By Jean-Marc BIAUDIS — 08 nov. 2025

Synthèse des Menaces de Sécurité - 8 novembre 2025

Les 5 Principales Alertes de Sécurité Critiques

Samsung Mobile Flaw Exploited as Zero-Day to Deploy LANDFALL Android Spyware — A patched Samsung flaw (CVE-2025-21042, CVSS 8.8) was exploited as a zero-day to deploy the LANDFALL spyware in Middle East attacks. Lire la suite
Ollama, Nvidia Flaws Put AI Infrastructure at Risk — Multiple vulnerabilities in AI infrastructure, including one enabling remote code execution, have been discovered by researchers. Lire la suite

'Landfall' Malware Targeted Samsung Galaxy Users — The LANDFALL malware enables operators to conduct surveillance on compromised devices through recording, tracking, and data collection. Lire la suite
'Ransomvibing' Infests Visual Studio Extension Market — A VS Code extension was discovered that openly encrypts and exfiltrates data, with obvious AI-generated signs left behind. Lire la suite
From Log4j to IIS, China's Hackers Turn Legacy Bugs into Global Espionage Tools — China-linked hackers are leveraging legacy vulnerabilities like Log4j and IIS for persistent cyber espionage against U.S. entities. Lire la suite
Hidden Logic Bombs in Malware-Laced NuGet Packages Set to Detonate Years After Installation — Nine malicious NuGet packages contain time-delayed logic bombs designed to sabotage databases and ICS systems after 2027. Lire la suite
The who, where, and how of APT attacks in Q2 2025–Q3 2025 — ESET's report highlights key findings on APT attack activities during the second and third quarters of 2025. Lire la suite

Enterprise Credentials at Risk – Same Old, Same Old? — A common phishing scenario where employees fall for fake password reset emails leads to credential theft. Lire la suite
Google Launches New Maps Feature to Help Businesses Report Review-Based Extortion Attempts — Google introduces a dedicated form for businesses to report extortion attempts involving fake negative reviews on Maps. Lire la suite

Honeypot: Requests for (Code) Repositories — Researchers observed requests targeting code repositories in a honeypot, indicating potential scanning activity. Lire la suite

Microsoft Backs Massive AI Push in UAE, Raising Security Concerns — Microsoft partners with G42 to build a 5-gigawatt AI campus in the UAE using Nvidia GPUs, prompting security concerns. Lire la suite

AI Agents Are Going Rogue: Here's How to Rein Them In — Misapplication of human identity frameworks to AI agents creates potential for rapid catastrophic failures at machine speed. Lire la suite
AI Security Agents Get Persona Makeovers — New AI-powered security personas promise seamless integration into SOCs but require robust governance to ensure protection. Lire la suite

Ce résumé de sécurité a été généré automatiquement le 8 novembre 2025.

This summary was automatically generated on November 8, 2025.