Toute l'actualité de la Cybersécurité
A Quimper, Femmes & Numérique de retour pour encourager la mixité IT
2025-11-13 14:12:21
Les initiatives visant à féminiser le secteur informatique continuent à se développer en France. Parmi elles, Femmes (...)
Hackers Infiltrate npm Registry with 43,000 Spam Packages, Linger for Nearly Two Years
2025-11-13 13:13:49
Security researcher Paul McCarty has uncovered a massive coordinated spam campaign targeting the npm ecosystem. The IndonesianFoods worm, comprising over 43,000 malicious packages published across at...
SAP Pushes Emergency Patch for 9.9 Rated CVE-2025-42887 After Full Takeover Risk
2025-11-13 13:10:24
CVE 2025 42887 vulnerability, rated 9.9, allows code injection through Solution Manager giving attackers full SAP control urgent patch needed to block system takeover.
OpenAI Sora 2 Vulnerability Allows Exposure of Hidden System Prompts from Audio Data
2025-11-13 13:07:33
Security researchers have successfully extracted the system prompt from OpenAI’s Sora 2 video generation model by exploiting cross-modal vulnerabilities, with audio transcription proving to be the...
Multiple GitLab Vulnerabilities Let Attackers Inject Malicious Prompts to Steal Sensitive Data
2025-11-13 13:04:17
GitLab has released urgent security patches addressing multiple vulnerabilities affecting both the Community Edition and the Enterprise Edition. The company released versions 18.5.2, 18.4.4, and 18.3.6...
Fake Chrome Extension “Safery” Steals Ethereum Wallet Seed Phrases Using Sui Blockchain
2025-11-13 13:04:00
Cybersecurity researchers have uncovered a malicious Chrome extension that poses as a legitimate Ethereum wallet but harbors functionality to exfiltrate users' seed phrases.
The name of the extension...
Popular Android-based photo frames download malware on boot
2025-11-13 13:00:00
Uhale Android-based digital picture frames come with multiple critical security vulnerabilities and some of them download and execute malware at boot time. [...]
Multiple Kibana Vulnerabilities Enables SSRF and XSS Attacks
2025-11-13 12:55:48
Elastic Security has disclosed critical vulnerabilities affecting Kibana that could enable attackers to execute Server-Side Request Forgery (SSRF) and Cross-Site Scripting (XSS) attacks against vulnerable...
Are you paying more than other people? NY cracks down on surveillance pricing
2025-11-13 12:51:37
New York is calling out data-driven pricing, where algorithms use your clicks, location and search history to tweak what you pay.
Microsoft Defender for O365 New Feature Allows Security Teams to Trigger Automated Investigations
2025-11-13 12:44:11
Microsoft has rolled out enhanced remediation capabilities in Defender for Office 365 (O365), enabling security teams to initiate automated investigations and other actions directly from the Advanced...
CISA Warns of Active Exploitation of Windows Kernel 0-Day Enabling Privilege Escalation
2025-11-13 12:31:34
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about the active exploitation of a new zero-day vulnerability in Microsoft Windows. This security flaw, tracked...
BreachLock and Vanta Bridge the Gap Between Continuous Security Testing and Compliance with New Integration
2025-11-13 05:35:51
New York, New York, 13th November 2025, CyberNewsWire
Palo Alto PAN-OS Firewall Vulnerability Let Attackers Reboot Firewall by Sending Malicious Packet
2025-11-13 12:14:48
Palo Alto Networks has disclosed a critical denial-of-service vulnerability in its PAN-OS firewall software that allows unauthenticated attackers to remotely reboot firewalls by sending specially crafted...
CISA warns feds to fully patch actively exploited Cisco flaws
2025-11-13 12:05:55
CISA warned federal agencies to fully patch two actively exploited vulnerabilities in Cisco Adaptive Security Appliances (ASA) and Firepower devices. [...]
Top 3 Malware Families in Q4: How to Keep Your SOC Ready
2025-11-13 12:05:34
Q3 showed sharp growth in malware activity as Lumma AgentTesla and Xworm drove access and data theft forcing SOC teams toward quicker behavior checks
Le PRA se réinvente à l'heure du Cloud et de l'automatisation
2025-11-13 12:01:43
Face à la multiplication des cybermenaces, le Plan de Reprise d'Activité (PRA) se transforme. Porté par le Cloud, l'automatisation et la cybersécurité, il devient un pilier essentiel de la résilience...
