Toute l'actualité de la Cybersécurité
Le piratage de l'Insee expose les identités de 12 800 agents
2026-06-26 17:34:32
Communication de crise pour l’Insee (Institut national de la statistique et des études économiques) qui a constaté un « incident (...)
La Linux Foundation dévoile le projet ANS pour sécuriser les agents IA
2026-06-26 17:16:26
Alors que les entreprises déploient un nombre croissant d’agents IA dans leurs applications et au sein de leurs entreprises, la Linux Foundation a (...)
Anthropic accuse Alibaba d'avoir siphonné les capacités des modèles Claude
2026-06-26 17:11:13
Après Deepseek, Moonshot et Minimax, c'est au tour du chinois Alibaba d'être dans le viseur d'Anthropic. Ce dernier l'accuse d’avoir (...)
Amazon Q Vulnerability Let Attackers Execute Code and Access Sensitive Cloud Environments
2026-06-26 16:42:54
A high-severity vulnerability in the Amazon Q Developer Extension for Visual Studio Code (VS Code), Amazon’s AI-powered coding assistant. Tracked as CVE-2026-12957 and CVE-2026-12958 and disclosed...
Chinese-Speaking APT Deploys New TinyRCT Backdoor in Southeast Asia Campaign
2026-06-26 16:21:25
A Chinese-speaking advanced persistent threat (APT) actor has been linked to a new custom backdoor called TinyRCT as part of cyber attacks aimed at government entities and critical infrastructure in Southeast...
New Linux pedit COW Exploit Allows Attackers to Gain System Root Access
2026-06-26 16:10:02
A newly disclosed Linux kernel vulnerability combining a Copy-on-Write (COW) page-cache corruption flaw with the net/sched subsystem’s act_pedit component is enabling unprivileged local attackers...
Rocky Linux 9 buildah Important Denial of Service Vuln RLSA-2026-29455
2026-06-26 16:03:13
Important: buildah security update
AI Won't Wipe-Out Entry-Level Cybersecurity Jobs
2026-06-26 16:00:00
Instead of eliminating jobs for early-career cyber pros, AI is creating new opportunities for candidates with strong human decision-making skills.
manadia Global Launch: A Trusted AI Prediction Ecosystem Enters The Era of Value Internet
2026-06-26 15:55:33
In recent years, the development of artificial intelligence has far exceeded market expectations. From breakthroughs in large-scale models to the rapid rise of AI Agents, from enterprise AI applications...
Models Aren't the Moat. Deployment Is
2026-06-26 15:46:09
Models are commoditizing. So are frameworks, eval harnesses, agent runtimes. What isn't and won't is the organizational muscle to put a model into a customer's actual workflow, automate tasks end to end,...
L'UE veut soumettre AWS et Azure au DMA : l'IA a compté
2026-06-26 15:45:58
Au-delà des éléments déjà pointés au lancement des enquêtes de marché fin 2025, les écosystèmes IA ont joué dans la décision de la Commission européenne.
The post L’UE veut soumettre...
The Real Privacy Problem Is What Happens After Data Collection
2026-06-26 15:38:47
Privacy now depends on system design, not consent. The real danger is reuse, where your data quietly becomes things you never agreed to, so the fix is structural transparency that shows who reaches your...
Bridging the Gap Between Concurrency Theory and Production Systems
2026-06-26 15:30:44
Concurrency principles are easy to learn in theory but much harder to apply in production systems. Using Android's AsyncTask and other open-source frameworks as examples, this article explores synchronization,...
Sous pression, OpenAI pourrait limiter l'accès au futur GPT-5.6
2026-06-26 15:12:21
A l’occasion d’une réunion cette semaine, Sam Altman, CEO d’OpenAI, aurait indiqué, selon The Information, à ses (...)
L'authentification par certificat pour Active Directory : pourquoi elle devient incontournable avec la dépréciation de NTLM
2026-06-26 15:04:24
Microsoft met fin à NT LAN Manager (NTLM), mais le remplacer dans les systèmes legacy, les applications et les intégrations tierces n’est pas une opération simple. Pour les accès distants exposés...
SSE (Server-Sent Events) Emitter with Redis Pub/Sub
2026-06-26 15:01:18
Running SSE across multiple instances could break silently. Events fired on one instance never reach clients connected to another. This piece walks through why that happens and how Redis Pub/Sub fixes...
Openclaw And The Agentic AI Inflection Point: From “Cool Demo” To Governed Infrastructure
2026-06-26 15:00:51
OpenClaw's rapid adoption, and the ecosystem forming around it, signal a shift in how AI is used at work. These platforms are accelerating “agentic” capabilities: systems that do more than...
The...
The AI "Doom Loop": Why Your Autonomous Coding Agent Is Making Things Worse, And How To Fix It
2026-06-26 14:59:59
AI coding assistants like Claude Code often lack engineering discipline, resulting in broken code and endless fix-forward hallucination loops. Agent Rigor is an open-source, markdown-based harnesses that...
Une vague d'arnaques invisibles touche désormais les réseaux d'entreprise
2026-06-26 14:58:21
Un outil open source chinois alimente une vague d'arnaques qui s'infiltrent désormais dans les réseaux d'entreprise. Infoblox Threat Intel recense plus de 236 000 sites frauduleux et enregistre...
Gaslight macOS Malware Is a Warning Shot at the AI Security Stack
2026-06-26 14:58:07
The Gaslight macOS malware from a North Korean cluster doesn't bypass AI analysis platforms yet, but its 38-message prompt injection cascade makes the direction of travel clear. Here's why this matters...
Every AI Agent Is a Non-Human Identity That Needs Governance
2026-06-26 14:54:04
The article argues that the biggest security challenge in agentic AI isn't prompt injection but identity management. By treating AI agents as first-class security principals with scoped, short-lived credentials,...
Shadow Protocol
2026-06-26 14:51:35
Edmond Dantès and Mercédès celebrate their future together, unaware they are being watched by bitter rivals. Fernand, devastated by Mercédès' rejection, becomes vulnerable to Danglars' manipulation....
The AI Filmmaking Checklist That Saved Me Weeks of Regeneration
2026-06-26 14:44:59
Drawing from the production of an AI-generated animated series, the author argues that successful AI filmmaking depends less on prompt writing than on disciplined pre-production. A structured workflow...
Mars Returned with Mercédès
2026-06-26 14:43:17
Edmond Dantès arrives in the Catalans village expecting love and celebration after returning home with prospects of becoming captain. Mercédès firmly rejects her cousin Fernand and declares unwavering...
Return to the Catalan Sector
2026-06-26 14:36:27
Edmond Dantès returns triumphantly from sea expecting promotion to captain and a future with Mercédès. Instead of celebrating wealth, he discovers his father survived in poverty after sacrificing nearly...
HackerNoon Projects of the Week: Flow33, Washd, and Mongo Lens
2026-06-26 14:27:05
HackerNoon Projects of the Week spotlights projects that have proven their worth and usefulness. This week, we spotlight Flow33, Washd, and Mongo Lens.
Your First GRC Agent: A Red Teamer's Walkthrough
2026-06-26 14:01:11
AI won't replace GRC analysts, but it can eliminate much of the repetitive work they do. Anecdotes walks through building an agent that continuously monitors controls, identifies evidence gaps, and opens...
New Linux pedit COW Exploit Enables Root Access by Poisoning Cached Binaries
2026-06-26 13:57:55
A flaw in the Linux kernel's traffic-control subsystem can let a local unprivileged user gain root on affected systems.
CVE-2026-46331, nicknamed "pedit COW," is an out-of-bounds write in the packet-editing...
Cybermalveillance lance un outil pour renforcer la cybersécurité des TPE-PME
2026-06-26 13:55:20
Face à la multiplicité des actes de piratage, les TPE-PME ont encore des efforts à accomplir pour se protéger des risques informatiques. (...)
Amazon Q Developer Flaw Could Let Malicious Repos Run Code via MCP Configs
2026-06-26 13:53:00
A high-severity flaw in Amazon Q Developer let a malicious repository run commands and steal a developer's cloud credentials. The path was short: a developer opens the repo, trusts the workspace, and...
New Bluekit Phishing-as-a-Service Bypasses MFA to Steal Microsoft Login Credentials
2026-06-26 13:33:23
A sophisticated Phishing-as-a-Service (PhaaS) platform called Bluekit has been confirmed operational at scale, with cybersecurity firm Netcraft detecting approximately 70 live hostnames in a single week....
REGALIA, une synthèse des enjeux de régulation des algorithmes
2026-06-26 13:32:42
De l'audit au débiaisement, l'équipe-projet REGALIA, créée fin 2025 à Inria, affiche une feuille de route transversale.
The post REGALIA, une synthèse des enjeux de régulation des algorithmes appeared...
Meeting Trump's 2030 Quantum Deadline Will be Expensive, Complex
2026-06-26 13:30:00
Getting accurate visibility into IT and OT systems will be compounded by multivendor environments, misaligned update life cycles, and interoperability gaps.
Hackers Exploit Weak Credentials and Internet-Facing PLCs to Breach Water Utilities
2026-06-26 13:27:05
Water utilities across the United States and Europe are under growing pressure as hackers continue to find easy ways in. Nation-state actors and affiliated groups have been quietly exploiting internet-facing...
Reasonable Reliance: The Test Duty-Holders Are Quietly Being Held To
2026-06-26 13:00:24
After a serious incident, investigations usually begin with documentation, but they rarely end there. Certificates are reviewed, maintenance records examined, and procedures traced carefully. Competence,...
Thanks for Crushing the Submissions Inbox. We're Trying to Keep Up
2026-06-26 13:00:00
It might be taking a bit longer than usual to respond to your submissions — here's why.
Malware steals Chrome session cookies to take over your accounts
2026-06-26 12:44:01
A phishing campaign installs a malicious Chrome extension to hijack browser sessions and compromise Windows devices.
New GIFTEDCROOK Chain Abuses WinRAR ADS and Reflective Loading to Steal Browser Data
2026-06-26 12:43:11
A newly documented attack chain tied to threat actor group UAC-0226 is putting Windows users at serious risk. The campaign uses booby-trapped WinRAR archives, hidden file streams, and a sophisticated...
macOS Flaw Allowed Standard Users to Disable CrowdStrike and Kandji Security Tools
2026-06-26 12:43:05
A macOS XPC flaw let regular users disable CrowdStrike and Kandji tools, exposing security gaps that vendors patched after XM Cyber reported the security issue.
CISA Adds Exploited PTC Windchill RCE Flaw to KEV as Web Shell Attacks Continue
2026-06-26 12:31:56
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical remote code execution vulnerability impacting PTC Windchill PDMlink and PTC FlexPLM enterprise Product Data...
Insider Threat: Cybersecurity Needs To Go Above And Beyond
2026-06-26 12:11:19
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 26, 2026 – Watch the YouTube video The 2026 CISO Report from Cybersecurity Ventures in partnership...
IBM, Red Hat et Palo Alto Networks s'allient pour la sécurité des projets open source
2026-06-26 12:06:41
Avec la montée en puissance des modèles comme Mythos 5 d’Anthropic ou plus récemment la dernière version de GPT-5.5-Cyber (...)
Hackers Leveraged Shopify Oder-Tracking App Shop to Push Fake Invoices
2026-06-26 11:55:21
Hackers are no longer waiting in your inbox. A newly identified scam technique places fake invoices directly inside shopping app order histories, making them feel more credible than a typical phishing...
Sécurité de la supply chain logicielle : des outils complexes à mettre en action
2026-06-26 11:54:00
Plusieurs fournisseurs que Gartner classe « leaders » sur ce segment ont des solutions difficiles à opérationnaliser.
The post Sécurité de la supply chain logicielle : des outils complexes à mettre...
New DirtyClone Linux Kernel Flaw Lets Local Users Gain Root via Cloned Packets
2026-06-26 11:51:35
DirtyClone is a new Linux kernel privilege escalation in the DirtyFrag family. JFrog Security Research published a working exploit walkthrough for the flaw on June 25, the first public demonstration...
Nikkei Warns of Japan's Ground Self-Defense Force Used USB Drives Infected with a China-linked Malware
2026-06-26 11:39:35
A serious cybersecurity breach has come to light in Japan, where the country’s Ground Self-Defense Force (JGSDF) unknowingly used malware-infected USB drives on computers connected to classified...
La dynamique des start-ups en cybersécurité s'accélère en France en 2026
2026-06-26 11:39:22
L’écosystème français des start-up de cybersécurité poursuit son expansion. Selon la huitième édition (...)
Guardian Agents: The Next Layer of Identity Governance
2026-06-26 11:30:00
AI agents are moving through enterprise environments, inheriting permissions, traversing systems, and executing decisions at machine speed with minimal oversight. The identity infrastructure built to...
Les entreprises doivent sécuriser les data lakehouse à l'heure de l'IA
2026-06-26 11:20:50
Les data lakehouses deviennent des plateformes de données d'entreprise de référence, car ils combinent la capacité d'un datalake (...)
Activist Phone Hacked With Cellebrite After Russia Contract Cancellation
2026-06-26 11:09:39
Russian authorities used Cellebrite tools to unlock an activist's iPhone and analyze private data despite canceled support, raising abuse concerns. On May 31, 2021, Russian security services pulled...
Miasma Malware Targets npm Packages and GitHub Actions in Supply Chain Attack
2026-06-26 11:05:45
Cybersecurity researchers have flagged yet another evolution of the supply chain attack linked to the Mini Shai-Hulud, Miasma, and Hades malware family that has compromised a new set of npm packages,...
U.S. CISA adds Cisco and PTC Windchill and FlexPLM flaws to its Known Exploited Vulnerabilities catalog
2026-06-26 10:35:38
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco and PTC Windchill and FlexPLM flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security...
Critical python.org Vulnerability Allowed Attackers to Forge Admin-Level API Requests
2026-06-26 10:32:50
A critical authentication bypass vulnerability in the python.org release management API could have allowed attackers to impersonate administrators, potentially redirecting millions of users to malicious...
Jalapeño plutôt que Stargate : OpenAI a revu ses priorités
2026-06-26 09:57:24
OpenAI a officialisé sa première puce, conçue avec Broadcom. Le projet Stargate, largement reconfiguré ces derniers mois, n'est plus au cœur de sa communication.
The post Jalapeño plutôt que Stargate...
A decade of infrastructure development, one new name: Coinspaid Dev
2026-06-26 09:41:03
The team behind Coinspaid Solutions steps into the spotlight with a mission to become the engineering voice of blockchain infrastructure.
KuinaExtractor Uses Telegram Exfiltration, UAC Bypass, and Sandbox Detection for Stealth
2026-06-26 09:40:41
A newly uncovered infostealer called KuinaExtractor has been quietly evolving for over six months, posing a serious and growing threat to users across multiple platforms. Written in the Rust programming...
Microsoft Warns of Photo ZIP Phishing Campaign Targeting Hotels with Node.js Implant
2026-06-26 09:27:12
An active phishing campaign has been targeting hotel and other hospitality organizations across Europe and Asia since April 2026, using photo-themed ZIP files to drop a Node.js implant and dig into front-desk...
CL-STA-1062 Hackers Use TinyRCT Backdoor to Target Southeast Asian Governments
2026-06-26 08:55:01
A Chinese-speaking threat group known as CL-STA-1062 has been running a quiet but aggressive campaign against government agencies and critical energy infrastructure across Southeast Asia. The attackers,...
Russia Used Cellebrite on Jailed Activist's iPhone Months After Sales Cutoff
2026-06-26 08:49:35
Russian authorities used Cellebrite's UFED forensic tools to break into the iPhone of detained opposition activist Andrey Pivovarov in June 2021, three months after Cellebrite said it would stop selling...
Third-Party Breach at Polymarket Leads to .94M Crypto Theft
2026-06-26 08:24:32
Polymarket confirmed hackers stole funds from some users after attackers injected malicious code through a compromised third-party vendor. Polymarket confirmed that a security breach at a third-party...
macOS.Gaslight: North Korea-Linked Malware That Tries to Gaslight the Analyst
2026-06-26 07:18:36
macOS.Gaslight: DPRK Rust implant for Mac with a prompt injection payload designed to fool AI-based malware analysts. SentinelLabs researchers spotted a Rust-based macOS implant, dubbed macOS.Gaslight,...
American Tower - 216,601 breached accounts
2026-06-26 07:17:23
In June 2026, telecommunications tower infrastructure company American Tower was the target of a ShinyHunters "pay or leak" extortion campaign. The group subsequently published data allegedly taken from...
Google Details Turla's New STOCKSTAY Backdoor Used in Ukraine Espionage Attacks
2026-06-26 07:15:46
The Russian state-sponsored threat actor known as Turla has been attributed to a previously undocumented .NET backdoor called STOCKSTAY that has been deployed against government and military organizations...
Cyber Resilience Act – Part I
2026-06-26 06:40:05
The Cyber Resilience Act (CRA) is a regulation introduced by the European Union to strengthen cybersecurity requirements for products with digital elements.In simple terms, the CRA sets mandatory cybersecurity...
Rocky Linux 8 libpng Moderate Arbitrary Execution Vulnern RLSA-2026-29898
2026-06-26 04:00:49
Moderate: libpng security update
List of 26 new domains
2026-06-26 00:00:00
.fr betonred-casinos[.fr] (registrar: NETIM)
caissedepot[.fr] (registrar: Hostinger operations UAB)
casino-posido[.fr] (registrar: INWX GmbH)
cetelems[.fr] (registrar: KEY-SYSTEMS GmbH)
documents-ameli[.fr]...
Multiples vulnérabilités dans Google Chrome (26 juin 2026)
26/06/2026
De multiples vulnérabilités ont été découvertes dans Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Multiples vulnérabilités dans Tenable Nessus (26 juin 2026)
26/06/2026
De multiples vulnérabilités ont été découvertes dans Tenable Nessus. Elles permettent à un attaquant de provoquer une injection SQL (SQLi).
Multiples vulnérabilités dans Asterisk (26 juin 2026)
26/06/2026
De multiples vulnérabilités ont été découvertes dans Asterisk. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à l'intégrité des données...
Multiples vulnérabilités dans le noyau Linux d'Ubuntu (26 juin 2026)
26/06/2026
De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité...
Multiples vulnérabilités dans le noyau Linux de SUSE (26 juin 2026)
26/06/2026
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une...
Multiples vulnérabilités dans le noyau Linux de Red Hat (26 juin 2026)
26/06/2026
De multiples vulnérabilités ont été découvertes dans le noyau Linux de Red Hat. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une...
Multiples vulnérabilités dans le noyau Linux de Debian (26 juin 2026)
26/06/2026
De multiples vulnérabilités ont été découvertes dans le noyau Linux de Debian. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité...
Multiples vulnérabilités dans les produits IBM (26 juin 2026)
26/06/2026
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation...