Toute l'actualité de la Cybersécurité
Prompt Injection grew up. Now it moves laterally
2026-03-13 17:52:57
the attack that needs no exploit, no credentials, and no network access — just a comment fieldWhat a time to work in security. Let me tell you about it.A security researcher wrote a GitHub issue....
AMSI Demystified: Comprehensive Bypass Techniques for Cybersecurity Experts
2026-03-13 17:52:51
IntroductionThe Antimalware Scan Interface (AMSI) is a robust security feature in Windows that enhances endpoint protection by scanning scripts and code for malicious behavior. Integrated with tools like...
CTI Research: Sandworm / APT44
2026-03-13 17:52:46
Evidence-Labeled Threat Intelligence Assessment and SOC Defensive Guidance (2009 — March 2026)Table of ContentsReport MetadataMethodology & Evidence LabelsConfidence & What Changes ConfidenceExecutive...
Deep Dive & POC of CVE-2024-50379 Exploit Tomcat Vulnerability (9.8 Severity)
2026-03-13 17:52:41
IntroductionIn the ever-evolving landscape of cybersecurity, staying ahead of vulnerabilities is crucial for protecting sensitive systems. Recently, a critical security flaw — CVE-2024–50379 — was...
Learning Hacking and Cyber Security Now Compared to 10 years ago
2026-03-13 17:52:21
In Cyber security growth and the learning curve is very steep, it’s not easy and everyone knows that, first of all Cyber Security is a…Continue reading on InfoSec Write-ups »
A Path Hidden in Plain Sight: Owning Active Directory
2026-03-13 17:52:00
https://www.freepik.com/free-photo/abstract-modern-blue-flowing-lines_15873136.htm#fromView=search&page=1&position=0&uuid=91957b01-e16d-4239-9257-46c0fa7ea05f&query=windows+10Another day,...
Unpacker: A Practical Guide to Modular Malware Packer Detection and Unpacking
2026-03-13 17:51:52
Extract and validate unpacked PE/ELF samples with real examples — and prove it using String Analyzer and File Metadata tools.GitHub - anpa1200/UnpackerTable of ContentsIntroductionGit repositoryWhat...
CTI Research: Handala Hack Group (aka Handala Hack Team)
2026-03-13 17:51:00
Evidence-Labeled Threat Intelligence Assessment and SOC Defensive Guidance (December 2023 to March 2026)Table of ContentsReport MetadataMethodology & Evidence LabelsConfidence & What Changes...
How I Got 3 Bugs No Automation, Just Logic
2026-03-13 17:50:40
No Tools, Just Thinking: 3 Bugs I Found Manually Chaining Logic Flaws: Method Tampering, URL Bypass & Hidden Data LeaksHello HackersI'm Mohamed, also known as Mado , a dedicated Web Application...
Basic Static Malware Analysis: From Triage to Unpacking — Explained and Automated
2026-03-13 17:50:32
What static malware analysis is, why each step matters, and how to run the full workflow in one command with the orchestrator and open-source tools.If you like this research, buy me a coffee (PayPal) — Keep...
‘CrackArmor' Vulnerability in AppArmor Impacts 12.6M Linux Systems
2026-03-13 17:47:51
Qualys uncovers 'CrackArmor' vulnerabilities in AppArmor that could expose 12.6M Linux systems to root access and container escapes.
Chinese Hackers Target Southeast Asian Militaries with AppleChris and MemFun Malware
2026-03-13 17:33:00
A suspected China-based cyber espionage operation has targeted Southeast Asian military organizations as part of a state-sponsored campaign that dates back to at least 2020.
Palo Alto Networks Unit 42...
Oracle s'engage pour MySQL mais dit non à une fondation
2026-03-13 17:23:26
Accusé de délaisser l'édition communautaire de MySQL, Oracle prend des engagements, mais exclut de participer à tout projet de fondation.
The post Oracle s’engage pour MySQL mais dit non à...
