affiliate links, inject tracking code,...
Afripol Focuses on Regional Cyber Challenges, Deepening Cooperation
2025-12-17 07:00:00
Rapid digitization, uneven cybersecurity know-how, and growing cybercriminal syndicates in the region have challenged law enforcement and prosecutors.
Subdomain Roulette: How Forgotten Hosts Became My Golden Ticket to Admin Panels
2025-12-17 06:32:16
Free link 🎈Continue reading on InfoSec Write-ups »
Agentic AI Red Teaming: The Hottest Cybersecurity Career of 2026 (Beginner-Friendly Guide)
2025-12-17 06:32:05
How to Start a Career in Agentic AI Red Teaming (New 2026 Path)Continue reading on InfoSec Write-ups »
React2Shell: CVE-2025–55182 | TryHackMe Write-Up
2025-12-17 06:31:54
Non-members are welcome to access the full story here.Continue reading on InfoSec Write-ups »
How I Hacked an Entrepreneur
2025-12-17 06:30:58
I was searching for a bug bounty programme using google dorks when I found a private vdp. It was a bit old but I thought why not give it a…Continue reading on InfoSec Write-ups »
The Return of The Luhn Algorithm
2025-12-17 06:29:48
A deep dive into how BIN ranges, Luhn, and a design flaw revealed cardholder PIIs.SummaryWhen testing a bank's assets, I noticed something in a request that no one else had noticed, which disclosed...
Known-Plaintext Attack on PHP-Proxy: From Broken Encryption to FastCGI RCE
2025-12-17 06:28:34
How a Caesar cipher implementation turned URL encryption into a complete server compromise through known-plaintext attack and FastCGI protocol exploitationIntroductionI discovered PHP-Proxy while researching...
HackSmarter Arasaka AD Lab Writeup
2025-12-17 06:27:42
By: Vedant Bhalgama (@ActiveXSploit)HackSmarter is a new cybersecurity learning platform created by Tyler Ramsbey. It offers courses, hands-on labs, and more — an excellent place to sharpen your...
Call/Message anyone on Facebook directly, bypassing the message requests ($$$$+$$$$$)
2025-12-17 06:24:50
An Interesting bug on a not-so-interesting Meta Platform — Messenger KidsThis is me, Samip Aryal from Nepal writing about one of my more unusual bug discoveries, this specifically found in BountyCon...
Discovering Cloud Misconfigurations with Google Dorks
2025-12-17 06:22:34
Picture Created by Sora AIFind exposed sensitive data in AWS, Google Cloud, and other platforms when private information becomes searchable on Google.A. Exposed Cloud StorageCloud storage services...
The Unconventional OSINT: How Dark Web Tools Gave Me the Edge to Find a $ Bug ️♂️
2025-12-17 06:19:07
Free Link🎈Continue reading on InfoSec Write-ups »
Gladinet CentreStack & Triofox Insecure Cryptography Vulnerability
2025-12-17 06:11:46
What is the Vulnerability?
CVE-2025-14611 is a high-severity insecure cryptography vulnerability affecting Gladinet CentreStack and Triofox products...
Fedora 42: Fix for mod_md Bug Related to CVE-2025-55753 Advisory
2025-12-17 01:32:38
This update includes the latest upstream release of mod_md, with various bug fixes and enhancements. See https://github.com/icing/mod_md/releases for more information. A fix for the security vulnerability...
Fedora 42: conda-build 25.4.0 Critical Code Execution 2025-eb0eab6793
2025-12-17 01:32:35
Update to 25.4.0
Critical Update for Fedora 42: WebKitGTK Fixes Crashes and CVE-2025-13947
2025-12-17 01:32:34
Fix seeking and looping of media elements that set the loop property. Fix several crashes and rendering issues. Fix CVE-2025-13947, CVE-2025-43458, CVE-2025-66287
Fedora 43: util-linux Update 2.41.4 Urgent CVE-2025-14105
2025-12-17 01:14:16
upstream stable upgrade from 2.41.1 to 2.41.3 (CVE-2025-14104 and other issues)
Fedora 43: assimp Library Critical CVE-2025-11277 Update
2025-12-17 01:14:11
Backport fix for CVE-2025-11277
Stay Secure: Why Cyber Hygiene Should Be Part of Your Personal Hygiene
2025-12-17 00:00:57
Cyber hygiene is just as vital as personal hygiene. Unit 42 shares tips for people of all experience levels to keep their digital lives secure.
The post Stay Secure: Why Cyber Hygiene Should Be Part...
List of 44 new domains
2025-12-17 00:00:00
.fr 60millions-mag[.fr] (registrar: SAS Ligne Web Services - LWS)
activ-lyfreception[.fr] (registrar: Dynadot Inc)
activshape-officiel[.fr] (registrar: INWX GmbH)
ameli-carte-assurance[.fr] (registrar:...
Multiples vulnérabilités dans Google Chrome (17 décembre 2025)
17/12/2025
De multiples vulnérabilités ont été découvertes dans Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Multiples vulnérabilités dans GLPI (17 décembre 2025)
17/12/2025
De multiples vulnérabilités ont été découvertes dans GLPI. Elles permettent à un attaquant de provoquer une injection de code indirecte à distance (XSS) et un contournement de la politique de sécurité....
Vulnérabilité dans Mozilla Firefox (17 décembre 2025)
17/12/2025
Une vulnérabilité a été découverte dans Mozilla Firefox. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
Multiples vulnérabilités dans les produits Synology (17 décembre 2025)
17/12/2025
De multiples vulnérabilités ont été découvertes dans les produits Synology. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et une atteinte à l'intégrité...