Toute l'actualité de la Cybersécurité
Gartner alerte sur l'usage des navigateurs IA en entreprise
2025-12-12 14:14:09
Il vaut mieux prévenir que guérir. Fort de cet adage, Gartner enjoint les entreprises à bloquer l’usage des navigateurs IA comme (...)
New Advanced Phishing Kits Use AI and MFA Bypass Tactics to Steal Credentials at Scale
2025-12-12 14:04:00
Cybersecurity researchers have documented four new phishing kits named BlackForce, GhostFrame, InboxPrime AI, and Spiderman that are capable of facilitating credential theft at scale.
BlackForce, first...
True Hacking Story: From Teen Computer Whiz To Crypto Godfather
2025-12-12 14:02:26
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Dec. 12, 2025 –Watch the YouTube video In early 2025, self-proclaimed crypto Godfather Adam Iza pleaded...
Are Trade Concerns Trumping US Cybersecurity?
2025-12-12 14:00:00
The Trump administration appears to have dropped sanctions against Chinese actors for the Salt Typhoon attacks on US telecoms; but focusing on diplomacy alone misses the full picture, experts say.
New AiTM Attack Campaign That Bypasses MFA Targeting Microsoft 365 and Okta Users
2025-12-12 13:57:17
A sophisticated phishing campaign has emerged that successfully bypasses multi-factor authentication, protecting Microsoft 365 and Okta users, representing a serious threat to organizations relying on...
{ Tribune Expert } – Agents IA : les grands bénéfices des petits modèles de langage
2025-12-12 13:45:34
Les SLM offrent des avantages remarquables et des applications concrètes pour les équipes terrain, notamment dans des secteurs comme celui de la distribution.
The post { Tribune Expert } – Agents...
VMware exclut l'UE de la marche forcée vers VCF
2025-12-12 13:44:56
VMware franchit un nouveau cap dans le resserrement de son offre autour de VCF, mais fait - jusqu'à nouvel ordre - une exception pour l'UE.
The post VMware exclut l’UE de la marche forcée vers...
USN-7907-5: Linux kernel kernel vulnerabilities
2025-12-12 13:44:24
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Cryptographic API;
...
Top 20 Most Exploited Vulnerabilities of 2025: A Comprehensive Analysis
2025-12-12 13:29:52
The cybersecurity landscape of 2025 has been marked by an unprecedented surge in vulnerability exploitation, with threat actors leveraging critical flaws across enterprise software, cloud infrastructure,...
Sorbonne Paris Nord confronte 200 étudiants à une cyberattaque
2025-12-12 13:18:51
Mettre en lice des profils juniors lors d’un exercice de gestion de crise informatique à grande échelle. C’est l’idée (...)
CyberVolk Hackers Group With New VolkLocker Payloads Attacks both Linux and Windows Systems
2025-12-12 12:15:29
CyberVolk, a pro-Russia hacktivist group, has reemerged with a new ransomware platform called VolkLocker following a period of dormancy in 2025. The group, first documented in late 2024 for conducting...
New ConsentFix Attack Let Attackers Hijack Microsoft Accounts by Leveraging Azure CLI
2025-12-12 11:55:43
A sophisticated new phishing attack technique called “ConsentFix” that combines OAuth consent phishing with ClickFix-style prompts to compromise Microsoft accounts without requiring passwords...
NANOREMOTE Malware Leverages Google Drive API for Command-and-Control (C2) to Attack Windows Systems
2025-12-12 11:34:47
A sophisticated new Windows backdoor named NANOREMOTE emerged in October 2025, presenting a significant threat to enterprise environments by leveraging legitimate cloud infrastructure for malicious purposes....
New Windows RasMan zero-day flaw gets free, unofficial patches
2025-12-12 11:28:06
Free unofficial patches are available for a new Windows zero-day vulnerability that allows attackers to crash the Remote Access Connection Manager (RasMan) service. [...]
Bloqués dans les aéroports ? Des experts en cybersécurité partagent 3 conseils de sécurité pour le Wi-Fi public
2025-12-12 11:24:48
Aéroports bondés et longs retards : les voyageurs sont des cibles faciles sur les réseaux Wi-Fi publics ; des experts en cybersécurité partagent 3 mesures de sécurité. Pour éviter d'être...
