Toute l'actualité de la Cybersécurité
Avec Database 26ai, Oracle met le cap sur les agents IA
2025-10-15 10:32:14
Près de 15 000 personnes sont attendues à la conférence Oracle AI World qui se déroule dans la cité des loisirs du Nevada (...)
L'UE va signer la Convention des Nations Unies sur la cybercriminalité
2025-10-15 10:23:41
Le Conseil de l'Europe a autorisé la Commission européenne et les États membres à signer la Convention des Nations Unies contre (...)
FortiPAM & FortiSwitch Manager Flaw Allows Attackers to Bypass Authentication
2025-10-15 09:28:33
Fortinet has disclosed a critical security vulnerability affecting FortiPAM and FortiSwitchManager products that could enable attackers to bypass authentication mechanisms through brute-force attacks....
Windows Agere Modem Driver 0-Day Vulnerabilities Actively Exploited To Escalate Privileges
2025-10-15 09:25:35
Microsoft has disclosed two critical zero-day vulnerabilities in the Agere Modem driver bundled with Windows operating systems, confirming active exploitation to escalate privileges. The flaws, tracked...
TigerJack Hackers Target Developer Marketplaces with 11 Malicious VS Code Extensions
2025-10-15 09:15:27
Sophisticated Threat Actor Compromises 17,000+ Developers Through Trojan Extensions That Steal Code and Mine Cryptocurrency. Operating since early 2025 under multiple publisher accounts (ab-498, 498,...
FortiOS CLI Bypass Flaw Lets Attackers Run Arbitrary System Commands
2025-10-15 09:14:52
Fortinet has disclosed a security vulnerability affecting its FortiOS operating system that could allow attackers with administrative privileges to execute unauthorized system commands by bypassing command...
NCSC Warns of UK Experiencing Four Cyber Attacks Every Week
2025-10-15 09:11:07
The United Kingdom faces an unprecedented cyber security crisis as the National Cyber Security Centre (NCSC) reports handling an average of four ‘nationally significant’ cyber attacks weekly....
GhostBat RAT Android Malware Poses as Fake RTO Apps to Steal Banking Data from Indian Users
2025-10-15 08:32:40
The GhostBat RAT campaign leverages diverse infection vectors—WhatsApp, SMS with shortened URLs, GitHub-hosted APKs, and compromised websites—to distribute malicious Android droppers. Once installed,...
Microsoft IIS Vulnerability Allows Unauthorized Attacker To execute Malicious Code
2025-10-15 08:24:55
Microsoft has disclosed a critical remote code execution flaw in its Internet Information Services (IIS) platform, posing risks to organizations relying on Windows servers for web hosting. Tracked as...
Africa Remains Top Global Target, Even as Attacks Decline
2025-10-15 08:00:00
Organizations across the continent saw 10% fewer attacks in September, but Africa remains the most attacked region in the world, leading the Global South.
Unencrypted satellites expose global communications
2025-10-15 07:57:30
Researchers found nearly half of geostationary satellites leak unencrypted data, exposing consumer, corporate, and military communications. A group of researchers from UC San Diego and the University...
Flax Typhoon APT exploited ArcGIS server for over a year as a backdoor
2025-10-15 07:11:07
China-linked cyberespionage group Flax Typhoon hijacked an ArcGIS system for over a year and used it as a backdoor. China-linked APT group Flax Typhoon (aka Ethereal Panda or RedJuliett) compromised an...
Chinese Hackers Use Geo-Mapping Tool for Year-Long Persistence
2025-10-15 07:04:51
The China-backed advanced persistent threat group Flax Typhoon maintained year-long access to an ArcGIS system by turning trusted software into a persistent backdoor—an attack so unique it prompted...
Two CVSS 10.0 Bugs in Red Lion RTUs Could Hand Hackers Full Industrial Control
2025-10-15 06:50:00
Cybersecurity researchers have disclosed two critical security flaws impacting Red Lion Sixnet remote terminal unit (RTU) products that, if successfully exploited, could result in code execution with...
Critical Veeam Backup RCE Vulnerabilities Let Attackers Execute Malicious Code Remotely
2025-10-15 06:20:12
Veeam Software has disclosed three serious security flaws in its Backup & Replication suite and Agent for Microsoft Windows, which enable remote code execution and privilege escalation, potentially...
Hackers Target ICTBroadcast Servers via Cookie Exploit to Gain Remote Shell Access
2025-10-15 06:16:00
Cybersecurity researchers have disclosed that a critical security flaw impacting ICTBroadcast, an autodialer software from ICT Innovations, has come under active exploitation in the wild.
The vulnerability,...
End of Support for Windows 10 Sparks Security Fears Among Millions of Users
2025-10-15 06:07:05
Microsoft officially ended support for Windows 10 on October 14, 2025, leaving millions of users worldwide facing critical security concerns. The decision marks the end of regular technical assistance,...
Windows Remote Desktop Client Vulnerability Let Attackers Execute Remote Code
2025-10-15 06:04:24
Microsoft has patched a critical flaw in its Remote Desktop Client that could allow attackers to execute malicious code on victims’ systems. Disclosed on October 14, 2025, as CVE-2025-58718, the...
Le mode Internet Explorer d'Edge restreint après une faille de sécurité
2025-10-15 06:01:14
Microsoft a rendu plus difficile l'activation du mode Internet Explorer dans Edge. La conséquence d'une faille critique découverte cet été.
The post Le mode Internet Explorer d’Edge restreint...
Encrypt & Decrypt Database Fields in Spring Boot Like a Pro (2025 Secure Guide)
2025-10-15 05:55:10
“Your database backup just leaked. Is your data still safe?”Continue reading on InfoSec Write-ups »
UEFI Shell Flaws Let Hackers Disable Secure Boot on Over 200,000 Laptops
2025-10-15 05:44:39
Security researchers have uncovered critical vulnerabilities in signed UEFI shells that allow attackers to completely bypass Secure Boot protections on approximately 200,000 Framework laptops and desktops....
Chrome Use After Free Vulnerability Let Attackers Execute Arbitrary Code
2025-10-15 05:44:19
Google has rolled out an urgent security update for its Chrome browser, addressing a high-severity use-after-free vulnerability that could allow attackers to execute arbitrary code on users’ systems....
New SAP NetWeaver Bug Lets Attackers Take Over Servers Without Login
2025-10-15 05:36:00
SAP has rolled out security fixes for 13 new security issues, including additional hardening for a maximum-severity bug in SAP NetWeaver AS Java that could result in arbitrary command execution.
The vulnerability,...
Pixnapping Attack Hijacks Google Authenticator 2FA Codes in Under 30 Seconds
2025-10-15 05:34:20
Security researchers have unveiled a sophisticated new attack technique dubbed “Pixnapping” that can extract two-factor authentication codes from Google Authenticator and other sensitive mobile...
Hackers Exploit Windows Remote Access Connection Manager 0-Day in Ongoing Attacks
2025-10-15 05:31:28
Microsoft has confirmed active exploitation of a critical zero-day vulnerability affecting the Windows Remote Access Connection Manager, designated as CVE-2025-59230. The security flaw, disclosed on October...
Telegram Becomes the Nerve Center for Modern Hacktivist Operations
2025-10-15 04:20:45
Telegram has solidified its position as the primary coordination hub for modern hacktivist operations, according to comprehensive research analyzing over 11,000 posts from more than 120 politically motivated...
Hello Cake - 22,907 breached accounts
2025-10-15 03:16:37
In July 2025, the sexual healthcare product maker Hello Cake suffered a data breach. The data was subsequently posted on a public hacking forum and included 23k unique email addresses along with names,...
Windows Remote Access Connection Manager 0-Day Vulnerability Actively Exploited in Attacks
2025-10-15 02:43:34
Microsoft has confirmed active exploitation of a critical zero-day vulnerability in the Windows Remote Access Connection Manager (RasMan) service, allowing attackers to escalate privileges and potentially...
Fedora 42: Resolved CVE-2025-54080 & CVE-2025-55304 SegFault Issues
2025-10-15 01:01:18
Update to exiv2-0.28.7, fixes CVE-2025-54080 and CVE-2025-55304.
Fedora 42 mingw-exiv2 Critical Fix for Performance Issues CVE-2025-54080
2025-10-15 01:01:18
Update to exiv2-0.28.7, fixes CVE-2025-54080 and CVE-2025-55304.
Fedora 42: rust-protobuf-update Loop Prevention Solution 2025-3de09bf58a
2025-10-15 01:01:02
Update mirrorlist-server to version 3.0.8. Update the maxminddb crate to version 0.26.0. Update the prometheus crate to version 0.14.0. Update the protobuf and protobuf-codegen crates to version 3.7.2....
Fedora 42: Severe Uncontrolled Recursion Flaw in rust-protobuf-parse
2025-10-15 01:01:02
Update mirrorlist-server to version 3.0.8. Update the maxminddb crate to version 0.26.0. Update the prometheus crate to version 0.14.0. Update the protobuf and protobuf-codegen crates to version 3.7.2....
Fedora 42: Critical Fix for Uncontrolled Recursion in rust-protobuf-codegen
2025-10-15 01:01:02
Update mirrorlist-server to version 3.0.8. Update the maxminddb crate to version 0.26.0. Update the prometheus crate to version 0.14.0. Update the protobuf and protobuf-codegen crates to version 3.7.2....
Ubuntu 22: python-pycryptodome High Memory Leak Issue 2025-2db54ef2a
2025-10-15 01:01:01
Update mirrorlist-server to version 3.0.8. Update the maxminddb crate to version 0.26.0. Update the prometheus crate to version 0.14.0. Update the protobuf and protobuf-codegen crates to version 3.7.2....
npm Supply Chain Attack
2025-10-15 00:11:01
What is the Attack?
On September 8, 2025, attackers phished the npm maintainer “qix” and stole their two-factor authentication (2FA) credentials....
Salesloft Drift Supply Chain Attack
2025-10-15 00:07:50
What is the Attack?
Threat actors tracked as UNC6395 exploited the Salesloft Drift integration, a SaaS AI chatbot tool linked to Salesforce and other...