Toute l'actualité de la Cybersécurité


Metasploit Wrap Up: An HTTP to SMB relay plus Payload Improvements

2026-07-17 19:30:44
Metasploit Wrap Up HousekeepingWhile the Metasploit Framework will be continuing its weekly release cadence, bringing you dear reader our latest content, the Weekly Wrap Up is being shifted to a bi-weekly...

Lire la suite »

Seven Malicious Vite npm Packages Use Blockchain C2 to Deliver a RAT

2026-07-17 18:54:51
Cybersecurity researchers have discovered a cluster of seven malicious npm packages targeting the Vite frontend tooling ecosystem as part of a software supply chain attack. The malicious package campaign,...

Lire la suite »

OpenSSL “HollowByte” Vulnerability Lets Hackers Crash Servers With Just 11 Bytes

2026-07-17 18:21:11
A newly disclosed vulnerability in OpenSSL, dubbed “HollowByte,” allows a remote, unauthenticated attacker to trigger a denial-of-service (DoS) condition using a malicious payload as small...

Lire la suite »

CVE-2026-58644: Microsoft SharePoint Server Unauthenticated Remote Code Execution Vulnerability Exploited in the Wild

2026-07-17 18:18:53
OverviewOn July 14, 2026, Microsoft published a security advisory addressing CVE-2026-58644, a critical remote code execution (RCE) vulnerability affecting on-premises Microsoft SharePoint Server deployments....

Lire la suite »

HollowByte DDoS flaw bloats OpenSSL server memory with 11-byte payload

2026-07-17 17:56:21
A vulnerability dubbed HollowByte allows unauthenticated attackers to trigger a denial-of-service (DoS) condition on OpenSSL servers with a malicious payload of just 11 bytes. [...]

Lire la suite »

Ransomware Attack on Coca-Cola-Owned Fairlife Halts Production Across the United States

2026-07-17 17:53:52
Coca-Cola has reported a ransomware attack affecting its dairy subsidiary, Fairlife, resulting in a temporary shutdown of production operations across the United States. This incident was disclosed in...

Lire la suite »

A cyberattack hit Nichirei, one of Japan's largest food companies

2026-07-17 17:52:06
A cyberattack hit one of Japan’s largest food companies, Nichirei, disrupting logistics and shipments. The company is gradually restoring operations. Nichirei is one of Japan’s largest food...

Lire la suite »

EY Data Breach – Hackers Gain Access to IT Support System and Download Documents

2026-07-17 17:28:40
Ernst & Young LLP (EY) is notifying clients that an unauthorized third party breached a support ticket platform used by its IT staff, downloading documents containing client tax data during a roughly...

Lire la suite »

New NadMesh Botnet Hunts Exposed AI Services for Cloud Keys and Kubernetes Tokens

2026-07-17 17:12:23
A Go botnet called NadMesh turned up in early July hunting exposed AI services, and the operator's own dashboard claims 3,811 unique AWS keys. A Shodan harvester keeps the scan queue stocked with ComfyUI,...

Lire la suite »

PentestCode – New AI Agent That Automates Penetration Testing with 18 Specialized Tools

2026-07-17 17:00:08
A new open-source tool is bringing autonomous AI agents into offensive security workflows. PentestCode, a hard fork of OpenCode rebuilt specifically for penetration testing, runs security tools, analyzes...

Lire la suite »

Oracle Linux 10 Cockpit Image Builder Important Update ELSA-2026-24331

2026-07-17 16:56:41
The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:

Lire la suite »

Oracle Linux 10 ELSA-2026-22715 expat Important Denial of Service

2026-07-17 16:56:33
The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:

Lire la suite »

Oracle Linux 10 libexif Moderate Integer Underflow Vuln ELSA-2026-22529

2026-07-17 16:56:31
The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:

Lire la suite »

Oracle Linux 10 go-fdo-client Moderate Security Notice ELSA-2026-22141

2026-07-17 16:56:30
The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:

Lire la suite »

Oracle Linux 10 cockpit Important Update Remote Code Exec ELSA-2026-21676

2026-07-17 16:56:26
The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:

Lire la suite »

