Etat de la menace informatique sur les équipements mobiles

Actualités
Etat de la menace informatique sur les équipements mobiles anssiadm mer 26/11/2025 - 10:11 L’omniprésence, l’usage systématique des smartphones et la multiplication des fonctionnalités et données qu’ils traitent en font des cibles d’intérêt pour l’acquisition de renseignements d’origine cyber. Véritables indispensables du quotidien pour des millions de Français en raison des multiples fonctionnalités qu’ils proposent, les smartphones sont par conséquent des cibles de choix pour les cybercriminels. Afin de connaître les menaces et les risques qui accompagnent leur utilisation, l’ANSSI met à disposition son état de la menace sur les équipements mobiles et partage ses recommandations de sécurité pour y faire face. Une menace grandissante et complexe à traiter Depuis 3 ans, l’ANSSI intervient de façon croissante auprès d’individus dont les téléphones mobiles sont compromis à des fins d’espionnage. En…
Read More

ThreatsDay Bulletin: AI Malware, Voice Bot Flaws, Crypto Laundering, IoT Attacks — and 20 More Stories

Actualités
Hackers have been busy again this week. From fake voice calls and AI-powered malware to huge money-laundering busts and new scams, there’s a lot happening in the cyber world. Criminals are getting creative — using smart tricks to steal data, sound real, and hide in plain sight. But they’re not the only ones moving fast. Governments and security teams are fighting back, shutting down fake
Read More

Gainsight Expands Impacted Customer List Following Salesforce Security Alert

Actualités
Gainsight has disclosed that the recent suspicious activity targeting its applications has affected more customers than previously thought. The company said Salesforce initially provided a list of 3 impacted customers and that it has "expanded to a larger list" as of November 21, 2025. It did not reveal the exact number of customers who were impacted, but its CEO, Chuck Ganapathi, said "we
Read More

Meet Rey, the Admin of ‘Scattered Lapsus$ Hunters’ (Krebs on Security)

Actualités
A prolific cybercriminal group that calls itself “Scattered LAPSUS$ Hunters” has dominated headlines this year by regularly stealing data from and publicly mass extorting dozens of major corporations. But the tables seem to have turned somewhat for “Rey,” the moniker chosen by the technical operator and public face of the hacker group: Earlier this week, Rey confirmed his real life identity and agreed to an interview after KrebsOnSecurity tracked him down and contacted his father. Scattered LAPSUS$ Hunters (SLSH) is thought to be an amalgamation of three hacking groups — Scattered Spider, LAPSUS$ and ShinyHunters. Members of these gangs hail from many of the same chat channels on the Com, a mostly English-language cybercriminal community that operates across an ocean of Telegram and Discord servers. In May 2025, SLSH members…
Read More

Meet Rey, the Admin of ‘Scattered Lapsus$ Hunters’

Actualités
A prolific cybercriminal group that calls itself “Scattered LAPSUS$ Hunters” has dominated headlines this year by regularly stealing data from and publicly mass extorting dozens of major corporations. But the tables seem to have turned somewhat for “Rey,” the moniker chosen by the technical operator and public face of the hacker group: Earlier this week, Rey confirmed his real life identity and agreed to an interview after KrebsOnSecurity tracked him down and contacted his father. Scattered LAPSUS$ Hunters (SLSH) is thought to be an amalgamation of three hacking groups — Scattered Spider, LAPSUS$ and ShinyHunters. Members of these gangs hail from many of the same chat channels on the Com, a mostly English-language cybercriminal community that operates across an ocean of Telegram and Discord servers. In May 2025, SLSH members…
Read More

Shai-Hulud v2 Campaign Spreads From npm to Maven, Exposing Thousands of Secrets

Actualités
The second wave of the Shai-Hulud supply chain attack has spilled over to the Maven ecosystem after compromising more than 830 packages in the npm registry. The Socket Research Team said it identified a Maven Central package named org.mvnpm:posthog-node:4.18.1 that embeds the same two components associated with Sha1-Hulud: the "setup_bun.js" loader and the main payload "bun_environment.js." "
Read More

Qilin Ransomware Turns South Korean MSP Breach Into 28-Victim ‘Korean Leaks’ Data Heist

Actualités
South Korea's financial sector has been targeted by what has been described as a sophisticated supply chain attack that led to the deployment of Qilin ransomware. "This operation combined the capabilities of a major Ransomware-as-a-Service (RaaS) group, Qilin, with potential involvement from North Korean state-affiliated actors (Moonstone Sleet), leveraging Managed Service Provider (MSP)
Read More

When Your $2M Security Detection Fails: Can your SOC Save You?

Actualités
Enterprises today are expected to have at least 6-8 detection tools, as detection is considered a standard investment and the first line of defense. Yet security leaders struggle to justify dedicating resources further down the alert lifecycle to their superiors. As a result, most organizations' security investments are asymmetrical, robust detection tools paired with an under-resourced SOC,
Read More

Webinar: Learn to Spot Risks and Patch Safely with Community-Maintained Tools

Actualités
If you're using community tools like Chocolatey or Winget to keep systems updated, you're not alone. These platforms are fast, flexible, and easy to work with—making them favorites for IT teams. But there’s a catch... The very tools that make your job easier might also be the reason your systems are at risk. These tools are run by the community. That means anyone can add or update packages. Some
Read More

Chrome Extension Caught Injecting Hidden Solana Transfer Fees Into Raydium Swaps

Actualités
Cybersecurity researchers have discovered a new malicious extension on the Chrome Web Store that's capable of injecting a stealthy Solana transfer into a swap transaction and transferring the funds to an attacker-controlled cryptocurrency wallet. The extension, named Crypto Copilot, was first published by a user named "sjclark76" on May 7, 2024. The developer describes the browser add-on as
Read More