Toute l'actualité de la Cybersécurité
‘ChatGPT Tainted Memories' Exploit Enables Command Injection in Atlas Browser
2025-10-27 18:49:23
LayerX Security found a flaw in OpenAI's ChatGPT Atlas browser that lets attackers inject commands into its memory, posing major security and phishing risks.
nsKnox Launches Adaptive Payment Security™, Revolutionizing B2B Fraud Prevention by Solving the ‘Impossible Triangle' of Speed, Certainty, and Effor
2025-10-27 16:18:48
New York, New York, USA, 27th October 2025, CyberNewsWire
Windows will soon prompt for memory scans after BSOD crashes
2025-10-27 18:36:05
Microsoft has started testing a new feature that prompts Windows 11 users to run a memory scan when logging in after a blue screen of death (BSOD). [...]
Atos signe un contrat européen record en cybersécurité et relance sa dynamique
2025-10-27 18:13:43
ATOS a remporté un marché stratégique d'une valeur maximale de 326 millions d'euros auprès de la Commission européenne pour assurer des services d'exploitation technique en cybersécurité.......
iOS 26 Deletes Pegasus and Predator Spyware Infection Evidence by Overwriting The ‘shutdown.log' file on Reboot
2025-10-27 17:29:33
The emergence of Pegasus and Predator spyware over the past several years has transformed the landscape of mobile device security. These advanced malware strains—deployed by sophisticated threat actors...
QNAP warns of critical ASP.NET flaw in its Windows backup software
2025-10-27 16:55:02
QNAP warned customers to patch a critical ASP.NET Core vulnerability that also impacts the company's NetBak PC Agent, a Windows utility for backing& up data to a QNAP network-attached storage (NAS) device....
Synology rétropédale après avoir fermé la porte aux disques tiers
2025-10-27 16:46:19
Six mois après avoir annoncé limiter la prise en charge des disques tiers sur ses NAS DS Plus, Synology fait marche arrière.
The post Synology rétropédale après avoir fermé la porte aux disques...
Italian spyware vendor linked to Chrome zero-day attacks
2025-10-27 16:37:28
A zero-day vulnerability in Google Chrome exploited in Operation ForumTroll earlier this year delivered malware linked to Italian spyware vendor Memento Labs, born after IntheCyber Group acquired...
Des experts plaident pour interdire les travaux sur l'IA avancée
2025-10-27 16:15:52
Un an et demi après avoir réclamé une pause sur les systèmes plus puissants que GPT-4, le Future of Life Institute (...)
Ubiquiti UniFi Door Access App Vulnerability Exposes API Management Without Authentication
2025-10-27 16:13:58
Ubiquiti’s UniFi Access application has been found vulnerable to a critical flaw that leaves its management API exposed without authentication. Discovered by Catchify Security, this issue allows...
X Warns Users With Security Keys to Re-Enroll Before November 10 to Avoid Lockouts
2025-10-27 16:12:00
Social media platform X is urging users who have enrolled for two-factor authentication (2FA) using passkeys and hardware security keys like Yubikeys to re-enroll their key to ensure continued access...
Google says everyone will be able to vibe code video games
2025-10-27 15:59:36
Google AI Studio product lead teased that everyone will be able to vibe code video games by the end of the year. [...]
DomeWatch Leak Exposed Personal Data of Capitol Hill Applicants
2025-10-27 15:51:43
Unsecured House Democrats' resume bank (DomeWatch) exposed 7,000 records, including PII and "top secret" clearance status, raising identity theft fears.
Qilin Targets Windows Hosts With Linux-Based Ransomware
2025-10-27 15:18:34
The attack by the one of the most impactful RaaS groups active today demonstrates an evasion strategy that can stump defenses not equipped to detect cross-platform threats.
Microsoft: New policy removes pre-installed Microsoft Store apps
2025-10-27 15:13:58
Microsoft now allows IT administrators to remove pre-installed Microsoft Store apps (also known as in-box apps) using a new app management policy. [...]
USN-7841-1: strongSwan vulnerability
2025-10-27 15:05:57
Xu Biang discovered that the strongSwan client incorrectly handled
EAP-MSCHAPv2 failure requests. If a user or automated system were tricked
into connecting to a malicious server, a remote attacker could...
