Toute l'actualité de la Cybersécurité
Scammers Abuse WhatsApp Screen Sharing to Steal OTPs and Funds
2025-11-13 17:15:15
A fast-spreading threat, known as the screen-sharing scam, is using a simple feature on WhatsApp to steal money…
When Language Speaks Faster Than We Can Type: The Rise of Smart Speech-to-Text Tools
2025-11-13 17:10:27
If you pay attention to how people communicate now, it's pretty clear that talking has…
When Language Speaks Faster Than We Can Type: The Rise of Smart Speech-to-Text Tools on Latest Hacking News...
Best Six Test Data Management Tools
2025-11-13 16:53:54
Test data management (TDM) is the process of handling and preparing the data used for…
Best Six Test Data Management Tools on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration...
Orgs Move to SSO, Passkeys to Solve Bad Password Habits
2025-11-13 16:17:40
In 2025, employees are still using weak passwords. Instead of forcing an impossible change, security leaders are working around the problem.
Washington Post data breach impacts nearly 10K employees, contractors
2025-11-13 16:00:36
The Washington Post is notifying nearly 10,000 employees and contractors that some of their personal and financial data has been exposed in the Oracle data theft attack. [...]
Operation Endgame Hits Rhadamanthys, VenomRAT, Elysium Malware, seize 1025 servers
2025-11-13 15:58:46
Europol-led Operation Endgame seizes 1,025 servers and arrests a key suspect in Greece, disrupting three major global malware and hacking tools, including Rhadamanthys, VenomRAT and Elysium botnet.
MastaStealer Weaponizes Windows LNK Files, Executes PowerShell Command, and Evades Defender
2025-11-13 15:25:25
A newly documented malware campaign demonstrates how attackers are leveraging Windows LNK shortcuts to deliver the MastaStealer infostealer. The attack begins with spear-phishing emails containing ZIP...
A new round of Europol's Operation Endgame dismantled Rhadamanthys, Venom RAT, and Elysium botnet
2025-11-13 15:19:40
Europol's Operation Endgame dismantles Rhadamanthys, Venom RAT, and Elysium botnet in a global crackdown on cybercriminal infrastructures. Europol and Eurojust have launched a new phase of Operation...
Avec Cloud Unity, Commvault renforce la cyber-résilience des entreprises
2025-11-13 15:16:44
A l’occasion de son évènement Shift qui s’est déroulé à New York (du 11 au 12 novembre), Commvault a présenté (...)
Plusieurs failles affaiblissent les conteneurs Docker
2025-11-13 15:15:35
Aleska Sarai, ingénieur logiciel chez Suse et membre du conseil d’administration de l’OCI (open container initiative) a publié (...)
Kerberoasting in 2025: How to protect your service accounts
2025-11-13 15:02:12
Kerberoasting attacks let hackers steal service account passwords and escalate to domain admin, often without triggering alerts. Specops Software shares how auditing AD passwords, enforcing long unique...
Google Sues to Disrupt Chinese SMS Phishing Triad
2025-11-13 14:47:22
Google is suing more than two dozen unnamed individuals allegedly involved in peddling a popular China-based mobile phishing service that helps scammers impersonate hundreds of trusted brands, blast out...
USN-7862-3: Linux kernel (Xilinx ZynqMP) vulnerability
2025-11-13 14:47:04
Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered
that the Linux kernel contained insufficient branch predictor isolation
between a guest and a userspace hypervisor for certain...
1 million victims, 17,500 fake sites: Google takes on toll-fee scammers
2025-11-13 14:43:06
Google's suing Lighthouse, a Chinese Phishing-as-a-Service platform that uses Google's branding on scam sites to trick victims.
USN-7861-3: Linux kernel vulnerabilities
2025-11-13 14:33:19
Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered
that the Linux kernel contained insufficient branch predictor isolation
between a guest and a userspace hypervisor for certain...
Phishing Emails Alert: How Spam Filters Can Steal Your Email Logins in an Instant
2025-11-13 14:30:54
Cybercriminals have launched a sophisticated phishing campaign that exploits trust in internal security systems by spoofing email delivery notifications to appear as legitimate spam-filter alerts within...
