Toute l'actualité de la Cybersécurité
Axios npm Supply Chain Compromise
2026-04-01 23:43:37
What is the Attack?
A software supply chain attack targeted the widely used JavaScript library Axios after an attacker reportedly compromised a maintainer's...
'NoVoice' Android malware on Google Play infected 2.3 million devices
2026-04-01 18:07:21
A new Android malware named NoVoice was found on Google Play, hidden in more than 50 apps that were downloaded at least 2.3 million times. [...]
LinkedIn Phishing Scam Uses Fake Notifications to Hijack Accounts
2026-04-01 17:24:07
A LinkedIn phishing scam uses fake notifications and lookalike domains to steal credentials, hijack accounts, and access sensitive professional data.
Magecart Hackers Uses 100+ Domains to Hijack eStores Checkouts and Steal Card Data
2026-04-01 17:13:13
A sophisticated and long-running Magecart campaign has been quietly operating for over 24 months, infecting e-commerce websites across at least 12 countries using more than 100 malicious domains to steal...
Cyberattacks Intensify Pressure on Latin American Governments
2026-04-01 16:52:54
Cyber threats across Latin America are increasingly targeting government systems, from disruptive attacks in Puerto Rico to a surge of probes against Colombia's health sector.
CERT-UA Impersonation Campaign Spread AGEWHEEZE Malware to 1 Million Emails
2026-04-01 16:10:00
The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed details of a new phishing campaign in which the cybersecurity agency itself was impersonated to distribute a remote administration...
Anthropic Leaks 512,000 Lines of Claude AI Code in Major Blunder
2026-04-01 15:13:54
Human error exposed 512,000+ lines of Anthropic Claude AI Code, revealing KAIROS and Capybara secrets, pushing users to switch to the Native Installer.
FIC 2026 : L'Anssi réclame moins de dépendance numérique
2026-04-01 15:01:25
Environ 7 000 personnes (fournisseurs, partenaires, RSSI, DSI,…) se sont données rendez-vous au Palais des congrès de Lille pour la (...)
Developers ignore most marketing — but not all of it
2026-04-01 15:00:27
Developers filter out most marketing because it interrupts their workflow and rarely proves value upfront. What actually works is letting them experience your product — through hands-on testing, peer...
The App That Lets AI Agents Hire You: Human API Goes Mobile With a mn Long on Human Data
2026-04-01 14:55:11
Human API launched its mobile app on iOS and Android on April 1, letting contributors earn direct payments by completing tasks posted by AI agents. Initial tasks are audio-based: conversational recordings...
Venom Stealer MaaS Platform Commoditizes ClickFix Attacks
2026-04-01 14:54:23
A new service on the cybercrime market provides automated capabilities to create persistent information-stealing social engineering attacks.
WhatsApp on Windows users targeted in new campaign, warns Microsoft
2026-04-01 14:27:39
Microsoft warns WhatsApp on Windows users about an ongoing campaign that tries to gain permanent access to your machine
How CoinFello's MinChi Park Built the Trust Layer 500 Million Crypto Users Have Been Waiting For
2026-04-01 14:25:04
CoinFello launched publicly at EthCC 2026 with an AI agent that executes DeFi transactions through natural language while keeping private keys on the user's device. The security model uses ERC-7710 scoped...
Microsoft Warns of WhatsApp-Delivered VBS Malware Hijacking Windows via UAC Bypass
2026-04-01 14:10:00
Microsoft is calling attention to a new campaign that has leveraged WhatsApp messages to distribute malicious Visual Basic Script (VBS) files.
The activity, beginning in late February 2026, leverages...
Routine Access Is Powering Modern Intrusions, a New Threat Report Finds
2026-04-01 14:05:15
Modern intrusions increasingly start with valid credentials and routine access, not exploits. Blackpoint Cyber's upcoming threat report shows how VPN abuse, RMM tools, and social engineering drive most...
Le Health data hub nomme Hela Ghariani directrice générale
2026-04-01 14:04:33
Au détour d'une publication Linkedin concernant la visite de son conseil d'administration, le Health data hub a officialisé le (...)
