Toute l'actualité de la Cybersécurité
Hackers Can Leverage Delivery Receipts on WhatsApp and Signal to Extract User Private Information
2025-12-08 14:24:43
Security researchers have exposed a critical privacy flaw dubbed “Careless Whisper” that lets attackers monitor user activity on WhatsApp and Signal through silent delivery receipts, without...
Hackers Leverage Multiple Ad Networks to Attack Adroid Users With Triada Malware
2025-12-08 14:20:30
Mobile security continues to face significant challenges as sophisticated malware campaigns evolve to bypass traditional defenses. The Triada Trojan, a persistent threat to Android users for nearly a...
IBM rachète Confluent pour 11 milliards $
2025-12-08 14:13:34
En s'emparant de Confluent, spécialiste du streaming de données en temps réel, IBM renforce son offre pour déployer l'IA générative et agentique en entreprise.
The post IBM rachète Confluent pour...
CISA Adds Critical React2Shell Vulnerability to KEV Catalog Following Active Exploitation
2025-12-08 14:11:37
A critical vulnerability affecting Meta React Server Components has been added to the Known Exploited Vulnerabilities catalog, signalling widespread active exploitation by CISA. Tracked as CVE-2025-55182,...
IBM renforce la protection DNS pour le trafic multicloud
2025-12-08 13:48:13
Pour éviter les pannes liées au DNS, IBM s’est associé à AWS pour dévoiler Cloud Sync en proposant une synchronisation (...)
Critical Cal.com Vulnerability Let Attackers Bypass Authentication Via Fake TOTP Codes
2025-12-08 13:45:35
A severe authentication bypass vulnerability has been discovered in cal.com, the popular open-source scheduling platform. Allowing attackers to gain unauthorized access to user accounts by submitting...
US Accounts for 44% of Cyber Attacks; Financial Gain Targets Public Administration
2025-12-08 13:41:57
The United States continues to face an unprecedented surge in cyber threats, accounting for nearly half of all documented cyber attacks globally between 2024 and 2025. Recent data from the Cyber Events...
AWS: China-linked threat actors weaponized React2Shell hours after disclosure
2025-12-08 13:37:42
Multiple China-linked threat actors began exploiting the CVE-2025-55182, aka React2Shell flaw, within hours, AWS Security warns. Multiple China-linked threat actors began exploiting the CVE-2025-55182,...
3 Real-World Penetration Testing Lessons For CISOS and Cybersecurity Teams
2025-12-08 13:31:55
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Dec. 8, 2025 – Read the full story from BreachLock Penetration testing is an offensive security testing methodology...
Scammers harvesting Facebook photos to stage fake kidnappings, warns FBI
2025-12-08 13:17:18
Family photos pulled from social media are being used as "proof-of-life" in virtual kidnapping scams, the FBI warns.
Space Bears Ransomware Claims Comcast Data Theft Through QuasarBreach
2025-12-08 13:13:11
Space Bears ransowmare claims it obtained Comcast files through a breach at Quasar Inc, with threats to publish the data and separate leaks promised from Quasar itself.
The ‘Kitten' Project – Hacktivist Groups Carrying Out Attacks Targeting Israel
2025-12-08 13:05:40
The Kitten Project has emerged as a coordinated hacktivist platform operating at the intersection of activism and technical operations. This initiative represents a shift in how cyber-focused groups organize...
Prompt injection is not SQL injection (it may be worse)
2025-12-08 13:02:30
There are crucial differences between prompt and SQL injection which – if not considered – can undermine mitigations.
⚡ Weekly Recap: USB Malware, React2Shell, WhatsApp Worms, AI IDE Bugs & More
2025-12-08 12:44:00
It's been a week of chaos in code and calm in headlines. A bug that broke the internet's favorite framework, hackers chasing AI tools, fake apps stealing cash, and record-breaking cyberattacks —...
LOLPROX Exposes Hidden Exploitation Paths that Can Enable Stealthy Hypervisor Attacks
2025-12-08 12:42:29
Proxmox Virtual Environment has become a popular choice for organizations building private cloud infrastructure and virtual machine management systems. However, a new analysis reveals significant security...
Hackers Compromising Developers with Malicious VS Code, Cursor AI Extensions
2025-12-08 12:08:12
The developer tools used by millions of programmers worldwide have become a prime target for attackers seeking to compromise entire organizations. Visual Studio Code and AI-powered IDEs like Cursor AI,...