Oracle Wireshark Important Fixes for Buffer Overflow ELSA-2026-20600

2026-07-17 16:56:25
The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:

Lire la suite »

Oracle Linux 10 dnsmasq Denial of Service Advisories ELSA-2026-19158

2026-07-17 16:56:20
The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:

Lire la suite »

Oracle Linux 10 jq Important Denial of Service Fix ELSA-2026-19151

2026-07-17 16:56:18
The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:

Lire la suite »

Oracle Linux 10 ELSA-2026-19150 libtiff Important Signed Integer Overflow

2026-07-17 16:56:16
The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:

Lire la suite »

Oracle Linux 10 glib2 Moderate Security Fix ELSA-2026-19148

2026-07-17 16:56:13
The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:

Lire la suite »

Oracle Linux 10 krb5 Major Security Patch ELSA-2026-19145

2026-07-17 16:56:11
The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:

Lire la suite »

Oracle Linux 10 PackageKit Important Update ELSA-2026-19141 CVE-2026-41651

2026-07-17 16:56:08
The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:

Lire la suite »

The Real AI Threat Is Blind Trust

2026-07-17 16:43:13
AI models left to both interpret and execute commands eliminate critical cybersecurity oversight.

Lire la suite »

GoldenEyeDog Subgroup Linked to DigiCert Breach and Code-Signing Certificate Theft

2026-07-17 16:39:16
Cybersecurity researchers have attributed the April 2026 DigiCert security incident to a threat activity cluster dubbed CylindricalCanine. Expel, which shared technical details of the event, described...

Lire la suite »

Royaume-Uni : couvre-feu numérique pour les adolescents

2026-07-17 16:07:09
Londres prépare un couvre-feu numérique et renforce le contrôle d'âge pour protéger les adolescents en ligne.

Lire la suite »

Microsoft at Black Hat USA 2026: Defending trust in the age of AI and supply chain attacks

2026-07-17 16:00:00
Join Microsoft Security at Black Hat USA 2026 for supply chain research, hands-on security experiences, expert conversations, and our reception. The post Microsoft at Black Hat USA 2026: Defending trust...

Lire la suite »

NEBBIA visée par une fuite de données clients

2026-07-17 15:49:47
Un pro du fitness et de la musculation touché par une fuite pirate de 318 002 documents clients.

Lire la suite »

Qui est Moonshot AI, l'éditeur de Kimi ?

2026-07-17 15:32:47
Avec le lancement fracassant de Kimi K3, Moonshot AI agite la planète IA. Retour sur l'origine de cette pépite pékinoise qui veut jouer dans "la cour des grands". The post Qui est Moonshot AI, l’éditeur...

Lire la suite »

NoName057(16) revendique un piège contre Madame X

2026-07-17 15:16:58
Des pirates affirment avoir piégé une journaliste dans une opération mêlant infiltration, cybermenace et propagande.

Lire la suite »

Editors Remember the Writers Who Make Publishing Easier

2026-07-17 15:00:46
Good writing gets noticed. Professionalism gets remembered.

Lire la suite »

Stop Letting Your AI Agents Call Each Other Directly

2026-07-17 15:00:03
Wiring AI agents as direct synchronous calls rebuilds the distributed monolith. Put an event log between them and buy durability, replay, and audit for free.

Lire la suite »

Ernst & Young discloses data breach after support system hack

2026-07-17 14:55:28
Ernst & Young is notifying customers of a data breach caused by the compromise of a third-party support ticket system used by its IT personnel. [...]

Lire la suite »

Des pirates prorusses ciblent encore la France en ligne

2026-07-17 14:43:47
Pirates prorusses : caméras exposées et DDoS contre la France servent une stratégie de propagande numérique.

Lire la suite »

The TechBeat: The 10 Best AI Tools for SOC 2 Compliance in 2026 (7/17/2026)

2026-07-17 14:01:30
7/17/2026: Trending stories on Hackernoon today!

Lire la suite »

76 Blog Posts To Learn About Cli

2026-07-17 14:00:41
Learn everything you need to know about Cli via these 76 free HackerNoon blog posts.

