Toute l'actualité de la Cybersécurité


Avec Database 26ai, Oracle met le cap sur les agents IA

2025-10-15 10:32:14
Près de 15 000 personnes sont attendues à la conférence Oracle AI World qui se déroule dans la cité des loisirs du Nevada (...)

Lire la suite »

L'UE va signer la Convention des Nations Unies sur la cybercriminalité

2025-10-15 10:23:41
Le Conseil de l'Europe a autorisé la Commission européenne et les États membres à signer la Convention des Nations Unies contre (...)

Lire la suite »

FortiPAM & FortiSwitch Manager Flaw Allows Attackers to Bypass Authentication

2025-10-15 09:28:33
Fortinet has disclosed a critical security vulnerability affecting FortiPAM and FortiSwitchManager products that could enable attackers to bypass authentication mechanisms through brute-force attacks....

Lire la suite »

Windows Agere Modem Driver 0-Day Vulnerabilities Actively Exploited To Escalate Privileges

2025-10-15 09:25:35
Microsoft has disclosed two critical zero-day vulnerabilities in the Agere Modem driver bundled with Windows operating systems, confirming active exploitation to escalate privileges. The flaws, tracked...

Lire la suite »

TigerJack Hackers Target Developer Marketplaces with 11 Malicious VS Code Extensions

2025-10-15 09:15:27
Sophisticated Threat Actor Compromises 17,000+ Developers Through Trojan Extensions That Steal Code and Mine Cryptocurrency. Operating since early 2025 under multiple publisher accounts (ab-498, 498,...

Lire la suite »

FortiOS CLI Bypass Flaw Lets Attackers Run Arbitrary System Commands

2025-10-15 09:14:52
Fortinet has disclosed a security vulnerability affecting its FortiOS operating system that could allow attackers with administrative privileges to execute unauthorized system commands by bypassing command...

Lire la suite »

NCSC Warns of UK Experiencing Four Cyber Attacks Every Week

2025-10-15 09:11:07
The United Kingdom faces an unprecedented cyber security crisis as the National Cyber Security Centre (NCSC) reports handling an average of four ‘nationally significant’ cyber attacks weekly....

Lire la suite »

GhostBat RAT Android Malware Poses as Fake RTO Apps to Steal Banking Data from Indian Users

2025-10-15 08:32:40
The GhostBat RAT campaign leverages diverse infection vectors—WhatsApp, SMS with shortened URLs, GitHub-hosted APKs, and compromised websites—to distribute malicious Android droppers. Once installed,...

Lire la suite »

Microsoft IIS Vulnerability Allows Unauthorized Attacker To execute Malicious Code

2025-10-15 08:24:55
Microsoft has disclosed a critical remote code execution flaw in its Internet Information Services (IIS) platform, posing risks to organizations relying on Windows servers for web hosting. Tracked as...

Lire la suite »

Africa Remains Top Global Target, Even as Attacks Decline

2025-10-15 08:00:00
Organizations across the continent saw 10% fewer attacks in September, but Africa remains the most attacked region in the world, leading the Global South.

Lire la suite »

Unencrypted satellites expose global communications

2025-10-15 07:57:30
Researchers found nearly half of geostationary satellites leak unencrypted data, exposing consumer, corporate, and military communications. A group of researchers from UC San Diego and the University...

Lire la suite »

Flax Typhoon APT exploited ArcGIS server for over a year as a backdoor

2025-10-15 07:11:07
China-linked cyberespionage group Flax Typhoon hijacked an ArcGIS system for over a year and used it as a backdoor. China-linked APT group Flax Typhoon (aka Ethereal Panda or RedJuliett) compromised an...

Lire la suite »

Chinese Hackers Use Geo-Mapping Tool for Year-Long Persistence

2025-10-15 07:04:51
The China-backed advanced persistent threat group Flax Typhoon maintained year-long access to an ArcGIS system by turning trusted software into a persistent backdoor—an attack so unique it prompted...

Lire la suite »

Two CVSS 10.0 Bugs in Red Lion RTUs Could Hand Hackers Full Industrial Control

2025-10-15 06:50:00
Cybersecurity researchers have disclosed two critical security flaws impacting Red Lion Sixnet remote terminal unit (RTU) products that, if successfully exploited, could result in code execution with...

Lire la suite »

Critical Veeam Backup RCE Vulnerabilities Let Attackers Execute Malicious Code Remotely

2025-10-15 06:20:12
Veeam Software has disclosed three serious security flaws in its Backup & Replication suite and Agent for Microsoft Windows, which enable remote code execution and privilege escalation, potentially...

Lire la suite »

Hackers Target ICTBroadcast Servers via Cookie Exploit to Gain Remote Shell Access

2025-10-15 06:16:00
Cybersecurity researchers have disclosed that a critical security flaw impacting ICTBroadcast, an autodialer software from ICT Innovations, has come under active exploitation in the wild. The vulnerability,...

Lire la suite »

End of Support for Windows 10 Sparks Security Fears Among Millions of Users

2025-10-15 06:07:05
Microsoft officially ended support for Windows 10 on October 14, 2025, leaving millions of users worldwide facing critical security concerns. The decision marks the end of regular technical assistance,...

Lire la suite »

Windows Remote Desktop Client Vulnerability Let Attackers Execute Remote Code

2025-10-15 06:04:24
Microsoft has patched a critical flaw in its Remote Desktop Client that could allow attackers to execute malicious code on victims’ systems. Disclosed on October 14, 2025, as CVE-2025-58718, the...