The Two-Person Wall: Why the Linux Backbone is More Fragile Than You Think
2026-04-01 13:59:56
Ever wonder what happens to a piece of software when the people who wrote it just stop showing up? In the industry, we call this the bus factor. It is a morbid name for a very simple metric. It measures...
Google links Axios npm supply chain attack to North Korea-linked APT UNC1069
2026-04-01 13:47:19
Google links the Axios npm supply chain attack to North Korean threat group UNC1069, targeting financial gain. Google has attributed the recent Axios npm supply chain compromise to a North Korean threat...
USN-8139-1: cargo-c vulnerability
2026-04-01 13:44:32
It was discovered that tar-rs embedded in cargo-c incorrectly handled
symlinks when unpacking a tar archive. If a user or automated system were
tricked into processing a specially crafted tar archive,...
Simplon fait découvrir l'IT à des jeunes éloignés de l'emploi
2026-04-01 13:41:11
Dans la continuité de ses actions de formation au numérique solidaires, l’école Simplon ouvre un programme destiné (...)
USN-8138-1: tar-rs vulnerability
2026-04-01 13:35:16
It was discovered that tar-rs incorrectly handled symlinks when unpacking a
tar archive. If a user or automated system were tricked into processing a
specially crafted tar archive, a remote attacker could...
Google Cloud's Vertex AI platform Vulnerability Allow Attackers to Access Sensitive Data
2026-04-01 13:06:14
Artificial intelligence agents are rapidly becoming integral to enterprise workflows, but they also introduce new attack surfaces. Security researchers recently uncovered a significant vulnerability within...
Hackers Actively Exploiting Critical WebLogic RCE Vulnerabilities in Attacks
2026-04-01 13:01:53
A recent cybersecurity study reveals that threat actors are moving faster than ever to weaponize new software flaws. According to data collected from a high-interaction honeypot, hackers are actively...
Why we’re still not doing April Fools’ Day
2026-04-01 13:00:00
Scams are so convincing that two in three people can't tell them from the real thing. It's why we're not adding to the noise for April Fools.
What CISOs Should Expect from AI Powered MDR in 2026, According to Rapid7 CEO Corey Thomas
2026-04-01 13:00:00
In the latest episode of Rapid7's Experts on Experts, I'm joined by Rapid7 CEO Corey Thomas for a candid conversation about where AI is genuinely changing security operations, and where the hype still...
How Sonatype's Container Scanning Protects You From Zero-Days
2026-04-01 13:00:00
Software development moves fast, and engineering teams face intense pressure to deliver applications securely without slowing down. Containers offer incredible speed and portability, allowing...
Russian Hackers Using Remote Access Toolkit “CTRL” for RDP Hijacking
2026-04-01 12:58:01
A newly disclosed Russian-linked remote access toolkit called “CTRL” is being used to hijack Remote Desktop Protocol sessions and steal credentials from Windows systems. According to Censys ARC, the...
New Chrome Zero-Day Vulnerability Actively Exploited in Attacks — Patch Now
2026-04-01 12:53:43
Google has released an emergency security update for its Chrome browser, patching a zero-day vulnerability that is already being actively exploited in the wild. The Stable channel has been updated to...
Debian 11 python-tornado Critical DoS Risk Mitigation DLA-4520-1
2026-04-01 12:46:05
Tornado is a scalable, non-blocking Python web framework and asynchronous networking library. CVE-2026-31958 Introduce new limits on the size and complexity of multipart bodies, including a default limit...
Block the Prompt, Not the Work: The End of "Doctor No"
2026-04-01 12:46:00
There is a character that keeps appearing in enterprise security departments, and most CISOs know exactly who that is. It doesn’t build. It doesn’t enable. Its entire function is to say "No."
No...
Swift Concurrency Explained: Actors, Executors, and Reentrancy
2026-04-01 12:45:50
Explore Structured Concurrency in Swift: Actors, @MainActor, @GlobalActor, understanding the Swift Concurrency runtime, and actor reentrancy.
Ransomware Groups Exploit Legit IT Tools to Bypass Antivirus
2026-04-01 12:43:22
New research from Seqrite explains the ‘dual-use dilemma,’ where ransomware attackers repurpose legitimate IT tools like IOBit Unlocker…
When AWS Goes Down Because of a Drone Strike
2026-04-01 12:42:36
Iranian drones struck multiple AWS facilities across the UAE and Bahrain. This was the first confirmed military attack on a major hyperscale cloud provider's infrastructure.
SUSE 12 Python-Tornado Important DoS Security Fix Advisory 2026-1162-1
2026-04-01 12:41:33
An update that solves three vulnerabilities and has one security fix can now be installed.
CentOS Stream 9 Net-SNMP Vulnerability Notice RHSA-2023-5678-2
2026-04-01 12:41:27
An update that solves one vulnerability can now be installed.
SUSE Libsoup Important Nine Vulnerabilities Fixed 2026-20902-1
2026-04-01 12:41:23
An update that solves nine vulnerabilities can now be installed.
The Money Mistakes Keeping Developers Financially Stuck
2026-04-01 12:41:07
Developers can write flawless code, ship on time, and still be financially stuck. Here's the exact patterns that keep most developers financially stuck, and how to break every single one.
OpenSUSE BCI 17.1 libxyz Serious Memory Leak Issue OPENSUSE-SU-2026-50405-3
2026-04-01 12:41:03
An update that solves two vulnerabilities can now be installed.
SUSE Linux Enterprise Server 16.1 Upgrade Essential Data Security Patch
2026-04-01 12:40:58
An update that solves nine vulnerabilities can now be installed.
Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures
2026-04-01 12:36:00
A multi-pronged phishing campaign is targeting Spanish-speaking users in organizations across Latin America and Europe to deliver Windows banking trojans like Casbaneiro (aka Metamorfo) via another malware...
How Encryption Fights Cybercrime While Sometimes Aiding It
2026-04-01 12:35:16
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Apr. 1, 2026 – Read the full story in Forbes In 2025, the global damage cost resulting from cybercrime was...
HSBC India Asks Customers to use All-Uppercase Passwords
2026-04-01 12:32:24
Beginning April 6, 2026, HSBC India will require its internet banking customers to enter their passwords in uppercase letters only. The mandate, communicated via official customer emails, has sparked...
Hackers Use EtherRAT and EtherHiding to Hide Malware Infrastructure on Ethereum
2026-04-01 12:21:06
A sophisticated backdoor called EtherRAT is actively targeting organizations across multiple sectors by hiding its command infrastructure inside the Ethereum blockchain — a move that makes it uniquely...
New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation — Patch Released
2026-04-01 11:42:00
Google on Thursday released security updates for its Chrome web browser to address 21 vulnerabilities, including a zero-day flaw that it said has been exploited in the wild.
The high-severity vulnerability,...
FBI warns against using Chinese mobile apps due to privacy risks
2026-04-01 11:39:10
The U.S. Federal Bureau of Investigation (FBI) warned Americans against using foreign-developed mobile applications, particularly those created by Chinese developers. [...]
CultureAI Launches on Microsoft Marketplace to Accelerate Secure AI Adoption
2026-04-01 11:38:35
This week, CultureAI has announced the availability of its platform on Microsoft Marketplace, marking a step aimed at simplifying how organisations discover, deploy and manage AI usage controls. Microsoft...
Hackers Push CrystalX Malware-as-a-Service Through Telegram With Stealer and RAT Features
2026-04-01 11:36:07
A new and dangerous piece of malware has surfaced and is being marketed openly to cybercriminals through private Telegram channels. Named CrystalX, this Malware-as-a-Service (MaaS) platform combines a...
3 Reasons Attackers Are Using Your Trusted Tools Against You (And Why You Don't See It Coming)
2026-04-01 10:58:00
For years, cybersecurity has followed a familiar model: block malware, stop the attack. Now, attackers are moving on to what's next.
Threat actors now use malware less frequently in favor of what's...
Why Productivity is Stalling Again in 2026 and What Should Employers Do?
2026-04-01 10:56:42
Productivity has long been an ongoing battle for employers, and 2026 is showing no signs of improvement.
ImageMagick Zero-Day Enables RCE on Linux and WordPress Servers
2026-04-01 10:56:41
New research from Octagon Networks reveals a critical zero-day ImageMagick vulnerability that allows Remote Code Execution (RCE) via simple image uploads affecting Ubuntu, Amazon Linux, and WordPress....
Hackers Hijack Hotel Booking Workflows to Scam Guests With Fake Payment Requests
2026-04-01 10:56:35
Travelers across the world are being targeted by a fast-growing fraud scheme that turns their own hotel reservations against them. Cybercriminals are hijacking trusted hotel booking workflows to deliver...
Cisco Source Code and Data Leak Allegedly Claimed by ShinyHunters
2026-04-01 10:55:17
The notorious cybercriminal group ShinyHunters has allegedly claimed responsibility for three separate data breaches targeting Cisco Systems, Inc., asserting that over 3 million Salesforce records containing...
Cybersecurity Firm TAC Security Hits 10,000 Clients, Enters Top 5 in Global VM & AppSec
2026-04-01 10:45:15
New York, New York, April 1st, 2026, CyberNewswire
Are We Training AI Too Late?
2026-04-01 10:40:13
Ask the Expert: Cybersecurity teams need to expand their field of view to include new, unique threat sources, rather than relying on past, proven threat actors.
AWS exonère des clients après des frappes sur ses datacenters au Moyen-Orient
2026-04-01 10:37:51
Dans une décision tout à fait inhabituelle, Amazon a confirmé l'annulation de l’intégralité des frais d’utilisation (...)
L'erreur d'un employé d'Anthropic expose le code source de Claude Code
2026-04-01 10:25:37
Un employé d'Anthropic a accidentellement exposé l'intégralité du code source propriétaire de son outil de programmation (...)
Google fixes fourth Chrome zero-day exploited in attacks in 2026
2026-04-01 10:25:36
Google has fixed the fourth Chrome vulnerability exploited in zero-day attacks since the start of the year. [...]
Defending Encryption in the Post Quantum Era
2026-04-01 10:00:43
Post-quantum cryptography explained, risks of quantum attacks, and steps to secure data, systems, and infrastructure for a quantum-resilient…
A malicious LNK that spreads a Python-based backdoor and how it's spreading (Kimsuky group)
2026-04-01 10:00:31
overview AhnLab SEcurity intelligence Center (ASEC) recently identified a change in the Kimsuky group’s method of distributing malicious LNK files. the overall attack flow remains the same as before,...
Sylvain Lefeuvre rejoint Board of Cyber comme DGA
2026-04-01 09:36:25
Après avoir passé plus de 7 ans chez Oodrive à s'occuper notamment du channel et des ventes, Sylvain Lefeuvre rejoint l'équipe (...)
SentinelOne autonomous detection blocks trojaned LiteLLM triggered by Claude Code
2026-04-01 08:58:59
SentinelOne AI stopped a LiteLLM supply chain attack in seconds, blocking malicious code automatically without human intervention. SentinelOne's AI-based security detected and blocked a supply chain...
PixelSmile Solves the Ambiguity Problem in AI Emotion Editing
2026-04-01 07:59:36
PixelSmile tackles AI emotion ambiguity with continuous labels, symmetric training, and precise facial expression control.
Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069
2026-04-01 07:44:00
Google has formally attributed the supply chain compromise of the popular Axios npm package to a financially motivated North Korean threat activity cluster tracked as UNC1069.
"We have attributed the...
Free VPNs leak your data while claiming privacy
2026-04-01 07:38:33
Most free Android VPNs track users, request dangerous permissions, and connect to risky servers, privacy comes at a hidden cost. Free VPN apps are some of the most popular downloads on Android, promising...
Interactive Data Chart Generator (Pure JavaScript Canvas Tool)
2026-04-01 06:59:59
Charts had become a normal part of our lives, visual elements of our work. Why not create a chart-building webpage where you enter the data and it creates the webpage? And with the help of AI it could...
SUCCESS - 253,510 breached accounts
2026-04-01 06:51:14
In March 2026, the personal development and achievement media brand SUCCESS suffered a data breach. The incident exposed 250k unique email addresses along with names, IP addresses, phone numbers and,...
Google Drive ransomware detection now on by default for paying users
2026-04-01 06:35:34
Google announced that the AI-powered Google Drive ransomware detection feature has reached general availability and is now enabled by default for all paying users. [...]
Intigriti March 2026 XSS Challenge Writeup: Chaining 3 Bypasses to Steal Admin Cookies
2026-04-01 06:35:31
How a DOM clobber, a component hijack, and a hidden JSONP endpoint gave me full cookie exfiltration through DOMPurify + CSP + SANITIZE_DOM…Continue reading on InfoSec Write-ups »
GitHub is a Search Engine for Secrets — and Nobody Told You
2026-04-01 06:35:26
By Shah kaif | “Every leaked API key started as a commit someone thought was private.” | LinkedIn💡 “GitHub Dorks: The Most Powerful OSINT Tool That's Been in Plain Sight This Whole Time.”🤯...
[BAC] Improper Authorization in Public Facebook Groups
2026-04-01 06:31:46
[BAC] Improper Authorization in Public Facebook Groups Allows Moderators to Change “Who Can Participate” SettingStorytelling Write-upWhile testing access control mechanisms in Facebook Groups, I started...
Cracking DVRIP/Sofia Hashes With Python
2026-04-01 06:30:26
Using a simple dictionary attack to crack a DVRIP/Sofia hash found on Xiongmai-based IP cameras. Full code is provided in DVRIP_hash_cracker Github repository.A mandatory disclaimer is that this demonstration...
Claude Code Source Leaked via npm Packaging Error, Anthropic Confirms
2026-04-01 06:12:00
Anthropic on Tuesday confirmed that internal code for its popular artificial intelligence (AI) coding assistant, Claude Code, had been inadvertently released due to a human error.
"No sensitive customer...
A laughing RAT: CrystalX combines spyware, stealer, and prankware features
2026-04-01 06:00:09
Kaspersky researchers analyze a new CrystalX RAT distributed as MaaS and featuring extensive spyware, stealer, and prankware capabilities.
New Windows 11 emergency update fixes preview update install issues
2026-04-01 05:33:43
Microsoft released an emergency update to fix the March 2026 KB5079391 non-security preview update, which was pulled over the weekend due to installation issues. [...]
The Evolution of Mobile Networks from 5G to 6G
2026-04-01 05:00:23
6G is set to redefine connectivity with speeds up to 1Tbps, sub-millisecond latency, and AI-native networks powered by terahertz spectrum. It will unlock advanced IoT, smart cities, and real-time applications...
Claude Unlocked 1 Million Tokens For Everybody: What Happens Now?
2026-04-01 00:57:29
If Claude is part of your workflow, the new 1 million token limit from Anthropic is a big deal.
The news about Anthropic unlocking 1 million tokens landed at #1 on Hacker News with over 1,100 points...
SpyderBot Earns a 96.53 Proof of Usefulness Score by Building Real-Time GEO Analytics to Track LLM Mentions
2026-04-01 00:51:27
SpyderBot is a cutting-edge LLM analytics platform that reveals exactly how AI models like ChatGPT, Grok, and Gemini see your brand and your competitors.
Using a network of over 20,000 distributed LLM-bots,...
Claude Code source code accidentally leaked in NPM package
2026-04-01 00:32:25
Anthropic says it accidentally leaked the source code for Claude Code, which is closed source, but the company says no customer data or credentials were exposed. [...]
Multiples vulnérabilités dans Sonicwall Email Security (01 avril 2026)
01/04/2026
De multiples vulnérabilités ont été découvertes dans Sonicwall Email Security. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à l'intégrité...
Multiples vulnérabilités dans Joomla! (01 avril 2026)
01/04/2026
De multiples vulnérabilités ont été découvertes dans Joomla!. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à l'intégrité des données, une injection SQL (SQLi)...
Multiples vulnérabilités dans Google Chrome (01 avril 2026)
01/04/2026
De multiples vulnérabilités ont été découvertes dans Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur. Google indique que la vulnérabilité...
Multiples vulnérabilités dans les produits Microsoft (01 avril 2026)
01/04/2026
De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.