Google relance un Cameyo plus intégré à l'écosystème Chrome
2025-11-13 12:00:34
Google relance sa solution de virtualisation d'applications et axe sa communication sur l'intégration avec l'écosystème Chrome.
The post Google relance un Cameyo plus intégré à l’écosystème...
Lab 3#: Finding and exploiting an unused API endpoint | Api Testing
2025-11-13 11:44:15
PortSwigger LabH i my dear readers, API-based applications often have endpoints that are kept for development/testing use and then become “unused” or “forgotten”. These can lead to data leakage...
Reflected XSS in PUBG
2025-11-13 11:43:49
A single unsanitized parameter is all an attacker needsContinue reading on InfoSec Write-ups »
When Attacks Come Faster Than Patches: Why 2026 Will be the Year of Machine-Speed Security
2025-11-13 11:30:00
The Race for Every New CVE
Based on multiple 2025 industry reports: roughly 50 to 61 percent of newly disclosed vulnerabilities saw exploit code weaponized within 48 hours. Using the CISA Known Exploited...
U.S. CISA adds WatchGuard Firebox, Microsoft Windows, and Gladinet Triofox flaws to its Known Exploited Vulnerabilities catalog
2025-11-13 11:29:10
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds WatchGuard Firebox, Microsoft Windows, and Gladinet Triofox flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity...
Operation Endgame Dismantles Rhadamanthys, Venom RAT, and Elysium Botnet in Global Crackdown
2025-11-13 11:16:00
Malware families like Rhadamanthys Stealer, Venom RAT, and the Elysium botnet have been disrupted as part of a coordinated law enforcement operation led by Europol and Eurojust.
The activity, which is...
Police disrupts Rhadamanthys, VenomRAT, and Elysium malware operations
2025-11-13 10:53:39
Law enforcement authorities from 9 countries have taken down 1,025 servers used by the Rhadamanthys infolstealer, VenomRAT, and Elysium botnet malware operations in the latest phase of Operation Endgame,...
IA générative et cybersécurité offensive : quand les LLM tombent entre de mauvaises mains
2025-11-13 10:49:19
Les modèles de langage de grande taille (LLM, pour Large Language Models) comme ChatGPT, Claude ou encore Gemini, ont révolutionné l'accès à l'information et à l'assistance technique. Grâce...
English-Speaking Cybercriminal Ecosystem ‘The COM' Drives a Wide Spectrum of Cyberattacks
2025-11-13 10:45:57
The English-speaking cybercriminal ecosystem, commonly known as “The COM,” has transformed from a niche community of social media account traders into a sophisticated, organized operation...
Operation Endgame – 1,000+ Servers Used by Rhadamanthys, VenomRAT, and Elysium Dismantled
2025-11-13 10:42:10
Law enforcement agencies disrupted a vast network of cybercrime tools between November 10 and 14, 2025, coordinated from Europol’s headquarters in The Hague, Netherlands. Dubbed the latest phase...
Operation Endgame: Authorities Takedown 1,025 Servers Linked to Rhadamanthys, VenomRAT, and Elysium
2025-11-13 10:39:42
Between November 10 and 14, 2025, law enforcement agencies executed one of the most significant coordinated operations against cybercriminals in recent history. Operation Endgame, coordinated from Europol’s...
Operation Endgame 3.0 - 2,046,030 breached accounts
2025-11-13 10:23:12
Between 10 and 13 November 2025, the latest phase of Operation Endgame was coordinated from Europol's headquarters in The Hague. The actions targeted one of the biggest infostealer Rhadamanthys, the Remote...
We opened a fake invoice and fell down a retro XWorm-shaped wormhole
2025-11-13 10:15:22
In 2025, receiving a .vbs “invoice” is like finding a floppy disk in your mailbox. It's retro, suspicious, and definitely not something you should run.
ThreatsDay Bulletin: Cisco 0-Days, AI Bug Bounties, Crypto Heists, State-Linked Leaks and 20 More Stories
2025-11-13 10:10:00
Behind every click, there's a risk waiting to be tested. A simple ad, email, or link can now hide something dangerous. Hackers are getting smarter, using new tools to sneak past filters and turn trusted...
Kibana Vulnerabilities Expose Systems to SSRF and XSS Attacks
2025-11-13 10:04:51
Elastic has released a security advisory addressing an origin validation error in Kibana that could expose systems to Server-Side Request Forgery (SSRF) attacks. The vulnerability, tracked as CVE-2025-37734,...
CISA warns of WatchGuard firewall flaw exploited in attacks
2025-11-13 10:03:52
CISA has ordered federal agencies to patch an actively exploited vulnerability in WatchGuard Firebox firewalls, which allows attackers to gain remote code execution on compromised devices. [...]
New ClickFix Attack Tricks Users with ‘Fake OS Update' to Execute Malicious Commands
2025-11-13 09:49:55
A new ClickFix campaign is tricking users with a fake Windows update that runs in their browser. Called “Fake OS Update,” this scam takes advantage of people’s trust in the familiar...
ThreatBook Peer-Recognized as a Strong Performer In the 2025 Gartner Peer Insights
2025-11-13 09:46:38
ThreatBook has been recognized as a Strong Performer in the 2025 Gartner Peer Insights of the Customer for Network Detection and Response (NDR) This marks the third consecutive year that ThreatBook has...
Malicious Chrome Extension Grants Full Control Over Ethereum Wallet
2025-11-13 09:26:42
Security researchers have uncovered a sophisticated supply chain attack disguised as a legitimate cryptocurrency wallet. Socket’s Threat Research Team discovered a malicious Chrome extension called...
Critical Dell Data Lakehouse Vulnerability Let Remote Attacker Escalate Privileges
2025-11-13 09:18:20
Dell Technologies has disclosed a critical security vulnerability in its Data Lakehouse platform that could allow remote attackers to escalate privileges and compromise system integrity. The flaw, tracked...
EV2 Token Presale Launches as Funtico Targets Mainstream Gamers With ‘Earth Version 2'
2025-11-13 09:18:17
Funtico has opened the token presale for Earth Version 2 (EV2), the studio's forthcoming multiplayer sci-fi MMO. The sale offers early access to $EV2 – the token that drives the game's economy –...
Cisco lance deux certifications dédiées à l'IA
2025-11-13 09:16:54
L'acculturation de l'IA au sein des réseaux passe par le développement de formations et de certifications. Cisco vient d'en dévoiler (...)
GitLab Vulnerabilities Expose Users to Prompt Injection Attacks and Data Theft
2025-11-13 09:11:45
GitLab has released critical security patches addressing nine vulnerabilities across Community Edition (CE) and Enterprise Edition (EE), including a concerning prompt injection flaw in GitLab Duo that...
How Attackers Turn SVG Files Into Phishing Lures
2025-11-13 09:05:23
Businesses today are dealing with faster, stealthier email threats that look routine yet unleash aggressively malicious scripts the moment a user engages. This is especially true when the lure arrives...
Comment un ransomware s'est infiltré au CH Rueil-Malmaison
2025-11-13 09:00:42
En mars 2025, le centre hospitalier de Rueil-Malmaison était victime d'un ransomware. La réactivation d'un compte de test en est à l'origine.
The post Comment un ransomware s’est infiltré au...
Amazon alerts: advanced threat actor exploits Cisco ISE & Citrix NetScaler zero-days
2025-11-13 08:42:58
Amazon warns that an advanced threat actor exploited zero-days in Cisco ISE and Citrix NetScaler to deploy custom malware. Amazon’s threat intelligence researchers spotted an advanced threat actor...
New ClickFix Attack Targeting Windows and macOS Users to Deploy Infostealer Malware
2025-11-13 08:22:40
Security researchers have uncovered a sophisticated malware campaign that leverages the ClickFix social engineering technique to distribute information-stealing malware across Windows and macOS platforms....
CISA Flags Critical WatchGuard Fireware Flaw Exposing 54,000 Fireboxes to No-Login Attacks
2025-11-13 07:23:00
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting WatchGuard Fireware to its Known Exploited Vulnerabilities (KEV) catalog, based on...
Critical Dell Data Lakehouse Flaw Allows Remote Attackers to Escalate Privileges
2025-11-13 07:20:32
Dell Technologies has disclosed a critical security vulnerability affecting its Data Lakehouse platform that could allow attackers with high-level privileges to escalate their access and compromise system...
The TechBeat: Copilots Are the New Shadow IT: The Hidden Risks That Come With Them (11/13/2025)
2025-11-13 07:10:56
How are you, hacker?
🪐Want to know what's trending right now?:
The Techbeat by HackerNoon has got you covered with fresh content from our trending stories of the day! Set email preference here.
...
Kenya Kicks Off 'Code Nation' With a Nod to Cybersecurity
2025-11-13 07:00:00
The African country aims to train 1 million workers in tech skills in the short term, with a focus on software engineering, cybersecurity, and data science.
Over 67,000 Fake npm Packages Flood Registry in Worm-Like Spam Attack
2025-11-13 04:58:00
Cybersecurity researchers are calling attention to a large-scale spam campaign that has flooded the npm registry with thousands of fake packages since early 2024 as part of a likely financially motivated...
Multiple Instance Learning: Review of Instance and Embedding Level Approaches
2025-11-13 02:51:19
This article presents a new approach to Multiple Instance Learning (MIL) MIVPG is a type of machine learning that uses multiple instances to learn. The study uses attention-based VPG and a bag-level embedding...
Why Crypto Could Outperform Stocks, Real Estate, and Gold in 2026
2025-11-13 02:46:10
Traditional assets like stocks, gold, and real estate offer slow, steady gains, while crypto continues to show rapid upside with past cycles delivering massive returns. With 2026 set for another major...
Could AI Create a New Layer in the OSI Model? The Rise of the “Intelligence Layer”
2025-11-13 02:43:00
Avici Raises .5 Million, Gives Back 90% of Capital via Futarchy Governance
2025-11-13 02:36:28
Avici secured .5M in funding while returning roughly 90% of committed capital to its community through a futarchy governance model. The fintech-crypto startup aims to build unified internet banking...
How Clause-Level Constraints Turn Training Choices Into Verifiable Policies for Generative Systems
2025-11-13 02:16:30
The image symbolizes how artificial intelligence systems translate neural computation into structured governance. Circuit lines represent data flow becoming formal clause patterns, mirroring the paper's...
VSYS Host Launches VSYS Name - an ICANN-Accredited Domain Registrar
2025-11-13 02:08:08
VSYS Host has launched VSYS Name, an ICANN-accredited domain registrar giving users full domain lifecycle control—registration, transfer, renewal, and DNS management—without intermediaries. With transparent...
Fedora 41: Critical Log Injection and DoS Risks in rubygem-rack 2.2.21
2025-11-13 01:23:33
Update to Rack 2.2.21
Fedora 42: Critical Audio Playback Issues in WebKitGTK Resolved Now
2025-11-13 01:10:51
Update to WebKitGTK 2.50.1: Improve text rendering performance. Fix audio playback broken on instagram. Fix rendering of layers with fractional transforms. Fix several crashes and rendering issues.
Fedora 42: rubygem-rack Critical Denial Of Service Fix 2025-eae2126736
2025-11-13 01:10:48
Update to Rack 2.2.21
Fedora 42: Skopeo Critical Security Issue CVE-2025-58189, CVE-2025-61725
2025-11-13 01:10:44
Security fix for CVE-2025-58189 and CVE-2025-61725
ThreatBook Peer-Recognized as a Strong Performer in the 2025 Gartner® Peer Insights™ Voice of the Customer for Network Detection and Response — for the Third Consecutive Year
2025-11-13 01:01:16
Singapore, Singapore, 13th November 2025, CyberNewsWire
Fedora 43: firefox 145.0 Important Update 2025-2d9e01e0fc
2025-11-13 00:51:49
Updated to latest upstream (145.0)
Fedora 43: rubygem-rack Moderate Denial Service Update 2025-b6e0f437b6
2025-11-13 00:51:40
Update to Rack 3.1.19