Lire la suite »

Le mode Internet Explorer d'Edge restreint après une faille de sécurité

2025-10-15 06:01:14
Microsoft a rendu plus difficile l'activation du mode Internet Explorer dans Edge. La conséquence d'une faille critique découverte cet été. The post Le mode Internet Explorer d’Edge restreint...

Lire la suite »

Encrypt & Decrypt Database Fields in Spring Boot Like a Pro (2025 Secure Guide)

2025-10-15 05:55:10
“Your database backup just leaked. Is your data still safe?”Continue reading on InfoSec Write-ups »

Lire la suite »

UEFI Shell Flaws Let Hackers Disable Secure Boot on Over 200,000 Laptops

2025-10-15 05:44:39
Security researchers have uncovered critical vulnerabilities in signed UEFI shells that allow attackers to completely bypass Secure Boot protections on approximately 200,000 Framework laptops and desktops....

Lire la suite »

Chrome Use After Free Vulnerability Let Attackers Execute Arbitrary Code

2025-10-15 05:44:19
Google has rolled out an urgent security update for its Chrome browser, addressing a high-severity use-after-free vulnerability that could allow attackers to execute arbitrary code on users’ systems....

Lire la suite »

New SAP NetWeaver Bug Lets Attackers Take Over Servers Without Login

2025-10-15 05:36:00
SAP has rolled out security fixes for 13 new security issues, including additional hardening for a maximum-severity bug in SAP NetWeaver AS Java that could result in arbitrary command execution. The vulnerability,...

Lire la suite »

Pixnapping Attack Hijacks Google Authenticator 2FA Codes in Under 30 Seconds

2025-10-15 05:34:20
Security researchers have unveiled a sophisticated new attack technique dubbed “Pixnapping” that can extract two-factor authentication codes from Google Authenticator and other sensitive mobile...

Lire la suite »

Hackers Exploit Windows Remote Access Connection Manager 0-Day in Ongoing Attacks

2025-10-15 05:31:28
Microsoft has confirmed active exploitation of a critical zero-day vulnerability affecting the Windows Remote Access Connection Manager, designated as CVE-2025-59230. The security flaw, disclosed on October...

Lire la suite »

Telegram Becomes the Nerve Center for Modern Hacktivist Operations

2025-10-15 04:20:45
Telegram has solidified its position as the primary coordination hub for modern hacktivist operations, according to comprehensive research analyzing over 11,000 posts from more than 120 politically motivated...

Lire la suite »

Hello Cake - 22,907 breached accounts

2025-10-15 03:16:37
In July 2025, the sexual healthcare product maker Hello Cake suffered a data breach. The data was subsequently posted on a public hacking forum and included 23k unique email addresses along with names,...

Lire la suite »

Windows Remote Access Connection Manager 0-Day Vulnerability Actively Exploited in Attacks

2025-10-15 02:43:34
Microsoft has confirmed active exploitation of a critical zero-day vulnerability in the Windows Remote Access Connection Manager (RasMan) service, allowing attackers to escalate privileges and potentially...

Lire la suite »

Fedora 42: Resolved CVE-2025-54080 & CVE-2025-55304 SegFault Issues

2025-10-15 01:01:18
Update to exiv2-0.28.7, fixes CVE-2025-54080 and CVE-2025-55304.

Lire la suite »

Fedora 42 mingw-exiv2 Critical Fix for Performance Issues CVE-2025-54080

2025-10-15 01:01:18
Update to exiv2-0.28.7, fixes CVE-2025-54080 and CVE-2025-55304.

Lire la suite »

Fedora 42: rust-protobuf-update Loop Prevention Solution 2025-3de09bf58a

2025-10-15 01:01:02
Update mirrorlist-server to version 3.0.8. Update the maxminddb crate to version 0.26.0. Update the prometheus crate to version 0.14.0. Update the protobuf and protobuf-codegen crates to version 3.7.2....

Lire la suite »

Fedora 42: Severe Uncontrolled Recursion Flaw in rust-protobuf-parse

2025-10-15 01:01:02
Update mirrorlist-server to version 3.0.8. Update the maxminddb crate to version 0.26.0. Update the prometheus crate to version 0.14.0. Update the protobuf and protobuf-codegen crates to version 3.7.2....

Lire la suite »

Fedora 42: Critical Fix for Uncontrolled Recursion in rust-protobuf-codegen

2025-10-15 01:01:02
Update mirrorlist-server to version 3.0.8. Update the maxminddb crate to version 0.26.0. Update the prometheus crate to version 0.14.0. Update the protobuf and protobuf-codegen crates to version 3.7.2....

Lire la suite »

Ubuntu 22: python-pycryptodome High Memory Leak Issue 2025-2db54ef2a

2025-10-15 01:01:01
Update mirrorlist-server to version 3.0.8. Update the maxminddb crate to version 0.26.0. Update the prometheus crate to version 0.14.0. Update the protobuf and protobuf-codegen crates to version 3.7.2....

Lire la suite »

npm Supply Chain Attack

2025-10-15 00:11:01
What is the Attack? On September 8, 2025, attackers phished the npm maintainer “qix” and stole their two-factor authentication (2FA) credentials....

Lire la suite »

Salesloft Drift Supply Chain Attack

2025-10-15 00:07:50
What is the Attack? Threat actors tracked as UNC6395 exploited the Salesloft Drift integration, a SaaS AI chatbot tool linked to Salesforce and other...

Lire la suite »