Toute l'actualité de la Cybersécurité
Is Your Android TV Streaming Box Part of a Botnet?
2025-11-24 18:44:52
On the surface, the Superbox media streaming devices for sale at retailers like BestBuy and Walmart may seem like a steal: They offer unlimited access to more than 2,200 pay-per-view and streaming services...
Phishing aux couleurs de l'État : une attaque discrète mais redoutable découverte par ZATAZ
2025-11-24 18:30:14
Phishing imitant l'administration : ZATAZ découvre une nouvelle attaque visant à voler des identifiants via de faux documents officiels....
Arnaque aux fausses ampoules EDF : un piège numérique que ZATAZ va éteindre
2025-11-24 18:04:20
Analyse d'une arnaque imitant EDF qui vole données bancaires via une fausse offre d'ampoules LED....
How To Hide Your Country Location on X (Twitter) by Switching to Region
2025-11-24 17:46:45
X (formerly known as Twitter) has added a new location detail in its account transparency section. It shows…
Black Friday scammers offer fake gifts from big-name brands to empty bank accounts
2025-11-24 17:36:37
Inside a massive malicious ad campaign that mimics brands like LEGO, Lululemon, and Louis Vuitton to trick shoppers into handing over bank details.
Real-estate finance services giant SitusAMC breach exposes client data
2025-11-24 17:36:28
SitusAMC, a company that provides back-end services for top banks and lenders, disclosed on Saturday a data breach it had discovered earlier this month that impacted customer data. [...]
USN-7887-1: Linux kernel (Raspberry Pi Real-time) vulnerabilities
2025-11-24 17:27:17
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
...
Podcast Empowers Professionals to Thrive in Their Cybersecurity Careers
2025-11-24 17:25:34
Amelia Hewitt, Co-Founder (Director of Cyber Consulting) at Principle Defence and Founder of CybAid, and Rebecca Taylor, Threat Intelligence Knowledge Manager and Researcher at Sophos, are proud to announce...
L'Otan se dote d'un cloud privé avec Google Cloud
2025-11-24 17:24:01
C’est un contrat de plusieurs millions de dollars que vient de signer Google Cloud avec l’Otan. L’alliance militaire a retenu le fournisseur (...)
IBAN, vérifier et sécuriser son identifiant bancaire
2025-11-24 17:15:48
Comprendre l'IBAN, ses risques et les bonnes pratiques pour sécuriser ses opérations bancaires dans un contexte de fraudes numériques croissantes....
Hackers Leveraging WhatsApp That Silently Harvest Logs and Contact Details
2025-11-24 16:57:02
A new malware campaign targeting Brazilian users has emerged, using WhatsApp as its primary distribution channel to spread banking trojans and harvest sensitive information. This sophisticated attack...
Wallet in Telegram Lists Monad, Enabling Telegram TGE Trading & Expanding MON Distribution
2025-11-24 16:56:57
Monad is a high-performance EVM Layer-1 inaugurating Coinbase's new ICO platform. Wallet in Telegram users will be able to deposit, withdraw and trade MON directly within the app. The listing will be...
YapWorld: The First AI Creator Economy Forging Human Connection
2025-11-24 16:51:17
YapWorld is the first AI platform built on YouTube's “Creator as Partner” model. YapWorld employs AI as a “catalyst for connection,” mobilizing personalized AI agents as online pals. Yaps represent...
Elite Cyber Veterans Launch Blast Security with M to Turn Cloud Detection into Prevention
2025-11-24 13:00:56
Tel Aviv, Israel, 24th November 2025, CyberNewsWire
PoC released for W3 Total Cache Vulnerability that Exposes 1+ Million Websites to RCE Attacks
2025-11-24 16:36:29
A proof-of-concept exploit has been publicly released for CVE-2025-9501, a critical, unauthenticated command-injection vulnerability affecting W3 Total Cache, one of WordPress’s most widely deployed...
Angular 21 Rolls Out Modern Testing, Headless A11y Components, and AI Tools
2025-11-24 16:27:25
Angular v21 isn't about one headline feature — it's a broad shift toward reactive patterns, accessible UI, AI-aware tooling, modern testing, and simpler, zoneless change detection. Together, these...
New Licensing Options for Pixel Icon Library: Free, Starter & Pro Plans
2025-11-24 16:24:04
After 30K downloads and incredible community support, we're launching two new paid license options for the Pixel Icon Library. The free plan with attribution remains unchanged, but now you can choose...
The HackerNoon Newsletter: Can ChatGPT Outperform the Market? Week 17 (11/24/2025)
2025-11-24 16:09:55
How are you, hacker?
🪐 What's happening in tech today, November 24, 2025?
The
HackerNoon Newsletter
brings the HackerNoon
...
Matrix Push C2 abuses browser notifications to deliver phishing and malware
2025-11-24 15:43:00
Attackers can send highly realistic push notifications through your browser, including fake alerts that can lead to malware or phishing pages.
Sha1-Hulud Supply Chain Attack: 800+ npm Packages and Thousands of GitHub Repos Compromised
2025-11-24 15:36:00
A massive resurgence of the Sha1-Hulud supply chain malware has struck the open-source ecosystem, compromising over 800 npm packages and tens of thousands of GitHub repositories in a campaign the attackers...
Shai Hulud npm Worm Impacts 26,000+ Repos in Supply Chain Attack
2025-11-24 15:32:01
The Shai Hulud worm's "Second Coming" has compromised over 26,000 public repositories. We detail the attacker's mistake, the target packages, and mandatory security tips.
Les gangs de ransomware attaquent le stockage S3 d'AWS
2025-11-24 15:25:52
Traditionnellement, les cybercriminels s’attaquent aux sauvegardes sur site dans le cadre d’attaques par rançongiciel. Avec la montée (...)
Air Canada Lost a Lawsuit Because Their RAG Hallucinated. Yours Might Be Next
2025-11-24 15:23:53
Cleanlab's latest benchmarks reveal that most popular RAG hallucination detection tools barely outperform random guessing, leaving production AI systems vulnerable to confident, legally risky errors—while...
Les technologies prioritaires pour assurer rapidement la résilience opérationnelle d'une PME face aux cybermenaces
2025-11-24 15:22:27
Dans un contexte où les cybermenaces se multiplient et se complexifient, les petites et moyennes entreprises se retrouvent souvent en première ligne, sans toujours disposer des moyens humains ou financiers...
Zimperium alerte sur les risques de sécurité cachés dans des applications Android populaires
2025-11-24 15:20:06
Une bibliothèque de cartographie obsolète, encore utilisée dans plusieurs applications majeures de voyage et de météo, expose des millions d’utilisateurs et d’entreprises à des vulnérabilités...
How Ameen Shahid Is Transforming Quality Engineering Into a Strategic Powerhouse
2025-11-24 15:14:59
Director Ameen Shahid transforms Quality Engineering into a strategic engine for global supply chain excellence. By embedding IQE across order management, fulfillment, and logistics, he drives predictive...
Dropping Elephant Hacker Group Attacks Defense Sector Using Python Backdoor via MSBuild Dropper
2025-11-24 15:11:41
India-aligned threat group Dropping Elephant has launched a sophisticated multi-stage cyberattack targeting Pakistan’s defense sector using a Python-based remote access trojan disguised within an...
New Fluent Bit Flaws Expose Cloud to RCE and Stealthy Infrastructure Intrusions
2025-11-24 15:03:00
Cybersecurity researchers have discovered five vulnerabilities in Fluent Bit, an open-source and lightweight telemetry agent, that could be chained to compromise and take over cloud infrastructures.
The...
SCCM and WSUS in a Hybrid World: Why It's Time for Cloud-native Patching
2025-11-24 15:01:11
Hybrid work exposes the limits of SCCM and WSUS, with remote devices often missing updates and WSUS now deprecated. Action1's cloud-native patching keeps devices updated from any location, strengthening...
How Vennela Subramanyam Is Shaping the Future of Empathetic AI
2025-11-24 14:59:59
Google product leader Vennela Subramanyam advocates for empathetic AI that amplifies humanity rather than replaces it. Her work blends user-centered metrics, inclusive design, emotional insight, and AI...