Microsoft Teams New Premium Feature Blocks Screenshots and Recordings During Meeting
2025-11-13 14:27:42
Microsoft has launched a new security feature in Teams Premium called “Prevent screen capture,” designed to block screenshots and recordings during sensitive meetings, with general availability...
{ Tribune Expert } – Cloud computing : un choix technologique devenu un choix d'avenir
2025-11-13 14:19:32
Les DSI, les CTO et les CDO doivent être les garants du contrôle absolu des données au sein de l'entreprise, tant du point de vue budgétaire que de celui de la conformité.
The post { Tribune Expert...
A Quimper, Femmes & Numérique de retour pour encourager la mixité IT
2025-11-13 14:12:21
Les initiatives visant à féminiser le secteur informatique continuent à se développer en France. Parmi elles, Femmes (...)
Malicious npm Package with 206K Downloads Targeting GitHub Repositories to Steal Tokens
2025-11-13 14:10:45
On Friday, November 7th, Veracode Threat Research discovered a dangerous typosquatting campaign targeting developers using GitHub Actions. The malicious npm package “@acitons/artifact” had...
Coyote, Maverick Banking Trojans Run Rampant in Brazil
2025-11-13 14:00:00
South America's largest country is notorious for banking malware attacks; Maverick self-terminates if its targeted user is based outside Brazil.
How NASPO Helps U.S. State & Local Governments Battle Cybercrime
2025-11-13 13:59:32
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Nov. 13, 2025 – Read the full story from Smart Cities Dive According to Cybercrime Magazine, cybercrime...
Microsoft rolls out screen capture prevention for Teams users
2025-11-13 13:50:58
Microsoft is rolling out a new Teams feature for Premium customers that will automatically block screenshots and recordings during meetings. [...]
SmartApeSG Uses ClickFix to Deploy NetSupport RAT
2025-11-13 13:50:47
The SmartApeSG campaign, also known as ZPHP and HANEYMANEY, continues to evolve its infection tactics, pivoting to ClickFix-style attack vectors. Security researchers have documented the campaign’s...
NHS Investigating Oracle EBS Hack Following Cl0p Ransomware Group Claim
2025-11-13 13:49:44
The notorious Cl0p ransomware group has claimed responsibility for breaching the UK’s National Health Service (NHS), spotlighting vulnerabilities in Oracle’s E-Business Suite (EBS). The announcement,...
When Among Us Meets Academia: An OSINT Challenge That's Not Sus At All | v1t CTF OSINT Challenge
2025-11-13 13:39:32
Finding university acronyms in the most unexpected placesDifficulty: Beginner-Friendly | Category: OSINTHey again,I'm Chetan Chinchulkar (aka omnipresent), back with another challenge from the v1t CTF....
Privilege Escalation From Guest To Admin
2025-11-13 13:35:37
Privilege Escalation Guest user escalates To full project access after project visibility is switched to PublicHello HackersI'm Mohamed, also known as Mado, a dedicated Web Application Penetration...
CORS Vulnerability with Trusted Null Origin
2025-11-13 13:34:10
Discover how a simple CORS misconfiguration can leak sensitive data across origins.Continue reading on InfoSec Write-ups »
How I Cleared the CISSP and CISM in 6 Months — A Realistic Strategy That Actually Works
2025-11-13 13:34:03
The Opening: Why This MattersContinue reading on InfoSec Write-ups »
Threat Actors Use JSON Storage for Hosting and Delivering Malware via Trojanized Code
2025-11-13 13:32:55
A sophisticated campaign attributed to North Korean-aligned threat actors is weaponizing legitimate JSON storage services as an effective vector for deploying advanced malware to software developers worldwide....
CORS Vulnerability with Trusted Insecure Protocols
2025-11-13 13:27:49
Understanding how insecure CORS configurations can expose sensitive data across subdomains.Continue reading on InfoSec Write-ups »
Digital Forensics — Windows USB Artifacts [Insider Threat Case]
2025-11-13 13:27:47
Digital Forensics — Windows USB Artifacts [Insider Threat Case]Hey Digital Defenders! I notice this case on LinkedIn post and wanted to write about USB forensic artifacts, piecing together evidence...