The Dark Web Has a New Spy, and It's Not Human
2025-10-27 15:00:43
In cybercrimes’ cat-and-mouse game, criminals almost always leave digital breadcrumbs behind. Every leaked credential posted, boasted about, or sold on the dark web forms a trail. Investigators...
How to set up two factor authentication (2FA) on your Instagram account
2025-10-27 14:53:41
Step-by-step instructions on how to enable 2FA on your Instagram account—for Android, iOS, and on the web.
1inch partners with Innerworks to strengthen DeFi security through AI-Powered threat detection
2025-10-27 14:00:24
London, United Kingdom, 27th October 2025, CyberNewsWire
Predatory Sparrow Group Attacking Critical Infrastructure to Destroy Data and Cause Disruption
2025-10-27 14:49:15
Predatory Sparrow has emerged as one of the most destructive cyber-sabotage groups targeting critical infrastructure across the Middle East, with operations focused primarily on Iranian and Syrian assets....
USN-7840-1: Ruby vulnerabilities
2025-10-27 14:39:58
It was discovered that the REXML module bunded into Ruby incorrectly
handled parsing XML documents with repeated instances of certain
characters. An attacker could possibly use this issue to cause REXML...
Crafted URLs can trick OpenAI Atlas into running dangerous commands
2025-10-27 14:38:14
Attackers can trick OpenAI Atlas browser via prompt injection, treating malicious instructions disguised as URLs in the omnibox as trusted commands. Attackers can exploit the OpenAI Atlas browser by disguising...
Hackers Target 81% of Routers with Default Admin Passwords
2025-10-27 14:37:19
The latest 2025 Broadband Genie router security survey reveals alarming trends in network security awareness among internet users. This year’s results, while showing marginal improvements in some...
OpenAI Atlas Browser Vulnerability Allows Malicious Code Injection into ChatGPT
2025-10-27 14:31:42
A critical vulnerability in OpenAI’s newly launched ChatGPT Atlas browser enables attackers to inject malicious instructions into ChatGPT’s memory and execute remote code on user systems....
New ChatGPT Atlas Browser Exploit Lets Attackers Plant Persistent Hidden Commands
2025-10-27 14:31:00
Cybersecurity researchers have discovered a new vulnerability in OpenAI's ChatGPT Atlas web browser that could allow malicious actors to inject nefarious instructions into the artificial intelligence...
USN-7829-4: Linux kernel (AWS) vulnerabilities
2025-10-27 14:20:42
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- GPU drivers;
-...
Phishing scam uses fake death notices to trick LastPass users
2025-10-27 14:15:50
LastPass is warning that phishers are exploiting the digital will feature to trick people into handing over their master passwords.
Une faille critique de Microsoft WSUS exploitée à grande échelle
2025-10-27 14:09:32
Jeudi dernier, Microsoft a publié une série de correctifs hors bande pour corriger « de manière exhaustive » (...)
The State of Exposure Management in 2025: Insights From 3,000+ Organizations
2025-10-27 14:01:11
Attackers are using AI to weaponize old vulnerabilities while security teams face expanding attack surfaces and limited resources. Intruder's 2025 Exposure Management Index reveals how 3,000+ organizations...
BlockDAG Breaks Records as Pepeto, Bitcoin Hyper, Snorter, and Maxi Doge Rise
2025-10-27 14:00:01
The 2025 presale race is heating up. BlockDAG dominates with 0M raised and a 3,233% projected ROI, while Pepeto steals attention with 220% staking, a live demo exchange, and a viral meme narrative....
Critical Chrome 0-Day Under Attack: Mem3nt0 Mori Hackers Actively Exploiting Vulnerability
2025-10-27 13:54:41
In March 2025, security researchers at Kaspersky detected a sophisticated campaign exploiting a previously unknown Chrome vulnerability to deliver advanced spyware to high-profile targets. The attack,...
Microsoft Investigation Teams text-to-speech Functionality Issue Impacting Users – Update
2025-10-27 13:54:24
Microsoft is actively probing a glitch in its Teams platform that’s disrupting text-to-speech features, leaving users frustrated during critical auto-attendant calls. The company confirmed the problem...
Peu sécurisé, Atlas d'OpenAI est non recommandé en entreprise
2025-10-27 13:52:36
Pas de précipitation. Telle est la recommandation des analystes sur l’adoption au sein des sociétés d’Atlas, le navigateur (...)
