Toute l'actualité de la Cybersécurité
Metasploit Wrap-Up 02/27/2026
2026-02-27 20:25:50
No Prob-ollamaThis release brings some serious firepower with multiple new exploit modules and critical vulnerability support! The standout additions are the Ollama path traversal RCE (CVE-2024-37032),...
Cities Hosting Major Events Need More Focus on Wireless, Drone Defense
2026-02-27 20:23:17
Major events like the FIFA World Cup need to look beyond traditional physical and cyber security to active and passive wireless threats, say experts.
Aeternum botnet hides commands in Polygon smart contracts
2026-02-27 20:19:35
Aeternum botnet uses Polygon blockchain smart contracts for C&C, making its infrastructure harder to detect and disrupt. Qrator Labs researchers uncovered Aeternum, a botnet that runs its command-and-control...
Microsoft testing Windows 11 batch file security improvements
2026-02-27 20:00:27
Microsoft is rolling out new Windows 11 Insider Preview builds that improve security and performance during batch file or CMD script execution. [...]
APT37 hackers use new malware to breach air-gapped networks
2026-02-27 19:21:25
North Korean hackers are deploying newly uncovered tools to move data between internet-connected and air-gapped systems, spread via removable drives, and conduct covert surveillance. [...]
Nom, adresse, téléphone… et les notes privées de votre médecin : 15 millions de Français concernés par ce vol de données !
2026-02-27 19:08:09
Une nouvelle fuite de données frappe le secteur de la santé en France. Des millions de patients seraient concernés par l'exposition d'informations issues d'un logiciel médical utilisés par...
ShinyHunters Leak 2M Records From Dutch Telecom Odido, Claim 21M Stolen
2026-02-27 19:01:32
ShinyHunters hackers leak 2 million records from Dutch telecom Odido after ransom refusal, claiming up to 21 million customer records were stolen in the breach.
Researchers Uncover Aeternum C2 Infrastructure with Advanced Persistence and Network Evasion Features
2026-02-27 18:48:42
For years, taking down a botnet meant finding its command-and-control (C2) server, seizing the domain, and watching the network go dark. Law enforcement used this method to dismantle major operations...
Europol-led crackdown on The Com hackers leads to 30 arrests
2026-02-27 18:20:15
A yearlong Europol-coordinated operation dubbed "Project Compass" has led to 30 arrests and 179 suspects being tied to "The Com," an online cybercrime collective that targets children and teenagers. [...]...
Vshell Gains Traction Among Threat Actors as an Alternative to Cobalt Strike
2026-02-27 18:13:17
A Go-based command-and-control (C2) framework originally marketed within Chinese-speaking offensive security communities has been quietly expanding its reach, drawing growing attention from threat actors...
New Dohdoor Malware Attacking Schools and Health Care Sectors in U.S. via Multi-Stage Attack Chain
2026-02-27 18:12:12
A newly discovered malware campaign has been quietly targeting educational institutions and healthcare organizations across the United States since at least December 2025. The threat, tracked under the...
DoJ Seizes Million in Tether Linked to Pig Butchering Crypto Scams
2026-02-27 18:11:00
The U.S. Department of Justice (DoJ) this week announced the seizure of million worth of Tether that were allegedly associated with bogus cryptocurrency schemes known as pig butchering.
The confiscated...
Le piratage du logiciel médical de Cegedim refait surface
2026-02-27 18:03:05
La découverte d’une base de données de données médicales françaises par les équipes de France Télévision (...)
900+ Sangoma FreePBX Instances Compromised in Ongoing Web Shell Attacks
2026-02-27 17:59:00
The Shadowserver Foundation has revealed that over 900 Sangoma FreePBX instances still remain infected with web shells as part of attacks that exploited a command injection vulnerability starting in December...
Cultivating a robust and efficient quantum-safe HTTPS
2026-02-27 17:01:00
Posted by Chrome Secure Web and Networking Team
Today we're announcing a new program in Chrome to make HTTPS certificates secure against quantum computers. The Internet Engineering Task Force (IETF)...
Décennie numérique : la France en avance sur les infrastructures, moins sur les usages
2026-02-27 17:00:43
La France n'apparaît pas en tête de wagon sur certains KPI du programme de l'UE pour la décennie numérique.
The post Décennie numérique : la France en avance sur les infrastructures, moins sur les...
HackerNoon Projects of the Week: Get-Star, FinSight and CodeXero
2026-02-27 17:00:02
HackerNoon's Projects of the Week are projects that demonstrate usefulness, technical execution, and real-world impact. This week, we share three projects that have proven their utility by solving concrete...