How to Find P1 Bugs using Google in your Target — (Part-2)
2025-11-13 13:27:14
Earn rewards with this simple method.Continue reading on InfoSec Write-ups »
I Could Change Anyone's Email Preferences — Without Logging In
2025-11-13 13:20:57
I Could Change Anyone's Email Preferences — Without Logging In 😳How a single overlooked API made every user's inbox mine to control — and how a second endpoint let me confirm it instantly....
Hackers Infiltrate npm Registry with 43,000 Spam Packages, Linger for Nearly Two Years
2025-11-13 13:13:49
Security researcher Paul McCarty has uncovered a massive coordinated spam campaign targeting the npm ecosystem. The IndonesianFoods worm, comprising over 43,000 malicious packages published across at...
SAP Pushes Emergency Patch for 9.9 Rated CVE-2025-42887 After Full Takeover Risk
2025-11-13 13:10:24
CVE 2025 42887 vulnerability, rated 9.9, allows code injection through Solution Manager giving attackers full SAP control urgent patch needed to block system takeover.
OpenAI Sora 2 Vulnerability Allows Exposure of Hidden System Prompts from Audio Data
2025-11-13 13:07:33
Security researchers have successfully extracted the system prompt from OpenAI’s Sora 2 video generation model by exploiting cross-modal vulnerabilities, with audio transcription proving to be the...
Multiple GitLab Vulnerabilities Let Attackers Inject Malicious Prompts to Steal Sensitive Data
2025-11-13 13:04:17
GitLab has released urgent security patches addressing multiple vulnerabilities affecting both the Community Edition and the Enterprise Edition. The company released versions 18.5.2, 18.4.4, and 18.3.6...
Fake Chrome Extension “Safery” Steals Ethereum Wallet Seed Phrases Using Sui Blockchain
2025-11-13 13:04:00
Cybersecurity researchers have uncovered a malicious Chrome extension that poses as a legitimate Ethereum wallet but harbors functionality to exfiltrate users' seed phrases.
The name of the extension...
Popular Android-based photo frames download malware on boot
2025-11-13 13:00:00
Uhale Android-based digital picture frames come with multiple critical security vulnerabilities and some of them download and execute malware at boot time. [...]
Multiple Kibana Vulnerabilities Enables SSRF and XSS Attacks
2025-11-13 12:55:48
Elastic Security has disclosed critical vulnerabilities affecting Kibana that could enable attackers to execute Server-Side Request Forgery (SSRF) and Cross-Site Scripting (XSS) attacks against vulnerable...
Are you paying more than other people? NY cracks down on surveillance pricing
2025-11-13 12:51:37
New York is calling out data-driven pricing, where algorithms use your clicks, location and search history to tweak what you pay.
Microsoft Defender for O365 New Feature Allows Security Teams to Trigger Automated Investigations
2025-11-13 12:44:11
Microsoft has rolled out enhanced remediation capabilities in Defender for Office 365 (O365), enabling security teams to initiate automated investigations and other actions directly from the Advanced...
CISA Warns of Active Exploitation of Windows Kernel 0-Day Enabling Privilege Escalation
2025-11-13 12:31:34
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about the active exploitation of a new zero-day vulnerability in Microsoft Windows. This security flaw, tracked...
BreachLock and Vanta Bridge the Gap Between Continuous Security Testing and Compliance with New Integration
2025-11-13 05:35:51
New York, New York, 13th November 2025, CyberNewsWire
Palo Alto PAN-OS Firewall Vulnerability Let Attackers Reboot Firewall by Sending Malicious Packet
2025-11-13 12:14:48
Palo Alto Networks has disclosed a critical denial-of-service vulnerability in its PAN-OS firewall software that allows unauthenticated attackers to remotely reboot firewalls by sending specially crafted...
CISA warns feds to fully patch actively exploited Cisco flaws
2025-11-13 12:05:55
CISA warned federal agencies to fully patch two actively exploited vulnerabilities in Cisco Adaptive Security Appliances (ASA) and Firepower devices. [...]