Qilin Ransomware Leveraging Mspaint and Notepad to Find Files with Sensitive Information
2025-10-27 13:49:42
Qilin ransomware has emerged as one of the most devastating threats in the second half of 2025, operating at an alarming pace with over 40 victim disclosures per month on its public leak site. Originally...
CISA orders feds to patch Windows Server WSUS flaw used in attacks
2025-10-27 13:27:35
The Cybersecurity and Infrastructure Security Agency (CISA) ordered U.S. government agencies to patch a critical-severity Windows Server Update Services (WSUS) vulnerability after adding it to its catalog...
AWS intègre (partiellement) le scope 3 dans sa calculette carbone
2025-10-27 13:25:35
AWS a révisé la méthodologie qui sous-tend son Customer Carbon Footprint Tool et y a intégré une partie du scope 3 de ses services cloud.
The post AWS intègre (partiellement) le scope 3 dans sa...
New HyperRat Android Malware Sold as Ready-Made Spy Tool
2025-10-27 13:25:11
Researchers have uncovered HyperRat, a new Android malware sold as a service, giving attackers remote control, data theft tools, and mass phishing features.
iOS 26 Overwrites ‘shutdown.log' on Reboot, Erasing Forensic Evidence of Pegasus and Predator Spyware
2025-10-27 13:17:37
As iOS 26 is being rolled out, a critical forensic challenge has emerged: the operating system now automatically overwrites the shutdown.log file on every reboot, effectively erasing crucial evidence...
North Korean Chollima Actors Added BeaverTail and OtterCookie to Its Arsenal
2025-10-27 13:09:54
Famous Chollima, a threat group affiliated with North Korea’s Reconnaissance General Bureau, has significantly expanded its operational capabilities by integrating two potent malware strains: BeaverTail...
New EDR-Redir Tool Bypasses EDRs by Exploiting Bind Filter and Cloud Filter Driver
2025-10-27 13:05:12
Cybersecurity researchers have developed a sophisticated new tool called EDR-Redir that can bypass Endpoint Detection and Response (EDR) systems by exploiting Windows’ Bind Filter and Cloud Filter...
Stronger ID Verification Is the New Frontline In Financial Compliance
2025-10-27 13:00:38
Right now, somewhere out there, a synthetic identity is being created – convincing enough to get past a background check, open a bank account, or even get a loan. This...
The post Stronger ID Verification...
⚡ Weekly Recap: WSUS Exploited, LockBit 5.0 Returns, Telegram Backdoor, F5 Breach Widens
2025-10-27 12:51:00
Security, trust, and stability — once the pillars of our digital world — are now the tools attackers turn against us. From stolen accounts to fake job offers, cybercriminals keep finding new ways...
The Women Reimagining Cybersecurity's Future
2025-10-27 12:37:57
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Oct. 27, 2025 – Read the full story in Forbes In an industry still dominated by men, May Chen-Contino is...
Kaspersky détecte un nouveau logiciel espion HackingTeam après des années de silence
2025-10-27 12:35:35
L’équipe mondiale de recherche et d’analyse de Kaspersky (GReAT) a découvert des preuves permettant d'établir un lien entre Memento Labs (le successeur de HackingTeam) et une nouvelle...
Les escroqueries bancaires explosent : +65 % dans le monde en un an
2025-10-27 12:33:52
Un nouveau rapport publié par BioCatch, entreprise spécialisée dans la prévention de la criminalité financière par l'analyse des comportements humains, met en lumière la croissance exponentielle...
Hackers Actively Exploiting WordPress Arbitrary Installation Vulnerabilities in The Wild
2025-10-27 12:26:51
Threat actors have launched a significant mass exploitation campaign targeting critical vulnerabilities in two popular WordPress plugins, GutenKit and Hunk Companion, affecting hundreds of thousands of...
Pourquoi Anthropic va acheter des TPU à Google Cloud
2025-10-27 12:09:26
L'accord qui doit entrer en vigueur en 2026 prévoit la fourniture de plus d'un gigawatt de puissance de calcul.Il est estimé à plusieurs dizaines de milliards de dollars.
The post Pourquoi Anthropic...
Critical HashiCorp Vault Vulnerabilities Allow Authentication Bypass and DoS Attacks
2025-10-27 12:06:45
HashiCorp has disclosed two critical vulnerabilities in Vault and Vault Enterprise that could enable attackers to bypass authentication mechanisms and launch denial-of-service attacks against infrastructure....