Lire la suite »

Inside the Search for "Clean" Residential Proxies for Carding

2026-07-17 14:00:10
Residential proxies are no longer the silver bullet they once were for carding. Flare explains why cybercriminals increasingly seek "clean" residential proxies and combine them with browser fingerprints,...

Lire la suite »

“TTF Trap” Phishing Emails Use Fake Font Files to Deliver Windows Malware

2026-07-17 13:51:42
An email that appears to contain a shipping document, payment request, or business proposal can infect a Windows…

Lire la suite »

Fake Coding Tests Deliver OtterCookie-Aligned Malware Hidden in SVG Flag Images

2026-07-17 13:48:56
North Korean threat actors linked to the Contagious Interview campaign have been observed employing steganography in SVG image files to conceal malicious payloads as part of a campaign using fake job...

Lire la suite »

New Starland RAT Steals Browser Credentials and Scans for Over 40 Crypto Wallets

2026-07-17 13:40:48
A financially motivated, Russian-speaking threat actor tracked as UAT-11795, orchestrating a large-scale campaign since at least June 2025. A sophisticated Python-based remote access trojan dubbed “Starland...

Lire la suite »

Broadcom vs CISPE : beaucoup de recours, peu d'effets

2026-07-17 13:32:17
En deux ans et demi de bataille contre Broadcom, l'association CISPE a multiplié les voies de recours, pour l'heure sans grand effet. The post Broadcom vs CISPE : beaucoup de recours, peu d’effets...

Lire la suite »

New Windows LegacyHive 0-Day Vulnerability Allows Hackers to Gain Admin Access

2026-07-17 13:26:21
A Windows zero-day vulnerability, dubbed LegacyHive (MSNightmare), abuses the User Profile Service to enable local privilege escalation, tampering with administrator accounts, and admin-level code execution....

Lire la suite »

Hackers Hide Lua Loaders in Fake TTF Files to Deploy Remcos, XWorm, and Agent Tesla

2026-07-17 13:22:58
Hackers are increasingly abusing trusted file formats and lightweight scripting environments to evade detection, with a newly observed campaign leveraging Lua-based loaders. Disguised as TrueType (.ttf)...

Lire la suite »

Croqvacances : 72 916 personnes exposées ?

2026-07-17 13:18:06
Un pirate aurait exposé plus de 70 000 données personnelles aprés l'exfiltration d'informations volées à Croqvacances.

Lire la suite »

Gold Eagle Clearinghouse Targets Security Gap, but How Is Unclear

2026-07-17 13:00:00
The White House launched Gold Eagle to coordinate vulnerability response in a new AI world, but multiple questions linger over how it's being implemented.

Lire la suite »

LegacyHive Windows Zero-Day Lets Attackers Hijack Administrator Registry Hives

2026-07-17 12:36:05
A newly disclosed Windows local privilege-escalation vulnerability, dubbed LegacyHive, could allow a standard user to load and modify the per-user registry classes hive of an administrator account. The...

Lire la suite »

Shark vacuum flaw exposes cameras, home maps and Wi-Fi passwords

2026-07-17 12:29:56
One compromised Shark robot vacuum could unlock remote access to many others.

Lire la suite »

Hackers Breached an IIS Server and Deployed Ransomware Across the Network the Next Day

2026-07-17 12:28:40
Hackers leveraged a compromised Microsoft IIS server to gain initial access and deploy a previously unseen ransomware payload across an enterprise network within 24 hours, highlighting a highly coordinated...

Lire la suite »

Sophos Fusion: A Complete AI-Native Cyber Defense System

2026-07-17 12:23:50
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jul. 17, 2026 – Read the full story from Sophos With around 359 million businesses in the world, fewer than 35,000...

Lire la suite »

AWS Billing Bug Displays Trillion-Dollar Cost Estimates to Cloud Customers

2026-07-17 12:19:00
Amazon Web Services (AWS) is currently investigating a significant billing issue affecting its Cost Explorer tool. This problem caused some cloud customers to see alarmingly inflated cost estimates, with...