L'UE sanctionne X : première amende historique dans le cadre du DSA
2025-12-08 11:59:46
L'amende de 120 millions € infligée à X par l'UE est une sanction inédite qui marque un tournant dans la régulation numérique européenne.
The post L’UE sanctionne X : première amende historique...
How Can Retailers Cyber-Prepare for the Most Vulnerable Time of the Year?
2025-12-08 11:58:00
The holiday season compresses risk into a short, high-stakes window. Systems run hot, teams run lean, and attackers time automated campaigns to get maximum return. Multiple industry threat reports show...
Des cyber-espions chinois ciblent avec persistance vCenter de VMware
2025-12-08 11:49:21
De plus en plus de cybercriminels s’en prennent aux environnements virtuels en particulier ceux de VMware. Selon un rapport de la Cisa (cybersecurity (...)
{ Tribune Expert } – Sécuriser la GenAI commence par un inventaire clair et une visibilité réelle sur ses composants
2025-12-08 11:18:26
La majorité des organisations manquent encore d'un inventaire fiable de leurs actifs IA, qu'il s'agisse de modèles internes ou de solutions tierces intégrées rapidement.
The post { Tribune Expert...
‘Broadside' Mirai Variant Targets Maritime Logistics Sector
2025-12-08 11:17:12
'Broadside' is targeting a critical flaw in DVR systems to conduct command injection attacks, which can hijack devices to achieve persistence and move laterally.
Over 70 Domains Used in Months-Long Phishing Spree Against US Universities
2025-12-08 11:15:58
Infoblox Threat Intel reports a campaign that used the Evilginx phishing kit to bypass Multi-Factor Authentication (MFA) and steal credentials from 18 US universities between April and November 2025.
Evertrust lève 10 M€ pour s'imposer en leader de la PKI et du CLM
2025-12-08 11:02:05
Evertrust, spécialiste de la confiance numérique, vise le leadership européen avec l'appui d'un fonds américain, sur un marché porté par le raccourcissement de la durée de vie des certificats numériques.
The...
Android Malware FvncBot, SeedSnatcher, and ClayRat Gain Stronger Data Theft Features
2025-12-08 11:00:00
Cybersecurity researchers have disclosed details of two new Android malware families dubbed FvncBot and SeedSnatcher, as another upgraded version of ClayRat has been spotted in the wild.
The findings...
Critical WatchGuard Firebox Vulnerabilities Let Attackers Bypass Integrity Checks and Inject Malicious Codes
2025-12-08 10:55:49
Critical security alerts have been issued for Firebox firewall devices due to serious ten vulnerabilities. The vulnerabilities in WatchGuard, disclosed on December 4, 2025, span multiple severity levels...
OceanLotus Hacker Group Targeting Xinchuang IT Ecosystems to Launch Supply Chain Attacks
2025-12-08 10:52:58
The OceanLotus hacker group, widely tracked as APT32, has initiated a highly targeted surveillance campaign aimed at China's “Xinchuang” IT ecosystem. This strategic pivot focuses on compromising...
La faille React2Shell exploitée activement par des cybercriminels
2025-12-08 10:38:21
Ce n’était qu’une question de jours pour voir la faille React2Shell exploitée par des groupes de cybercriminels. Des chercheurs (...)
Cybersécurité et téléphonie IP : un examen approfondi s'impose
2025-12-08 10:22:06
Bien que la téléphonie IP soit souvent négligée en matière de sécurité, la protection des téléphones IP demeure une priorité constante. Les vulnérabilités potentielles peuvent également servir...
Proxmox lance une version stable de Datacenter Manager
2025-12-08 09:59:12
Après une version alpha en décembre 2024 puis une beta en septembre dernier, Proxmox a dégainé la version stable 1.0 de (...)
A method to assess 'forgivable' vs 'unforgivable' vulnerabilities
2025-12-08 09:58:58
Research from the NCSC designed to eradicate vulnerability classes and make the top-level mitigations easier to implement.
How to Build a Wi-Fi-Controlled USB Keyboard With an ESP32
2025-12-08 09:56:27
You can easily build a custom Wi-Fi-controlled USB keyboard using an ESP32-S2. Perfect for remote key presses, gaming macros, or custom HID devices. Hardware is cheap, software is simple, and the code...
Building Multi-Agent Systems That Communicate Reliably with the A2A Protocol
2025-12-08 09:45:03
Multi-agent systems often fail because agents don't speak the same language. This article explores Google's A2A (Agent-to-Agent) Protocol as the "universal translator" solution. We build "StoryLab," a...
Sneeit WordPress RCE Exploited in the Wild While ICTBroadcast Bug Fuels Frost Botnet Attacks
2025-12-08 09:15:00
A critical security flaw in the Sneeit Framework plugin for WordPress is being actively exploited in the wild, per data from Wordfence.
The remote code execution vulnerability in question is CVE-2025-6389...
Un assureur, un outil scolaire et de nouvelles fédérations sportives ciblées par un pirate
2025-12-08 09:14:29
Un pirate vise fédérations sportives, assureur et site éducatif, révélant de graves failles de cybersécurité dans l'écosystème français....
U.S. CISA adds a Meta React Server Components flaw to its Known Exploited Vulnerabilities catalog
2025-12-08 09:01:13
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Meta React Server Components flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security...
From Polymers to Composites: Venkata Repaka's Blueprint for Smarter Lightweighting
2025-12-08 08:44:59
Automotive lightweighting has become essential for vehicle efficiency, performance, and EV range. With over 20 years in engineering, Venkata N Chandra Sekhar Repaka demonstrates how advanced polymers,...
Bpost : un service de la poste piraté, 30 Go de données diffusées
2025-12-08 08:38:27
Fuite bpost : 30,46 Go de données structurées publiées par les nouveaux pirates du groupe Tridentlocker via un fournisseur....
Google Pixel : une mise à jour corrige plusieurs failles déjà exploitées par des hackers
2025-12-08 08:03:20
Les utilisateurs de smartphones Google Pixel doivent installer au plus vite la mise à jour de sécurité de décembre. Celle-ci corrige un total de 107 failles de sécurité, dont deux qui sont déjà...
A week in security (December 1 – December 7)
2025-12-08 08:03:00
A list of topics we covered in the week of December 1 to December 7 of 2025
Why So Much AI, Yet So Little Profit? A Closer Look at What Businesses Keep Missing
2025-12-08 07:59:59
Gartner's latest research shows a major gap between soaring AI adoption and actual financial ROI. Most AI fails because it isn't integrated into workflows, relies on poor data, stays stuck in pilots,...
The TechBeat: Why DataOps Is Becoming Everyone's Job—and How to Excel at It (12/8/2025)
2025-12-08 07:10:58
How are you, hacker?
🪐Want to know what's trending right now?:
The Techbeat by HackerNoon has got you covered with fresh content from our trending stories of the day! Set email preference here.
...
How Sunil Dua Uses Layered Systems Mapping to Transform Nonprofit Tech
2025-12-08 06:59:59
Nonprofits often face fragmented tech stacks that hinder mission delivery. Sunil Dua's Layered Systems Mapping provides a blueprint to align systems, data, and processes for clarity, integration, and...
MuddyWater Deploys UDPGangster Backdoor in Targeted Turkey-Israel-Azerbaijan Campaign
2025-12-08 06:46:00
The Iranian hacking group known as MuddyWater has been observed leveraging a new backdoor dubbed UDPGangster that uses the User Datagram Protocol (UDP) for command-and-control (C2) purposes.
The cyber...
Ravi Shankar Garapati Advances Intelligent Automotive Systems with AI and Cloud Integration Model
2025-12-08 06:44:59
Ravi Shankar Garapati's research introduces an AI-enabled, cloud-based predictive maintenance framework for connected vehicles. By analyzing telematics data with machine learning and visualizing insights...
Why EdTech Fails Neurodiverse Students and How Shafaq Bajwa Aims to Fix It
2025-12-08 05:59:59
Shafaq Bajwa, a data scientist turned special needs classroom assistant, exposes the gap between scalable EdTech and the real needs of neurodiverse learners. Her experience shows that independence, data,...
Sourcegraph Bets on Ads to Pay for AI Coding
2025-12-08 00:59:59
From Netflix to Spotify, ad-supported tiers are a staple component of the digital economy, offering product access in exchange for your eyeballs (figuratively speaking).
Multiples vulnérabilités dans MISP (08 décembre 2025)
08/12/2025
De multiples vulnérabilités ont été découvertes dans MISP. Elles permettent à un attaquant de provoquer une injection de code indirecte à distance (XSS).
Multiples vulnérabilités dans Traefik (08 décembre 2025)
08/12/2025
De multiples vulnérabilités ont été découvertes dans Traefik. Elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et un...
Multiples vulnérabilités dans les produits Microsoft (08 décembre 2025)
08/12/2025
De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.