Google on Monday released out-of-band fixes to address three security issues in its Chrome browser, including one that it said has come under active exploitation in the wild.
The high-severity flaw is being tracked as CVE-2025-5419, and has been flagged as an out-of-bounds read and write vulnerability in the V8 JavaScript and WebAssembly engine.
"Out of bounds read and write in V8 in Google
Luxury fashion brand Cartier is warning customers it suffered a data breach that exposed customers' personal information after its systems were compromised. [...]
Outdoor apparel retailer The North Face is warning customers that their personal information was stolen in credential stuffing attacks targeting the company's website in April. [...]
Dans une opération inédite menée au printemps 2025, la Royal Navy a testé pour la première fois l’intégration d’un drone Puma comme éclaireur pour un hélicoptère Merlin Mk2 lors d’une mission réelle dans l’Atlantique. L’objectif : tester en conditions réelles une solution hybride capable de renforcer la furtivité et la capacité de surveillance de la flotte britannique, tout en limitant l’exposition aux radars ennemis.
Google says it will no longer trust root CA certificates signed by Chunghwa Telecom and Netlock in the Chrome Root Store due to a pattern of compliance failures and failure to make improvements. [...]
Microsoft and CrowdStrike announced today that they've partnered to connect the aliases used for specific threat groups without actually using a single naming standard. [...]
The "Russian Market" cybercrime marketplace has emerged as one of the most popular platforms for buying and selling credentials stolen by information stealer malware. [...]
Pendant des décennies, la cybersécurité des organisations reposait sur une approche traditionnelle et relativement simple : le périmètre de sécurité. Ce modèle consistait à protéger un réseau interne considéré comme « sûr » et à en isoler les menaces extérieures. Tout ce qui se trouvait à l’intérieur du périmètre était jugé fiable, tandis que l’extérieur était perçu comme […]
Cybersecurity researchers have discovered a new cryptojacking campaign that's targeting publicly accessible DevOps web servers such as those associated with Docker, Gitea, and HashiCorp Consul and Nomad to illicitly mine cryptocurrencies.
Cloud security firm Wiz, which is tracking the activity under the name JINX-0132, said the attackers are exploiting a wide range of known misconfigurations and
Three security vulnerabilities have been disclosed in preloaded Android applications on smartphones from Ulefone and Krüger&Matz that could enable any app installed on the device to perform a factory reset and encrypt an application.
A brief description of the three flaws is as follows -
CVE-2024-13915 (CVSS score: 6.9) - A pre-installed "com.pri.factorytest" application on Ulefone and
Qualcomm has shipped security updates to address three zero-day vulnerabilities that it said have been exploited in limited, targeted attacks in the wild.
The flaws in question, which were responsibly disclosed to the company by the Google Android Security team, are listed below -
CVE-2025-21479 and CVE-2025-21480 (CVSS score: 8.6) - Two incorrect authorization vulnerabilities in the Graphics
Elastic Security Labs a détecté un nouveau malware de type infostealer, EDDIESTEALER, distribué via de fausses campagnes CAPTCHA qui capturent des données sensibles telles que des identifiants, des informations sur le navigateur et des portefeuilles cryptographiques. Communiqué. Principales conclusions : Conçu en Rust : le logiciel malveillant a été créé en Rust, un langage de programmation moderne […]
If this had been a security drill, someone would’ve said it went too far. But it wasn’t a drill—it was real. The access? Everything looked normal. The tools? Easy to find. The detection? Came too late.
This is how attacks happen now—quiet, convincing, and fast. Defenders aren’t just chasing hackers anymore—they’re struggling to trust what their systems are telling them.
The problem isn’t too
Microsoft has released an out-of-band update to address a known issue causing some Windows 11 systems to enter recovery and fail to start after installing the KB5058405 May 2025 security update. [...]
Depuis la mi-mai 2025, le Japon autorise officiellement ses forces à mener des cyber-opérations offensives préventives, y compris en l'absence d'attaque avérée. Une rupture stratégique majeure : le pays rejoint ainsi le cercle restreint des démocraties dotées d’une doctrine cyber offensive explicite, avec un niveau de transparence rarement affiché sur la scène internationale.
The evolution of cyber threats has forced organizations across all industries to rethink their security strategies. As attackers become more sophisticated — leveraging encryption, living-off-the-land techniques, and lateral movement to evade traditional defenses — security teams are finding more threats wreaking havoc before they can be detected. Even after an attack has been identified, it can
Qualcomm has released security patches for three zero-day vulnerabilities in the Adreno Graphics Processing Unit (GPU) driver that impact dozens of chipsets and are actively exploited in targeted attacks. [...]
Dans son nouveau rapport, Kaspersky révèle avoir identifié plus de 7 millions de comptes compromis appartenant à des services de streaming tels que Netflix, Disney+ ou encore Amazon Prime. Pour des millions de 15-30 ans, ces plateformes de streaming jouent un rôle central dans leur socialisation et leur rapport au monde. Pour sensibiliser la Gen […]
Connexion