Elastic detects stealthy NANOREMOTE malware using Google Drive as C2
2025-12-12 11:11:36
Elastic found a new Windows backdoor, NANOREMOTE, similar to FINALDRAFT/REF7707, using the Google Drive API for C2. Elastic Security Labs researchers uncovered NANOREMOTE, a new Windows backdoor that...
New BlackForce Phishing Kit Lets Attackers Steal Credentials Using MitB Attacks and Bypass MFA
2025-12-12 10:41:50
A sophisticated phishing tool called BlackForce has emerged as a serious threat to organizations worldwide. First observed in August 2025, this professional-grade kit allows criminals to steal login information...
From Breach Fatigue to Brand Loyalty: Winning Customer Confidence in an Era of Constant Threats
2025-12-12 10:27:10
The Trust Crisis No One's Talking About Every breach, leak, or phishing attack doesn't just affect the targeted company—it reverberates across the broader consumer landscape. Each new headline chips...
How private is your VPN?
2025-12-12 10:25:00
After years of trying VPNs for myself, privacy-minded family members, and a few mission-critical projects, here's what I wish everyone knew.
Securing GenAI in the Browser: Policy, Isolation, and Data Controls That Actually Work
2025-12-12 10:18:00
The browser has become the main interface to GenAI for most enterprises: from web-based LLMs and copilots, to GenAI‑powered extensions and agentic browsers like ChatGPT Atlas. Employees are leveraging...
15 millions de tentatives d'attaques déguisées en VPN : le risque caché derrière la quête de confidentialité de la Gen Z
2025-12-12 10:10:55
La Génération Z utilise bien plus d'outils de confidentialité que toutes les autres générations, mais cette tendance pourrait également en faire une cible privilégiée pour les cybercriminels....
Prédiction 2026 – Pourquoi la biométrie seule ne suffit plus
2025-12-12 10:08:03
Lovro Persen, Directeur Document Management & Fraud chez IDnow, a un parcours rare dans l'industrie : trente ans d'expérience en law enforcement, dont plus d'une décennie au sein d'INTERPOL....
Sécurité réseau : cloisonnement et protection en cybersécurité
2025-12-12 10:06:26
En cybersécurité, il ne suffit plus de protéger un poste de travail, d'installer un antivirus ou de déployer un firewall. Aujourd'hui, un seul clic sur un mail piégé peut suffire à compromettre...
Deux failles dans Forticloud SSO à corriger
2025-12-12 10:04:04
Encore une alerte pour les administrateurs systèmes qui se servent de SSO (single sign-on) Forticloud pour authentifier l’accès aux (...)
Beware of Fake Leonardo DiCaprio Movie Torrent File Drops Agent Tesla Malware
2025-12-12 10:01:54
A new threat is targeting movie lovers who search for the latest films online. Cybercriminals are now using the popularity of Leonardo DiCaprio’s new film, One Battle After Another, to spread the...
Following the digital trail: what happens to data stolen in a phishing attack
2025-12-12 10:00:39
Kaspersky experts detail the journey of the victims' data after a phishing attack. We break down the use of email-based phishing kits, Telegram bots, and customized administration panels.
MITRE Releases Top 25 Most Dangerous Software Weaknesses of 2025
2025-12-12 09:51:34
MITRE has unveiled its 2025 Common Weakness Enumeration (CWE™) Top 25 Most Dangerous Software Weaknesses list, highlighting the root causes behind 39,080 Common Vulnerability and Exposure (CVE™) records...
CISA orders feds to patch actively exploited Geoserver flaw
2025-12-12 09:48:31
CISA has ordered U.S. federal agencies to patch a critical GeoServer vulnerability now actively exploited in XML External Entity (XXE) injection attacks. [...]
U.S. CISA adds an OSGeo GeoServer flaw to its Known Exploited Vulnerabilities catalog
2025-12-12 09:24:42
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds an OSGeo GeoServer flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an...
Ashen Lepus Hacker Group Attacks Eastern Diplomatic Entities With New AshTag Malware
2025-12-12 09:13:31
A Hamas‑affiliated threat group known as Ashen Lepus, also tracked as WIRTE, has launched a new espionage campaign against governmental and diplomatic entities across the Middle East. The group uses...
Fusion Broadcom-VMware : le CISPE muscle son recours en annulation
2025-12-12 09:09:27
Le CISPE estime que la dette et les promesses de croissance liées à l'opération auguraient de l'évolution de la politique commerciale.
The post Fusion Broadcom-VMware : le CISPE muscle son recours...
Apache Struts 2 DoS Vulnerability Let Attackers Crash Server
2025-12-12 09:04:39
A critical denial-of-service vulnerability has been discovered in Apache Struts 2, affecting multiple versions of the popular web application framework. The vulnerability, identified as CVE-2025-64775,...
New React RSC Vulnerabilities Enable DoS and Source Code Exposure
2025-12-12 08:55:00
The React team has released fixes for two new types of flaws in React Server Components (RSC) that, if successfully exploited, could result in denial-of-service (DoS) or source code exposure.
The team...
MITRE shares 2025's top 25 most dangerous software weaknesses
2025-12-12 08:43:16
MITRE has shared this year's top 25 list of the most dangerous software weaknesses behind over 39,000 security vulnerabilities disclosed between June 2024 and June 2025. [...]
React2Shell Exploitation Escalates into Large-Scale Global Attacks, Forcing Emergency Mitigation
2025-12-12 08:41:00
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has urged federal agencies to patch the recent React2Shell vulnerability by December 12, 2025, amid reports of widespread exploitation.
The...
Turn me on, turn me off: Zigbee assessment in industrial environments
2025-12-12 08:00:17
Kaspersky expert describes the Zigbee wireless protocol and presents two application-level attack vectors that allow Zigbee endpoints to be turned on and off.
MKVCinemas streaming piracy service with 142M visits shuts down
2025-12-12 07:14:31
An anti-piracy coalition has dismantled one of India's most popular streaming piracy services, which has provided free access to movies and TV shows to millions over the past two years. [...]
The TechBeat: How AIStor's Prompt API Lets Healthcare Professionals “Talk” to Their Data (12/12/2025)
2025-12-12 07:11:01
How are you, hacker?
🪐Want to know what's trending right now?:
The Techbeat by HackerNoon has got you covered with fresh content from our trending stories of the day! Set email preference here.
...
Hamas-Linked Hackers Probe Middle Eastern Diplomats
2025-12-12 07:00:00
Hamas's best hackers have been maturing, building better malware, and spreading their attacks more widely across the region.
Obscura Brings Bulletproofs++ to the Beldex Mainnet for Sustainable Scaling
2025-12-12 06:01:28
Beldex introduced the Obscura hardfork, which went live on December 7, 2025, at block height 4939540.
The upgrade includes multiple refinements, but its core improvement is the integration of Bulletproofs++....
ScreenSafe: A Technical Chronicle of On-Device AI and Privacy-First Architecture
2025-12-12 06:00:31
The Problem: Cloud-based moderation violates privacy, but on-device AI hits hostile OS limits—specifically the iOS Share Extension memory ceiling (120MB) and Android's Binder IPC limit (1MB).
The Solution:...
Model.fit is More Complex Than it Looks
2025-12-12 06:00:31
Linear regression's closed-form solution looks simple, but computing inverse matrix is numerically dangerous. Ill-conditioned matrices, floating-point limits, and squaring the condition number in XᵀX...
Lessons From Hands-on Research on High-Velocity AI Development
2025-12-12 05:57:11
The main constraint on AI-assisted development was not model capability but how context was structured and exposed.
3 Common Misconceptions Fintech Founders Have About Engineering Teams
2025-12-12 05:50:05
Fintech founders often make assumptions about how software development works. Agile frameworks let you adjust plans after every iteration. As your product grows, so does the complexity of its functionality...
Designing AI-Ready Infrastructure: What Modern Data Centers Actually Need
2025-12-12 05:49:28
You can buy racks of accelerators, but unless the entire power, cooling, and networking stack is prepared, those boxes turn into very expensive space heaters.
How I Built a “Bicameral” AI Agent That Uses Australian Lasers to Make Decisions When Logic Fails
2025-12-12 05:39:23
Quantum chaos = random AIBy giving an AI a direct line to the quantum vacuum, we aren't just making a random number generator. We are building a machine that can break its own chains of causality.
How GenAI is Reshaping the Modern Data Architecture
2025-12-12 05:33:02
In today's world, most of the enterprises are building LLM based GenAI solutions with document and database vectors. This is the moment almost every enterprise reaches: the GenAI works, but the data...
How to Dive into a New Domain and Ship a High-Load System Fast
2025-12-12 05:28:24
Remember: it's difficult at first, but soon you'll be swimming like a fish in water.
Your Brain Isn't Broken—Your Map Is:
2025-12-12 05:20:34
Buddhist cognitive science deals with your "structure of meaning." The mind is an interpretive engine, not a mechanical device. Your “Map” Is Built From Patterns, Not Neurons.
UK Government to Start Tracking All Crypto Transactions
2025-12-12 05:16:07
HMRC will use this data to cross-check against information provided in self-assessment tax returns. Robin Thatcher, founder of CryptoTaxHelp, said he expects an increase in targeted compliance checks.
CISA Flags Actively Exploited GeoServer XXE Flaw in Updated KEV Catalog
2025-12-12 05:01:00
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a high-severity security flaw impacting OSGeo GeoServer to its Known Exploited Vulnerabilities (KEV) catalog, based on...
Oracle Linux 10: Ruby Moderate Security Advisory ELSA-2025-23141
2025-12-12 05:00:37
The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:
Oracle 10: ELSA-2025-23139 Libsoup3 Moderate Security Update
2025-12-12 05:00:35
The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:
Oracle Linux 10: Grafana Moderate CVE-2025-58183 ELSA-2025-23088
2025-12-12 05:00:34
The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:
Oracle Linux 10: ELSA-2025-23083 Wireshark Important Update for DoS Risk
2025-12-12 05:00:32
The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:
Oracle Linux 10: Tomcat Important Risk Update ELSA-2025-23050
2025-12-12 05:00:30
The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:
Oracle Linux 9 ELSA-2025-23087 Grafana Moderate Threat Advisory
2025-12-12 04:58:25
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:
Multiples vulnérabilités dans les produits Atlassian (12 décembre 2025)
12/12/2025
De multiples vulnérabilités ont été découvertes dans les produits Atlassian. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni...
Multiples vulnérabilités dans les produits Netgate (12 décembre 2025)
12/12/2025
De multiples vulnérabilités ont été découvertes dans les produits Netgate. Elles permettent à un attaquant de provoquer un déni de service à distance et un contournement de la politique de sécurité....
Multiples vulnérabilités dans les produits NetApp (12 décembre 2025)
12/12/2025
De multiples vulnérabilités ont été découvertes dans les produits NetApp. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité...
Multiples vulnérabilités dans Microsoft Edge (12 décembre 2025)
12/12/2025
De multiples vulnérabilités ont été découvertes dans Microsoft Edge. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Vulnérabilité dans Microsoft Windows Admin Center (12 décembre 2025)
12/12/2025
Une vulnérabilité a été découverte dans Microsoft Windows Admin Center. Elle permet à un attaquant de provoquer une élévation de privilèges.
Multiples vulnérabilités dans le noyau Linux de Red Hat (12 décembre 2025)
12/12/2025
De multiples vulnérabilités ont été découvertes dans le noyau Linux de Red Hat. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, un déni de service...
Multiples vulnérabilités dans le noyau Linux d'Ubuntu (12 décembre 2025)
12/12/2025
De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité...
Multiples vulnérabilités dans le noyau Linux de SUSE (12 décembre 2025)
12/12/2025
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Elles permettent à un attaquant de provoquer un déni de service et un problème de sécurité non spécifié par l'éditeur....
Multiples vulnérabilités dans les produits IBM (12 décembre 2025)
12/12/2025
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité...