Synthèse des Menaces de Sécurité - 18 novembre 2025
Synthèse des Menaces de Sécurité - 18 novembre 2025
Synthèse des Menaces de Sécurité - 18 novembre 2025
Les 5 Principales Alertes de Sécurité Critiques
- Google Issues Security Fix for Actively Exploited Chrome V8 Zero-Day Vulnerability — Google released Chrome updates to fix two flaws, including an actively exploited zero-day (CVE-2025-13223, CVSS 8.8). Lire la suite
- Critical Fortinet FortiWeb WAF Bug Exploited in the Wild — Critical FortiWeb WAF vulnerability allows unauthenticated remote command execution and is being exploited. Lire la suite
- New EVALUSION ClickFix Campaign Delivers Amatera Stealer and NetSupport RAT — New campaign uses ClickFix to deliver Amatera Stealer (ACR evolution) and NetSupport RAT via social engineering. Lire la suite
- Cursor Issue Paves Way for Credential-Stealing Attacks — AI-powered coding tool vulnerability allows malicious servers to hijack browser for credential theft. Lire la suite
- Dragon Breath Uses RONINGLOADER to Disable Security Tools and Deploy Gh0st RAT — Advanced campaign uses multi-stage loader to disable security tools and deliver Gh0st RAT through trojanized installers. Lire la suite
Renseignement sur les Menaces
- KongTuke activity, (Tue, Nov 18th) — Malware activity requires investigation. Lire la suite
- ⚡ Weekly Recap: Fortinet Exploited, China's AI Hacks, PhaaS Empire Falls & More — Recap includes AI weaponization, VPN exploits, and criminal malware-as-a-service operations. Lire la suite
- 5 Reasons Why Attackers Are Phishing Over LinkedIn — 1 in 3 phishing attacks now target executives via LinkedIn's trusted network. Lire la suite
Incidents et Violations de Sécurité
- US Citizens Plead Guilty to Aiding North Korean IT Worker Campaigns — Four individuals admitted providing false identities and remote access for espionage operations. Lire la suite
Outils de Sécurité et Bonnes Pratiques
- Google Issues Security Fix for Actively Exploited Chrome V8 Zero-Day Vulnerability — Critical patch addresses type confusion vulnerability allowing arbitrary code execution. Lire la suite
- ISC Stormcast For Tuesday, November 18th, 2025 — Latest security podcast from SANS Internet Storm Center. Lire la suite
Technologies de Sécurité Émergentes
- [Dark Reading Virtual Event] Cybersecurity Outlook 2026 — Upcoming event discussing future security trends and threats. Lire la suite
- Cursor Issue Paves Way for Credential-Stealing Attacks — Vulnerability highlights risks in AI-powered development environments. Lire la suite
Ce résumé de sécurité a été généré automatiquement le 18 novembre 2025.
This summary was automatically generated on November 18, 2025.