Toute l'actualité de la Cybersécurité
PoC Exploit Tool Released for FortiWeb WAF Vulnerability Exploited in the Wild
2025-11-15 14:02:00
A proof-of-concept (PoC) exploit tool for CVE-2025-64446 has been publicly released on GitHub. This vulnerability, affecting FortiWeb devices from Fortinet, involves a critical path traversal flaw that...
Critical pgAdmin4 Vulnerability Lets Attackers Execute Remote Code on Servers
2025-11-15 13:12:39
A severe remote code execution (RCE) flaw has been uncovered in pgAdmin4, the popular open-source interface for PostgreSQL databases. Dubbed CVE-2025-12762, the vulnerability affects versions up to 9.9...
RONINGLOADER Weaponizes Signed Drivers to Disable Defender and Evade EDR Tools
2025-11-15 12:43:28
A new threat targeting Chinese users has appeared with a dangerous ability to shut down security tools. RONINGLOADER, a multi-stage loader spreading a modified version of the gh0st RAT, uses clever tricks...
Hackers are Weaponizing Invoices to Deliver XWorm That Steals Login Credentials
2025-11-15 10:54:35
Attackers are using fake invoice emails to spread XWorm, a remote-access trojan that quietly steals login credentials, passwords, and sensitive files from infected computers. When a user opens the attached...
First Large-scale Cyberattack Using AI Tools With Minimal Human Input
2025-11-15 10:45:42
Chinese government-backed hackers used Anthropic's Claude Code tool to carry out advanced spying on about thirty targets worldwide, successfully breaking into several major organizations. The first...
Five Plead Guilty in U.S. for Helping North Korean IT Workers Infiltrate 136 Companies
2025-11-15 10:21:00
The U.S. Department of Justice (DoJ) on Friday announced that five individuals have pleaded guilty to assisting North Korea's illicit revenue generation schemes by enabling information technology (IT)...
Highly Sophisticated macOS DigitStealer Employs Multi-Stage Attacks to Evade detection
2025-11-15 10:02:57
A new malware family targeting macOS systems has emerged with advanced detection evasion techniques and multi-stage attack chains. Named DigitStealer, this information stealer uses multiple payloads to...
Formbook Malware Delivered Using Weaponized Zip Files and Multiple Scripts
2025-11-15 07:43:09
A new wave of Formbook malware attacks has appeared, using weaponized ZIP archives and multiple script layers to bypass security controls. The attacks begin with phishing emails containing ZIP files that...
The TechBeat: Stop the Slop. Start Coding Smarter with AI (11/15/2025)
2025-11-15 07:10:59
How are you, hacker?
🪐Want to know what's trending right now?:
The Techbeat by HackerNoon has got you covered with fresh content from our trending stories of the day! Set email preference here.
...
A Multi-Stage Phishing Kit Using Telegram to Harvest Credentials and Bypass Automated Detection
2025-11-15 07:06:13
Phishing attacks continue to be one of the most persistent threats targeting organizations worldwide. Cybercriminals are constantly improving their methods to steal sensitive information, and a recently...
U.S. CISA adds Fortinet FortiWeb flaw to its Known Exploited Vulnerabilities catalog
2025-11-15 06:58:38
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Fortinet FortiWeb flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added...
Akira Ransomware Targets Over 250 Organizations, Extracts Million in Ransom Payments – New CISA Report
2025-11-15 06:09:37
A new advisory from the Cybersecurity and Infrastructure Security Agency reveals that Akira ransomware has become one of the most active threats targeting businesses worldwide. Since March 2023, this...
When Reading the Source Code Is the Real Hack: A Web Challenge Story | v1t CTF
2025-11-15 05:57:48
Sometimes the best hacking tool is just… reading comprehensionDifficulty: Beginner-Friendly | Category: Web ExploitationHello everyoneI'm Chetan Chinchulkar (aka omnipresent), and we're switching gears!...
Reflected XSS → DVWA Walkthrough: Learn How User Input Can Trigger a Script Execution
2025-11-15 05:56:06
🕵Hey! I'm Adwaith, an aspiring offensive security enthusiast, and I'm excited to walk you through the Reflected XSS lab in DVWA, where we'll see how a simple input field can lead to script execution.Click...
SQL Injection: Listing Database Contents on Non-Oracle Databases
2025-11-15 05:55:12
UNION-based SQL injection used to enumerate database tables, extract credential columns, dump usernames and passwords, and log in as the…Continue reading on InfoSec Write-ups »
Lumma Stealer Uses Browser Fingerprinting to Collect Data and for Stealthy C&C Server Communications
2025-11-15 03:45:39
Lumma Stealer has emerged as a serious threat in the cybercrime world, targeting users through fake software updates and cracked applications. This information-stealing malware targets the collection...
Evaluating Visual Adapters: MIVPG Performance on Single and Multi-Image Inputs
2025-11-15 03:12:01
Details MIVPG experiments across single- and multi-image scenarios. Model uses frozen LLM and Visual Encoder, updating only the MIVPG for efficiency.
MIVPG and Instance Correlation: Enhanced Multi-Instance Learning
2025-11-15 03:00:13
MIVPG uses a Correlated Self-Attention (CSA) module to unveil instance correlation, fulfilling all MIL properties while outperforming Q-Former. CSA improves aggregation and reduces time complexity.
Multimodal Fusion: MIVPG's Hierarchical MIL Approach for Multi-Image Samples
2025-11-15 02:28:16
Details MIVPG's hierarchical approach to MIL for multi-image samples. It treats both image patches and whole images as 'instances' for feature aggregation via cross-attention.
Fedora 41: Security Update for OpenTofu 1.10.7 Addresses Vulnerabilities
2025-11-15 01:45:29
Update to 1.10.7
Fedora 41: Critical Advisory for containerd Update v1.7.29 Threats
2025-11-15 01:45:28
Update to v1.7.29
Debian 12: python-http-client-receive-data Low 2025-01a4c2b1e
2025-11-15 01:45:26
uv / python-uv-build 0.9.7 https://github.com/astral-sh/uv/releases/tag/0.9.7 0.9.6 This release contains an upgrade to Astral's fork of async_zip, which addresses
Fedora 41: uv Python Package Update 2025-00e5b3d89c Critical DoS Advisory
2025-11-15 01:45:26
uv / python-uv-build 0.9.7 https://github.com/astral-sh/uv/releases/tag/0.9.7 0.9.6 This release contains an upgrade to Astral's fork of async_zip, which addresses
Fedora 41: rust-reqsign Critical AWS DoS Threat Advisory 2025-00e5b3d89c
2025-11-15 01:45:25
uv / python-uv-build 0.9.7 https://github.com/astral-sh/uv/releases/tag/0.9.7 0.9.6 This release contains an upgrade to Astral's fork of async_zip, which addresses
Fedora 41: Rust Reqsign File Read Tokio Important Issue 2025-00e5b3d89c
2025-11-15 01:45:25
uv / python-uv-build 0.9.7 https://github.com/astral-sh/uv/releases/tag/0.9.7 0.9.6 This release contains an upgrade to Astral's fork of async_zip, which addresses