Toute l'actualité de la Cybersécurité
North Korea-Linked npm Packages Mimic Rollup Polyfills to Steal Developer Secrets
2026-07-03 16:07:15
Threat actors with ties to North Korea have been linked to a fresh set of malicious npm packages that masquerade as Rollup polyfill tooling to facilitate remote access and data theft.
According to JFrog,...
Mise à jour massive de Chrome : Google a colmaté près de 400 failles
2026-07-03 16:01:37
Google a déniché 382 vulnérabilités dans le code de Chrome, dont quinze failles de sécurité considérées comme critiques. Elles pourraient permettre à un pirate de prendre le contrôle total de...
Spec-Driven Development Is the New Developer Superpower
2026-07-03 15:49:04
The article argues that as AI makes implementation cheaper, the quality of specifications becomes the primary determinant of software quality. It introduces a framework built around Specs, Skills, Workflows,...
What Building a Self-Paced Math System Taught Me About Software Design
2026-07-03 15:42:21
I built an automated math learning system called Mathewmatician's Dictionary, and the deeper I went, the more it stopped feeling like an education problem and started looking like a software design problem....
The Real Reason Rural Areas Stay Offline Is Not Technology
2026-07-03 15:39:06
The barrier to rural internet access is not hardware, which is cheap and proven. It is the unit economics: high upfront cost, low revenue per user, and a payback period too long for normal investors....
I Built a Local AI Linux Assistant That Doesn't Rely on the Cloud
2026-07-03 15:35:50
The article explains how the author built zkzkAgent, a local AI assistant for Linux using LangGraph and Ollama. It covers the move from a monolithic ReAct-style agent to a graph-based architecture, discusses...
How to Feed AI Agents Clean Website Screenshots Without Running a Browser
2026-07-03 15:29:45
Vision models perform better when they receive clean webpage screenshots instead of images cluttered with cookie banners, chat widgets, ads, and popups. While you can remove these elements yourself with...
Data science : l'IA, facteur de décentralisation
2026-07-03 15:29:38
Favorisant le ciblage de davantage de profils d'utilisateurs, l'IA contribue à la décentralisation des activités de data science.
The post Data science : l’IA, facteur de décentralisation appeared...
Building Neon Rush 3D for Mobile and Desktop as a Solo Indie Developer
2026-07-03 15:10:39
The article documents the development of Neon Rush 3D, highlighting Unity implementation details such as lane-based movement and object pooling, along with lessons learned about optimization, shipping,...
The Death of Notifications: Why Software Needs to Learn How to Converse
2026-07-03 15:00:43
Notifications aren't disappearing—they're evolving. AI is transforming one-way alerts into two-way conversations, while a new communication layer manages context, trust, identity, and continuity. The...
Top 10 Best Post-Quantum Cryptographic Solutions in 2026
2026-07-03 14:59:18
Quantum computing has crossed the line from research curiosity to board-level risk. Once a cryptographically relevant quantum computer arrives — an event security planners call “Q-Day” —...
Microsoft met le paquet pour se préparer à l'arrivée des ordinateurs quantiques
2026-07-03 14:34:46
Microsoft s'engage à sécuriser ses services critiques contre les ordinateurs quantiques d'ici 2029. Le géant américain rejoint ainsi Google et Cloudflare, qui ont eux aussi accéléré leur calendrier...
ARToken PhaaS exposes EvilTokens' Microsoft 365 phishing toolkit
2026-07-03 14:12:22
A new phishing-as-a-service (PhaaS) platform dubbed "ARToken" appears to operate as an affiliate of the EvilTokens phishing platform, giving researchers a glimpse into an extensive toolkit designed...
The WebSocket Testing Gap Chrome DevTools Doesn't Fill
2026-07-03 14:12:15
The article argues that existing browser tools are excellent for observing WebSocket traffic but fall short for testing real-world edge cases. It introduces a Chrome extension that wraps the native WebSocket...
The TechBeat: The Zero-Cost AI Stack for Developers in 2026 (7/3/2026)
2026-07-03 14:01:00
How are you, hacker?
🪐Want to know what's trending right now?:
The Techbeat by HackerNoon has got you covered with fresh content from our trending stories of the day! Set email preference here.
...
500 Blog Posts To Learn About Security
2026-07-03 14:00:53
Let's learn about Security via these 500 free blog posts. They are ordered by HackerNoon reader engagement data. Visit the Learn Repo or LearnRepo.com to find the most read blog posts about any technology.
According...
Scammers Impersonate Trusted Brands in Gambling Ads to Drive Casino Traffic
2026-07-03 14:00:10
Scammers are hijacking trusted brand names to push people toward online casinos unrelated to those companies. Instead of building fake bank sites or phishing emails, they exploit the trust people place...
Multiple Apache ActiveMQ Vulnerabilities Enable DoS Attacks and Lead to Crashes
2026-07-03 13:57:01
Apache ActiveMQ users are advised to urgently update their deployments after three important vulnerabilities were disclosed, exposing messaging infrastructure to denial-of-service (DoS) attacks, broken...
Hackers Abuse SEO Poisoning and Hidden HTML to Trick AI Agents Into Following Malicious Instructions
2026-07-03 13:55:56
Artificial intelligence agents are quickly becoming the new front door to the internet, and attackers have noticed. A fresh wave of malicious websites is using search engine tricks and invisible code...
BTSE Group Launches BTSE Indonesia, Enters One of Asia's Fastest-Growing Crypto Markets
2026-07-03 13:53:27
Jakarta, Indonesia, July 3rd, 2026/Chainwire/--BTSE Group, a leading provider of blockchain asset trading and technology solutions, today announced the official launch of BTSE Indonesia, a regulated Indonesian...
Alibaba to Ban Claude Code Over Alleged Embedded Backdoor Risks
2026-07-03 13:53:13
Alibaba is reportedly set to ban Anthropic’s Claude Code from its internal workplace environments starting July 10, 2026, over alleged embedded backdoor risks. The company has not officially confirmed...
Armored Likho Targets Government Agencies, Power Sector with BusySnake Stealer
2026-07-03 13:36:33
A previously undocumented threat actor known as Armored Likho has been attributed to cyber attacks targeting government agencies and the electric power sector across Russia, Brazil, and Kazakhstan.
"Armored...
New PamStealer Malware Targets macOS Users via Fake Maccy Clipboard App
2026-07-03 13:35:08
The newly spotted PamStealer is spreading through a fake Maccy clipboard app and steal Mac passwords, browser data and clipboard content.
Verified X ad spreads Mac malware, while ConsentFix steals Microsoft accounts
2026-07-03 13:30:36
Two new campaigns show how cybercriminals are increasingly relying on social engineering instead of software exploits to compromise devices and accounts.
Nebula AI-Powered Penetration Testing Platform Automates Vulnerability Assessments
2026-07-03 13:30:32
A new open-source security tool is bringing large language models directly into the penetration tester’s terminal. Nebula, developed by BerylliumSec, integrates state-of-the-art AI models into the...
TryHackMe — Simple CTF: The Note That Gave Everything Away
2026-07-03 13:19:42
The FTP server was anonymous. The password was “secret”. The vim binary was sudo. This box didn't hide anything, it just waited to see if you'd look.Some rooms on TryHackMe are designed to humble you.Simple...
TryHackMe — Pickle Rick: Rick Left the Door Open. I Just Walked In.
2026-07-03 13:19:38
The password was in robots.txt. The sudo was unrestricted. The box didn't fight back, and that's exactly the point.I wasn't expecting much from a Rick and Morty themed room.Then I found the password...
TryHackMe: Checkpoint Walkthrough
2026-07-03 13:19:29
Tryhackme Premium room — armank8000Four candidates. Three threats. Make the production call.TryTrainMe's CISO issued a standing order: no model reaches production without completing a full sandboxed...
Certified AD Red Team Specialist (AD-RTS): Full Exam Write-Up
2026-07-03 13:19:23
Author: Shikhali JamalzadeGitHub: alisalive LinkedIn: camalzads Platform: CyberWarfare Labs (CWL) Certification: AD-RTS — Active Directory Red Team Specialist Environment: TELECOM INC. — Simulated...
Unauthenticated Stored XSS in NEX-Forms Express WP Form Builder (≤ 9.1.10)
2026-07-03 13:17:39
Unauthenticated Stored XSS in NEX-Forms Express WP Form Builder (≤ 9.1.10) — CVSS 8.8 High (CVE-2026–10525)TL;DR: Any anonymous visitor can POST a JavaScript payload to NEX-Forms' form submission...
Suricata Caught It. Zeek Explained It. Here's Why You Need Both.
2026-07-03 13:17:05
An alarm tells you something happened. A camera tells you the whole story. You need both running at once.Continue reading on InfoSec Write-ups »
Host & Network Penetration Testing: Exploitation CTF 1 — eJPT (INE)
2026-07-03 13:16:46
A walkthrough covering flatCore CMS exploitation, SSH brute-forcing, WordPress plugin enumeration, and unauthenticated file read to capture all four flags.Hello everyone!In this blog, I'll walk through...
I Found an Unauthenticated File Disclosure Bug in a WordPress Plugin — Then Found Out I Was a Few…
2026-07-03 13:16:20
I Found an Unauthenticated File Disclosure Bug in a WordPress Plugin — Then Found Out I Was a Few Weeks LateAuthor: Shikhali Jamalzade GitHub: alisalive LinkedIn: camalzadsDisclosure Notice: This...
openSUSE nilfs-utils Moderate CVE-2026-55392 Threat Fix 2026-0228-1
2026-07-03 13:04:44
An update that fixes one vulnerability is now available.
Chinese LLMs Broaden the Gap Between Attackers & Defenders
2026-07-03 13:01:00
Two new models from Chinese firms compete with top US mainstream and frontier models. Should cyber-defenders be worried?
C# PDF Libraries: What 'Free' Really Costs You (2026 Guide)
2026-07-03 13:00:57
Free C# PDF libraries can still cost engineering time. Compare PDFsharp, QuestPDF, IronPDF, iText, and headless browser tools.
Ubuntu 25.10 Perl Critical Denial of Service Fix USN-8467-2
2026-07-03 12:33:04
Several security issues were fixed in Perl.
FBI Warns TeamPCP Hackers Compromise Developer Tools in Large-Scale Supply Chain Attacks
2026-07-03 12:24:04
A new wave of software supply chain attacks has put developers and security teams on high alert. The threat group behind it, known as TeamPCP, has been quietly slipping malicious code into trusted development...
Hackers Abuse Blogspot and PowerShell Download Cradles to Deploy PureLog Steale
2026-07-03 12:08:12
Hackers have found a clever way to sneak data-stealing malware onto victims’ computers by hiding their tracks inside a trusted platform, Google Blogspot. Researchers recently uncovered a campaign...
L'UE grave l'IA dans sa stratégie éducation-formation
2026-07-03 11:37:56
L'IA jalonne la feuille de route 2026-2030 du Conseil européen pour l'éducation et la formation. Les STIM y ont une place importante.
The post L’UE grave l’IA dans sa stratégie éducation-formation...
Hackers Use Fake Cisco AnyConnect and Google Update Installers to Drop SharkLoader
2026-07-03 11:31:10
Cybersecurity researchers have uncovered a new malware loader called SharkLoader that is quietly slipping into networks by hiding inside fake software installers. The tool has been spotted delivering...
JADEPUFFER: First End-to-End AI-Driven Ransomware Operation
2026-07-03 11:29:03
Sysdig reports an AI agent ran a full ransomware attack end-to-end, exploiting flaws, stealing creds, moving laterally, and encrypting data without humans. Sysdig’s Threat Research Team has documented...
European Parliament Member Investigating Spyware Was Hacked With Pegasus
2026-07-03 11:05:43
A new report from the Citizen Lab has revealed that former Member of the European Parliament Stelios Kouloglou had his mobile device repeatedly hacked with the notorious Pegasus spyware while serving...
