Toute l'actualité de la Cybersécurité
EngageSDK Vulnerability Exposes Millions of Crypto Wallet Users to Cyberattacks
2026-04-10 17:58:02
A serious security flaw found inside a widely used Android library called EngageSDK has put over 30 million cryptocurrency wallet users at risk of financial theft and personal data exposure. The vulnerability,...
Hackers Use AiTM Session Hijacking to Redirect Employee Salaries in New Storm-2755 Campaign
2026-04-10 17:44:07
A financially motivated threat group called Storm-2755 has launched a campaign that quietly reroutes employee salary payments to attacker-controlled bank accounts. Targeting Canadian workers, the group...
France to Replace Windows with Linux on Government Desktops
2026-04-10 17:29:05
France has taken a decisive step toward digital sovereignty, announcing plans to migrate government workstations from Microsoft Windows to Linux. The move was formally declared during an interministerial...
Deux failles critiques corrigées dans Chrome 147
2026-04-10 17:00:23
Dans les versions 147.0.7727.55 et .56 de Chrome pour Windows et macOS, ainsi que la version 147.0.7727.55 pour Linux, les développeurs ont corrigé (...)
GraphAlgo Scam: Lazarus Hackers Register Real US LLCs to Spread Malware
2026-04-10 16:55:07
ReversingLabs has discovered a fresh wave of the graphalgo campaign in which North Korean Lazarus hackers are using fake Florida LLCs, mimicking SWFT Blockchain, and using GitHub typo-squatting to target...
Fake Claude site installs malware that gives attackers access to your computer
2026-04-10 16:16:26
We found a convincing fake site that installs a trojanized Claude app while quietly deploying PlugX malware.
AI Subagents: What Works and What Doesn't
2026-04-10 16:00:29
Experimenting with #AI #subagents.
I delegated 4 GitHub issues to parallel subagents. The biggest win wasn't the speed — it was context isolation. Here's how I did it.
hifox: Deterministic Firefox Hardening as an Enforcement Workflow
2026-04-10 15:55:15
Traditional Firefox hardening relies on static configurations that degrade over time due to updates, exceptions, and unnoticed changes. This article introduces a Git-based approach that treats hardening...
Nearly 4,000 US industrial devices exposed to Iranian cyberattacks
2026-04-10 15:52:45
The attack surface targeted by Iranian-linked hackers in cyberattacks against U.S. critical infrastructure networks includes thousands of Internet-exposed programmable logic controllers (PLCs) manufactured...
FINRA Launches Financial Intelligence Fusion Center to Combat Cybersecurity and Fraud Threats
2026-04-10 15:52:28
Dynatrace acquiert Bindplane pour muscler son observabilité
2026-04-10 15:29:02
La plateforme d’observabilité Dynatrace a annoncé la signature d'un accord définitif en vue d'acquérir Bindplane. Cette (...)
Bringing Rust to the Pixel Baseband
2026-04-10 15:12:00
Posted by Jiacheng Lu, Software Engineer, Google Pixel Team
Google is continuously advancing the security of Pixel devices. We have been focusing on hardening the cellular baseband modem against exploitation....
How to Render React Apps Inside ChatGPT and Claude Using MCP
2026-04-10 15:07:51
The current interaction model for AI assistants relies heavily on text-based conversational flows. This paradigm fails when users must interact with complex, multi-step data or visual workflows. To remain...
Orange Business Reimagines Enterprise Voice Communications With Trust and AI
2026-04-10 15:05:14
ClickFix finds a new way to infect Macs
2026-04-10 15:02:18
ClickFix campaigns have found a way around macOS Tahoe's warnings against pasting commands in the Terminal. They're using Script Editor instead.
AI Is Turning Product Validation Into a Continuous Loop
2026-04-10 14:59:04
Product teams have long struggled to validate ideas early due to slow research methods and limited prototype realism. Emerging AI tools—ranging from rapid prototyping platforms to synthetic user simulations—are...
Publicis choisit Microsoft pour industrialiser son marketing par l'IA
2026-04-10 14:33:24
Les deux groupes officialisent un accord technologique d'envergure : déploiement massif de Copilot, adoption d'Azure comme cloud de référence, et co-innovation autour d'une plateforme marketing pilotée...
Ransomware attack on ChipSoft knocks EHR services offline across hospitals in the Netherlands and Belgium
2026-04-10 14:12:51
Dutch healthcare IT firm ChipSoft suffered a ransomware attack, forcing services and its HiX platform offline, impacting hospitals and patients. ChipSoft, a major Dutch provider of EHR systems, was hit...
Big Tech, Big Exposure: Data from Over 3.5 Million Accounts Handed to US Authorities
2026-04-10 14:09:06
New research from digital privacy firm Proton has revealed the staggering scale of how Google, Apple, and Meta share user data with US government authorities, and the numbers are only growing. According...
Analysis of one billion CISA KEV remediation records exposes limits of human-scale security
2026-04-10 14:01:11
Analysis of 1 billion CISA KEV remediation records reveal a breaking point for human-scale security. Qualys shows most critical flaws are exploited before defenders can patch them. [...]
Réservation en ligne : les agents IA, nouvelle porte d'entrée des fraudeurs
2026-04-10 13:53:59
L'essor du commerce agentique bouleverse les règles du jeu pour les plateformes de réservation. Datadome, spécialiste de la lutte contre les bots, tire la sonnette d'alarme : derrière la promesse...
Hackers Use Fake BTS World Tour Ticket Sites to Scam Fans Across Multiple Countries
2026-04-10 13:43:31
Cybercriminals are capitalizing on the excitement around BTS’s long-awaited return to the world stage by setting up fraudulent ticket websites that steal money from unsuspecting fans. The campaign...
Industrial Controllers Still Vulnerable As Conflicts Move to Cyber
2026-04-10 13:30:00
The US government warns programmable logic controllers are being targeted, and research turns up 179 vulnerable operational technology (OT) devices.
GlassWorm Campaign Uses Zig Dropper to Infect Multiple Developer IDEs
2026-04-10 13:23:00
Cybersecurity researchers have flagged yet another evolution of the ongoing GlassWorm campaign, which employs a new Zig dropper that's designed to stealthily infect all integrated development environments...
Wasabi acquiert Lyve Cloud de Seagate
2026-04-10 13:17:44
L'opération permet à Wasabi de renforcer sa position sur le marché entreprise, tandis que Seagate entre à son capital.
The post Wasabi acquiert Lyve Cloud de Seagate appeared first on Silicon.fr.
Censys Warns 5,219 Rockwell/Allen-Bradley PLCs Are Exposed Amid Iranian APT Activity
2026-04-10 13:16:56
The FBI, CISA, NSA, EPA, DOE, and U.S. Cyber Command jointly disclosed on April 7, 2026, that Iranian-affiliated advanced persistent threat (APT) actors are actively targeting internet-facing Rockwell...
CPUID hacked to deliver malware via CPU-Z, HWMonitor downloads
2026-04-10 13:12:42
Hackers gained access to an API for the CPUID project and changed the download links on the official website to serve malicious executables for the popular CPU-Z and HWMonitor tools. [...]
AWS lance S3 Files et rapproche stockage objet et système de fichiers
2026-04-10 13:03:41
AWS lance S3 Files pour transformer ses buckets objet en systèmes de fichiers accessibles, une arme économique face à EFS et la concurrence cloud.
The post AWS lance S3 Files et rapproche stockage...
Can Anthropic Keep Its Exploit-Writing AI Out of the Wrong Hands?
2026-04-10 13:00:00
Its Mythos Preview model, which can allegedly find and exploit critical zero-days, also comes with certain controls, the vendor said.
Hackers Exploit GitHub Copilot Flaw to Exfiltrate Sensitive Data
2026-04-10 12:55:15
A recently disclosed high-severity vulnerability in GitHub Copilot Chat allowed attackers to silently siphon sensitive data from private repositories. Tracked as CVE-2025-59145 with a near-perfect CVSS...
HPE Aruba Private 5G Platform Vulnerability Enables Credential Theft Attacks
2026-04-10 12:54:36
Hewlett-Packard Enterprise (HPE) has disclosed a security flaw in its Aruba Networking Private 5G Core On-Prem platform. This vulnerability allows attackers to steal user credentials by exploiting an...
Cybercrime Is An Industrialized Economy
2026-04-10 12:54:13
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Apr. 10, 2026 – Read the full story in BusinessWorld Cybercrime operates like a legitimate, profit-driven economy,...
Hackers Impersonate Secure Messaging Apps to Deploy ProSpy in Middle East Espionage Attacks
2026-04-10 12:43:24
A targeted mobile espionage campaign has been quietly operating across the Middle East since at least 2022, using fake versions of widely trusted secure messaging apps to plant a powerful Android spyware...
Nervu Earns a 44 Proof of Usefulness Score by Building a Voice Rehearsal Tool for Hard Conversations
2026-04-10 12:40:35
Nervu is an innovative voice rehearsal platform designed to help people navigate difficult conversations. By leveraging AI for strategic game planning and live coaching, Nervu allows users to practice...
UNC6783 Hackers Use Fake Okta Pages in Corporate Breach Campaign
2026-04-10 12:23:18
UNC6783 hackers and extortionists impersonate support staff, using fake Okta login pages and social engineering to access corporate systems and steal sensitive data.
AI Router Vulnerabilities Allow Attackers to Inject Malicious Code and Steal Sensitive Data
2026-04-10 12:15:39
A critical and largely overlooked attack surface in the AI agent ecosystem, third-party API routers that can be weaponized to silently hijack tool calls, drain cryptocurrency wallets, and exfiltrate sensitive...
Hackers Abuse GitHub and GitLab to Host Malware and Credential Phishing Campaigns
2026-04-10 12:04:23
Cybercriminals are now turning two of the most trusted developer platforms in the world — GitHub and GitLab — into tools for spreading malware and stealing login credentials from unsuspecting users....
Microsoft: Canadian employees targeted in payroll pirate attacks
2026-04-10 11:56:14
A financially motivated threat actor tracked as Storm-2755 is stealing Canadian employees' salary payments after hijacking their accounts in payroll pirate attacks. [...]
UAT-10362 linked to LucidRook attacks targeting Taiwan-based institutions
2026-04-10 11:27:41
LucidRook is Lua malware used in phishing attacks on NGOs and universities in Taiwan, linked to UAT-10362, spread via password-protected emails. LucidRook is a new Lua-based malware used in targeted phishing...
CollabNext gagne en intégration et en standardisation
2026-04-10 11:02:45
Un an après une première version de CollabNext axée sur la sécurité et l’IA, Jamespot revient avec une v2 (...)
Browser Extensions Are the New AI Consumption Channel That No One Is Talking About
2026-04-10 11:00:00
While much of the discussion on AI security centers around protecting ‘shadow' AI and GenAI consumption, there's a wide-open window nobody's guarding: AI browser extensions.
A new...
APT28 pirate des routeurs domestiques pour espionner des entreprises
2026-04-10 10:54:12
Le groupe criminel russe Forest Blizzard, aka APT28, exploite des équipements Internet non sécurisés utilisés chez des particuliers (...)
Google rolls out Gmail end-to-end encryption on mobile devices
2026-04-10 10:44:08
Google says Gmail end-to-end encryption (E2EE) is now available on all Android and iOS devices, allowing enterprise users to read and compose emails without additional tools. [...]
Une faille dans Adobe Acrobat Reader non corrigée exploitée depuis des mois
2026-04-10 10:38:01
Les utilisateurs d'Adobe Acrobat Reader sont exposés à de grands risques de sécurité. Selon un chercheur, une faille dans ce (...)
EngageLab SDK flaw opens door to private data on 50M Android devices
2026-04-10 08:41:39
A flaw in EngageLab SDK exposed up to 50M Android users, including 30M crypto wallets, letting apps bypass security and access private data. Microsoft researchers found a critical flaw in EngageSDK that...
Major Security Update for Ubuntu 22.04 LTS - Fixing Core Kernel Issues
2026-04-10 08:30:30
An update that solves four vulnerabilities can now be installed.
openSUSE 2026 Kernel Important Security Update ID 1237-1
2026-04-10 08:30:30
An update that solves four vulnerabilities can now be installed.
SUSE Linux Enterprise 15 SP6 Kernel Important Security Update 2026-1239-1
2026-04-10 08:30:21
An update that solves eight vulnerabilities can now be installed.
Ubuntu 20.04 Critical Kernel Update UBUNTU-SU-2026-4567-3
2026-04-10 08:30:21
An update that solves eight vulnerabilities can now be installed.
“Bug Bounty Bootcamp #31: Blind SQL Injection on INSERT — When Contact Forms Become Silent Data…
2026-04-10 08:25:00
No error messages, no data reflection, just a polite “thanks for your message.” Yet with a well-placed sleep command, you can prove…Continue reading on InfoSec Write-ups »
PortSwigger Lab: Information disclosure in version control history
2026-04-10 08:24:43
PortSwigger Web Security Academy SeriesHello everyone! Nikhil Bhandari here. Today, I'll be sharing a step-by-step guide on how to solve the PortSwigger Lab: Authentication bypass via information disclosure.To...
️ The 2026 Web3 Security Roadmap
2026-04-10 08:24:12
🗺️ The 2026 Web3 Security Roadmap: How to Stop Chasing XSS and Start Auditing Smart ContractsYou fire up Burp Suite. You run your directory bruteforcer. You intercept a request, manipulate a parameter,...
Google Rolls Out DBSC in Chrome 146 to Block Session Theft on Windows
2026-04-10 07:58:00
Google has made Device Bound Session Credentials (DBSC) generally available to all Windows users of its Chrome web browser, months after it began testing the security feature in open beta.
The...
Marimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosure
2026-04-10 07:37:00
A critical security vulnerability in Marimo, an open-source Python notebook for data science and analysis, has been exploited within 10 hours of public disclosure, according to findings from Sysdig.
The...
How Tok-Edge Is Trying to Rewire Crypto Hedge Funds With a New Token Class Called Redemption Tokens
2026-04-10 07:34:42
What if you could hold a hedge fund position and still trade its liquidity on a public blockchain at 3 a.m. on a Sunday?
\
That is the question Tok-Edge, a London-based digital asset firm, is putting...
Bitcoin Depot hack leads to .6M Bitcoin theft via stolen credentials
2026-04-10 07:14:24
Hackers breached Bitcoin Depot, stole credentials, and took about 50 BTC worth .6M from its wallets after a March 23 intrusion. Hackers breached the largest US Bitcoin ATM operator, Bitcoin Depot, on...
Backdoored Smart Slider 3 Pro Update Distributed via Compromised Nextend Servers
2026-04-10 06:28:00
Unknown threat actors have hijacked the update system for the Smart Slider 3 Pro plugin for WordPress and Joomla to push a poisoned version containing a backdoor.
The incident impacts Smart Slider 3...
The TechBeat: HackerNoon Projects of the Week: Movement Network Foundation, Packworks & Kyram (4/10/2026)
2026-04-10 06:11:14
How are you, hacker?
🪐Want to know what's trending right now?:
The Techbeat by HackerNoon has got you covered with fresh content from our trending stories of the day! Set email preference here.
...
How I Built a Persistent AI Persona That Passed Cognitive Testing (And What Broke Along the Way)
2026-04-10 06:01:28
The article is loaded on HackerNoon with the meta description at 159/160 characters. The cracked mirror image is showing as a featured image. You need a TL;DR now. Here's one:
TL;DR:
"Built a persistent...
How DoorDash Optimized Item Availability at Scale Using Elasticsearch
2026-04-10 05:43:46
DoorDash's homepage item carousels needed to filter millions of items by availability in under 300ms. We couldn't call the menu service at request time (too much fan-out, too slow), so we indexed availability...
The AI Illusion (Part 2): The AI Detection Mirage
2026-04-10 05:28:46
A forensic audit of 32 AI image detectors reveals a fractured landscape where no tool achieves 100% accuracy. While "Elite" detectors can effectively identify modern synthetic media, they consistently...
Audience Reach & Impact: How Utility Scales
2026-04-10 04:14:59
If you stopped marketing tomorrow, would your user base grow, hold steady, or decline? Projects with genuine reach grow organically.
Evidence of Traction: The Criterion That Proves Everything
2026-04-10 03:59:59
Evidence of traction shares the highest weight in Proof of Usefulness scoring — tied at 25% with real-world utility — for a specific reason: it is the mechanism by which subjective assessment becomes...
Fedora 42 OpenSC Important Memory Issues Stack Overflow CVE-2025-66038
2026-04-10 01:11:48
New upstream release (#2442363) fixing various security issues
Fedora 42 dnsdist DoS Issues Fixed with Advisory 2026-637c11815f
2026-04-10 01:11:46
Update to latest upstream
Multiples vulnérabilités dans Tenable Security Center (10 avril 2026)
10/04/2026
De multiples vulnérabilités ont été découvertes dans Tenable Security Center. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une atteinte à la confidentialité...
Vulnérabilité dans les produits Juniper Networks (10 avril 2026)
10/04/2026
Une vulnérabilité a été découverte dans les produits Juniper Networks. Elle permet à un attaquant de provoquer une élévation de privilèges.
Vulnérabilité dans Spring Cloud Gateway (10 avril 2026)
10/04/2026
Une vulnérabilité a été découverte dans Spring Cloud Gateway. Elle permet à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Multiples vulnérabilités dans Apache Tomcat (10 avril 2026)
10/04/2026
De multiples vulnérabilités ont été découvertes dans Apache Tomcat. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une atteinte à l'intégrité des...
Multiples vulnérabilités dans Mattermost Desktop App (10 avril 2026)
10/04/2026
De multiples vulnérabilités ont été découvertes dans Mattermost Desktop App. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Multiples vulnérabilités dans les produits Microsoft (10 avril 2026)
10/04/2026
De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Multiples vulnérabilités dans le noyau Linux d'Ubuntu (10 avril 2026)
10/04/2026
De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité...
Multiples vulnérabilités dans le noyau Linux de SUSE (10 avril 2026)
10/04/2026
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Multiples vulnérabilités dans le noyau Linux de Red Hat (10 avril 2026)
10/04/2026
De multiples vulnérabilités ont été découvertes dans le noyau Linux de Red Hat. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation...
Multiples vulnérabilités dans les produits IBM (10 avril 2026)
10/04/2026
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service...