Toute l'actualité de la Cybersécurité
L'Etat sonde l'écosystème IT sur sa stratégie cloud
2026-05-28 16:34:36
Il est peu de dire que la stratégie cloud nationale est née au forceps. Annoncée en 2021 après deux ans de travaux par Amélie (...)
Les modèles IA bien plus vulnérables aux attaques itératives qu'escompté
2026-05-28 16:05:44
Selon une étude de Cisco, les modèles de pointe d'OpenAI, d'Anthropic, de Google, de xAI et d'Amazon présentent des profils de risque (...)
Apple partage le code source de son chiffrement post-quantique
2026-05-28 15:58:33
L'univers de la technologie prend rapidement conscience de la menace que représentent les futurs systèmes quantiques pour la sécurité (...)
Hackers Deploy VIP Keylogger Through Phishing Emails Masquerading as Business Documents
2026-05-28 15:26:14
Hackers are using deceptive phishing emails dressed up as routine business documents to spread a dangerous malware strain known as VIP Keylogger. The campaign has been active for months, with attackers...
ClearFake Uses BSC Testnet Smart Contracts for Takedown-Resistant Command and Control
2026-05-28 15:23:22
A new and dangerously clever malware campaign called ClearFake has been caught using blockchain smart contracts to run its operations, making it nearly impossible for security teams to shut it down. Instead...
New Linux CIFSwitch Kernel Vulnerability Allows Attackers to Gain Root Access
2026-05-28 15:18:34
A newly disclosed Linux local privilege escalation (LPE) vulnerability dubbed “CIFSwitch” enables low-privileged users to gain root access by abusing a logic flaw between the Linux kernel...
Inefficaces, les outils collaboratifs font exploser le shadow IA
2026-05-28 15:09:06
Abondance d'e-mail, outils collaboratifs en surnombre, connexions défectueuses… Si la communication est vue comme un pilier stratégique (...)
Malicious Websites Track Visitors by Analyzing their SSD Timing Activity
2026-05-28 15:07:24
Malicious websites can track visitors by measuring tiny changes in SSD access times, turning normal browser activity into a privacy leak. Researchers showed that a JavaScript attack can use the browser's...
New Zapocalypse Attack Chain Enables Full Zapier Account Takeover
2026-05-28 14:57:22
A newly disclosed exploit chain dubbed Zapocalypse shows how a low-privilege code-execution feature inside Zapier could have been chained into a supply-chain path with platform-wide account takeover impact....
Inside a 176-Package npm Campaign Built to Beat Your Internal Dependencies
2026-05-28 14:49:37
The latest malware campaign uncovered by Sonatype researchers involved 176 malicious npm packages, many published with the exact same version number: 99.99.99.
Project Lightwell : IBM et Red Hat investissent 5 milliards $ pour sécuriser la supply chain logicielle
2026-05-28 14:34:02
IBM et Red Hat investissent 5 milliards $ dans le « Project Lightwell », une initiative associant 20 000 ingénieurs. Objectif : sécuriser les chaînes d'approvisionnement logicielles à l'ère...
New Gogs zero-day flaw lets hackers get remote code execution
2026-05-28 14:25:43
An unpatched zero-day vulnerability in the Gogs self-hosted Git service can allow attackers to gain remote code execution (RCE) on Internet-facing instances. [...]
Internet veut vérifier votre âge : le piège invisible qui aspire vos données personnelles
2026-05-28 14:01:57
Les systèmes de vérification de l'âge, destinés à bloquer l'accès des mineurs aux réseaux sociaux, présentent de sérieuses failles de confidentialité. Une étude américaine révèle que...
How SIEM helps MSPs reduce noise and stop threats faster
2026-05-28 14:01:11
MSPs don't lack security data. They struggle to separate real threats from alert noise. Kaseya explains how SIEM helps MSPs improve visibility, reduce fatigue, and respond faster. [...]
Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account Removal
2026-05-28 13:53:52
Microsoft has come out strongly in favor of Coordinated Vulnerability Disclosure (CVD), urging the research community to share their findings and give affected vendors an opportunity to better understand...
Check Point Launches AI Agents That Think Like Attackers as Autonomous Exploitation Reaches Critical Threat Level
2026-05-28 13:50:55
Check Point Software has launched Agentic Exposure Validation (AEV), a new AI-driven capability within its Exposure Management platform that uses autonomous agents to reason like attackers and provide...
ThreatsDay Bulletin: Claude Security Plugin, Azure Priv-Esc, Kali365 MFA Bypass, FIFA Scams +15 More
2026-05-28 13:33:16
Every time you think the industry has finally stopped doing some reckless, low-effort crap, somebody spins up a fresh box full of sketchy loaders, fake installers, recycled social-engineering bait, and...
USN-8336-1: PHP vulnerabilities
2026-05-28 13:31:37
Aleksey Solovev and Nikita Sveshnikov discovered that PHP improperly
handled NUL bytes when preparing SQL queries in the PDO Firebird driver. An
attacker could possibly use this issue to perform SQL injection...
U.S. CISA adds Daemon Tools, TanStack, and Nx Console flaws to its Known Exploited Vulnerabilities catalog
2026-05-28 13:14:54
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Daemon Tools, TanStack, and Nx Console flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure...
Experts on Experts: Why Compliance is becoming Continuous
2026-05-28 13:00:00
This week on Experts on Experts, I'm joined by Sergio Alonso – Rapid7's Director of Trust, Risk, and Compliance – to talk about how compliance is changing and why many security teams are rethinking...
USN-8335-1: pyOpenSSL vulnerability
2026-05-28 12:47:22
It was discovered that pyOpenSSL incorrectly handled exceptions in the
tlsext_servername callback. This could result in connections being accepted
after an exception, contrary to expectations.
Sri Lanka CERT Reports Sharp Rise In Phishing And Ransomware Incidents
2026-05-28 12:45:54
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – May. 28, 2026 – Read the full story in Daily Mirror Hilmy Cader warns that the intensity and sophistication...
Romanian gets 5 years in prison for hacking Oregon govt network
2026-05-28 12:43:29
A Romanian national was sentenced this week to 56 months in federal prison for breaking into an Oregon state government computer network and fr cyberattacks targeting dozens of other U.S. victims. [...]...
La CNIL inflige une amende de 5 M€ à Iqvia (MAJ)
2026-05-28 12:32:13
La CNIL a sanctionné la filiale française d'Iqvia, spécialisée dans les études médicales, d’une amende (...)
Données volées : nouveau carburant d'une économie souterraine
2026-05-28 12:31:15
Les fuites de données ne marquent plus la fin d'une cyberattaque. Elles en sont désormais le point de départ. C'est le constat que dressent les experts de Synacktiv.
The post Données volées : nouveau...
Focus on Cyber Insurance: How Quantifying Risk Is Reshaping Security
2026-05-28 12:29:58
In this latest installment of the Reporters' Notebook video series, we discuss how cyber insurance is forcing organizations to quantify risk, what's covered (and what's not), and why this could be the...
Webinar: Why network incidents take too long to resolve
2026-05-28 12:20:28
Many organizations can detect network issues quickly, but investigations and coordination often slow incident resolution. This webinar explores how automation and AI-assisted workflows can help IT teams...
“Bug Bounty Bootcamp #40: XXE — Reading Server Files and Pivoting to Internal Networks Through XML”
2026-05-28 12:15:44
That innocent XML import feature could be a direct line to your /etc/passwd and internal cloud metadata. Learn to spot XML parsing…Continue reading on InfoSec Write-ups »
“Bug Bounty Bootcamp #39: PDF SSRF and Blind Exfiltration — When Headless Browsers Become Your Data…
2026-05-28 12:12:00
The invoice generator doesn’t show errors. The image fetcher hangs on invalid IPs. But with a single <iframe> and a JavaScript redirect…Continue reading on InfoSec Write-ups »
Proton Mail Lets Users Send and Receive Gmail Directly Without Giving Google Access to Proton Inbox
2026-05-28 12:10:33
Swiss privacy company Proton has rolled out a significant update to Proton Mail that allows users to connect their Gmail accounts directly to the platform. The feature, announced on 28 May 2026, enables...
Extending Wazuh detection capabilities with clickdetect, Opensearch PPL and Sigma Rules
2026-05-28 12:09:11
Extending Wazuh detection capabilities with clickdetect, Opensearch PPL and Sigma Rules - ClickdetectHey, souzo here. If you've ever wanted alerting rules that actually work in Wazuh without fighting...
Built Pentest Environment On Your Mac Using Docker
2026-05-28 12:06:17
A Simple and Working Setup for Every Apple Silicon Macs (M1, M2, M3, M4, M5)Continue reading on InfoSec Write-ups »
I Found Root Access on Critical Financial Infrastructure Using a Two-Day-Old Kernel Exploit
2026-05-28 12:04:52
My name is Hamza Hashim. I'm an offensive security researcher and if you've followed my work before, you know I like to share what I find in the wild, not to show off, but because I genuinely believe...
Carnival confirms data breach impacting nearly 6 million
2026-05-28 12:04:52
Cruise giant Carnival has suffered yet another data breach, with ShinyHunters claiming to have stolen personal data affecting nearly 6 million people.
Intercepting Docker Application Requests Using Burp Suite on Windows
2026-05-28 12:04:28
Intercepting Docker Application Requests Using Burp Suite on WindowsBlogs use a more complex Docker + Burp Suite setup because not all application traffic is generated by a browser. In many Dockerized...
Webedia-Elephant déploie Gemini Enterprise
2026-05-28 12:01:56
Webedia-Elephant déploie Gemini Enterprise dans dix pays et lance un studio de création dédié à l'IA générative.
The post Webedia-Elephant déploie Gemini Enterprise appeared first on Silicon.fr....
Carnival Cruise Data Breach Exposes Millions of Customers' Personal Information
2026-05-28 12:00:28
Carnival Corporation, the world’s largest cruise company and parent of Carnival Cruise Line, has begun notifying customers of a significant cybersecurity breach that exposed sensitive personal data...
Authenticated RCE via Argument Injection in Gogs (NOT FIXED)
2026-05-28 12:00:00
OverviewRapid7 Labs discovered a critical argument injection (CWE-88) vulnerability in Gogs, a popular open-source self-hosted Git service. Rapid7 Labs scores this vulnerability as CVSSv4 9.4 (Critical)....
Hackers Use GHOSTYNETWORKS and OMEGATECH to Host JS Malware Infrastructure
2026-05-28 11:58:39
In March 2026, a wave of malicious spam emails began hitting inboxes across multiple countries and industries. Threat actors were quietly distributing a JavaScript-coded backdoor, targeting organizations...
How a GraphQL Invitation Flow Exposed Users at Scale
2026-05-28 11:55:16
A normal invite feature revealed registered accounts, internal GraphQL identifiers, and user metadata through an overly detailed API…Continue reading on InfoSec Write-ups »
I Sent You a JPEG. Now I Own Your Mac.
2026-05-28 11:52:19
Exploiting ExifTool’s macOS Command Injection Blind Spot (CVE-2026–3102)Continue reading on InfoSec Write-ups »
Prompt Engineering: TryHackMe Walkthrough
2026-05-28 11:48:46
Learn how LLMs process text and craft effective prompts for security and adversarial testing, from TryHackMe’s new AI Security Path.Continue reading on InfoSec Write-ups »
I Booked a ₹30,000 Conference Ticket for ₹1. The Site Let Me.
2026-05-28 11:47:46
A business logic flaw. A Burp Suite intercept. And the first Hall of Fame of my life.I was not supposed to find this.I had just finished a PortSwigger lab on business logic vulnerabilities. Watched...
Comment fonctionne le kit de phishing Tycoon 2FA
2026-05-28 11:42:36
Suivez ZATAZ dans Google News Favori Les techniques de phishing Tycoon 2FA permettent aux attaquants de contourner entièrement le processus de connexion. Bloquer ce type d’attaques adversaire-au-milieu...
IPTV pirate : les paiements trahissent les abonnés
2026-05-28 11:37:21
IPTV pirate : identification de centaines d'abonnés via la banque en ligne Revolut.
Gitea Container Vulnerability Exposes Private Container Images to Attackers
2026-05-28 11:31:04
A critical security vulnerability in Gitea's built-in container registry exposes private container images to unauthenticated attackers, raising significant concerns for organizations that rely on self-hosted...
New AI Usage Report: Enterprise AI Risk Is Heavily Concentrated Among a Small Group of AI "Power users"
2026-05-28 11:30:00
State of AI Usage Report 2026 (full report here) by LayerX Security reveals the extent of the enterprise AI visibility gap and why most organizations still don't understand where their AI exposure is...
New PureLogs Variant Uses MsBuild.exe Process Hollowing to Evade Detection
2026-05-28 11:19:00
A new and dangerous version of the PureLogs information-stealing malware has emerged, raising serious concerns across the cybersecurity community. This variant takes a more evasive approach than its predecessors,...
Critical Roundcube Webmail Vulnerability Let Attackers Inject SQL Queries
2026-05-28 11:15:43
Roundcube Webmail users are being urged to apply urgent updates after developers patched multiple security flaws. Including a critical pre-authentication SQL injection vulnerability that could allow attackers...
Your Windows PC has a security deadline in June 2026
2026-05-28 11:03:43
Windows is replacing old Secure Boot certificates, and some older PCs could miss future security protections if the update fails.
BMW et Mistral AI entraînent un modèle d'IA sur les simulations de collision
2026-05-28 10:54:42
BMW s'appuie sur plus d'un pétaoctet de données historiques pour développer une IA spécialisée dans l'ingénierie de sécurité.
The post BMW et Mistral AI entraînent un modèle d’IA sur les...
Vol de voitures de luxe : la faille invisible qui débute sur Internet
2026-05-28 10:51:02
Vol de voitures de luxe : le mouse jacking qui débute sur Internet.
Carnival Cruise confirms data breach affecting nearly 6 million people
2026-05-28 10:49:27
Carnival Corporation, the world's largest cruise line operator, has confirmed a data breach affecting nearly 6 million people claimed by the ShinyHunters extortion gang in April 2026. [...]
A Fake UK Visa Site Left 100,000 Passports Wide Open
2026-05-28 10:48:01
A third-party UK visa site exposed passports and selfies on a public AWS server. It's not official GOV.UK and affected at least 100,000 documents. UK Visa Portal is not run by the British government....
Cryptoarnaque : la banque n'a pas à alerter
2026-05-28 10:26:30
Cryptoarnaque : la banque n'est pas responsable des virements validés par ses clients au profit d'escrocs.
Fake ChatGPT download site infects Windows and Mac users with malware
2026-05-28 10:18:26
Searching for ChatGPT? This fake download site serves malware to both Windows and Mac users, using separate payloads tailored to each platform.
LightOn décroche un contrat de Helpdesk avec Infocom'94
2026-05-28 10:18:05
Le syndicat mixte francilien, qui gère l'informatique de 26 collectivités, déploie un chatbot IA souverain pour traiter ses demandes d'assistance.
The post LightOn décroche un contrat de Helpdesk...
Une faille dans le coeur de Windows 11 permet de prendre le contrôle de votre PC
2026-05-28 10:01:13
Un chercheur en sécurité a découvert une faille dans le cœur de Windows 11. Elle permet à un programme malveillant de prendre le contrôle total d'un PC, notamment à partir d'une page web ouverte....
2026 World Cup: Discussing The World's Biggest Game's Attack Surface
2026-05-28 10:00:53
The 2026 World Cup presents major cyber risks from ransomware groups, state-aligned actors, and other groups targeting critical infrastructure. Learn more here.
The post 2026 World Cup: Discussing The...
U.S. CISA adds LiteSpeed cPanel Plugin flaw to its Known Exploited Vulnerabilities catalog
2026-05-28 09:39:34
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds LiteSpeed cPanel Plugin flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency...
Sextortionist sentenced to 33 years for targeting 145 children
2026-05-28 09:25:59
A Canadian man was sentenced to 33 years in prison after pleading guilty to targeting more than 145 children across the United States, some as young as 6 years old, in an eight-year-long sextortion scheme....
BTMOB RAT Spreads Across Brazil, LatAm via MaaS Model
2026-05-28 09:06:11
An advanced remote access Trojan is propagating online. Notably, it's delivered via an operator licensing model and features a no-code malware-development interface.
The Email Problem That Kills M&A Deals Is Not the One Anyone Is Watching
2026-05-28 09:00:30
Email systems are one of the most overlooked but critical parts of M&A integration. What seems like a simple mailbox migration actually involves identity management, security policies, compliance...
Rethinking Kleppmann's “Designing Data-Intensive Applications”
2026-05-28 08:30:11
Martin Kleppmann and Chris Riccomini explain why Designing Data-Intensive Applications needed a second edition. The updated book explores cloud-native architectures, object storage, Postgres extensions,...
JINX-0164 Targets Cryptocurrency Firms with Fake Recruiter Lures and macOS Malware
2026-05-28 07:54:48
A new campaign orchestrated by a previously undocumented threat actor has targeted cryptocurrency organizations with an aim to facilitate digital asset theft using recruitment-themed social engineering...
19.6 Billion Files Are Sitting Open on the Internet. No Password Required
2026-05-28 07:48:32
19.6 Billion files are exposed in misconfigured cloud buckets, including 685K credential files and nearly 1M database dumps. There’s a comfortable myth most people carry around: that the data they...
Ce botnet russe se croyait indestructible, mais il vient d'être détruit
2026-05-28 07:42:34
Pendant plus d'un an, le botnet Glassworm a ciblé en silence les développeurs de logiciels. Dans le cadre d'attaques ciblées à l'encontre de la chaîne d'approvisionnement logicielle, les pirates...
Mise à jour Windows : les certificats de sécurité UEFI expirent, votre PC est-il protégé ?
2026-05-28 07:33:10
Des certificats vieux de 15 ans et présents sur tous les ordinateurs vont expirer en juin. Une mise à jour permet de les remplacer, sans laquelle votre PC pourrait être exposé à certains malwares....
Kemper - 269,299 breached accounts
2026-05-28 07:22:18
In April 2026, the American insurance holding company Kemper Corporation was named by the ShinyHunters ransomware group in a "pay or leak" extortion campaign. The attackers allegedly accessed Kemper's...
USN-8329-1: FFmpeg vulnerability
2026-05-28 07:13:19
It was discovered that the FFmpeg CAF decoder incorrectly handled certain
file size calculations. An attacker could possibly use this issue to cause
FFmpeg to crash, resulting in a denial of service.
How I Aligned Years of Time-Lapse Photos With OpenCV and Neural Matching
2026-05-28 07:02:51
In the previous post, I described the Seasons project: a time-lapse of hundreds of pictures taken from nearly the same viewpoint over the years. The hardest challenge wasn't taking the pictures or assembling...
Nordic CISOs Handle Rising Cyber Threats Remarkably Well
2026-05-28 07:01:00
Artificial intelligence notwithstanding, the vast majority of CISOs in northern Europe say they're facing no more serious cyberattacks than they did two years ago.