X to Retire Twitter.com, Users Must Re-Register Security Keys by Nov 10
2025-10-27 11:21:43
X (formerly Twitter) is asking users with security keys to re-enroll by Nov 10 as it moves logins from twitter.com to x.com for continued 2FA access.
Dell Storage Manager Vulnerabilities Allow Full System Compromise
2025-10-27 11:20:49
Dell Technologies has disclosed three critical vulnerabilities affecting Dell Storage Manager that could allow unauthenticated remote attackers to completely compromise storage systems. Dell Storage Manager...
Microsoft Limits IE Mode In Edge Browser Citing Zero-Day Exploits
2025-10-27 11:14:02
Microsoft recently announced changes to the Internet Explorer mode in Edge browsers, citing zero-day exploits…
Microsoft Limits IE Mode In Edge Browser Citing Zero-Day Exploits on Latest Hacking...
New Stealit Malware Campaign Exploits Node.js SEA Feature
2025-10-27 11:13:27
Researchers have found a new Stealit malware campaign in the wild that exploits a Node.js…
New Stealit Malware Campaign Exploits Node.js SEA Feature on Latest Hacking News | Cyber Security News,...
ChatGPT's Atlas Browser Jailbroken to Hide Malicious Prompts Inside URLs
2025-10-27 11:08:05
Security researchers at NeuralTrust have uncovered a critical vulnerability in OpenAI’s Atlas browser that allows attackers to bypass safety measures by disguising malicious instructions as innocent-looking...
Payer une rançon ne rime toujours pas avec récupération des données
2025-10-27 11:07:16
Le conseil est souvent répété par les autorités, en cas d’attaques de rançongiciel, il ne faut jamais payer de (...)
Can ChatGPT Outperform the Market? Week 11
2025-10-27 11:00:00
+8% increase in one day..
Linux variant of Qilin Ransomware targets Windows via remote management tools and BYOVD
2025-10-27 10:45:05
Qilin ransomware group used Linux binaries on Windows to evade EDRs, steal backups, and disable defenses via BYOVD attacks. Trend Research found that the Qilin ransomware group (aka Agenda) used a Linux...
Predatory Sparrow Strikes: Coordinated Cyberattacks Seek to Cripple Critical Infrastructure
2025-10-27 10:42:52
A sophisticated cyber-sabotage group known as Predatory Sparrow has emerged as one of the most destructive threat actors targeting Iranian critical infrastructure over the past several years. Unlike traditional...
Blockchain, métavers, neuromining… Retour sur 10 ans de prédictions technologiques par Gartner
2025-10-27 09:49:36
Lors de son IT Symposium/Xpo d'Orlando, Gartner émet traditionnellement des prévisions technologiques. Retour sur celles effectuées depuis 10 ans.
The post Blockchain, métavers, neuromining…...
SICW 2025 : L'ANSSI fer de lance de la coopération franco-singapourienne en matière de cyber
2025-10-27 09:04:12
SICW 2025 : L'ANSSI fer de lance de la coopération franco-singapourienne en matière de cyber
anssiadm
lun 27/10/2025 - 09:04
Alors que la France célèbre cette année...
Qilin Ransomware Combines Linux Payload With BYOVD Exploit in Hybrid Attack
2025-10-27 08:55:00
The ransomware group known as Qilin (aka Agenda, Gold Feather, and Water Galura) has claimed more than 40 victims every month since the start of 2025, barring January, with the number of postings on its...
Wordfence blocks 8.7M attacks exploiting old GutenKit and Hunk Companion flaws
2025-10-27 08:40:05
Hackers exploited old RCE flaws in WordPress GutenKit and Hunk Companion plugins. Wordfence firm blocked 8.7M attacks in two days. In September and October 2024, submissions revealed Arbitrary Plugin...
AI Parsing of Commercial Proposals: How to Accelerate Proposal Processing and Win Clients
2025-10-27 08:18:22
In 2025, many organizations still rely on manual processing of B2B proposals. Managers spend hours extracting line items, prices, and delivery terms instead of actually talking to customers. AI systems...
ChatGPT Atlas Browser Can Be Tricked by Fake URLs into Executing Hidden Commands
2025-10-27 07:29:00
The newly released OpenAI ChatGPT Atlas web browser has been found to be susceptible to a prompt injection attack where its omnibox can be jailbroken by disguising a malicious prompt as a seemingly harmless...
A week in security (October 20 – October 26)
2025-10-27 07:15:00
A list of topics we covered in the week of October 20 to October 26 of 2025
The TechBeat: The Day the Cloud Cracked: AWS Outage Exposes Fragility of Centralized Internet (10/27/2025)
2025-10-27 06:11:05
How are you, hacker?
🪐Want to know what's trending right now?:
The Techbeat by HackerNoon has got you covered with fresh content from our trending stories of the day! Set email preference here.
...
GetBlock Launches 50% Discount Program for BlastAPI Users as Platform Shuts Down
2025-10-27 05:09:23
BlastAPI is shutting down on October 31, 2025.
Therefore, GetBlock steps in with a limited‑time migration program offering up to 50% off shared RPC node subscriptions. New users can use promo...
Code Smell 312 - You Put Multiple Assertions in One Test, Making Failures Hard to Analyze
2025-10-27 05:04:42
You put multiple assertions in one test, making failures hard to analyze.
From 50 Pages of Handwritten Notes to a Digital Manuscript with Python and AI
2025-10-27 04:51:33
Apple's HEIC (High-Efficiency Image Container) is great for saving space, but not so great for compatibility. Many APIs and libraries are optimized for older, more universal formats like JPEG. The beauty...
Building a Newsletter Prompt That Actually Converts
2025-10-27 04:51:18
I spent six months trying to crack email marketing. My open rates hovered around 18%. Click-through rates barely hit 2%. I read every "expert guide" out there. I even hired a freelance copywriter. Nothing...
Never Miss a Streaming Release: Building a Passion Project After a Traffic Collapse
2025-10-27 04:51:16
Deindexed, rebranded, relaunched. Bingebase combines clean calendars, AI-checked dates, and email alerts—turning a programmatic-SEO mistake into a product people return to
AI Agents to Discover Drugs
2025-10-27 04:49:11
A synthetic, cross-disciplinary team of AI agents to solve drug discovery problems. The code is written in Python. The goal is to create a team of three specialized agents to tackle a drug discovery problem....
Building a TikTok Hook Generator Prompt That Actually Works
2025-10-27 04:47:34
TikTok's algorithm is unforgiving, so a good prompt needs to be. The prompt is structured in layers: Role Definition, Input, Output, Quality Standards, and Industry Examples.
Private by Design: Why Confidentiality Is the New Competitive Edge in Web3
2025-10-27 04:46:17
As Web3 evolves, privacy is becoming the foundation for institutional adoption. Advances in zero-knowledge proofs and modular privacy layers now make it possible to protect data while proving compliance....
Mem3nt0 mori – The Hacking Team is back!
2025-10-27 03:00:20
Kaspersky researchers discovered previously unidentified commercial Dante spyware developed by Memento Labs (formerly Hacking Team) and linked it to the ForumTroll APT attacks.
MyVidster (2025) - 3,864,364 breached accounts
2025-10-27 02:40:29
In October 2025, the data of almost 4M MyVidster users was posted to a public hacking forum. Separate to the 2015 breach, this incident exposed usernames, email addresses and in a small number of cases,...
Vulnérabilité dans les produits Belden (27 octobre 2025)
27/10/2025
Une vulnérabilité a été découverte dans les produits Belden. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
Vulnérabilité dans le pilote ODBC de MongoDB (27 octobre 2025)
27/10/2025
Une vulnérabilité a été découverte dans le pilote ODBC de MongoDB. Elle permet à un attaquant de provoquer une élévation de privilèges.
Vulnérabilité dans Xen (27 octobre 2025)
27/10/2025
Une vulnérabilité a été découverte dans Xen. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données et un contournement de la politique de sécurité.
Vulnérabilité dans Microsoft Configuration Manager (27 octobre 2025)
27/10/2025
Une vulnérabilité a été découverte dans Microsoft Configuration Manager. Elle permet à un attaquant de provoquer une élévation de privilèges.
Vulnérabilité dans le client VPN de TheGreenBow (27 octobre 2025)
27/10/2025
Une vulnérabilité a été découverte dans le client VPN de TheGreenBow. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
Vulnérabilité dans Microsoft Windows Server Update Service (27 octobre 2025)
27/10/2025
Une vulnérabilité a été découverte dans Microsoft Windows Server Update Service. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance. L'éditeur a publié un nouveau...