Toute l'actualité de la Cybersécurité
Dossier : 2026, l'année de tous les risques
2026-04-21 11:39:26
Sommaire
1 - Cloud : le paradoxe de la sécurité à grande échelle
Tout semble normal dans l’entreprise. Les équipes (...)
12 Browser Extensions Mimic as TikTok Video Downloaders Compromised 130k Users
2026-04-21 10:23:20
A massive malware campaign known as “StealTok” involves at least 12 interrelated browser extensions. These extensions masquerade as TikTok video downloaders but secretly track user activity...
Hackers Could Weaponize GGUF Models to Achieve RCE on SGLang Inference Servers
2026-04-21 10:20:08
A critical vulnerability in the SGLang inference server that allows threat actors to execute arbitrary code. Tracked as CVE-2026-5760, this flaw allows hackers to weaponize standard GGUF machine learning...
CISA Warns Axios npm Package Was Compromised in Major Supply Chain Attack
2026-04-21 10:15:34
The Cybersecurity and Infrastructure Security Agency (CISA) has released a critical alert regarding a severe software supply chain compromise. The attack targets Axios, a massively popular HTTP client...
Android 17 ends all-or-nothing access to your contacts
2026-04-21 10:12:27
Apps have been taking your whole contact list for years. Android 17 finally makes them ask for less.
Former ransomware negotiator pleads guilty to BlackCat attacks
2026-04-21 10:12:21
41-year-old Angelo Martino, a former employee of cybersecurity incident response company DigitalMint, has pleaded guilty to targeting U.S. companies in BlackCat (ALPHV) ransomware attacks in 2023. [...]...
Avec CX Enterprise, Adobe mise sur l'IA agentique pour reconquérir les marchés
2026-04-21 10:02:12
Face à la menace des pure players de l'IA, Adobe lance CX Enterprise, une plateforme agentique centrée sur l'orchestration de l'expérience client à grande échelle.
The post Avec CX Enterprise, Adobe...
The Internet's Next Premium Feature May Be Human Verification
2026-04-21 10:00:04
As automation scales, trust becomes scarce. Human verification is emerging as a premium layer that restores authenticity and value online.
Cette fois, c'est l'ANTS : jusqu'à 19 millions de comptes sur le dark Web, pourquoi cette fuite inquiète tant
2026-04-21 09:57:55
Une nouvelle faille de sécurité frappe un acteur central de l'administration française. Derrière cet incident, des millions de données personnelles potentiellement exposées et des interrogations...
The Price of Borrowed Life
2026-04-21 09:52:01
A struggling medical student is chosen as heir by a mysterious old philosopher, only to awaken in the man's aging body after a strange drink. Realizing his youth has been stolen through a sinister consciousness...
Jungle That Guards Its Gold
2026-04-21 09:43:56
Two exhausted treasure hunters locate hidden gold on a remote island using a worn map. Near the site, they discover a dead man and overlook subtle warning symbols. While handling the treasure, both are...
Grinex crypto exchange shuts down, blames Western agencies for .7M breach
2026-04-21 09:31:16
Grinex exchange collapses after .7M breach, blames Western spies as Chainalysis flags possible exit scam and sanctions evasion network links claims.
U.S. CISA adds Cisco Catalyst, Kentico Xperience, PaperCut NG/MF, Synacor ZCS, Quest KACE SMA, and JetBrains TeamCity flaws to its Known Exploited Vulnerabilities catalog
2026-04-21 09:21:02
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco Catalyst, Kentico Xperience, PaperCut NG/MF, Synacor ZCS, Quest KACE SMA, and JetBrains TeamCity flaws to its Known Exploited Vulnerabilities...
AI's Critical Role in Healthcare and Online Safety
2026-04-21 09:00:16
AI is no longer optional in high-stakes systems like healthcare and online safety. From real-time medical documentation to detecting child exploitation at global scale, automation fills the gap human...
A New York Times Investigation Named Its Satoshi
2026-04-21 09:00:07
A New York Times investigation by John Carreyrou identified Adam Back as Satoshi Nakamoto, but just 11 days later, the documentary Finding Satoshi presents a competing conclusion. Built on four years...
NGate Android malware uses HandyPay NFC app to steal card data
2026-04-21 09:00:00
A new variant of the NGate malware that steals NFC payment data is targeting Android users by hiding in a trojanized version of HandyPay, a legitimate mobile payments processing tool. [...]
La fuite ANTS, un leak bidon ?
2026-04-21 08:43:00
Fuite ANTS : pourquoi les indices techniques fragilisent la thèse d'un vol massif de 18 millions d'enregistrements.
How Zodia Custody's BitMEX Integration Quietly Rewires Institutional Crypto Market Structure
2026-04-21 08:36:09
BitMEX, the exchange that invented the perpetual swap, is now live on Zodia Custody's Interchange off-venue settlement network. Clients trade on BitMEX while assets stay in bank-grade cold storage until...
Claude Code, Gemini CLI, and GitHub Copilot Vulnerable to Prompt Injection via GitHub Comments
2026-04-21 08:33:42
A critical cross-vendor vulnerability class dubbed “Comment and Control” is a new category of prompt injection attacks that weaponizes GitHub pull request titles, issue bodies, and issue...
The Volunteer DDoS: Why AI Security Tools Are Breaking the Infrastructure They're Meant to Protect
2026-04-21 07:56:26
AI security tools are creating more work for open source maintainers, not less. Claude Mythos just raised the stakes. The governance fix already exists.
SideWinder Uses Fake Chrome PDF Viewer and Zimbra Clone to Steal Government Webmail Credentials
2026-04-21 07:54:22
A well-known advanced persistent threat group called SideWinder has launched a highly targeted phishing campaign against South Asian government organizations, using a fake Chrome PDF viewer and a pixel-perfect...
Bluesky hit by 24-hour DDoS attack as pro-Iran group claims responsibility
2026-04-21 07:45:20
Bluesky suffered a 24-hour DDoS attack that caused outages. A pro-Iran hacker group claimed responsibility for the disruption. Bluesky experienced a sophisticated DDoS attack that disrupted its services...
LunaSpy, le smartphone piégé livré à la victime
2026-04-21 07:39:59
LunaSpy marque une étape inquiétante : des victimes reçoivent un smartphone déjà infecté, pensé pour espionner et frauder.
How I Found an Exposed Google Maps API Key in a Production Config File
2026-04-21 07:25:04
How I Found an Exposed Google Maps API Key in a Production Config File Bug Bounty Write-UpOne unauthenticated endpoint. One unrestricted API key. 1,000/month in potential financial damage.IntroductionBug...
How I Found and Bypassed a Newsletter Confirmation System (IDOR).
2026-04-21 07:23:41
I Almost Ignored This… Until It Turned Into a High Severity IDOR.I go by kjulius, a self-taught Ethical Hacker. 🪞🗿🌱 It Started Like Any Other Test…I was casually testing a target and came...
SSRF Server-Side Request Forgery: Server Ko Apna Agent Banao, Internal Network Explore Karo!
2026-04-21 07:14:02
SSRF Server-Side Request Forgery: Server Ko Apna Agent Banao, Internal Network Explore Karo! (Hinglish Mein)Series: Bug Bounty Zero se Hero 🦸 | Article #17By HackerMD | 19 min readAaj Kya Seekhenge?SSRF...
Métro : 10 millions de profils exposés après le piratage
2026-04-21 06:32:52
La fuite attribuée à TfL expose près de 10 millions de profils et relance le débat sur la transparence après une cyberattaque.
CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlines
2026-04-21 06:23:00
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added eight new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, including three flaws impacting Cisco Catalyst...
Enquête sur l'usage des systèmes de police
2026-04-21 06:20:42
1 700 policiers visés après des accès injustifiés à des systèmes liés à une enquête sensible.
Cyber attaque : signalement cyber obligatoire en quatre heures
2026-04-21 06:12:09
Imposer aux télécoms de notifier toute cyberattaque en quatre heures à partir de février 2027.
Curl Is More Than a Downloader. It's a Weapon.
2026-04-21 06:10:31
curl is on every machine. Few people actually know what it does.Series: curl — The Request Engine You Never Learned Properly Article: 1 of 16 Status: DraftMost people learn curl by accident. They...
Police néo-zélandaise : fuite massive de documents
2026-04-21 06:06:04
Un bug a exposé des documents policiers sensibles en Nouvelle-Zélande, révélant un risque majeur pour victimes et enquêtes.
How to Develop a Risk Management Framework
2026-04-21 06:05:32
Today's cybersecurity landscape is at its most innovative yet complicated point. Risk leaders often face…
How to Develop a Risk Management Framework on Latest Hacking News | Cyber Security News,...
Self-Evolving AI Agents Are Here and They Write Their Own Protocols !
2026-04-21 06:05:10
The System Where Agents Negotiate How To CollaborateWe spend a lot of time worrying about what AI agents can do. We worry about capability gains, prompt injection attacks, unauthorized access to sensitive...
Katana — Double-Extension PHP Upload Bypass + python2.7 cap_setuid to Root | OffSec PG Play
2026-04-21 06:03:53
Katana is a multi-port machine that hides its entry point in plain sight. Five services are open, but the one that matters most is LiteSpeed on port 8088 — it hosts an unrestricted file upload form...
CVE-2026–33032: exploitation allows full control over Nginx server
2026-04-21 06:02:11
Critical security flaw found in nginx-ui. The vulnerability with CVSS of 9.8, enables attacker to take full control over the Nginx servers.Continue reading on InfoSec Write-ups »
I Read the Claude Code Source Analysis So You Don't Have To
2026-04-21 06:01:22
98.4% of the Code Has Nothing To Do With AI. That Is the Entire Point.Last month, a team from MBZUAI published a 60-page architectural teardown of Claude Code, Anthropic's agentic coding tool, based...
WaTF Bank Walkthrough (Part 1): Exploiting Android App Security Flaws
2026-04-21 05:59:38
Android Mobile Application Security Testing Write-UpIntroductionMobile banking applications handle highly sensitive data — credentials, transactions, and personal information. But what happens...
Breaking Email Trust: How I Bypassed Email Verification in a Real-World Application.
2026-04-21 05:54:28
IntroductionEmail verification is one of the most fundamental security mechanisms in modern web applications. It ensures that users actually own the email address they register with.But what happens...
From Broken Token Models to Market-Driven Governance: Interview with Umia CEO Francesco Mosterts
2026-04-21 05:26:57
Crypto spent the last decade making assets programmable. Moving forward, next phase need to be making organizations programmable.
ML Internals: The Week I Stopped Treating Embeddings as a Black Box
2026-04-21 05:21:04
A hands-on dive into embeddings, tokenization, and why the model is just one piece of an ML system.
Stop Removing Friction. It's Your Best User Research Tool
2026-04-21 05:19:41
Growth orthodoxy says remove friction at every step. For trust-dependent products - P2P platforms, safety apps, fintech, healthcare - that's the wrong instinct. When I built a trust-first consumer app...
The Internet Is Starting to Forget Humans
2026-04-21 05:19:01
As the web becomes more automated, optimized, and machine-readable, it is slowly becoming less centered on real human presence.
Apache ActiveMQ RCE
2026-04-21 04:56:55
What is the Vulnerability?
CVE-2026-34197 is a high-severity remote code execution (RCE) vulnerability affecting Apache ActiveMQ Classic. The flaw...
How I Built a Self-Maintaining Knowledge Base for 6 Projects Using Claude Code & Karpathy's LLM Wiki
2026-04-21 04:55:12
How to got Claude Code to maintain a self-updating wiki across 6 projects — 192 pages bootstrapped in ~2 hours — so every new session starts with full project memory instead of re-explaining everything...
PoC Exploit Released for Windows Snipping Tool NTLM Hash Leak Vulnerability
2026-04-21 04:15:29
A proof-of-concept (PoC) exploit has been publicly released for a newly disclosed vulnerability in Microsoft’s Snipping Tool that allows attackers to silently steal users’ Net-NTLM credential...
Mageia 9 Firefox Thunderbird Important Memory Safety Fixes MGASA-2026-0106
2026-04-21 04:12:29
MGASA-2026-0106 - Updated firefox & thunderbird packages fix security vulnerabilities
Mageia 9 libtiff Critical NULL Reference Stack Overflow Fix MGASA-2026-0106
2026-04-21 04:12:28
MGASA-2026-0105 - Updated libtiff packages fix security vulnerabilities
iTerm2 Flaw Abuses SSH Integration Escape Sequences to Turn Text Into Code Execution
2026-04-21 03:23:22
Cybersecurity researchers, working in partnership with OpenAI, have uncovered a fascinating and severe vulnerability in iTerm2, a widely used macOS terminal emulator. According to Califio, the flaw abuses...
British National Admits Hacking Companies and Stealing Millions in Virtual Currency
2026-04-21 03:19:57
A British man has pleaded guilty in the United States to his role in a large cybercrime scheme that used SMS phishing, company network intrusions, and SIM swapping to steal at least million in virtual...
Critical Gardyn Smart Gardens Vulnerabilities Let Attackers Control Devices Remotely
2026-04-21 03:14:27
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical warning about severe vulnerabilities in Gardyn Home Kit smart garden systems. Carrying a maximum severity score of 9.3...
Critical Anthropic's MCP Vulnerability Enables Remote Code Execution Attacks
2026-04-21 02:37:35
A critical flaw in Anthropic's Model Context Protocol (MCP) exposes over 150 million downloads to potential compromise. The vulnerability could enable full system takeover across up to 200,000 servers....