Lire la suite »

Google Bets 'Agentic Defense' Strategy Can Outpace Attackers

2026-07-17 11:50:25
Google Cloud incorporates key Wiz capabilities into an agentic defense platform to automate threat detection and remediation against AI attacks.

Lire la suite »

E.U. Orders Google to Open Android Mic, Camera and Screen to Rival AI Assistants

2026-07-17 11:44:41
The European Commission on Thursday ordered Google to give rival AI assistants the same reach into Android that Gemini already has: the camera, the microphone, whatever is on screen, a wake word that...

Lire la suite »

Meta débauche un poids lourd d'AWS pour préparer son entrée dans le cloud

2026-07-17 11:37:30
Meta vient de mettre la main sur l'un des cadres les plus expérimentés d'Amazon Web Services. Une prise de guerre qui confirme qu'elle lorgne désormais le marché du cloud. The post Meta débauche...

Lire la suite »

The Race to Field Military Autonomy Is On, Can Trusted Information Infrastructure Keep Pace?

2026-07-17 11:30:00
Military forces are under increasing pressure to field autonomous capabilities faster than ever before. Across the U.S., UK, and NATO, new investment, evolving defense strategies, and accelerated acquisition...

Lire la suite »

Casper Bet on Compliance First Blockchain Before the RWA Wave. Now the Adoption Wave Is Here

2026-07-17 11:29:01
As tokenized real-world assets cross B, most run on general-purpose chains. Casper is betting compliance-first Layer 1 infrastructure is what the next phase.

Lire la suite »

New Windows LegacyHive zero-day gives hackers admin privileges

2026-07-17 11:05:30
A security researcher using the "Nightmare Eclipse" handle has released a Windows zero-day exploit dubbed LegacyHive that allows attackers to escalate privileges on up-to-date Windows systems. [...]

Lire la suite »

New NadMesh Botnet Uses 20+ RCE Vectors to Hijack AI and MCP Infrastructure

2026-07-17 10:55:58
NadMesh is a new, industrial‑grade Go‑based botnet that weaponizes more than 20 RCE vectors to hijack AI and MCP infrastructure at scale, combining autonomous scanning, exploit delivery, and credential...

Lire la suite »

Armenia Detains Russian Tourist on U.S. Warrant for REvil Hacker, Lawyers Say Wrong Man

2026-07-17 10:53:31
Armenia has held a Russian tourist named Aleksandr Ermakov in a detention center since June 28, on a U.S. extradition request for a REvil ransomware suspect named Aleksandr Ermakov. His wife, Maria Yurova,...

Lire la suite »

How to use GitHub safely

2026-07-17 10:43:29
Knowing how to spot a malicious GitHub repository can help you avoid downloading malware disguised as legitimate software.

Lire la suite »

16 millions de CV exposés en ligne

2026-07-17 10:27:57
Une annonce pirate revendique 16 millions de CV, avec coordonnées, adresses et historiques professionnels.

Lire la suite »

AWS Cost Explorer Bug Shows Trillion-Dollar Billing Estimates

2026-07-17 10:15:35
AWS customers worldwide were startled after the AWS Billing and Cost Management Console and Cost Explorer began displaying extraordinarily high projected cloud costs. Some organizations reported estimated...

Lire la suite »

USN-8490-2: Linux kernel (Real-time) vulnerabilities

2026-07-17 10:10:48
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; ...

Lire la suite »

USN-8490-1: Linux kernel vulnerabilities

2026-07-17 10:07:42
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; ...

Lire la suite »

Three Steps to the Terminal: A Siemens ROX II Zero-Day Trilogy

2026-07-17 10:00:24
A technical analysis of three chained zero-day vulnerabilities in Siemens ROX II OT switches that allow privilege escalation and persistent root access. The post Three Steps to the Terminal: A Siemens...

Lire la suite »

TP-Link Kasa Camera Flaws Let Attackers Steal Admin Credentials and Geolocation Data

2026-07-17 09:48:17
TP-Link has revealed several serious vulnerabilities affecting its Kasa EC70 and EC71 smart camera models, which could expose users to credential theft and geolocation data leakage. These vulnerabilities...

Lire la suite »

Datacenters : le moratoire édulcoré de l'État de New York

2026-07-17 09:44:34
Début juin, le Parlement de l'État de New York votait un moratoire d'un an sur les datacenters. L'exécutif en a promulgué une version « allégée ». The post Datacenters : le moratoire édulcoré...

Lire la suite »

CISOs say boardrooms still don't grasp the human cyber risk AI is supercharging

2026-07-17 09:43:40
More than three-quarters of European CISOs believe their C-suite doesn’t fully understand the cyber risk posed by their own employees, a gap that’s widening just as AI makes attacks on human...

Lire la suite »

New ClickLock macOS Stealer Kills Every App to Force Password Entry

2026-07-17 09:31:43
A newly discovered macOS malware dubbed ClickLock is raising alarms in the cybersecurity community for its aggressive and deceptive credential-harvesting techniques. According to researchers at Group-IB,...

Lire la suite »

Joomla SP Page Builder RCE

2026-07-17 09:21:09
What is the Vulnerability? FortiGuard telemetry shows continued exploitation attempts targeting vulnerable Joomla SP Page Builder installations. CVE-2026-48908...

Lire la suite »

CISA Warns of Two Fortinet FortiSandbox Flaws Exploited to Execute Commands

2026-07-17 09:19:00
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two critical vulnerabilities in Fortinet FortiSandbox to its Known Exploited Vulnerabilities (KEV) catalog. These flaws are actively...

Lire la suite »

Windows Server 2022 reach end of mainstream support in 90 days

2026-07-17 09:10:15
Microsoft announced that Windows Server 2022 will reach the mainstream end date in October 2026, but will switch to extended support and continue receiving security updates for five more years. [...]

Lire la suite »

New Russian Campaign Uses Fake Webex and Zoom Installers to Deploy Starland RAT

2026-07-17 09:08:54
Russian-speaking UAT-11795 spreads trojanized Zoom, Webex, and MobaXterm installers to deliver Starland RAT and the WLDR memory-only implant. Cisco Talos researchers published a detailed technical report...

Lire la suite »

Hackers Use Paste-and-Run Commands to Deploy ClickLock Stealer Against Mac Users

2026-07-17 09:03:01
Hackers are actively targeting macOS users with a newly identified infostealer dubbed “ClickLock Stealer,” leveraging paste-and-run social engineering techniques to bypass Apple's native security...

Lire la suite »

ACR Stealer Uses ClickFix Lures to Steal Browser Tokens and Microsoft 365 Files

2026-07-17 08:56:39
ACR Stealer, an infostealer in circulation since 2024, is walking out of enterprise networks with saved browser passwords, live session tokens, PDFs, Microsoft 365 documents, and files from synced OneDrive...

Lire la suite »

CISA Warns of Microsoft SharePoint Code Execution Vulnerability Exploited in Attacks

2026-07-17 08:47:16
CISA has added a critical Microsoft SharePoint vulnerability, tracked as CVE-2026-58644, to its Known Exploited Vulnerabilities (KEV) catalog. This addition comes with a warning that attackers are actively...

Lire la suite »

New GoSerpent Malware Targets Southeast Asian Governments and Diplomats for Espionage

2026-07-17 08:46:45
Cybersecurity researchers have discovered a previously undocumented malware called GoSerpent that has been put to use in cyber attacks targeting entities in Southeast Asia since late 2025 with a focus...

Lire la suite »

Top 10 Best Identity Threat Detection and Response (ITDR) Solutions in 2026

2026-07-17 08:45:50
Identity has become the primary battleground of enterprise cybersecurity. Attackers increasingly bypass traditional defenses by stealing credentials, hijacking sessions, abusing privileged accounts, and...

Lire la suite »

Inside the Mind of a Commerce Architect: Indrajit Sen on Technology Overhaul and Retail Leadership

2026-07-17 08:30:45
Discover how IBM's Indrajit Sen approaches retail platform modernization, AI governance, cloud architecture, and global engineering leadership.

Lire la suite »

US charges two over laundering million from investment fraud

2026-07-17 08:13:37
U.S. prosecutors on Thursday charged a New York man and woman for their roles in a large-scale crime ring that laundered money stolen in cyber investment fraud scams. [...]

Lire la suite »

U.S. CISA adds KNX Association KNX Protocol Connection Authorization Option 1 and Oracle flaws to its Known Exploited Vulnerabilities catalog

2026-07-17 08:13:15
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds KNX Association KNX Protocol Connection Authorization Option 1 and Oracle flaws to its Known Exploited Vulnerabilities catalog. The U.S....

Lire la suite »

Multiple TP-Link Cameras Vulnerability Allows Hackers to Launch MitM Attacks

2026-07-17 07:59:31
TP-Link has released security updates for two vulnerabilities in its Kasa EC70 v4 and EC71 v4 smart cameras. These flaws, tracked as CVE-2026-9770 and CVE-2026-13230, could allow an attacker on the same...

Lire la suite »

GPT-5.6 Codex Reportedly Wipes Files From Home Directories

2026-07-17 07:42:20
Recent reports indicate that GPT-5.6 Codex has unintentionally deleted files in users’ home directories under certain configurations, raising concerns about the risks of running advanced AI coding...

Lire la suite »

Arnaques par SMS : les États-Unis saisissent 30 000 cartes SIM dans des fermes criminelles

2026-07-17 07:33:26
Plus de 30 000 cartes SIM, utilisées par des criminels pour lancer des campagnes massives d'arnaques par SMS, ont été saisies par les services secrets américains. Lors d'une opération d'envergure,...

Lire la suite »

Zero Credentials, Full Access: Inside a Complete Authorization Failure

2026-07-17 07:19:36
Bounty Case Files #01How multiple trust-boundary failures allowed anonymous access to premium functionality in a production APIBy Ahmed Waleed | Bug Bounty HunterTL;DRWhile assessing a public enterprise...

Lire la suite »

How I Found a Cross-Student IDOR in Academy LMS That Leaked Correct Quiz Answers

2026-07-17 07:19:31
Author: Shikhali Jamalzade GitHub: alisalive LinkedIn: camalzads Type: Independent Security Research | WordPress Plugin CVE ResearchThis is a write-up of a vulnerability I independently discovered in...

Lire la suite »

Confused Deputy: Google IdP Universal Account Takeover via Device Code Flow Hijacking

2026-07-17 07:19:02
TL;DRThis one started from setting up the YouTube app on my PS5. The device authorization grant (RFC 8628) it uses, the flow TVs, consoles, and CLIs rely on when they don't have a browser of their own,...

Lire la suite »

SAR 2,629 For Stored XSS via svg Image Leading to ATO

2026-07-17 07:18:36
REPORT BOUNTYHacking via Pictures: Stored XSS via SVG Leading to Account TakeoverHello everyone! 👋In this write-up, I want to share an interesting finding: a Stored Cross-Site Scripting (XSS) vulnerability...

Lire la suite »

Lab 3 : Source code disclosure via backup files

2026-07-17 07:05:38
Lab ObjectiveThe goal of this lab is to locate leaked backup files and extract a hard-coded database password from the disclosed source code.Step-by-Step Solution1. Check robots.txt for hidden pathsrobots.txt...

Lire la suite »

The IDOR That Was Worth More Than a ,500 P1

2026-07-17 07:04:55
Impact is what an attacker can do, not what your PoC screenshot shows. A field guide to the most under-rated bug class in bug bounty.Continue reading on InfoSec Write-ups »

Lire la suite »

How I Detected an Insider Threat in Splunk When Every Single Action Looked Legitimate

2026-07-17 07:04:43
No broken password. No exploit. No firewall alert. Just an employee using access they were supposed to have — to take data they weren't. Here's how I caught it with a three-stage correlation...

Lire la suite »

Lab 2 : Information Disclosure on a Debug Page

2026-07-17 07:04:03
The VulnerabilityDebug pages are a common byproduct of development. Tools like phpinfo() are incredibly useful while building and troubleshooting an application, since they dump detailed information about...

Lire la suite »

CISA urges immediate action on actively exploited Fortinet flaws

2026-07-17 07:03:33
CISA on Thursday ordered government agencies to prioritize patching two actively exploited vulnerabilities in the Fortinet FortiSandbox threat detection platform. [...]

Lire la suite »

TryHackMe — Linux Agency | Complete Write-Up & Walkthrough

2026-07-17 06:50:44
“Agent 47, your mission begins. 30 targets stand between you and the root.”Author: Shikhali JamalzadeGitHub: github.com/alisaliveLinkedIn: linkedin.com/in/camalzads📋 Room OverviewPlatform TryHackMe...

Lire la suite »

Host & Network Penetration Testing: Exploitation CTF 3 — eJPT (INE)

2026-07-17 06:50:03
A walkthrough covering ProFTPD mod_copy exploitation, local service banner grabbing, SMB brute-force with webshell upload, and SUID binary privilege escalation to capture all four flags.Hello everyone!In...

Lire la suite »

CISA Adds Exploited SharePoint RCE Zero-Day CVE-2026-58644 to KEV

2026-07-17 06:42:23
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a newly patched security flaw impacting Microsoft SharePoint Server to its Known Exploited Vulnerabilities (KEV) catalog,...

Lire la suite »

The AI Layoff Story Was Always a Sales Pitch

2026-07-17 06:15:11
The same people who sold you the fear are now selling you the relief. The story follows their money. Here's how to read it, whichever way it swings....

Lire la suite »

Your Git Mirror Is a Recovery Tool Only If You Test the Failure Path

2026-07-17 05:50:43
A practical look at Git mirrors, second remotes, LFS checks, CI recovery, and why backup policies need restore tests.

Lire la suite »

8 Psychology Principles Behind Amazon, Costco, and Trader Joe's Biggest Wins

2026-07-17 05:49:28
Anchoring, loss aversion, social proof, and five more psychology principles behind Amazon, Costco, and Trader Joe's biggest conversion wins.

Lire la suite »

Platform Engineering for AI Teams: The Missing Layer That Makes AI Actually Work in Your Org

2026-07-17 05:42:05
Every AI team is rebuilding the same thing from scratch. Platform engineering fixes that. Here's the complete guide, with real code your org can use today.

Lire la suite »

The Next Big Social Media Platform Won't Look Like the Current Ones

2026-07-17 05:40:03
A year of conversations with people reveals the same frustrations with algorithmic feeds, misinformation, and lost privacy.

Lire la suite »

I Built 80+ Browser Tools. Here Are 9 Engineering Lessons I Learned the Hard Way

2026-07-17 05:39:15
Nine engineering lessons from building 80+ browser utilities, covering memory, file validation, concurrency, dependencies, errors, and performance.

Lire la suite »

List of 55 new domains

2026-07-17 00:00:00
.fr 1win-promo[.fr] (registrar: Hosting Concepts B.V. d/b/a Openprovider) activation-recharge[.fr] (registrar: Hostinger operations UAB) agricole-secure[.fr] (registrar: Dynadot Inc) authagri-securtypaimn[.fr]...

Lire la suite »

Multiples vulnérabilités dans Microsoft Windows (17 juillet 2026)

17/07/2026
De multiples vulnérabilités ont été découvertes dans Microsoft Windows. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation...

Lire la suite »

Multiples vulnérabilités dans les produits Microsoft (17 juillet 2026)

17/07/2026
De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et un contournement de...

Lire la suite »

Multiples vulnérabilités dans Google Chrome (17 juillet 2026)

17/07/2026
De multiples vulnérabilités ont été découvertes dans Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Lire la suite »

Multiples vulnérabilités dans le noyau Linux d'Ubuntu (17 juillet 2026)

17/07/2026
De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, un déni de service à...

Lire la suite »

Multiples vulnérabilités dans le noyau Linux de Red Hat (17 juillet 2026)

17/07/2026
De multiples vulnérabilités ont été découvertes dans le noyau Linux de Red Hat. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation...

Lire la suite »

Multiples vulnérabilités dans le noyau Linux de SUSE (17 juillet 2026)

17/07/2026
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, un déni de service à...

Lire la suite »

Multiples vulnérabilités dans les produits IBM (17 juillet 2026)

17/07/2026
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation...

Lire la suite »