Toute l'actualité de la Cybersécurité
U.S. CISA adds Google Chromium and Sierra Wireless AirLink ALEOS flaws to its Known Exploited Vulnerabilities catalog
2025-12-13 10:48:52
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chromium and Sierra Wireless AirLink ALEOS flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure...
Cyberinfo de la semaine du 13 décembre 2025
2025-12-13 09:28:02
Cyberinfo de la semaine du 13 décembre 2025 - Cyberattaques, fuites massives & espionnage : l'actu cybersécurité de la semaine....
Rust-Based Luca Stealer Spreads Across Linux and Windows Systems
2025-12-13 08:33:23
Threat actors are increasingly abandoning traditional languages like C and C++ in favor of modern alternatives such as Golang, Rust, and Nim. This strategic shift enables developers to compile malicious...
Beyond Authentication — Exploiting a Nasty IDOR in Profile Update Functionality
2025-12-13 07:57:06
Beyond Authentication — Exploiting a Nasty IDOR in Profile Update FunctionalityIt wasn't a complex SQL injection or a tricky deserialization flaw. It was a failure to ask one simple question:...
MITRE: TryHackMe Room Walkthrough
2025-12-13 07:54:10
This TryHackMe room walkthrough will discuss the various resources MITRE has made available for the cybersecurity community.Continue reading on InfoSec Write-ups »
Stored Cross-Site Scripting: HTML Context (Nothing Encoded)
2025-12-13 07:54:03
Stored XSS occurs when malicious input is saved on the server and executed every time a user loads the affected page.Continue reading on InfoSec Write-ups »
From Recon to RCE: Hunting React2Shell (CVE-2025–55182) for Bug Bounties
2025-12-13 07:53:14
A step-by-step walkthrough covering discovery, validation and real-world exploitation in React and Next.js applicationsContinue reading on InfoSec Write-ups »
The TechBeat: Leader or No Leader, That is the Question (12/13/2025)
2025-12-13 07:10:57
How are you, hacker?
🪐Want to know what's trending right now?:
The Techbeat by HackerNoon has got you covered with fresh content from our trending stories of the day! Set email preference here.
...
New Phantom Stealer Campaign Hits Windows Machines Through ISO Mounting
2025-12-13 06:23:29
Researchers have uncovered a sophisticated phishing campaign originating in Russia that deploys the Phantom information-stealing malware via malicious ISO files. The attack, dubbed “Operation MoneyMount-ISO,”...
Apple Issues Security Updates After Two WebKit Flaws Found Exploited in the Wild
2025-12-13 05:32:00
Apple on Friday released security updates for iOS, iPadOS, macOS, tvOS, watchOS, visionOS, and its Safari web browser to address two security flaws that it said have been exploited in the wild, one of...
React2Shell Remote Code Execution (RCE) Vulnerability
2025-12-13 02:46:40
What is the Vulnerability?
React2Shell is a critical unauthenticated RCE vulnerability impacting React Server Components (RSC) and frameworks that...
Apple 0-Day Vulnerabilities Exploited in Sophisticated Attacks Targeting iPhone Users
2025-12-13 02:44:13
Apple patches two WebKit zero-day flaws actively exploited in sophisticated attacks targeting specific iPhone users running iOS versions prior to 26. The iOS 26.2 and iPadOS 26.2 updates, released...
The Hidden Cost of “Free” Apps and the Battle for Your Attention
2025-12-13 01:41:42
The “free” model of popular apps often disguises data collection, behavioral profiling, and monetization of user attention. Features like infinite scroll, autoplay, and push notifications aren't about...
Why 'Crypto Games' Fail But 'Games With Crypto' Succeed
2025-12-13 01:28:34
Traditional "crypto games" fail because they prioritize tokens over fun, but "games with crypto" succeed by making blockchain optional or invisible. Three approaches work: hiding crypto entirely (Off...
Fedora 41: apptainer 2025-df330356b2
2025-12-13 01:27:27
Apply fuse2fs patches that were accidentally empty Update to upstream 1.4.5, including a fix for CVE-2025-65105
Fedora 43: apptainer 2025-cf169a01e8
2025-12-13 01:12:52
Apply fuse2fs patches that were accidentally empty Update to upstream 1.4.5, including a fix for CVE-2025-65105
Mistral Bets on Enterprise “Vibe Coding” With Devstral 2 and an Open-Source CLI Agent
2025-12-13 01:00:00
Mistral, the French frontier AI model lab most recently valued at €11.7 billion, has launched a duo of open-weight coding models.
Fedora 42: apptainer 2025-ff963b3775
2025-12-13 00:50:49
Apply fuse2fs patches that were accidentally empty Update to upstream 1.4.5, including a fix for CVE-2025-65105
Fake Microsoft Teams and Google Meet Downloads Spread Oyster Backdoor
2025-12-13 00:17:14
The Oyster backdoor (also known as Broomstick) is targeting the financial world, using malicious search ads for PuTTY, Teams, and Google Meet.
Emergency fixes deployed by Google and Apple after targeted attacks
2025-12-13 00:08:15
Google and Apple issued emergency updates to address zero-day flaws exploited in attacks targeting an unknown number of users. Apple and Google have both pushed out urgent security updates after uncovering...
List of 14 new domains
2025-12-13 00:00:00
.fr alexandercasino-bet[.fr] (registrar: NETIM)
assistances-sg-intranet[.fr] (registrar: Hostinger operations UAB)
carplusfrance[.fr] (registrar: OVH)
carrefoursa[.fr] (registrar: EPAG Domainservices...