Windows 365 accueille un espace sécurisé pour les agents IA
2025-11-24 14:57:03
Microsoft a dévoilé une dernière fonction pour son service de PC as a Service Windows 365 : un environnement sécurisé (...)
USN-7886-1: Python vulnerabilities
2025-11-24 14:53:33
It was discovered that Python inefficiently handled expanding system
environment variables. An attacker could possibly use this issue to cause
Python to consume excessive resources, leading to a denial...
Delta Dental of Virginia data breach impacts 145,918 customers
2025-11-24 14:49:51
Delta Dental of Virginia suffered a data breach that exposed personal and health data of about 146,000 customers after the hack of an email account. A security breach at the dental care provider Delta...
Shai-Hulud malware infects 500 npm packages, leaks secrets on GitHub
2025-11-24 14:32:40
Hundreds of trojanized versions of well-known packages such as Zapier, ENS Domains, PostHog, and Postman have been planted in the npm registry in a new Shai-Hulud supply-chain campaign. [...]
popEVE : l'IA qui révolutionne le diagnostic des maladies génétiques rares
2025-11-24 14:23:25
Des chercheurs ont développé un modèle d'IA capable d'identifier les mutations génétiques pathogènes avec une précision de 98%. Cette avancée majeure pourrait transformer la prise en charge de...
APT35 Hacker Groups Internal Documents Leak Exposes their Targets and Attack Methods
2025-11-24 14:22:02
In October 2025, a significant breach exposed the internal workings of APT35, also known as Charming Kitten, a cyber unit operating within Iran’s Islamic Revolutionary Guard Corps Intelligence Organization....
NIS 2 : les entités assujetties peuvent se pré-enregistrer
2025-11-24 14:07:26
NIS 2 : les entités assujetties peuvent se pré-enregistrer
anssiadm
lun 24/11/2025 - 14:07
Le service de pré-enregistrement des entités assujetties à la directive...
Harvard University discloses data breach affecting alumni, donors
2025-11-24 14:06:36
Harvard University disclosed over the weekend that its Alumni Affairs and Development systems were compromised in a voice phishing attack, exposing the personal information of students, alumni, donors,...
The Complete Developer's Guide to GraphRAG, LightRAG, and AgenticRAG
2025-11-24 14:00:14
RAG has evolved far beyond “search + generate.” Modern systems—GraphRAG, LightRAG, and AgenticRAG—each target a different pain point: complex reasoning (GraphRAG), efficiency (LightRAG), and dynamic...
True Cybersecurity Story: How FreakyClown Robs Banks
2025-11-24 13:43:34
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Nov. 24, 2025 – Listen to the podcast In “How I Rob Banks: And Other Such Places,” renowned ethical...
Tenda N300 Vulnerabilities Let Attacker to Execute Arbitrary Commands as Root User
2025-11-24 13:36:22
Tenda N300 wireless routers and 4G03 Pro portable LTE devices face severe security threats from multiple command injection vulnerabilities that allow attackers to execute arbitrary commands with root...
20 Non-Cringe Activities to Engage Remote Employees
2025-11-24 13:25:04
Boost engagement and connection in remote teams with 20 non-cringe team development activities - from quick 5-minute icebreakers to longer virtual games, agile retrospectives, and social events for remote...
LLMs Tools Like GPT-3.5-Turbo and GPT-4 Fuels the Development of Fully Autonomous Malware
2025-11-24 13:24:25
Large language models like GPT-3.5-Turbo and GPT-4 are transforming how we work, but they are also opening doors for cybercriminals to create a new generation of malware. Researchers have demonstrated...
Ubuntu 25.04: cups-filters Important Denial of Service Vuln USN-7878-2
2025-11-24 13:19:53
Several security issues were fixed in cups-filters.
How to Build Your First GitHub Actions Workflow for Automated CI/CD
2025-11-24 13:08:49
This guide walks beginners through creating and triggering GitHub Actions workflows, explaining how each part of the YAML file works and how to automate builds and deployments in a simple CI/CD pipeline....
Microsoft tests File Explorer preloading for faster performance
2025-11-24 13:08:08
Microsoft is testing a new optional feature that preloads File Explorer in the background to improve launch times on Windows 11 systems. [...]
Second Sha1-Hulud Wave Affects 25,000+ Repositories via npm Preinstall Credential Theft
2025-11-24 13:03:00
Multiple security vendors are sounding the alarm about a second wave of attacks targeting the npm registry in a manner that's reminiscent of the Shai-Hulud attack.
The new supply chain campaign, dubbed...
New EtherHiding Attack Uses Web-Based Attacks to Deliver Malware and Rotate Payloads
2025-11-24 13:02:45
A new threat known as EtherHiding is reshaping how malware spreads through the internet. Unlike older methods that rely on traditional servers to deliver harmful code, this attack uses blockchain smart...
Fake Prettier Extension on VSCode Marketplace Dropped Anivia Stealer
2025-11-24 12:43:57
Cybersecurity firm Checkmarx Zero, in collaboration with Microsoft, removed a malicious 'prettier-vscode-plus' extension from the VSCode Marketplace. The fake coding tool was a Brandjacking attempt designed...
USN-7878-2: cups-filters vulnerabilities
2025-11-24 12:40:41
USN-7878-1 fixed vulnerabilities in cups-filters, This update provides the
corresponding update for CVE-2025-64524 for Ubuntu 25.04.
Original advisory details:
It was discovered that cups-filters incorrectly...
Attackers deliver ShadowPad via newly patched WSUS RCE bug
2025-11-24 12:35:42
Attackers exploited a patched WSUS flaw (CVE-2025-59287) to gain access, use PowerCat for a shell, and deploy the ShadowPad malware. AhnLab SEcurity intelligence Center (ASEC) researchers reported that...
SUSE: nvidia-container-toolkit Critical Data Tampering Fix 2025:4187-1
2025-11-24 12:34:08
* bsc#1231032 * bsc#1231033 * bsc#1232855 * bsc#1236496 * bsc#1236497
openSUSE: Critical Privilege Escalation Issues in nvidia-container-toolkit
2025-11-24 12:34:08
An update that solves nine vulnerabilities can now be installed.
openSUSE: elfutils Moderate Denial of Service Fix 2025:4092-1
2025-11-24 12:33:59
An update that solves four vulnerabilities can now be installed.
SUSE: elfutils Moderate DoS & Buffer Overflow Issues 2025:4092-1
2025-11-24 12:33:58
* bsc#1237236 * bsc#1237240 * bsc#1237241 * bsc#1237242
SUSE Linux Enterprise 15 SP3: Kernel Important Security Update 2025:4188-1
2025-11-24 12:33:52
* bsc#1065729 * bsc#1199304 * bsc#1205128 * bsc#1206893 * bsc#1210124
⚡ Weekly Recap: Fortinet Exploit, Chrome 0-Day, BadIIS Malware, Record DDoS, SaaS Breach & More
2025-11-24 12:32:00
This week saw a lot of new cyber trouble. Hackers hit Fortinet and Chrome with new 0-day bugs. They also broke into supply chains and SaaS tools. Many hid inside trusted apps, browser alerts, and software...
To buy or not to buy: How cybercriminals capitalize on Black Friday
2025-11-24 12:30:49
How cybercriminals prepare for Black Friday: phishing, scams and malware targeting online shoppers and gamers, fake sales in spam and real sales on the dark web.
Linux Security 2026: Emerging Risks Impacting Cloud and IoT Infrastructure
2025-11-24 12:18:50
Linux security sits at the center of modern infrastructure. Most production systems, cloud workloads, and IoT devices run on it in some form. That reach gives it stability and risk in equal measure. The...
New RadzaRat Spyware Poses as File Manager to Hijack Android Devices
2025-11-24 11:47:21
Certo Software found RadzaRat, an Android RAT disguised as a file manager that has a 0/66 detection rate on VirusTotal. It keylogs passwords and steals files.
Microsoft to remove WINS support after Windows Server 2025
2025-11-24 11:47:01
Microsoft has warned IT administrators to prepare for the removal of Windows Internet Name Service (WINS) from Windows Server releases starting in November 2034. [...]
{ Tribune Expert } – Comment préparer les agents IA de demain
2025-11-24 11:33:30
Pour les entreprises, il ne s'agit plus de se demander si elles sont en mesure de concevoir un agent pour réaliser un objectif donné, mais s'il s'agit véritablement d'une bonne idée.
The post...
USN-7851-2: runC regression
2025-11-24 11:21:36
USN-7851-1 fixed vulnerabilities in runC. The introduction of a new
upstream release has caused regressions in runc-app and runc-stable.
This update fixes the problem.
Original advisory details:
Lei...
Comment le Shadow AI fait exploser le risque de fuite de données
2025-11-24 11:20:42
Si les grandes entreprises ont cadré les usages de l'IA générative, le risque de voir leurs collaborateurs développer des pratiques de Shadow AI en utilisant des modèles américains ou chinois est...
Chinese DeepSeek-R1 AI Generates Insecure Code When Prompts Mention Tibet or Uyghurs
2025-11-24 11:07:00
New research from CrowdStrike has revealed that DeepSeek's artificial intelligence (AI) reasoning model DeepSeek-R1 produces more security vulnerabilities in response to prompts that contain topics deemed...
Arista et Palo Alto Networks renforcent la sécurité des datacenters
2025-11-24 11:06:49
En matière de sécurité, toutes les initiatives de partenariat sont utiles pour améliorer la protection. Dans ce cadre, les (...)
Microsoft: Windows 11 24H2 bug crashes Explorer and Start Menu
2025-11-24 10:41:50
Microsoft has confirmed a critical Windows 11 24H2 bug that causes the File Explorer, the Start Menu, and other key system components to crash when provisioning systems with cumulative updates released...
L'OTAN signe un accord de plusieurs millions avec Google Cloud
2025-11-24 10:26:26
Google Cloud annonce un contrat de plusieurs millions de dollars avec l'Agence de communication et d'information de l'OTAN (NCIA).
The post L'OTAN signe un accord de plusieurs millions avec Google Cloud...
AI attack agents are accelerators, not autonomous weapons: the Anthropic attack
2025-11-24 09:38:37
Why today's AI attack agents boost human attackers but still fall far from becoming real autonomous weapons. Anthropic recently published a report that sparked a lively debate about what AI agents can...
Davantage de sécurité et d'hyperviseurs pour Veeam Data Plaform 13
2025-11-24 09:19:31
Si certains pensent que le chiffre 13 porte malheur, ce n’est pas le cas de Veeam qui vient de l’utiliser pour la dernière édition (...)
Choosing a managed service provider (MSP)
2025-11-24 09:10:25
An SME's guide to selecting and working with managed service providers.
Scattered Spider alleged members deny TfL charges
2025-11-24 08:24:35
Two UK teens linked to Scattered Spider pleaded not guilty to charges over last year's TfL cyberattack at a Southwark Crown Court hearing. Two British teens accused of Computer Misuse Act offenses for...
A week in security (November 17 – November 23)
2025-11-24 08:03:00
A list of topics we covered in the week of November 17 to November 23 of 2025
ShadowPad Malware Actively Exploits WSUS Vulnerability for Full System Access
2025-11-24 07:18:00
A recently patched security flaw in Microsoft Windows Server Update Services (WSUS) has been exploited by threat actors to distribute malware known as ShadowPad.
"The attacker targeted Windows Servers...
List of 8 new domains
2025-11-24 00:00:00
.fr autry-france[.fr] (registrar: Hosting Concepts B.V. d/b/a Openprovider)
carplayfrance[.fr] (registrar: IONOS SE)
certposte[.fr] (registrar: IONOS SE)
cfacturesantepro[.fr] (registrar: OVH)
lucky8-france[.fr]...
Multiples vulnérabilités dans les produits Synology (24 novembre 2025)
24/11/2025
De multiples vulnérabilités ont été découvertes dans les produits Synology. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une atteinte...
Multiples vulnérabilités dans les produits VMware (24 novembre 2025)
24/11/2025
De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.