Toute l'actualité de la Cybersécurité
Biais, hallucinations… Les LLM les plus « robustes » en français
2026-04-16 17:52:05
La mise à l'épreuve d'une cinquantaine de LLM révèle des niveaux de « robustesse » variables entre les prompts en anglais et en français.
The post Biais, hallucinations… Les LLM les plus...
SpankRAT Exploits Windows Explorer Processes for Stealth and Delayed Detection
2026-04-16 17:31:29
A newly identified two-component Remote Access Trojan (RAT) toolkit built in Rust, dubbed SpankRAT, is being used by threat actors to abuse legitimate Windows processes, bypass reputation-based security...
Mythos and the AI Vulnerability Storm: Exploring the Control Point
2026-04-16 17:15:03
The Inflection Point Is Here
With Mythos, Anthropic showed that AI can find vulnerabilities in minutes that once took skilled technologists months to find. This shift is a coming storm for developers....
Hackers exploit Marimo flaw to deploy NKAbuse malware from Hugging Face
2026-04-16 16:58:06
Hackers are exploiting a critical vulnerability in Marimo reactive Python notebook to deploy a new variant of NKAbuse malware hosted on Hugging Face Spaces. [...]
What to do When Your AI Guardrails Fail
2026-04-16 16:21:11
I want to talk about a bug. Not because the bug itself was exceptional, but because what it exposed should change how every organisation architects AI governance. For several weeks earlier this year,...
Women-in-cyber training model SHE@CYBER spreads beyond EU funding as new countries adopt it independently
2026-04-16 16:16:34
A cybersecurity training programme designed to widen access to the profession for women and non-technical entrants is expanding without EU funding, after being voluntarily adopted by organisations in...
Building your cryptographic inventory: A customer strategy for cryptographic posture management
2026-04-16 16:00:00
Learn how to build a comprehensive cryptographic inventory and strengthen quantum‑safe readiness using Microsoft Security tools, best‑practice lifecycle models, and partner solutions.
The post Building...
USN-8178-1: oFono vulnerabilities
2026-04-16 15:55:09
It was discovered that oFono incorrectly handled crafted responses
from AT commands. An attacker could possibly use this issue to crash
the program, resulting in a denial of service or arbitrary code
execution....
Q&A: Your Face Is Now Part of the Threat Landscape, Warns Sarah Armstrong-Smith
2026-04-16 15:54:19
Sarah Armstrong-Smith brings rare front-line authority to the cyber resilience conversation, with a career shaped by some of the most defining digital threats of the modern era. From the Millennium Bug...
UK Government Sound Alarm Over AI Security Risk
2026-04-16 15:37:45
This week, UK government leaders and cyber officials are sounding an increasingly urgent alarm over the security risks posed by artificial intelligence, warning that the technology is both amplifying...
Two-Factor Authentication Breaks Free from the Desktop
2026-04-16 15:28:15
Threat actors know how to bypass security systems outside of traditional IT environments. Implementing 2FA could provide a needed extra security barrier in the physical world.
Google expands Gemini AI use to fight malicious ads on its platform
2026-04-16 15:24:14
Google says it is increasingly using its Gemini AI models to detect and block harmful ads on its advertising platforms, as scammers and threat actors continue to evolve their tactics to evade detection....
Microsoft's Original Windows Secure Boot Certificate Is Expiring
2026-04-16 15:16:30
The Secure Boot refresh is one of the largest coordinated security maintenance efforts across the Windows ecosystem, Microsoft said. Update those PCs soon.
Why More Restaurants Are Quietly Moving Toward AI Kiosks
2026-04-16 15:08:18
Rising labor costs and operational inefficiencies are pushing restaurants to rethink how orders are taken, revealing that the real bottleneck often lies in the front of house rather than the kitchen....
Arm, 5G et IA locale : HP repense la mobilité professionnelle
2026-04-16 15:05:29
Imagine, l’événement annuel de HP pour mettre en avant ses derniers développements produits et services, a rassemblé (...)
Dissecting Sapphire Sleet's macOS intrusion from lure to compromise
2026-04-16 15:00:00
The Microsoft Defender Security Research Team uncovered a sophisticated macOS intrusion campaign attributed to the North Korean threat actor Sapphire Sleet that abuses user driven execution and social...