The Last Mile Problem in Agentic AI: Why Context Abstraction Is the Next Developer Battleground
2026-05-28 06:59:33
AI agents fail when they rely on brittle, hand-written API wrappers. MCP fixes this by giving models a standard way to discover tools and fetch structured live data, so developers spend less time on integration...
Markets Don't Move Linearly — They Transition Between Behavioral States
2026-05-28 06:58:52
Using 38 years of EUR/USD data, this article explores how markets shift between recurring behavioral regimes such as compression, expansion, acceleration, exhaustion, and transition. Through phase-space...
AI Doesn't Exist, and Poop Proves It
2026-05-28 06:58:27
Maybe AI is not artificial intelligence. Maybe it is accumulated intelligence: human thought, language, code, memory, bias, and culture compressed into machines and reflected back at us.
How I Built a Stable Fine-Tuning Pipeline on Free Colab GPU
2026-05-28 06:58:21
Lessons from fine-tuning Alpaca-LoRA 7B on free-tier GPUs to build a smart driving assistant for context-aware safety advice.
Agentic AI Security Needs Filtered IPO
2026-05-28 06:56:49
Prompt injection is often an architecture problem, not just a cybersecurity problem. Filtered Input-Process-Output (Filtered IPO) adapts the classic IPO model for agentic AI by separating raw input, reasoning,...
Pirates in the crosshairs: how one cybercrime gang has been infecting book, movie, and TV show fans for years
2026-05-28 06:55:11
Our experts continue to track attacks targeting consumers of pirated content, both books and movies. 2026 saw the discovery of new target sites with tens of millions of visitors, while the miner gained...
The Remote Hiring Paradox: the Most Open Job Market Has the Most Closed Door
2026-05-28 06:48:12
Remote work promised equal opportunity, but hiring now depends heavily on fragmented job boards, sourcing, and referrals.
How I Replaced Hours of Manual Bug Triage with an AI Agent, and What It Taught Me About Trust in LLM
2026-05-28 06:41:50
A real-world lesson on why LLM confidence scores should not be trusted blindly in production workflows.
How We Built a Price Tag Recognition System in 2017 — Before It Was Cool
2026-05-28 06:41:19
A story of cfans duct-taped to GPUs, neural network hallucinations, and what it actually takes to ship computer vision in production.
Why I Keep Coming Back to Exolane When I Stress-Test Perpetual DEXs
2026-05-28 06:40:42
Exolane is worth studying as a safety-first perp DEX because it focuses on clearer risk rules: capped funding, public liquidation parameters, oracle-settled execution, non-custodial collateral, and a...
Sans accès à Mythos, BNP Paribas mise sur Mistral
2026-05-28 05:42:20
Privée d'accès à Mythos, l'IA cybersécurité d'Anthropic réservée aux Américains, BNP Paribas mise sur Mistral AI pour construire l'équivalent européen. Conférence de presse conjointe à Paris...
Vulnérabilité dans Apereo CAS (28 mai 2026)
28/05/2026
Une vulnérabilité a été découverte dans Apereo CAS. Elle permet à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Multiples vulnérabilités dans Google Chrome (28 mai 2026)
28/05/2026
De multiples vulnérabilités ont été découvertes dans Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Vulnérabilité dans les produits NetApp (28 mai 2026)
28/05/2026
Une vulnérabilité a été découverte dans les produits NetApp. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.
Multiples vulnérabilités dans les produits Veeam (28 mai 2026)
28/05/2026
De multiples vulnérabilités ont été découvertes dans les produits Veeam. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un problème de sécurité...
Multiples vulnérabilités dans GitLab (28 mai 2026)
28/05/2026
De multiples vulnérabilités ont été découvertes dans GitLab. Elles permettent à un attaquant de provoquer un déni de service à distance et un contournement de la politique de sécurité.