Fuite de données chez Réglo Mobile
2026-02-27 16:52:35
Fuite de données chez Réglo Mobile après une attaque visant un sous-traitant en février 2026....
ClawJacked Vulnerability in OpenClaw Could Let Websites Hijack AI Agents
2026-02-27 16:39:06
Is your AI assistant safe? Oasis Security researchers have found a critical ClawJacked vulnerability in OpenClaw that allows hackers to hijack AI agents through a simple browser tab.
Dossier cybersécurité : Anticiper les menaces en 2026
2026-02-27 16:31:58
Sommaire
1 - Une surface d'attaque qui augmente, accentuée par l'IA et une numérisation sans fin
Selon le 11e baromètre annuel du (...)
The Case for Why Better Breach Transparency Matters
2026-02-27 16:18:19
It's become a standard practice for organizations to disclose the bare minimum about a data breach, or worse — not disclose the incident at all.
The HackerNoon Newsletter: Lessons from Building a 100+ Agent Swarm in Web3 (2/27/2026)
2026-02-27 16:02:58
How are you, hacker?
🪐 What's happening in tech today, February 27, 2026?
The
HackerNoon Newsletter
brings the HackerNoon
...
Symfony 7.4: 10 Advanced Logging Patterns You Should Know About
2026-02-27 16:00:02
The “Black Box” Recorder: FingersCrossed Handler is a way to record logs when an error occurs. The “Payment” Log is a dedicated file for financial transactions that can be audited separately....
CISA warns that RESURGE malware can be dormant on Ivanti devices
2026-02-27 15:57:04
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released new details about RESURGE, a malicious implant used in zero-day attacks exploiting CVE-2025-0282 to breach Ivanti Connect...
OpenAI vs Anthropic : comment les géants de la tech financent les deux rivaux
2026-02-27 15:45:26
OpenAI boucle la plus grande levée de fonds de son histoire pour une valorisation de 730 milliards $. Amazon, SoftBank et Nvidia s'engagent massivement dans ce tour à 110 milliards $.
The post OpenAI...
Malicious Go Crypto Module Steals Passwords, Deploys Rekoobe Backdoor
2026-02-27 15:33:00
Cybersecurity researchers have disclosed details of a malicious Go module that's designed to harvest passwords, create persistent access via SSH, and deliver a Linux backdoor named Rekoobe.
The Go module,...
Cegedim Santé piraté, millions de patients exposés ?
2026-02-27 15:30:10
Fuite chez Cegedim Santé, millions de données patients exposées et zones d'ombre persistantes. ZATAZ vous raconte l'histoire folle d'une fuite de données qui date de plusieurs semaines....
The Goal is for Your Startup to Become a Verb
2026-02-27 15:17:55
Great startups don't try to dominate entire categories — they anchor themselves to a specific behavior in users' minds. When your brand becomes shorthand for an action, you've built more than...
Le pirate Batista raconte ses méthodes d'attaque
2026-02-27 15:15:39
Il fait trembler le web français depuis des mois. Le pirate Batista explique comment il aurait fait plier certaines des plus importantes sociétés françaises....
Third-Party Patching and the Business Footprint We All Share
2026-02-27 15:00:10
Everyday tools like PDF readers, email clients, and archive utilities quietly define the real attack surface. Action1 explains how third-party software drift increases exploit risk and why consistent...
USN-5376-5: Git regression
2026-02-27 14:42:38
USN-5376-4 fixed a regression in Git. The update introduced a regression
when specifying configuration includes due to additional restrictions. This
update fixes the problem.
We apologize for the inconvenience.
Original...
Claude Code Security Shows Promise, Not Perfection
2026-02-27 14:00:00
Claude Code's introduction rippled across the stock market, but researchers and analysts say its impact was overstated, as they peel back the layers.
WebcamGate 2009: A High School's Laptop Initiative Turned Into A National Spying Scandal
2026-02-27 13:53:39
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Feb. 27, 2026 – Watch the YouTube Short Cybercrime Magazine’s latest YouTube Short video, produced...
Critical Trend Micro Apex One Vulnerabilities Allows Malicious Code Execution
2026-02-27 13:36:32
Trend Micro has released fixes for multiple Apex One vulnerabilities, ranging from High to Critical severity, including management console issues that can lead to remote code execution (RCE)....
Malicious Go Crypto Module Steals Passwords and Deploy Rekoobe Backdoor in Developer Environments
2026-02-27 13:21:49
Malicious Go Crypto Module Steals Passwords and Deploys Rekoobe Backdoor in Developer Environments A newly discovered supply chain attack is putting Go developers at serious risk. A threat actor published...
How GenAI and Digital Twins Are Enabling Self Healing Supply Chain and Software Ecosystems
2026-02-27 13:21:37
Disruption is now the standard operating environment, requiring a shift from reactive crisis management to autonomous resilience. By leveraging digital twins as "living mirrors" of reality, businesses...
Ethical Challenges of Leveraging Generative AI in Financial Close and Narratives
2026-02-27 13:16:29
Generative AI promises to accelerate month-end closing and financial storytelling, yet it introduces a "black-box" risk where automated reports lack traceability. To avoid misreporting and ethical pitfalls,...
SUSE Linux RT Kernel Important Patch CVE-2025-38129 Fix 2026-0674-1
2026-02-27 13:11:14
An update that solves one vulnerability can now be installed.
SUSE Linux Micro 6.1 Expat Buffer Overflow NULL Deref Issue 2026-20481-1
2026-02-27 13:11:07
An update that solves two vulnerabilities can now be installed.
SUSE 2026 20482-1 Python-Pyasn1 Important Denial of Service Fix
2026-02-27 13:11:02
An update that solves one vulnerability can now be installed.
SUSE Linux Update 6.1 Notification for SUSE-SEC-2026-20502-1 Minor Impact
2026-02-27 13:11:00
An update that solves one vulnerability can now be installed.
Fedora OS Slim 40.4 secAlert Message FDO-OS-2023-29456-8
2026-02-27 13:10:56
An update that solves two vulnerabilities can now be installed.
Ubuntu 22.04 Python Requests Performance Issues Need Attention Soon
2026-02-27 13:10:51
An update that solves two vulnerabilities can now be installed.
From DevOps to Platform Engineering How Shift Left Practices Enable AI Ready Enterprise Platforms
2026-02-27 13:08:55
While DevOps brought freedom, it eventually overwhelmed developers with cloud complexity and "Shift Left" burdens. Platform Engineering fixes this by treating infrastructure as a product, providing "paved...
Engineering Accountable AI Systems: Why Governance Must Become a First-Class System Layer
2026-02-27 13:01:17
The AI Accountability Control Stack (AACS) is a production-grade architectural framework that operationalizes governance requirements directly within AI system infrastructure. It transforms governance...
Building Production-Grade RAG Systems for Document AI: What It Actually Takes
2026-02-27 12:53:20
Moving RAG from demo to production requires shifting focus from clever prompting to repeatable engineering. Success depends on high-fidelity ingestion (preserving layout and tables), hybrid retrieval...
Infostealers Fuel Large‑Scale Brute‑Forcing of Corporate SSO Gateways Using Stolen Credentials
2026-02-27 12:45:54
A wave of credential stuffing attacks has exposed a troubling shift in how threat actors are breaking into corporate networks — not by exploiting software vulnerabilities, but by simply logging in with...
ScarCruft Uses Zoho WorkDrive and USB Malware to Breach Air-Gapped Networks
2026-02-27 12:43:00
The North Korean threat actor known as ScarCruft has been attributed to a fresh set of tools, including a backdoor that uses Zoho WorkDrive for command-and-control (C2) communications to fetch more payloads...
AI-Native Automation in 5G-Advanced and 6G
2026-02-27 12:39:35
As video dominates 82% of internet traffic, traditional reactive monitoring is no longer enough. To meet ultra-low latency demands for 8K and XR, networks must transition to AI-native automation at the...
Public Google API keys can be used to expose Gemini AI data
2026-02-27 12:33:22
Researchers found that Google API keys long treated as harmless can now unlock access to Gemini.
iPhone and iPad are the first consumer devices cleared for NATO ‘RESTRICTED' classification
2026-02-27 12:30:55
Apple's iPhone and iPad are now NATO-approved for classified use, listed in the alliance's Information Assurance Product Catalogue. Apple announced that its iPhone and iPad have received NATO approval...
Ukrainian man pleads guilty to running AI-powered fake ID site
2026-02-27 12:30:07
A Ukrainian man has pleaded guilty to operating OnlyFake, an AI-powered website that generated and sold more than 10,000 photos of fake identification documents to customers worldwide. [...]
Avec l'IA, l'Hôpital Foch génère des comptes-rendus médicaux
2026-02-27 11:52:03
Chaque année, au sein de l'Hôpital Foch de Suresnes (Hauts-de-Seine), près de 300 médecins réalisent 260 000 consultations (...)
Outlook lancera automatiquement Copilot pour ouvrir les liens HTML
2026-02-27 11:40:56
Petit à petit Microsoft impose Copilot dans l’ensemble de ses produits. Un des moyens est de le rendre incontournable, quitte à forcer (...)
Juniper issues emergency patch for critical PTX router RCE
2026-02-27 11:40:46
Juniper released an emergency patch for Junos OS Evolved to fix CVE-2026-21902, a critical RCE flaw affecting PTX routers. Juniper Networks issued an out-of-band security update for Junos OS Evolved to...
Inside a fake Google security check that becomes a browser RAT
2026-02-27 11:29:11
Disguised as a security check, this fake Google alert uses browser permissions to harvest contacts, location data, and more.
Décennie numérique : ce que l'UE mesure quand elle parle de digitalisation des entreprises
2026-02-27 11:17:23
Un des KPI du programme d'action pour la décennie numérique mesure la digitalisation des PME. Il se fonde sur un index dont le périmètre n'est pas fixe.
The post Décennie numérique : ce que l’UE...
Hackers Use 1Campaign to Hide Malicious Ads From Google Reviewers
2026-02-27 11:16:11
Varonis Threat Labs reveals 1Campaign, a platform used to trick Google Ads and hide phishing pages. Learn how this cloaking tool targets real users while evading security.
FreeBSD Vulnerability Allow Attackers to Crash the Entire System
2026-02-27 10:30:26
Administrators must urgently patch a critical vulnerability that allows attackers to escape isolated jail environments. Tracked as CVE-2025-15576, the flaw enables a dangerous jailbreak condition despite...
Critical Zyxel Vulnerabilities Exposes Routers to Remote Command Injection
2026-02-27 10:17:41
Critical firmware updates have been released to address multiple serious vulnerabilities in networking devices, including 4G LTE/5G NR CPEs, DSL/Ethernet CPEs, Fiber ONTs, Security Routers, and Wireless...
Trojanized Gaming Tools Spread Java-Based RAT via Browser and Chat Platforms
2026-02-27 10:06:00
Threat actors are luring unsuspecting users into running trojanized gaming utilities that are distributed via browsers and chat platforms to distribute a remote access trojan (RAT).
"A malicious downloader...
Anonymous VPS Infrastructure as a Cybersecurity Control for Open-Source and Email Systems
2026-02-27 09:56:46
Cybersecurity strategies often focus on firewalls, endpoint protection, and vulnerability patching. While these controls are critical, hosting infrastructure visibility is frequently underestimated as...
Why Dedicated Linux Servers Are Best for Bandwidth-Heavy Applications
2026-02-27 09:33:37
Spend enough time around production systems, and you notice something. The workloads that cause friction are not always the ones pushing CPU utilization. They are the ones pushing data constantly.
Menaces mobiles : les recommandations du gouvernement français confirment l'importance d'une défense mobile active
2026-02-27 09:12:11
Le gouvernement français a publié un rapport intitulé « Mobile Phones Threat Landscape Since 2015 » (Les menaces pesant sur les téléphones mobiles depuis 2015), qui souligne l’urgence de...
Juniper Networks PTX Vulnerability Enables Full Router Takeover
2026-02-27 08:55:35
A major networking vendor has issued an out-of-cycle security bulletin to address a critical vulnerability in its Junos OS Evolved software, specifically affecting PTX Series platforms. This flaw, identified...
Heliaq s'empare de l'intégrateur Kaistos
2026-02-27 08:53:20
Le groupe Heliaq (anciennement Koesio Corporate IT) poursuit sa montée en puissance, sa dernière cible : le rachat de Kaistos, (...)
Microsoft Defender Expands URL Click Alerts to Include Microsoft Teams for Enhanced Security Visibility
2026-02-27 08:50:57
Microsoft is strengthening its cybersecurity ecosystem by extending Microsoft Defender for Office 365 (MDO) URL click alerts to Microsoft Teams. Previously focused on email threats, this update gives...
How AI Aids Incident Response: Why Humans Alone Cannot Do IR Efficiently
2026-02-27 08:50:53
AI accelerates incident response by correlating alerts and generating reports in minutes, helping teams scale beyond manual limits. Incident response has always been a race against the clock. It starts...
De l'intuition à l'analyse, une taxonomie des erreurs de raisonnement des LLM
2026-02-27 08:21:26
Une étude universitaire synthétise l'état de la recherche sur les erreurs de raisonnement des LLM et propose une taxonomie.
The post De l’intuition à l’analyse, une taxonomie des erreurs...
12 Million exposed .env files reveal widespread security failures
2026-02-27 08:02:51
Mysterium VPN found 12M IPs exposing .env files, leaking credentials and revealing widespread security misconfigurations worldwide. Configuration mistakes rarely trigger alarms. A forgotten deny rule,...
Meta Files Lawsuits Against Brazil, China, Vietnam Advertisers Over Celeb-Bait Scams
2026-02-27 07:56:00
Meta on Thursday said it's taking legal action to tackle scams on its platforms by filing lawsuits against what it calls deceptive advertisers based in Brazil, China, and Vietnam.
As part of the effort,...
ManoMano data breach impacted 38 Million customer accounts
2026-02-27 07:41:50
European DIY platform ManoMano suffered a data breach via a third-party provider, exposing personal data of 38 million customers. European DIY e-commerce platform ManoMano disclosed a major data breach...
Lessons from Building a 100+ Agent Swarm in Web3
2026-02-27 07:32:49
Vibe coding won't get you to production. I'm building 100+ AI agents for web3 — here's why precompiling context beats stuffing the context window, and why DRY becomes DRYP (Don't Repeat Your Prompt)....
GitScrum MCP Server: How AI Assistants Are Revolutionizing Project Management
2026-02-27 07:31:34
The Model Context Protocol (MCP) is an open standard that allows AI assistants to interact with external systems in a structured, secure way. GitScrum's implementation brings this to project management,...
Anatomy of a Cloud Native Attack: How We Pwned Kubernetes for 0k
2026-02-27 05:02:39
TL;DR: The Ultimate Cloud Hack ChainContinue reading on InfoSec Write-ups »
What Hackers Talk About at 2 AM: Using Dark Web Forums for Recon ️
2026-02-27 05:01:14
Free Link 🎈Continue reading on InfoSec Write-ups »
RoguePilot: How a Passive Prompt Injection Led to GitHub Repository Takeovers
2026-02-27 04:59:57
Artificial Intelligence coding assistants have transitioned from experimental novelties to mandatory infrastructure for modern development teams. Tools like GitHub Copilot, Cursor, and Tabnine have deeply...
THM — When Hearts Collide
2026-02-27 04:58:59
Will you find your MD5 match?Continue reading on InfoSec Write-ups »
️How Anonymous LDAP Enumeration Led to AS-REP Roasting and Domain Compromise
2026-02-27 04:49:27
As I continue preparing for the CRTP, I've begun incorporating external resources beyond the course material to strengthen my understanding of Active Directory (AD) enumeration. My goal is to become...
THM — Corp Website
2026-02-27 04:45:13
Corp WebsitePhoto by Stacy on UnsplashThis is a medium rated roomInitial HintsMy Dearest Hacker,Valentine's Day is fast approaching, and “Romance & Co” are gearing up for their busiest season.Behind...
Advent of Cyber Prep Track
2026-02-27 04:45:01
THM Cyber Advent 2025Continue reading on InfoSec Write-ups »
List of 12 new domains
2026-02-27 00:00:00
.fr agefiph-urssaf[.fr] (registrar: Hostinger operations UAB)
ameli-2026[.fr] (registrar: Hosting Concepts B.V. d/b/a Openprovider)
calvinklein-france[.fr] (registrar: Hosting Concepts B.V. d/b/a Openprovider)
eadvance-prime[.fr]...
Vulnérabilité dans Stormshield Network Security (27 février 2026)
27/02/2026
Une vulnérabilité a été découverte dans Stormshield Network Security. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
Multiples vulnérabilités dans les produits Elastic (27 février 2026)
27/02/2026
De multiples vulnérabilités ont été découvertes dans les produits Elastic. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni...
Multiples vulnérabilités dans les produits Centreon (27 février 2026)
27/02/2026
De multiples vulnérabilités ont été découvertes dans les produits Centreon. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte...
Multiples vulnérabilités dans Microsoft Edge (27 février 2026)
27/02/2026
De multiples vulnérabilités ont été découvertes dans Microsoft Edge. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Multiples vulnérabilités dans les produits Microsoft (27 février 2026)
27/02/2026
De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité...
Multiples vulnérabilités dans les produits IBM (27 février 2026)
27/02/2026
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service...
Multiples vulnérabilités dans le noyau Linux de SUSE (27 février 2026)
27/02/2026
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation de...
Multiples vulnérabilités dans le noyau Linux de Red Hat (27 février 2026)
27/02/2026
De multiples vulnérabilités ont été découvertes dans le noyau Linux de Red Hat. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la...
Multiples vulnérabilités dans le noyau Linux d'Ubuntu (27 février 2026)
27/02/2026
De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une...