OpenAI Launches GPT-5.4-Cyber to Boost Defensive Cybersecurity
2026-04-16 14:59:48
OpenAI unveils GPT-5.4-Cyber, a cybersecurity-focused model built to help defenders analyze malware and fix software bugs. The company is also expanding its Trusted Access for Cyber (TAC) program to thousands...
USN-8180-1: Linux kernel vulnerabilities
2026-04-16 14:56:50
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
...
Claude Mythos inquiète les banques européennes
2026-04-16 14:44:56
Claude Mythos, capable d'identifier et d'exploiter des failles de cybersécurité à une échelle inédite, mobilise la Banque centrale européenne et certains régulateurs du vieux continent.
The post...
CredShields Joins Canton Network as Official Audit Partner
2026-04-16 14:21:59
Singapore, Singapore, April 15th, 2026/Chainwire/--CredShields, a full-stack security firm specialising in blockchain and traditional security, with expertise in smart contract audits, AI-powered risk...
USN-8179-1: Linux kernel vulnerabilities
2026-04-16 14:13:07
Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo
Rizzo discovered that some AMD Zen processors did not properly verify the
signature of CPU microcode. This flaw is known as EntrySign....
New ATHR vishing platform uses AI voice agents for automated attacks
2026-04-16 14:09:11
A new cybercrime platform called ATHR can harvest credentials via fully automated voice phishing attacks that use both human operators and AI agents for the social engineering phase. [...]
Stellantis et Microsoft signent un accord de cinq ans autour de l'IA et du cloud
2026-04-16 14:03:55
Stellantis signe un contrat de cinq ans avec Microsoft sur le déploiement de l'intelligence artificielle, la cybersécurité et la migration cloud à l'échelle de l'ensemble du groupe.
The post Stellantis...
Most "AI SOCs" Are Just Faster Triage. That's Not Enough.
2026-04-16 14:02:12
AI-powered SOC tools promise automation, but most only speed up triage instead of reducing real workload. Tines shows how real gains come from end-to-end workflows that execute actions across systems,...
AI platform n8n abused for stealthy phishing and malware delivery
2026-04-16 13:57:04
Attackers abuse AI automation platform n8n to run phishing campaigns, deliver malware, and evade security by using trusted infrastructure. Threat actors are exploiting the popular AI workflow automation...
USN-8177-1: Linux kernel vulnerabilities
2026-04-16 13:51:12
Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo
Rizzo discovered that some AMD Zen processors did not properly verify the
signature of CPU microcode. This flaw is known as EntrySign....
The Best Startups Sell Outcomes
2026-04-16 13:32:46
Users don't care about your product. They care about what it helps them do.
The best startups anchor themselves to existing user behavior.
Strong storytelling focuses on outcomes, not features.
Proof...
ThreatsDay Bulletin: Defender 0-Day, SonicWall Brute-Force, 17-Year-Old Excel RCE and 15 More Stories
2026-04-16 13:05:00
You know that feeling when you open your feed on a Thursday morning and it's just... a lot? Yeah. This week delivered. We've got hackers getting creative in ways that are almost impressive...
ClickFix Phishing Campaign Masquerading as a Claude Installer
2026-04-16 13:00:00
OverviewIt is no secret that phishing campaigns utilizing various ClickFix techniques have been a commonly used method of social engineering. One of the main reasons for this is simply because they work....
Microsoft 365 Web Services Hit by Google Chrome 147 Compatibility Issue
2026-04-16 12:54:28
Microsoft is actively investigating a widespread authentication issue affecting users attempting to access Microsoft 365 web-based services through Google Chrome version 147. The problem, first reported...
Browser Guard gets even better with Access Control
2026-04-16 12:40:00
Take control of pesky permission pop-ups and decide exactly which websites can access your camera, microphone, location, and send you notifications.
“iCloud storage is full” scam is back, and now it wants your payment details
2026-04-16 12:33:11
Apple users: Watch out for “upgrade now or lose your photos” scams that rush you into handing over your payment details.
Rocky Linux: RLSA-2026:8259 vim security update Security Advisories Updates
2026-04-16 12:01:52
Important: vim security update
Cisco says critical Webex Services flaw requires customer action
2026-04-16 12:01:42
Cisco has released security updates to patch four critical vulnerabilities, including a fixed improper certificate validation flaw in the company's cloud-based Webex Services platform that requires further...
Rocky Linux: RLSA-2026:8093 pcs security update Security Advisories Updates
2026-04-16 12:00:37
Moderate: pcs security update
Rocky Linux: RLSA-2026:8052 firefox security update Security Advisories Updates
2026-04-16 12:00:34
Important: firefox security update
Rocky Linux: RLSA-2026:7667 nghttp2 security update Security Advisories Updates
2026-04-16 12:00:20
Important: nghttp2 security update
When AI Writes Code, Who Governs the Dependencies?
2026-04-16 12:00:04
The Department of War'sCall for Solutions on AI-enabled coding capabilities (CDAO_26-01) arrives at exactly the right moment. Today's AI coding assistants have moved beyond experiments in productivity...
Ubuntu 25.10 .NET Important Denial of Service USN-8176-1
2026-04-16 11:59:03
Several security issues were fixed in .NET.
[Webinar] Find and Eliminate Orphaned Non-Human Identities in Your Environment
2026-04-16 11:55:00
In 2024, compromised service accounts and forgotten API keys were behind 68% of cloud breaches. Not phishing. Not weak passwords. Unmanaged non-human identities that nobody was watching.
For...
Two U.S. Nationals Sentenced for Running Laptop Farm for DPRK Remote Workers
2026-04-16 11:49:24
Two American nationals have been sentenced to federal prison for operating a sophisticated “laptop farm” scheme. The operation successfully infiltrated over 100 U.S. companies, generating...
New UAC-0247 Campaign Steals Browser and WhatsApp Data From Hospitals and Governments
2026-04-16 11:32:40
A threat cluster tracked as UAC-0247 has been running an active campaign since early 2026, targeting local governments and municipal healthcare institutions across Ukraine, including clinical hospitals...
Critical Cisco ISE Vulnerabilities Let Remote Attackers Execute Malicious Code
2026-04-16 11:32:26
Cisco has issued an urgent security advisory warning of multiple vulnerabilities in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC). According to the official Cisco security...
Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution
2026-04-16 11:27:00
Cisco has announced patches to address four critical security flaws impacting Identity Services and Webex Services that could result in arbitrary code execution and allow an attacker to impersonate any...
Cybersecurity Risks of Hiring a Virtual Assistant and How to Protect Your Business
2026-04-16 11:23:46
Virtual assistants boost productivity but add cybersecurity risks. Poor access control, weak devices, and credential sharing can expose sensitive business data.
McGraw Hill Confirms Data Breach Exposing 13.5 Million Users' Personal Data
2026-04-16 11:21:55
Education publishing giant McGraw-Hill has confirmed a data breach following an extortion attempt, with more than 100GB of stolen data now publicly distributed online, exposing the personal information...
Fake Proton VPN Sites and Gaming Mods Spread NWHStealer in New Windows Malware Campaign
2026-04-16 10:50:45
A newly identified information-stealing malware called NWHStealer is quietly making its way onto Windows systems through a well-disguised campaign that uses fake VPN websites, gaming mods, and hardware...
Researchers Say Fiverr Left User Files Open to Google Search
2026-04-16 10:42:26
Private Fiverr user documents, including tax records and IDs, were reportedly found in Google search results due to a storage configuration issue. Read more about the findings and the company's response...
Data breach at edtech giant McGraw Hill affects 13.5 million accounts
2026-04-16 10:35:09
The ShinyHunters extortion group has leaked data from 13.5 million McGraw Hill user accounts, stolen after breaching the company's Salesforce environment earlier this month. [...]
Hidden Passenger? How Taboola Routes Logged-In Banking Sessions to Temu
2026-04-16 10:30:00
A bank approved a Taboola pixel. That pixel quietly redirected logged-in users to a Temu tracking endpoint. This occurred without the bank's knowledge, without user consent, and without...
Obsidian Plugin Abuse Delivers PHANTOMPULSE RAT in Targeted Finance, Crypto Attacks
2026-04-16 10:20:00
A "novel" social engineering campaign has been observed abusing Obsidian, a cross-platform note-taking application, as an initial access vector to distribute a previously undocumented Windows remote access...
Plusieurs failles exploitables dans IBM WebSphere Liberty
2026-04-16 10:16:49
Pas moins de 7 failles ont été découvertes dans les serveurs d’applications Java de WebSphere Liberty par des chercheurs de (...)
Hackers Abuse n8n AI Workflow Automation to Deliver Malware Through Trusted Webhooks
2026-04-16 10:07:54
Cybercriminals have found a new way to sneak malware past traditional security filters by hijacking a legitimate AI workflow automation tool called n8n. Rather than building their own infrastructure from...
Stables CEO: Asia Drives 60% of Global Stablecoin Flows and Has Zero Licensed Orchestration Platform
2026-04-16 09:46:34
Stablecoins have moved from crypto native curiosity to serious financial infrastructure and nowhere is that shift more consequential than Asia, where dollar-denominated settlement sits at the intersection...
Cisco Webex Services Vulnerability Let Remote Attacker Impersonate Any User
2026-04-16 09:37:35
Cisco has issued a critical security advisory warning of a severe vulnerability in its cloud-based Webex Services. Tracked as CVE-2026-20184, this flaw carries a maximum Common Vulnerability Scoring System...
From clinics to government: UAC-0247 expands cyber campaign across Ukraine
2026-04-16 09:36:30
CERT-UA reports UAC-0247 targeting Ukrainian clinics and government bodies with malware stealing data from Chromium browsers and WhatsApp. CERT-UA has revealed a cyber campaign by the threat actor UAC-0247...
Nginx-ui Vulnerability Actively Exploited in Attack – Enables Full Server Takeover
2026-04-16 09:27:20
A critical authentication bypass vulnerability in Nginx UI, tracked as CVE-2026-33032 with a maximum CVSS score of 9.8, is currently being actively exploited in the wild. This flaw allows unauthenticated...
A fake Slack download is giving attackers a hidden desktop on your machine
2026-04-16 09:26:45
This trojanized Slack installer looks normal, but quietly gives attackers an invisible desktop to access your accounts and data. We take a deep dive into the attack.
A CDO's Adventure in Generative AI
2026-04-16 09:01:01
A Chief Data Officer learns that general-purpose AI like ChatGPT and Gemini can create impressive outputs but fail in production due to non-determinism and missing infrastructure context. The solution:...
The Real Lesson from OpenAI's Top Customers: Tokens Aren't Spend. They're Leverage
2026-04-16 09:00:54
OpenAI's top token-consuming organizations reveal a shift: AI is now embedded in core workflows, letting startups rival enterprises in cognitive capacity. Tokens per employee, not total volume, show...
Evernex se lance dans la vente en ligne de matériels reconditionnés
2026-04-16 08:51:54
Après Econocom Factory, qui a créé son site marchand de matériels reconditionnés pour les professionnels en (...)
Gaia-X accélère sur les espaces de données sectoriels
2026-04-16 08:50:43
8 ans après la première édition de sa plénière, le hub France de Gaia-X, initiative européenne visant à (...)
SUSE OpenSSL 3 Receives Important Security Update 2026-1375-1 Now
2026-04-16 08:33:00
An update that solves six vulnerabilities and contains one feature can now be installed.
US nationals behind DPRK IT worker 'laptop farm' sent to prison
2026-04-16 08:32:13
Two U.S. nationals have been sent to prison for helping North Korean remote information technology (IT) workers to pose as U.S. residents and get hired by over 100 companies across the country, including...
March 2026 Cyber Attacks Statistics
2026-04-16 08:14:36
After the cyber attacks timelines, it's time to publish the statistics for March 2026 where I collected and analyzed 282 events: a sharp increase compared to the 176 events of the previous month. In...
Booking.com breach gives scammers what they need to target guests
2026-04-16 08:02:06
Guest reservation data stolen from the booking giant can be used by scammers to impersonate hotels to steal payment and personal info.
Blockchain Systemic Risk: When Autonomous Agents Outrun the System
2026-04-16 07:49:18
An IMF note led by Tobias Adrian warns that tokenization accelerates financial crises due to instant settlement. But the deeper issue is structural: autonomous agents operating without a defined “nominal”...
I Stopped Sending My Team AI Tutorials. Here's What Actually Worked
2026-04-16 07:44:17
A founder struggled to get his team to adopt AI through tutorials—until he switched to live demos using real tasks and integrated tools. By combining speech-to-text, MCP-powered data connections, and...
Microsoft: April Windows Server 2025 update may fail to install
2026-04-16 07:37:44
Microsoft is investigating an issue causing this month's KB5082063 security update to fail to install on some Windows Server 2025 systems. [...]
Sweden reports cyberattack attempt on heating plant amid rising energy threats
2026-04-16 07:26:48
Sweden says a pro-Russian group attacked a heating plant in 2025. The failed cyberattack highlights growing threats to Europe's energy infrastructure. Sweden has blamed a pro-Russian group linked to...
JIFU: Building a Global Business Around Travel, Wellness, and Community
2026-04-16 07:00:57
JIFU is redefining modern business by combining travel, wellness, financial education, and community into a single global platform. Instead of relying on one product, it creates ongoing engagement through...
UAC-0247 Targets Ukrainian Clinics and Government in Data-Theft Malware Campaign
2026-04-16 06:20:00
The Computer Emergencies Response Team of Ukraine (CERT-UA) has disclosed details of a new campaign that has targeted governments and municipal healthcare institutions, mainly clinics and...
The TechBeat: Why "Build an AI Agent" Is the Wrong Starting Point for AI Systems (4/16/2026)
2026-04-16 06:10:54
How are you, hacker?
🪐Want to know what's trending right now?:
The Techbeat by HackerNoon has got you covered with fresh content from our trending stories of the day! Set email preference here.
...
6-Year Ransomware Campaign Targets Turkish Homes & SMBs
2026-04-16 06:00:00
While enterprises breaches make more headlines, smaller incidents tend to be under-reported, if at all, allowing campaigns to last longer with less disruption.
Most Coding Interview Advice Gets This Wrong
2026-04-16 05:36:10
Learn how to succeed in coding interviews by clarifying the problem, thinking out loud, coding cleanly, and handling getting stuck.
AI Coding Tools Raise the Ceiling for Developers, Not Replace Them
2026-04-16 05:35:37
TL;DR: The Core Arguments
* The Hallucination Tax: AI is architecturally optimized for confidence, not correctness. Your deep technical literacy enables you to audit the logic that ultimately runs your...
Engineering Nexus: How I Built Secure E2EE Network Sync Into a Linux Clipboard Manager
2026-04-16 05:02:17
Zero servers. Zero cloud. Zero plaintext on the wire — just PyQt6, cryptography, and a local network.Building a clipboard manager is a weekend project. Building one that syncs securely across devices...
“Bug Bounty Bootcamp #34: IDOR Beyond GET — Modifying, Deleting, and Method Switching for Maximum…
2026-04-16 05:01:38
You found an IDOR that leaks data. Good. But can you change someone else’s email, delete their account, or escalate privileges? When you…Continue reading on InfoSec Write-ups »
Linux Fundamentals Part 2: TryHackMe Walkthrough
2026-04-16 05:01:19
A beginner-friendly walkthrough of TryHackMe Linux Fundamentals Part 2, covering essential Linux concepts & commands with clear…Continue reading on InfoSec Write-ups »
Android APK Vulnerability Research Complete Guide
2026-04-16 05:00:45
Practical, end-to-end APK analysis for red teamers, bug hunters, and defenders.Continue reading on InfoSec Write-ups »
McGraw Hill - 13,500,136 breached accounts
2026-04-16 01:31:14
In April 2026, education company McGraw Hill confirmed a data breach following an extortion attempt. Attributed to a Salesforce misconfiguration, the company stated the incident exposed "a limited set...
List of 38 new domains
2026-04-16 00:00:00
.fr cashobetcasino[.fr] (registrar: TLD Registrar Solutions Ltd)
cashocasino[.fr] (registrar: TLD Registrar Solutions Ltd)
casinozers[.fr] (registrar: Hostinger operations UAB)
coca-cola-company[.fr]...
Multiples vulnérabilités dans Mattermost Server (16 avril 2026)
16/04/2026
De multiples vulnérabilités ont été découvertes dans Mattermost Server. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à l'intégrité des données, une injection de...
Multiples vulnérabilités dans Drupal (16 avril 2026)
16/04/2026
De multiples vulnérabilités ont été découvertes dans Drupal. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une injection SQL (SQLi) et une injection...
Multiples vulnérabilités dans Google Chrome (16 avril 2026)
16/04/2026
De multiples vulnérabilités ont été découvertes dans Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Vulnérabilité dans Apache Kafka (16 avril 2026)
16/04/2026
Une vulnérabilité a été découverte dans Apache Kafka. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Multiples vulnérabilités dans les produits Splunk (16 avril 2026)
16/04/2026
De multiples vulnérabilités ont été découvertes dans les produits Splunk. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte...
Multiples vulnérabilités dans les produits Cisco (16 avril 2026)
16/04/2026
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un contournement de la politique...