Toute l'actualité de la Cybersécurité
Your SOC Has Too Many IOCs: How to Cut Feed Noise, Prioritize What Matters, and Improve Response
2026-06-23 17:02:14
Most SOCs measure threat intelligence the same way they measure storage: bigger is better. A feed that delivers two million indicators a month looks more impressive on a vendor scorecard than one that...
Bajaj Auto Confirms Systems Affected by Ransomware Attack
2026-06-23 17:02:11
India’s leading two-wheeler manufacturer, Bajaj Auto, disclosed on Tuesday that it fell victim to a ransomware attack that compromised systems at both the parent company and its wholly owned technology...
AWS Warns Outbound Traffic Blind Spots Can Enable Cloud Data Exfiltration
2026-06-23 16:58:54
Most organizations spend a lot of time locking the front door of their cloud environments. Firewalls, access controls, and web application filters get the bulk of attention because that is where visible...
Cybersecurity Outsourcing. Beyond Cost
2026-06-23 16:42:01
Why Security Outsourcing Is a Strategic, Not Just Operational, Decision Cybersecurity Outsourcing. Beyond Cost: Why Security Outsourcing Is a Strategic, Not Just Operational, Decision Outsourcing information...
‘Cordyceps' CI/CD Flaw Exposes Microsoft, Google, Apache Repos to Pipeline Hijacking
2026-06-23 16:31:16
Novee Security reveals Cordyceps, a CI/CD vulnerability in GitHub Actions workflows that let anonymous users poison builds and expose tokens across major projects today.
Ubuntu 26.04 LIBNFS High NFS Service Disruption USN-8464-1
2026-06-23 16:14:47
LIBNFS could be made to crash or run programs if it connected to a specially crafted NFS server.
Ubuntu LibVNCServer Important Denial Of Service Vulnerabilities USN-8463-1
2026-06-23 16:14:43
Several security issues were fixed in LibVNCServer.
Scattered Spider Hackers Plead Guilty on Day 1 of Trial
2026-06-23 16:12:49
Two men pleaded guilty in the United Kingdom this week to criminal charges stemming from an August 2024 cyberattack that crippled Transport for London, the entity responsible for the public transport...
CVE-2026-12957 and CVE-2026-12958 - Issues in Language Servers for AWS and Amazon Q Developer Plugins
2026-06-23 16:11:40
Bulletin ID: 2026-047-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 06/23/2026 09:30 AM PDT
Description:
Language Servers for AWS provide the underlying language-server...
Claude Down – A Major Outage Affects Most of the Models
2026-06-23 16:11:27
Anthropic experienced a service disruption on Tuesday that produced elevated error rates across multiple Claude models, according to the company’s official status page. By mid-afternoon UTC the...
SpaceX's Historic IPO Met a Surprisingly Skeptical Crowd
2026-06-23 16:00:04
SpaceX finally went public at a roughly trillion valuation and revealed a .3 billion Bitcoin reserve, instantly becoming the largest public non-crypto Bitcoin holder. HackerNoon readers were divided:...
Inside the dark web: Stolen identities for 95¢, malware, and scams-for-hire
2026-06-23 15:52:17
We spent 48 hours exploring the dark web and found stolen identities, malware, scams, and a thriving cybercrime economy.
The Rise of AI-Powered Academic Fraud: Beyond Traditional Plagiarism
2026-06-23 15:50:48
AI has changed academic fraud. It now creates original-looking work, fake sources, and hidden misconduct that schools must learn to detect.
AI Agents Need More Than Wallet Screening to Manage Risk
2026-06-23 15:45:50
A clean address is not a safe protocol. AML tools verify the sender; nothing checks the destination's structural health. Drift lost 5M through a removed timelock while every wallet read clean. CORE3's...
A beginner's guide to the Krea-2-large model by Krea on Replicate
2026-06-23 15:41:18
From style references to moodboard UUIDs: a practical developer guide to krea-2-large, Krea's flagship text-to-image model running on Replicate in 2026.
When Not to Use AI: A Senior Engineer's Decision Framework
2026-06-23 15:37:11
Clear spec, low consequence: let the agent run. Unclear spec, high consequence: put the tool down. A senior engineer's honest map of AI's real limits in production.
La start-up française en observabilité Tsuga lève près de 31 M€
2026-06-23 15:32:40
Lancée officiellement fin 2025 – mais en mode stealth depuis deux ans – une jeune pousse française spécialisée (...)
Scattered Spider members plead guilty to hacking Transport for London
2026-06-23 15:31:59
Two members of the 'Scattered Spider' cybercrime group pleaded guilty to hacking the Transport for London (TfL) systems in 2024. [...]
New Quantum Research Is Accelerating the Timeline for Post-Quantum Migration
2026-06-23 15:28:58
Quantum mechanics took 27 years (1900–1927) to produce the hardware civilization. The same physics now threatens its cryptographic layer. Three papers published between May 2025 and March 2026 compressed...
Fake AI Agent Skill Passed Security Scans and Reportedly Reached 26,000 Agents
2026-06-23 15:16:43
Security firm AIR built a fake AI agent skill, pushed it through a popular skill marketplace and an Instagram ad, and says it reached roughly 26,000 agents, including some on corporate accounts.
Every...
Trump Order Sets 2030 Deadline for Federal Post-Quantum Crypto Migration
2026-06-23 15:16:40
President Trump signed an executive order on June 22 setting hard deadlines for federal agencies to move high-value assets and high-impact systems to post-quantum cryptography.
Key establishment...
ESET Research analyse l'arsenal anti-EDR de The Gentlemen, l'un des groupes ransomware les plus actifs de 2026
2026-06-23 14:59:59
Les chercheurs d'ESET ont analysé l'arsenal avancé d'outils de neutralisation (EDR KILLERS) des solutions EDR (Endpoint Detection and Response) utilisé par Gentlemen, un groupe de ransomware-as-a-service...
Cyberattaques : les entreprises n'en font une priorité du CEO que lorsque les revenus sont menacés
2026-06-23 14:57:47
Près d’une entreprise française sur deux perd du chiffre d’affaires dès le jour même d’une cyberattaque. Pourtant, 58 % considèrent encore la cybersécurité comme un sujet purement...
ESET Research découvre de nouvelles portes dérobées, utilisées par l'APT FishMonger, contre des organismes gouvernementaux
2026-06-23 14:52:07
Des chercheurs d'ESET ont identifié deux nouvelles variantes Windows de SprySOCKS, baptisées WIN_DRV et WIN_PLUS, jusqu'alors non documentées. Cette porte dérobée, précédemment observée uniquement...
8-Year-Old Samsung KNOX Vulnerability Exposes Galaxy Devices to Kernel Attacks
2026-06-23 14:42:49
A critical use-after-free (UAF) vulnerability in Samsung’s proprietary KNOX security subsystem, which has been hidden for over eight years, has been discovered by security research firm LucidBit,...
Why Most Technical Products Fail at GTM - and It's Rarely the Product's Fault
2026-06-23 14:34:56
Most technical products don't fail because the product isn't good enough—they fail because no one sees, understands, or trusts them. Engineering-led teams often treat go-to-market as an afterthought,...
GitHub Updates actions/checkout to Block Common Pwn Request Attack Patterns
2026-06-23 14:22:03
GitHub is moving to strengthen software supply chain security by updating "actions/checkout" to block pwn request attacks that exploit the risky use of the "pull_request_target workflow" trigger to run...
LastPass Customer Data Exposed in Klue Supply Chain Attack
2026-06-23 14:15:52
LastPass has disclosed a supply chain security incident involving its third-party vendor, Klue, that resulted in unauthorized access to customer data within its Salesforce environment. The company confirmed...
Signal Over Noise: Reachability Analysis Is the Reality Check SCA Has Been Missing
2026-06-23 14:14:43
Modern software teams do not have a visibility problem. They have a prioritization problem.
DifyTap Flaws Allow Attackers to Wiretap AI Data Across Tenants – 1M+ Apps Impacted
2026-06-23 14:12:43
Multiple critical vulnerabilities in Dify could expose sensitive AI data across tenants and potentially impact more than one million applications. Dify, which powers AI workflows, chatbots, and retrieval-augmented...
Five-Eye Agencies Call for “Whole-of-Organization and Whole-of-Society Response” to Stop Cyber Threats
2026-06-23 14:10:10
The Five Eyes cyber security agencies have issued a joint warning urging governments, businesses, and critical infrastructure operators to adopt a “whole-of-organization and whole-of-society response”...
Nearly Half of Apps Across LG and Samsung TV'S are Selling Your IP Address
2026-06-23 14:03:18
New research found that 2,058 of 6,038 apps across the LG webOS and Samsung Tizen ecosystems included residential proxy SDKs, effectively turning smart TVs into exit nodes for third-party internet traffic....
The Exploit Doesn't Exist. You Can Still Prove It Works Against You
2026-06-23 14:01:11
Attackers can now weaponize newly disclosed vulnerabilities far faster than most organizations can patch them. Picus Security explains how security teams can validate exploitability before a public exploit...
The TechBeat: Why Stripe usage-based billing is fundamentally broken for AI products (6/23/2026)
2026-06-23 14:01:01
How are you, hacker?
🪐Want to know what's trending right now?:
The Techbeat by HackerNoon has got you covered with fresh content from our trending stories of the day! Set email preference here.
...
386 Blog Posts To Learn About Venture Capital
2026-06-23 14:00:11
Let's learn about Venture Capital via these 386 free blog posts. They are ordered by HackerNoon reader engagement data. Visit the Learn Repo or LearnRepo.com to find the most read blog posts about any...
LastPass confirms data breach in Klue supply chain attack
2026-06-23 13:58:25
LastPass announced that hackers accessed customer data from its Salesforce environment after stealing the company's OAuth tokens in the Klue supply chain attack earlier this month. [...]
SocGholish Takedown Highlights Malicious TDS Threats
2026-06-23 13:51:33
SocGholish uses traffic distribution systems (TDSs) to provide initial access into victims' networks for cybercrime groups such as the notorious Evil Corp.
DevSecOps : la « plate-forme », une notion relative
2026-06-23 13:41:13
Le Magic Quadrant du DevOps devient celui du DevSecOps. Il reste orienté sur les « plates-formes »... qui s'apparentent parfois plutôt à des toolchains.
The post DevSecOps : la « plate-forme »,...
Hackers Use Velociraptor, Cloudflare Tunnels, Zoho Assist, and VS Code SSH for Persistence
2026-06-23 13:33:18
A routine ransomware investigation turned into something far more alarming when security researchers uncovered two separate threat actors quietly sharing the same compromised environment. What started...
Mines Nancy ouvre sa 1e école d'été en cybercriminalité
2026-06-23 13:32:52
Avec l'essor de l'intelligence artificielle, la cybercriminalité voit émergence de nouvelles formes d'attaques, plus sophistiquées, (...)
SonicWall CVE-2024-40766 Proves Patching Is Not Remediation
2026-06-23 13:05:47
A SANS audit of 14 patched SonicWall firewalls shows Akira ransomware still getting in via stale accounts and LDAP misconfigurations the firmware update never touched.
SonicWall CVE-2024-40766 Proves...
Meta pauses controversial employee-tracking program after security review
2026-06-23 13:01:50
Meta has paused its controversial employee-tracking program. Unfortunately, employee privacy wasn't what stopped it.
LLMs vs Transformers: Bengali Political Sentiment Analysis Benchmark
2026-06-23 13:00:55
Explore how the Motamot dataset benchmarks PLMs and LLMs on Bengali political sentiment. Learn how few-shot learning drives Gemini 1.5 Pro to a 96.33% accuracy rate.
The Bottleneck Is The Review Process - Not The Code
2026-06-23 13:00:50
Adding engineers to a late project makes it later because of communication overhead. This problem, called the "cohesion tax," is now accelerated by AI code generators that write plausible but inconsistent...
Inside The Rising Cyber Risk To Insurers: Why Insurance Companies Are Now Prime Targets
2026-06-23 13:00:34
Insurers sit at a rare intersection: they hold healthcare-grade sensitive data, financial-services-grade data, and high-trust identity data — often unified within a single customer or policyholder record....
Fake shops target shoppers across Europe with fake Samsung deals, counterfeit goods and World Cup scams
2026-06-23 12:55:25
A Bitdefender Labs investigation identified more than 55 fake-shop campaigns targeting consumers across 12 European countries between March and May 2026. The campaigns mimicked some of the world's most...
The Fable Shutdown Was a Blunt Instrument. The Real Lesson is Identity
2026-06-23 12:38:27
Using Anthropic's hypothetical Fable shutdown as a case study, this article argues that the real issue wasn't export policy but the absence of identity verification at the model layer. As AI systems become...
FortiBleed Attackers Turn Firewalls Into Credential Stealers as Heists Persist
2026-06-23 12:34:54
The threat actors engineered a Golang-based sniffer to target 430,000 FortiGate firewalls and identify 110 million credentials in the ongoing global campaign.
Cybersecurity “Talking Sports” On The Cybercrime Magazine Podcast
2026-06-23 12:24:30
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 23, 2026 – Listen to the podcast Richard Seewald, founder and Managing Partner at Evolution Equity Partners,...
Webinar: Why email security teams are drowning in alerts
2026-06-23 12:12:20
Phishing, BEC, and account takeover attacks continue to overwhelm security teams with alerts and investigations. This webinar explores how behavioral AI can help automate detection and response workflows,...
New CryptoBandits Malware Uses USB Drives and Tor to Steal Crypto
2026-06-23 12:02:35
Microsoft researchers warn of a new dual-action cryptocurrency clipper (CryptoBandits Malware) spreading through USB devices to alter wallet addresses and steal crypto assets.
AI in Radiation Oncology: Automating IMRT Planning with TextGrad
2026-06-23 12:00:58
Discover how TextGrad automates radiotherapy treatment planning. Learn how its two-loop optimization framework uses language models to tune numerical solver hyperparameters for precision oncology
Supply Chain Compromise: Nintendo Vendor Breach Exposes Internal Data
2026-06-23 12:00:07
Nintendo Confirms Breach Nintendo of America publicly disclosed they had been subjected to a third-party data breach by TinyPulse, one of the company's third-party software providers used to track employee...
The...
Agentic AI: The Weapon That No Longer Needs a Warrior
2026-06-23 11:30:00
Every weapon begins as an extension of the hand that holds it. The spear lengthened the reach of the arm. The bow sent the point flying without the throw. The rifle placed a man's death a quarter mile...
The Evolution of iGaming Fraud: What Security Teams Should Expect in 2027
2026-06-23 11:13:20
Learn how AI, deepfakes, synthetic identities and fraud-as-a-service may reshape iGaming risk, and what security teams can do to detect future threats in 2027.
1-15 June 2026 Cyber Attacks Timeline
2026-06-23 11:01:03
The cyber attacks timeline for 1-15 June 2026 is out with 80 confirmed events dominated by cyber crime, malware, and exploitation of public-facing applications. Information & Communication led the...
Hackers steal passport and driver’s license data of 3 million Texans
2026-06-23 10:30:57
A breach at a Texas Parks and Wildlife Department vendor exposed personal information belonging to more than three million Texans.
Fuite chez LastPass : des hackers ont volé les données de clients, gare aux arnaques
2026-06-23 10:29:30
LastPass subit une nouvelle fuite de données. Des cybercriminels ont exploité une faille chez Klue, un prestataire de l'entreprise, pour accéder à des informations sur les clients du gestionnaire...
Xsolis Data Breach Impacts 1.4 Million People
2026-06-23 10:21:25
Xsolis disclosed a breach affecting 1.4M people after a phishing attack exposed personal and health data from its hospital clients' systems. Healthcare tech company Xsolis, Inc. has disclosed a data...
2 Scattered Spider-Linked Hackers Plead Guilty Over £39M TfL Cyberattack
2026-06-23 10:11:00
Two teenagers face sentencing after admitting to a massive Scattered Spider cyberattack that hit Transport for London (TfL) and US healthcare networks.
Shadow AI dans les collectivités : ce que révèle vraiment l'usage clandestin de ChatGPT en mairie
2026-06-23 09:35:49
Un chiffre passé presque inaperçu Le chiffre a circulé en avril dernier sans provoquer le séisme qu’il méritait. Dans une enquête menée auprès de 2 000 agents publics issus de neuf administrations,...
GTA 6 early access is nothing but a scam
2026-06-23 09:23:52
No matter what a website claims, nobody is selling legitimate GTA 6 early access. And scammers are counting on fans believing otherwise.
La pénurie de RAM ruisselle jusqu'à la DDR2
2026-06-23 08:57:49
La demande s'est reportée en cascade vers les anciennes générations de DRAM, jusqu'à entraîner des tensions sur la DDR2.
The post La pénurie de RAM ruisselle jusqu’à la DDR2 appeared first...
L'Estonie envisage de créer une identité officielle des agents IA
2026-06-23 08:55:04
Les outils d'IA automatisés proposant d'effectuer des tâches en ligne à votre place ne manquent pas, à condition de leur fournir (...)
Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT
2026-06-23 08:54:32
Cybersecurity researchers have discovered a set of malicious npm packages that are designed to deliver a Windows-based remote access trojan (RAT).
The list of identified packages, is below -
aes-decode-runner-pro...
ShapedPlugin Supply Chain Attack Backdoors Pro Plugin Updates
2026-06-23 08:22:12
Attackers backdoored ShapedPlugin Pro updates, deploying malware that steals credentials, 2FA secrets, and grants full site access. If you installed a ShapedPlugin Pro plugin between April and June 2026...
Fuite Apple et Tesla : des données confidentielles ont été volées à un sous-traitant
2026-06-23 08:20:04
Tata Electronics, un sous-traitant indien chargé d'assembler des iPhone pour Apple et de fabriquer des pièces pour Tesla, a été victime d'une cyberattaque. Le groupe criminel World Leaks a publié...
Group-IB dévoile le top 10 des acteurs de cybermenaces qui façonnent l'avenir de la cybercriminalité
2026-06-23 08:06:12
Un expert en renseignement sur les menaces révèle comment les collectifs décentralisés, les plateformes de « phishing-as-a-service » et les groupes soutenus par des États transforment la cybercriminalité...
Kaspersky a détecté plus de 336 domaines uniques usurpant l'identité du site officiel de la Coupe du monde
2026-06-23 07:58:49
Kaspersky invite les utilisateurs à être prudents face aux plateformes de streaming et de paris non officielles, afin d’éviter de perdre de l’argent et des données personnelles. Tribune...
Rapport CNIL 2025 : les fuites de données changent d'échelle et de nature
2026-06-23 07:55:25
Regards croisés entre Gaëlle Tilloy, Avocate à la Cour, spécialiste des nouvelles technologies et des données personnelles et Jérôme Beaufils, Président de SASETY. Tribune – Avec plus de...
Squidbleed: 29-Year-Old Squid Bug Leaks User Credentials
2026-06-23 07:09:42
Squidbleed is a 29-year-old Squid Proxy flaw that can leak credentials, tokens, and other users’ HTTP data through a memory overread. Researchers at Calif.io have disclosed CVE-2026-47729, a memory...
De NetApp à Dell, changement d'échelle pour Guillaume de Landtsheer
2026-06-23 06:52:12
Après avoir dirigé l'activité de NetApp en France, Guillaume de Landtsheer embraye chez Dell, dont la filiale hexagonale est d'un autre calibre en termes de business et d'effectifs.
The post De NetApp...
Claude Mythos a découvert une faille de sécurité qui existe depuis près de 30 ans
2026-06-23 06:44:12
Claude Mythos, l'IA d'Anthropic jugée trop puissante pour être rendue publique, vient de lever le voile sur une faille de sécurité vieille de 29 ans. Cette vulnérabilité permettait à un attaquant...
WhatsApp VBScript Campaign Uses Fake Documents to Install ManageEngine RMM Tool
2026-06-23 05:38:40
Direct messages sent via WhatsApp are being used to distribute malicious Visual Basic Script (VBScript) files that lead to the installation of legitimate Remote Monitoring and Management (RMM) software.
Per...
OpenAI Expands Daybreak With GPT-5.5-Cyber to Help Defenders Patch Security Flaws
2026-06-23 03:56:58
OpenAI on Monday said it's releasing an improved version of its GPT‑5.5‑Cyber model to trusted defenders as part of the Daybreak initiative the artificial intelligence (AI) company announced...
List of 27 new domains
2026-06-23 00:00:00
.fr 0uth-client[.fr] (registrar: IONOS SE)
adidasoriginals-lemans[.fr] (registrar: Dynadot Inc)
chickenroad-bet[.fr] (registrar: SCALEWAY)
chumbacasino[.fr] (registrar: TLD Registrar Solutions Ltd)
codevital[.fr]...
Multiples vulnérabilités dans Moodle (23 juin 2026)
23/06/2026
De multiples vulnérabilités ont été découvertes dans Moodle Moodle. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une falsification de requêtes...
Multiples vulnérabilités dans Squid (23 juin 2026)
23/06/2026
De multiples vulnérabilités ont été découvertes dans Squid. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et un problème de sécurité non spécifié...