Your iphone Will Alert You in Real Time if You Are Falling Victim to a Scam
2026-07-03 11:02:44
Apple is taking a major step toward combating social engineering attacks with a new feature in iOS 27 that can warn users in real time if they are likely being targeted by a scam. The new framework, called...
The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident
2026-07-03 10:34:14
Vercel breach happened after an employee used an unvetted AI tool. Attackers exploited it as a trusted link to access systems, steal data, and extort M. The Vercel breach of April 2026 did not begin...
Google and FBI Dismantle NetNut Residential Proxy Botnet
2026-07-03 10:13:48
Google, the FBI and the IRS Criminal Investigation division disrupted NetNut, a residential proxy network built on two million hijacked devices and used by 316 threat clusters in a single week.
Google...
Une extension usurpant Perplexity AI dans Chromium découverte
2026-07-03 10:11:10
Google a supprimé une extension malveillante pour les navigateurs basés sur Chromium usurpant l’identité de Perplexity AI. Des (...)
Armored Likho digging a snake pit: inside the covert BusySnake Stealer campaign
2026-07-03 10:00:33
An inside look at the active Armored Likho APT campaign. The attackers are using spear-phishing, AI-generated loaders, and a new Python-based tool, BusySnake Stealer, to target organizations in Russia,...
Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut
2026-07-03 09:02:17
Google disrupted NetNut, a major proxy network that routed internet traffic through compromised home devices used by cybercriminals. Google has disrupted NetNut, one of the world’s largest residential...
Suez teste la vidéosurveillance en 5G privée
2026-07-03 08:51:59
Pour répondre aux enjeux de sécurité de ses sites industriels, Suez adopte une nouvelle approche alliant la vidéosurveillance (...)
Apple : une faille dans « Masquer mon adresse e-mail » permet de retrouver votre véritable adresse e-mail
2026-07-03 08:07:08
Des chercheurs en sécurité ont découvert une faille dans la fonction Masquer mon adresse e-mail d'Apple. Présente depuis plus d'un an, elle permettrait à des tiers de retrouver la véritable adresse...
PamStealer Uses Fake Maccy Sites and PAM Checks to Steal Mac Login Passwords
2026-07-03 08:03:37
Cybersecurity researchers have flagged a new macOS information stealer called PamStealer that employs a series of clever tricks to infect systems and siphon sensitive data.
The stealer, discovered by...
Government and Healthcare Are the Weakest Links in Global Email Security
2026-07-03 08:01:37
Government and healthcare sectors have weak email security. Many domains lack SPF, DMARC, DKIM, and MTA-STS, leaving them open to phishing attacks. Comparitech analyzed live DNS records for 5,849 domains...
Ce malware valide vos identifiants avant de les voler : les Mac sont en danger
2026-07-03 06:06:45
Un malware nommé PamStealer parvient à valider des mots de passe de connexion avant de les voler. De plus, il s'attaque aux cookies du navigateur, à l'historique de navigation et aux portefeuilles...
Claude Fable 5 isn't permanently leaving subscriptions, Anthropic says
2026-07-03 01:37:09
Anthropic says Claude Fable 5 won't be accessible via Claude subscriptions after July 7, but it's not a permanent change, and the company expects the model to return outside the usage-based plan soon....
Claude Fable relaunch disappoints users with nerfed performance
2026-07-03 00:48:30
Claude Fable, the company's most powerful model, is now available to all users, but early impressions are disappointing, as it appears to be nowhere near the original release. [...]
Vulnérabilité dans FreeBSD (03 juillet 2026)
03/07/2026
Une vulnérabilité a été découverte dans FreeBSD. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.
Multiples vulnérabilités dans le noyau Linux d'Ubuntu (03 juillet 2026)
03/07/2026
De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation de...
Multiples vulnérabilités dans le noyau Linux de Red Hat (03 juillet 2026)
03/07/2026
De multiples vulnérabilités ont été découvertes dans le noyau Linux de Red Hat. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une...
Multiples vulnérabilités dans le noyau Linux de SUSE (03 juillet 2026)
03/07/2026
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité...
Multiples vulnérabilités dans les produits IBM (03 juillet 2026)
03/07/2026
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation...