Toute l'actualité de la Cybersécurité
Defender Application Guard pour Office abandonné d'ici 2027
2025-11-10 09:26:08
La fin de vie de Defender Application Guard de Microsoft (MDAG) se précise. Cette fonction, qui protège les documents Office de logiciels (...)
Google Cloud greffe de l'observabilité dans Vertex AI Agent Builder
2025-11-10 09:06:53
Petit à petit, Google Cloud enrichit Vertex AI Agent Builder avec des tableaux de bord d'observabilité inédits, des outils de création (...)
Hackers Exploit Websites to Inject Malicious Links for SEO Manipulation
2025-11-10 08:49:03
A surge in online casino spam is reshaping the dark corners of the internet, with threat actors increasingly hacking websites to embed malicious SEO-boosting links. This evolving tactic aims to promote...
Critical runc Vulnerabilities Put Docker and Kubernetes Container Isolation at Risk
2025-11-10 08:05:30
Three critical vulnerabilities in runc, the container runtime powering Docker, Kubernetes, and other containerization platforms. These flaws could allow attackers to escape container isolation and gain...
A week in security (November 3 – November 9)
2025-11-10 08:02:00
A list of topics we covered in the week of November 3 to November 9 of 2025
Italian Adviser Becomes Latest Target in Expanding Paragon Graphite Spyware Surveillance Case
2025-11-10 08:01:20
An extract from “The Enemy Inside, the Paragon Case, Spies and Regime Methods in Giorgia Meloni’s Italy” by Francesco Cancellato, published by Rizzoli on November 11, 2025. This surveillance...
Monsta web-based FTP Remote Code Execution Vulnerability Exploited
2025-11-10 07:38:21
A critical remote code execution vulnerability in Monsta FTP, a popular web-based FTP client used by financial institutions and enterprises worldwide. The flaw, now tracked as CVE-2025-34299, affects...
APT Groups Target Construction Firms to Steal RDP, SSH, and Citrix Credentials
2025-11-10 07:27:37
The construction industry has emerged as a primary target for sophisticated cyber adversaries in 2025, with threat actors including state-sponsored APT groups, ransomware operators, and organized cybercriminal...
Ex-Intel Employee Hid 18,000 Sensitive Documents Prior to Leaving the Company
2025-11-10 07:01:53
Intel is pursuing legal action against a former software engineer who the company claims downloaded thousands of confidential files shortly after being fired in July. The incident highlights growing concerns...
LangGraph Deserialization Flaw Enables Execution of Malicious Python Code
2025-11-10 06:54:25
A critical remote code execution vulnerability has been discovered in LangGraph’s checkpoint serialization library, affecting versions before 3.0. The flaw resides in the JsonPlusSerializer component,...
Elastic Defend for Windows Vulnerability Allows Threat Actors to Gain Elevated Access
2025-11-10 06:43:49
Elastic has released a security advisory addressing a significant vulnerability in Elastic Defend that could allow attackers to escalate their privileges on Windows systems. The vulnerability, tracked...
Hackers Abuse runc Tool to Escape Containers and Compromise Hosts
2025-11-10 06:21:51
Three critical vulnerabilities in runc, the widely-used container runtime that powers Docker and Kubernetes, have been disclosed, allowing attackers to break out of container isolation and gain root access...
Data Leak Exposes Chinese State-Sponsored Cyber Arsenal and Target Database
2025-11-10 06:14:17
In early November 2025, a massive data breach at Knownsec, a prominent Chinese cybersecurity firm with government ties, sent shockwaves through the international security community. The incident, reported...
New Whisper-Based Attack Reveals User Prompts Hidden Inside Encrypted AI Traffic
2025-11-10 05:33:40
Microsoft researchers have unveiled a sophisticated side-channel attack targeting remote language models that could allow adversaries to infer conversation topics from encrypted network traffic. Despite...
Monsta FTP Remote Code Execution Flaw Being Exploited in the Wild
2025-11-10 04:54:56
Security researchers have discovered an actively exploited remote code execution vulnerability in Monsta FTP, a web-based FTP client used by financial institutions, enterprises, and individual users worldwide....
HackGPT: AI-Powered Penetration Testing Platform Includes GPT-4 and Other AI Engines
2025-11-10 03:29:26
HackGPT Enterprise is a new tool made for security teams focuses on being scalable and compliant, meeting the growing need for effective vulnerability assessments. The platform supports multi-model AI,...
Fedora 41: xorg-x11-server-Xwayland Important CVE Fixes 2025-0e29263f5a
2025-11-10 02:50:33
Update to xwayland 24.1.9, CVE fix for: CVE-2025-62229, CVE-2025-62230, CVE-2025-62231
Fedora 43: Chromium High Security Issues CVE-2025-12725, 12726, 12727
2025-11-10 00:48:46
Update to 142.0.7444.134 * High CVE-2025-12725: Out of bounds write in WebGPU * High CVE-2025-12726: Inappropriate implementation in Views * High CVE-2025-12727: Inappropriate implementation in V8 * Medium...
Fedora 43 Pydantic Moderate Bug Fix Security Update 2025-312ac3e645
2025-11-10 00:47:44
Pydantic 2.12.4 This is the fourth 2.12 patch release, fixing more regressions, and reverting a change in the build() method of the AnyUrl and Dsn types.
Fedora 43: rust-reqsign Critical Signing Issue Advisory 2025-312ac3e645
2025-11-10 00:47:44
Pydantic 2.12.4 This is the fourth 2.12 patch release, fixing more regressions, and reverting a change in the build() method of the AnyUrl and Dsn types.
Fedora 43: Critical Rust-Reqsign Update for Http Send Reqwest Serialization
2025-11-10 00:47:44
Pydantic 2.12.4 This is the fourth 2.12 patch release, fixing more regressions, and reverting a change in the build() method of the AnyUrl and Dsn types.
Fedora 43: rust-reqsign-file-read-tokio Critical DoS Threat 2025-312ac3e645
2025-11-10 00:47:44
Pydantic 2.12.4 This is the fourth 2.12 patch release, fixing more regressions, and reverting a change in the build() method of the AnyUrl and Dsn types.
QNAP fixed multiple zero-days in its software demonstrated at Pwn2Own 2025
2025-11-10 00:01:33
QNAP patched seven zero-days used at Pwn2Own 2025 affecting QTS, QuTS hero, Hyper Data Protector, Malware Remover, and HBS 3. Taiwanese vendor QNAP patched seven zero-day vulnerabilities exploited at...