Top 3 Malware Families in Q4: How to Keep Your SOC Ready
2025-11-13 12:05:34
Q3 showed sharp growth in malware activity as Lumma AgentTesla and Xworm drove access and data theft forcing SOC teams toward quicker behavior checks
Le PRA se réinvente à l'heure du Cloud et de l'automatisation
2025-11-13 12:01:43
Face à la multiplication des cybermenaces, le Plan de Reprise d'Activité (PRA) se transforme. Porté par le Cloud, l'automatisation et la cybersécurité, il devient un pilier essentiel de la résilience...
Google relance un Cameyo plus intégré à l'écosystème Chrome
2025-11-13 12:00:34
Google relance sa solution de virtualisation d'applications et axe sa communication sur l'intégration avec l'écosystème Chrome.
The post Google relance un Cameyo plus intégré à l’écosystème...
Lab 3#: Finding and exploiting an unused API endpoint | Api Testing
2025-11-13 11:44:15
PortSwigger LabH i my dear readers, API-based applications often have endpoints that are kept for development/testing use and then become “unused” or “forgotten”. These can lead to data leakage...
Reflected XSS in PUBG
2025-11-13 11:43:49
A single unsanitized parameter is all an attacker needsContinue reading on InfoSec Write-ups »
When Attacks Come Faster Than Patches: Why 2026 Will be the Year of Machine-Speed Security
2025-11-13 11:30:00
The Race for Every New CVE
Based on multiple 2025 industry reports: roughly 50 to 61 percent of newly disclosed vulnerabilities saw exploit code weaponized within 48 hours. Using the CISA Known Exploited...
U.S. CISA adds WatchGuard Firebox, Microsoft Windows, and Gladinet Triofox flaws to its Known Exploited Vulnerabilities catalog
2025-11-13 11:29:10
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds WatchGuard Firebox, Microsoft Windows, and Gladinet Triofox flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity...
Operation Endgame Dismantles Rhadamanthys, Venom RAT, and Elysium Botnet in Global Crackdown
2025-11-13 11:16:00
Malware families like Rhadamanthys Stealer, Venom RAT, and the Elysium botnet have been disrupted as part of a coordinated law enforcement operation led by Europol and Eurojust.
The activity, which is...
Police disrupts Rhadamanthys, VenomRAT, and Elysium malware operations
2025-11-13 10:53:39
Law enforcement authorities from 9 countries have taken down 1,025 servers used by the Rhadamanthys infolstealer, VenomRAT, and Elysium botnet malware operations in the latest phase of Operation Endgame,...
IA générative et cybersécurité offensive : quand les LLM tombent entre de mauvaises mains
2025-11-13 10:49:19
Les modèles de langage de grande taille (LLM, pour Large Language Models) comme ChatGPT, Claude ou encore Gemini, ont révolutionné l'accès à l'information et à l'assistance technique. Grâce...
English-Speaking Cybercriminal Ecosystem ‘The COM' Drives a Wide Spectrum of Cyberattacks
2025-11-13 10:45:57
The English-speaking cybercriminal ecosystem, commonly known as “The COM,” has transformed from a niche community of social media account traders into a sophisticated, organized operation...
Operation Endgame – 1,000+ Servers Used by Rhadamanthys, VenomRAT, and Elysium Dismantled
2025-11-13 10:42:10
Law enforcement agencies disrupted a vast network of cybercrime tools between November 10 and 14, 2025, coordinated from Europol’s headquarters in The Hague, Netherlands. Dubbed the latest phase...
Operation Endgame: Authorities Takedown 1,025 Servers Linked to Rhadamanthys, VenomRAT, and Elysium
2025-11-13 10:39:42
Between November 10 and 14, 2025, law enforcement agencies executed one of the most significant coordinated operations against cybercriminals in recent history. Operation Endgame, coordinated from Europol’s...
Operation Endgame 3.0 - 2,046,030 breached accounts
2025-11-13 10:23:12
Between 10 and 13 November 2025, the latest phase of Operation Endgame was coordinated from Europol's headquarters in The Hague. The actions targeted one of the biggest infostealer Rhadamanthys, the Remote...
We opened a fake invoice and fell down a retro XWorm-shaped wormhole
2025-11-13 10:15:22
In 2025, receiving a .vbs “invoice” is like finding a floppy disk in your mailbox. It's retro, suspicious, and definitely not something you should run.
ThreatsDay Bulletin: Cisco 0-Days, AI Bug Bounties, Crypto Heists, State-Linked Leaks and 20 More Stories
2025-11-13 10:10:00
Behind every click, there's a risk waiting to be tested. A simple ad, email, or link can now hide something dangerous. Hackers are getting smarter, using new tools to sneak past filters and turn trusted...
Kibana Vulnerabilities Expose Systems to SSRF and XSS Attacks
2025-11-13 10:04:51
Elastic has released a security advisory addressing an origin validation error in Kibana that could expose systems to Server-Side Request Forgery (SSRF) attacks. The vulnerability, tracked as CVE-2025-37734,...
CISA warns of WatchGuard firewall flaw exploited in attacks
2025-11-13 10:03:52
CISA has ordered federal agencies to patch an actively exploited vulnerability in WatchGuard Firebox firewalls, which allows attackers to gain remote code execution on compromised devices. [...]
ThreatBook Peer-Recognized as a Strong Performer In the 2025 Gartner Peer Insights
2025-11-13 09:46:38
ThreatBook has been recognized as a Strong Performer in the 2025 Gartner Peer Insights of the Customer for Network Detection and Response (NDR) This marks the third consecutive year that ThreatBook has...
Debian: Chromium Critical Exec Code Risk DSA-6055-1 CVE-2025-13042
2025-11-13 09:31:21
A security issue was discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.
EV2 Token Presale Launches as Funtico Targets Mainstream Gamers With ‘Earth Version 2'
2025-11-13 09:18:17
Funtico has opened the token presale for Earth Version 2 (EV2), the studio's forthcoming multiplayer sci-fi MMO. The sale offers early access to $EV2 – the token that drives the game's economy –...
Cisco lance deux certifications dédiées à l'IA
2025-11-13 09:16:54
L'acculturation de l'IA au sein des réseaux passe par le développement de formations et de certifications. Cisco vient d'en dévoiler (...)
Comment un ransomware s'est infiltré au CH Rueil-Malmaison
2025-11-13 09:00:42
En mars 2025, le centre hospitalier de Rueil-Malmaison était victime d'un ransomware. La réactivation d'un compte de test en est à l'origine.
The post Comment un ransomware s’est infiltré au...
Amazon alerts: advanced threat actor exploits Cisco ISE & Citrix NetScaler zero-days
2025-11-13 08:42:58
Amazon warns that an advanced threat actor exploited zero-days in Cisco ISE and Citrix NetScaler to deploy custom malware. Amazon’s threat intelligence researchers spotted an advanced threat actor...
CISA Flags Critical WatchGuard Fireware Flaw Exposing 54,000 Fireboxes to No-Login Attacks
2025-11-13 07:23:00
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting WatchGuard Fireware to its Known Exploited Vulnerabilities (KEV) catalog, based on...
The TechBeat: Copilots Are the New Shadow IT: The Hidden Risks That Come With Them (11/13/2025)
2025-11-13 07:10:56
How are you, hacker?
🪐Want to know what's trending right now?:
The Techbeat by HackerNoon has got you covered with fresh content from our trending stories of the day! Set email preference here.
...
Kenya Kicks Off 'Code Nation' With a Nod to Cybersecurity
2025-11-13 07:00:00
The African country aims to train 1 million workers in tech skills in the short term, with a focus on software engineering, cybersecurity, and data science.
Over 67,000 Fake npm Packages Flood Registry in Worm-Like Spam Attack
2025-11-13 04:58:00
Cybersecurity researchers are calling attention to a large-scale spam campaign that has flooded the npm registry with thousands of fake packages since early 2024 as part of a likely financially motivated...
Multiple Instance Learning: Review of Instance and Embedding Level Approaches
2025-11-13 02:51:19
This article presents a new approach to Multiple Instance Learning (MIL) MIVPG is a type of machine learning that uses multiple instances to learn. The study uses attention-based VPG and a bag-level embedding...
Why Crypto Could Outperform Stocks, Real Estate, and Gold in 2026
2025-11-13 02:46:10
Traditional assets like stocks, gold, and real estate offer slow, steady gains, while crypto continues to show rapid upside with past cycles delivering massive returns. With 2026 set for another major...
Could AI Create a New Layer in the OSI Model? The Rise of the “Intelligence Layer”
2025-11-13 02:43:00
Avici Raises .5 Million, Gives Back 90% of Capital via Futarchy Governance
2025-11-13 02:36:28
Avici secured .5M in funding while returning roughly 90% of committed capital to its community through a futarchy governance model. The fintech-crypto startup aims to build unified internet banking...
How Clause-Level Constraints Turn Training Choices Into Verifiable Policies for Generative Systems
2025-11-13 02:16:30
The image symbolizes how artificial intelligence systems translate neural computation into structured governance. Circuit lines represent data flow becoming formal clause patterns, mirroring the paper's...
VSYS Host Launches VSYS Name - an ICANN-Accredited Domain Registrar
2025-11-13 02:08:08
VSYS Host has launched VSYS Name, an ICANN-accredited domain registrar giving users full domain lifecycle control—registration, transfer, renewal, and DNS management—without intermediaries. With transparent...
Fedora 41: Critical Log Injection and DoS Risks in rubygem-rack 2.2.21
2025-11-13 01:23:33
Update to Rack 2.2.21
Fedora 42: Critical Audio Playback Issues in WebKitGTK Resolved Now
2025-11-13 01:10:51
Update to WebKitGTK 2.50.1: Improve text rendering performance. Fix audio playback broken on instagram. Fix rendering of layers with fractional transforms. Fix several crashes and rendering issues.
Fedora 42: rubygem-rack Critical Denial Of Service Fix 2025-eae2126736
2025-11-13 01:10:48
Update to Rack 2.2.21
Fedora 42: Skopeo Critical Security Issue CVE-2025-58189, CVE-2025-61725
2025-11-13 01:10:44
Security fix for CVE-2025-58189 and CVE-2025-61725
ThreatBook Peer-Recognized as a Strong Performer in the 2025 Gartner® Peer Insights™ Voice of the Customer for Network Detection and Response — for the Third Consecutive Year
2025-11-13 01:01:16
Singapore, Singapore, 13th November 2025, CyberNewsWire
Fedora 43: firefox 145.0 Important Update 2025-2d9e01e0fc
2025-11-13 00:51:49
Updated to latest upstream (145.0)
Vulnérabilité dans les produits Symfony (13 novembre 2025)
13/11/2025
Une vulnérabilité a été découverte dans les produits Symfony. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
Multiples vulnérabilités dans les produits Splunk (13 novembre 2025)
13/11/2025
De multiples vulnérabilités ont été découvertes dans les produits Splunk. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité et un problème de sécurité...
Multiples vulnérabilités dans Elastic Kibana (13 novembre 2025)
13/11/2025
De multiples vulnérabilités ont été découvertes dans Elastic Kibana. Elles permettent à un attaquant de provoquer une falsification de requêtes côté serveur (SSRF) et une injection de code indirecte...
Multiples vulnérabilités dans GitLab (13 novembre 2025)
13/11/2025
De multiples vulnérabilités ont été découvertes dans GitLab. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des...
Multiples vulnérabilités dans Drupal (13 novembre 2025)
13/11/2025
De multiples vulnérabilités ont été découvertes dans Drupal. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à...
Multiples vulnérabilités dans les produits Palo Alto Networks (13 novembre 2025)
13/11/2025
De multiples vulnérabilités ont été découvertes dans les produits Palo Alto Networks. Elles permettent à un attaquant de provoquer un déni de service à distance et un problème de sécurité non...
Multiples vulnérabilités dans les produits Siemens (13 novembre 2025)
13/11/2025
De multiples vulnérabilités ont été découvertes dans les produits Siemens. Elles permettent à un attaquant de provoquer une injection de requêtes illégitimes par rebond (CSRF) et un contournement...