Poland's nuclear research centre targeted by cyberattack
2026-03-13 17:11:37
Poland's National Centre for Nuclear Research (NCBJ) says hackers targeted its IT infrastructure, but the attack was detected and blocked before causing any impact. [...]
Meta to Shut Down Instagram End-to-End Encrypted Chat Support Starting May 2026
2026-03-13 17:09:00
Meta has announced plans to discontinue support for end-to-end encryption (E2EE) for chats on Instagram after May 8, 2026.
"If you have chats that are impacted by this change, you will see instructions...
Cybermenaces pilotées par l'IA : quelle stratégie de défense ?
2026-03-13 16:59:21
En un an, l'intelligence artificielle est passée de la dixième à la deuxième place mondiale des risques pour les entreprises. (...)
Microsoft investigates classic Outlook sync and connection issues
2026-03-13 16:53:02
Microsoft is investigating several issues causing email synchronization and connection problems when using the classic Outlook desktop client. [...]
AWS unifie les indicateurs de sécurité tiers dans Security Hub
2026-03-13 16:31:03
Amazon Web Services continue de renforcer Security Hub. Cette console de gestion des risques cybersécurité se transforme ainsi en une plateforme (...)
Adobe : le départ du PDG Shantanu Narayen aggrave les doutes sur sa stratégie IA
2026-03-13 16:29:39
Après 18 ans à la tête d'Adobe, Shantanu Narayen quittera ses fonctions de directeur général dès qu'un successeur sera nommé. Une annonce qui a ravivé les inquiétudes des investisseurs sur la...
Passkeys in Symfony 7.4: How to Build a Completely Passwordless Future
2026-03-13 16:00:05
Passkeys replace traditional passwords with cryptographic key pairs. Your device stores a private key, while the server only ever sees the public key. No fallback, no “reset password” links. Just...
Will AI Save Consumers From Smartphone-Based Phishing Attacks?
2026-03-13 15:57:47
Sophisticated phishing attacks are bypassing on-device protections with troubling frequency, making it more critical than ever for users to protect themselves from potential threats, new research from...
Watch out for fake Malwarebytes renewal notices in your calendar
2026-03-13 15:48:16
Scammers are sending fake calendar “renewal” notices impersonating Malwarebytes to trick victims into calling a fake billing number.
7 Iconic 20th-Century Ad Campaigns and What Today's Marketers Can Learn From Them
2026-03-13 15:39:10
Some ads sell products; a rare few reshape culture. This article revisits seven iconic campaigns—Volkswagen's “Think Small,” Nike's “Just Do It,” Apple's “1984,” and more—to show...
INTERPOL Dismantles 45,000 Malicious IPs, Arrests 94 in Global Cybercrime
2026-03-13 15:20:00
INTERPOL on Friday announced the takedown of 45,000 malicious IP addresses and servers used in connection with phishing, malware, and ransomware campaigns, as part of the agency's ongoing efforts to dismantle...
Starbucks Discloses Data Breach Affecting Hundreds of Employees
2026-03-13 15:20:00
Starbucks has disclosed a data breach that exposed the personal information of hundreds of employees after attackers gained unauthorized access to internal employee accounts. In a filing with the Maine...
US and European authorities disrupt socksEscort proxy service tied to AVrecon botnet
2026-03-13 15:07:50
Authorities in the US and Europe disrupted the SocksEscort proxy service, which used the AVrecon botnet and infected about 360,000 devices since 2020. Law enforcement agencies in the US and Europe have...
How to Build a Governance Layer for Claude Code With Hooks, Skills, and Agents
2026-03-13 15:00:58
AI coding assistants don't ignore instructions because they lack memory—they ignore them because compliance is optional. By adding lifecycle hooks, enforced Skill evaluation, structured commands,...
Loblaw Data Breach – Hackers Accessed IT Network and Customer Information
2026-03-13 14:55:56
Canada's largest food and pharmacy retailer has announced an ongoing investigation into a recent corporate data breach.On March 10, 2026, the company notified its customers that unauthorized threat...
Authorities Dismantle Malicious Proxy Service Used to Deploy Malware Attacking Thousands of Users
2026-03-13 14:44:44
An international law enforcement operation led by the U.S. Justice Department has successfully dismantled SocksEscort, a massive residential proxy network. The malicious service compromised thousands...
From VMware to what's next: Protecting data during hypervisor migration
2026-03-13 14:15:25
Hypervisor migrations can introduce hidden risks that threaten data availability and recovery. Acronis explains why verified backups and cross-platform recovery are essential during VMware transitions....
Forum InCyber 2026 : conférences, experts et enjeux cyber
2026-03-13 14:13:26
Forum InCyber 2026 : une conférence analyse le social engineering, technique où les pirates ciblent directement le facteur humain.
Locksport : le festival français qui relie serrures et cybersécurité
2026-03-13 13:49:28
À Paris, le festival des Crocheteurs de France explore le lien méconnu entre locksport, sécurité physique et cybersécurité.
Iran-Linked Hacktivists Claim Destructive Cyberattack on Medtech Firm Stryker
2026-03-13 13:39:36
A hacktivist group with alleged links to Iran's intelligence agencies has claimed responsibility for a destructive cyberattack against Stryker, the Michigan-based global medical technology company,...
Storm-2561 Spreads Trojan VPN Clients via SEO Poisoning to Steal Credentials
2026-03-13 13:38:00
Microsoft has disclosed details of a credential theft campaign that employs fake virtual private network (VPN) clients distributed through search engine optimization (SEO) poisoning techniques.
"The campaign...
Comprendre Windows Hello for Business et l'authentification multifacteur dans les environnements Active Directory
2026-03-13 13:29:20
La communauté de la cybersécurité s'accorde sur un point : les mots de passe restent l'un des maillons faibles des environnements informatiques modernes.
Police sinkholes 45,000 IP addresses in cybercrime crackdown
2026-03-13 13:28:33
An international law enforcement action codenamed "Operation Synergia III" has sinkholed tens of thousands of IP addresses and seized servers linked to cybercrime operations worldwide. [...]
Investigating a New Click-Fix Variant
2026-03-13 13:28:00
Disclaimer: This report has been prepared by the Threat Research Center to enhance cybersecurity awareness and support the strengthening of defense capabilities. It is based on independent research and...
Fake enterprise VPN sites used to steal company credentials
2026-03-13 13:23:28
A threat actor tracked as Storm-2561 is distributing fake enterprise VPN clients from Ivanti, Cisco, and Fortinet to steal VPN credentials from unsuspecting users. [...]
Agents IA et cybersécurité : le scénario OpenClaw
2026-03-13 13:22:41
OpenClaw décrit comment une skill d'agent IA pourrait infiltrer un SI, exfiltrer des données et déployer un ransomware ciblant les modèles d'IA.
Most Google Cloud Attacks Start With Bug Exploitation
2026-03-13 13:20:58
Forget stolen credentials and misconfigurations; AI means vulnerability exploits that beat patching cycles are the top cause of compromises in the cloud.
How AI And LLMs Are Redefining Cloud Security and Cyber Defense
2026-03-13 13:09:07
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Mar. 13, 2026 – Read the full story in Forbes Cloud security has become the backbone of enterprise resilience,...
Real-Time Banking Trojan Strikes Brazil's Pix Users
2026-03-13 13:00:00
The latest banking Trojan campaign to hit Brazil combines classic malware with a real-time human operator, waiting for the perfect moment to strike.
Google patches two Chrome zero-days under active attack. Update now
2026-03-13 12:58:37
Google has released an out-of-band Chrome update to patch two zero-day vulnerabilities that are already being actively exploited.
SQL Injection Vulnerability in Ally WordPress Plugin Exposes 200K+ Sites
2026-03-13 12:51:33
SQL injection flaw in Ally WordPress plugin exposes 200,000+ sites to data theft. Patch released, but most installations remain unpatched and vulnerable.
Apple Released Emergency Updates for iOS 15.8.7 to Thwart ‘Coruna' Exploit Kit
2026-03-13 11:59:15
Apple has rolled out an emergency security update, iOS 15.8.7 and iPadOS 15.8.7, to protect older devices from a severe threat known as the ‘Coruna’ exploit kit. Released on March 11, 2026,...
F5 Networks greffe l'observabilité agentique à ADSP
2026-03-13 11:52:11
A l'occasion de la conférence AppWorld à Las Vegas (du 10 au 12 mars ), F5 Networks a annoncé plusieurs améliorations (...)
AI-HealthTech Innovator Humata Health Partners with AccuKnox for Zero Trust CNAPP
2026-03-13 09:41:11
Menlo Park, California, USA, 13th March 2026, CyberNewswire
AI-assisted Slopoly malware powers Hive0163's ransomware campaigns
2026-03-13 11:36:29
The Hive0163 group used AI-assisted malware called Slopoly to maintain persistent access in ransomware attacks. IBM X-Force researchers report that the financially motivated group Hive0163 is using AI-assisted...
A Practical Guide to Table Partitioning in PostgreSQL
2026-03-13 11:31:26
As PostgreSQL tables grow into hundreds of millions of rows, query performance can suffer even with strong indexing. Table partitioning solves this by splitting a logical table into smaller physical partitions...
US Agencies Face CISA Deadline Over Critical Cisco SD-WAN Flaw
2026-03-13 11:27:22
US agencies race to meet a CISA deadline after a critical Cisco SD-WAN Flaw exposed federal networks to long-term intrusion and forced security action.
Feature Selection for Imbalanced Datasets Using Pearson Distance and KL Divergence
2026-03-13 11:25:27
Machine learning models often struggle with highly imbalanced datasets because they overfit the dominant class and miss the minority signals that matter most. This article introduces a lightweight, model-free...
Starbucks Data Breach – Hundreds of Users' Personal Data Exposed
2026-03-13 10:59:03
Starbucks Corporation has confirmed a data breach affecting an undisclosed number of its employees, exposing highly sensitive personal and financial information after unauthorized actors gained access...
Nitrogen Queen — Part 2
2026-03-13 10:52:13
Jack Rourke was demoted and watched after the inquiry. He ran diagnostics in the tunnels, fixed small faults the androids ignored, and waited for the doctor's signal. The doctor brought fragments of data...
I Built a Project-Specific LLM From My Own Codebase
2026-03-13 10:48:27
A developer built a local AI assistant to help new engineers understand a complex codebase. Using a Retrieval-Augmented Generation (RAG) pipeline with FAISS, DeepSeek Coder, and llama.cpp, the system...
Forget CRUD: Workflow APIs Are How Modern Platforms Actually Work
2026-03-13 10:38:31
Workflow API's are an endpoint designed around a business action rather than a raw resource update. Workflow API's come in the picture when a CRUD operation is too complex. They abstract all actions...
Fuite massive d'identifiants Discord, Twitch et Roblox
2026-03-13 10:34:01
ZATAZ découvre 750 000 identifiants Discord, Twitch et Roblox. Un outil local permet de vérifier anonymement si votre mot de passe figure dans la fuite.
I Built an Offline Voice-to-Text Tool That Runs on Your GPU
2026-03-13 10:33:52
Whisper Type is a lightweight open-source dictation tool that runs OpenAI's Whisper model locally on an NVIDIA GPU, turning speech into text instantly in any app. Built as a single Python file, it avoids...
Google fixed two new actively exploited flaws in the Chrome browser
2026-03-13 10:30:33
Google addressed two high-severity vulnerabilities in the Chrome browser that have been exploited in attacks in the wild. Google has released security updates to address two high-severity vulnerabilities,...
Veeam Patches Multiple Critical RCE Vulnerabilities on Backup Server
2026-03-13 10:20:23
A critical security update has been released for Backup & Replication software to fix severe vulnerabilities that could allow attackers to execute remote code and escalate privileges. Released on...
Quelle est la portée juridique réelle de SecNumCloud?
2026-03-13 09:43:54
Alors qu'avait fait grand bruit la publication sur Linkedin par le directeur général de l'Anssi (Agence nationale de la sécurité (...)
Le groupe ShinyHunters repart à l'assaut des clients Salesforce
2026-03-13 09:42:40
Après une première vague à la fin de l’été 2025, le piratage de comptes Salesforce revient en force selon le spécialiste (...)
Metasploit Pro 5.0.0 Released With Powerful New Modules and Critical Enhancements
2026-03-13 09:32:41
As cybercriminals continue to weaponize new vulnerabilities, the demand for continuous red-teaming and proactive security assessments has never been higher. Annual penetration tests are no longer enough...
Attackers impersonate Temu in ClickFix $Temu airdrop scam
2026-03-13 09:30:43
A fake $TEMU crypto airdrop uses the ClickFix trick to make victims run malware themselves and quietly installs a remote-access backdoor.
Google Fixes Two Chrome Zero-Days Exploited in the Wild Affecting Skia and V8
2026-03-13 09:17:00
Google on Thursday released security updates for its Chrome web browser to address two high-severity vulnerabilities that it said have been exploited in the wild.
The list of vulnerabilities is as follows...
Beyond File Servers: Securing Unstructured Data in the Era of AI
2026-03-13 09:01:35
File servers still exist for legacy storage and governance, but most modern workflows now happen in collaboration tools, code platforms, chats, and AI systems. File servers remain, but they are no longer...
ABB automatise ses processus IT avec Ansible
2026-03-13 08:46:16
ABB, fabricant suisse d'automatismes et de robotiques industriels, figure parmi les 5 premiers industriels mondiaux dans ces deux domaines et emploie 100 (...)
Nine CrackArmor Flaws in Linux AppArmor Enable Root Escalation, Bypass Container Isolation
2026-03-13 08:18:00
Cybersecurity researchers have disclosed multiple security vulnerabilities within the Linux kernel's AppArmor module that could be exploited by unprivileged users to circumvent kernel protections, escalate...
Starbucks discloses data breach affecting hundreds of employees
2026-03-13 08:16:55
Starbucks has disclosed a data breach affecting hundreds of employees after threat actors gained access to their Starbucks Partner Central accounts. [...]
Chrome Zero-Day Vulnerabilities Actively Exploited in the Wild to Execute Malicious Code
2026-03-13 07:26:57
Google has released an urgent security update for its Chrome browser after confirming that two high-severity zero-day vulnerabilities are being actively exploited in the wild. The stable channel has been...
Dans l'expectative, Meta lâche une roadmap pour ses puces IA
2026-03-13 07:23:16
Sa situation ayant alerté les marchés, Meta fait écho aux réassurances de son fournisseur Broadcom en communiquant une feuille de route pour ses puces IA.
The post Dans l’expectative, Meta lâche...
Salesforce Warns of ShinyHunters Group Exploiting Experience Cloud Sites
2026-03-13 07:12:53
A critical warning has been issued about an active threat campaign targeting misconfigured Experience Cloud sites. The notorious threat actor group ShinyHunters has claimed responsibility for a massive...
Google fixes two new Chrome zero-days exploited in attacks
2026-03-13 06:56:58
Google has released emergency security updates to patch two high-severity Chrome vulnerabilities exploited in zero-day attacks. [...]
The TechBeat: When Your Metrics Lie: The Illusion of Observability (3/13/2026)
2026-03-13 06:11:19
How are you, hacker?
🪐Want to know what's trending right now?:
The Techbeat by HackerNoon has got you covered with fresh content from our trending stories of the day! Set email preference here.
...
Solo Satoshi Releases the Most Powerful Open-Source Touchscreen Bitcoin Miner
2026-03-13 06:02:45
A small Houston, Texas business has brought a fully open-source touchscreen Bitcoin miner to market. The Bitaxe Touch outperforms every competitor in its class by a factor of two. Every line of firmware,...
Why Physical AI Must Be Superhuman
2026-03-13 06:00:56
Nishant Bhanot, Senior Sensing Systems Engineer at Waymo, argues that for Physical AI, striving for mere human parity is a failure state. He explains why autonomous systems and humanoids must instead...
Authorities Disrupt SocksEscort Proxy Botnet Exploiting 369,000 IPs Across 163 Countries
2026-03-13 05:26:00
A court-authorized international law enforcement operation has dismantled a criminal proxy service named SocksEscort that enslaved thousands of residential routers worldwide into a botnet for committing...
Ubuntu 25.10 FreeType Key Integer Arithmetic Information Leak USN-8086-1
2026-03-13 04:45:08
FreeType could be made to leak sensitive information.
Veeam Patches 7 Critical Backup & Replication Flaws Allowing Remote Code Execution
2026-03-13 04:15:00
Veeam has released security updates to address multiple critical vulnerabilities in its Backup & Replication software that, if successfully exploited, could result in remote code execution.
The vulnerabilities...
Critical CrackArmor Vulnerabilities Expose 12.6 Million Linux Servers to Complete Root Takeover
2026-03-13 04:05:35
Nine critical vulnerabilities have been discovered in AppArmor, which is a widely used mandatory access control framework for Linux. These vulnerabilities, collectively referred to as “CrackArmor,”...
Updated Fedora 43 easyrpg-player Security Patch Released for CVE-2026-29022
2026-03-13 01:19:19
Rebuilt with updated dr_wav to fix CVE-2026-29022
Fedora 43 Taskwarrior Critical CVE Fix Denial of Service 2026-eb2fc8e93d
2026-03-13 01:19:18
Update to new release, includes updated dependencies that fix for a number of CVEs
Fedora 43 Python 3.12 Key Header Injection Fix Advisory 2026-ac5dd35f2d
2026-03-13 01:19:16
Update to 3.12.13
Fedora 42 dnf5 Critical CVE-2026-3836 Denial of Service 2026-beac8e1f11
2026-03-13 01:00:46
This release fixes CVE-2026-3836 (a crash in dnf5daemon-server when receiving an unknown locale from a D-Bus client.
Fedora 42 Easyrpg-player Important Fix for CVE-2026-29022
2026-03-13 01:00:17
Rebuilt with updated dr_wav to fix CVE-2026-29022
Vulnérabilité dans Python (13 mars 2026)
13/03/2026
Une vulnérabilité a été découverte dans Python. Elle permet à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Multiples vulnérabilités dans Google Chrome (13 mars 2026)
13/03/2026
De multiples vulnérabilités ont été découvertes dans Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur. Google indique que les...
Multiples vulnérabilités dans les produits NetApp (13 mars 2026)
13/03/2026
De multiples vulnérabilités ont été découvertes dans les produits NetApp. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données...
Multiples vulnérabilités dans le noyau Linux de SUSE (13 mars 2026)
13/03/2026
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité et un problème de sécurité...
Multiples vulnérabilités dans le noyau Linux d'Ubuntu (13 mars 2026)
13/03/2026
De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Multiples vulnérabilités dans le noyau Linux de Red Hat (13 mars 2026)
13/03/2026
De multiples vulnérabilités ont été découvertes dans le noyau Linux de Red Hat. Elles permettent à un attaquant de provoquer une atteinte à l'intégrité des données, un contournement de la politique...
Multiples vulnérabilités dans le noyau Linux de Debian (13 mars 2026)
13/03/2026
De multiples vulnérabilités ont été découvertes dans le noyau Linux de Debian. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité...
Multiples vulnérabilités dans les produits IBM (13 mars 2026)
13/03/2026
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service...
Vulnérabilité dans Microsoft Edge (13 mars 2026)
13/03/2026
Une vulnérabilité a été découverte dans Microsoft Edge. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.
Vulnérabilité dans Microsoft Office (13 mars 2026)
13/03/2026
Une vulnérabilité a été découverte dans Microsoft Office. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.
Vulnérabilité dans les produits Microsoft (13 mars 2026)
13/03/2026
Une vulnérabilité a été découverte dans les produits Microsoft. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.