Toute l'actualité de la Cybersécurité
Gestion de l'expérience employé numérique : un marketing à recadrer ?
2026-06-11 17:14:34
Gartner pointe, chez les principaux fournisseurs de solutions DEX, des approches marketing qu'il juge trop larges ou trop restrictives.
The post Gestion de l’expérience employé numérique : un...
GoFlateLoader Uses Massive PE Overlay to Deliver Lumma, Vidar, and StealC Infostealers
2026-06-11 17:09:39
A new malware loader called GoFlateLoader has been quietly spreading across the internet, and what makes it stand out is not how complex it is but how effective a simple trick has made it. Written in...
Critical Langflow Vulnerability Exploited to Execute Malicious Code
2026-06-11 16:53:56
A critical security vulnerability in Langflow, tracked as CVE-2026-5027, is raising serious concerns after researchers confirmed that attackers can exploit the flaw to execute malicious code on affected...
The Gentlemen Ransomware Claims 478 Victims, Can Spread Like a Worm
2026-06-11 16:50:47
A new analysis of The Gentlemen operation has revealed that the financially motivated threat group initially operated as an affiliate responsible for conducting double extortion attacks, while leveraging...
Numspot ajoute des services IA à son PaaS
2026-06-11 16:49:46
Depuis quelques mois, Numspot étoffe progressivement son catalogue PaaS en annonçant le lancement d’un service managé autour (...)
Hackers Abuse SniperDz PhaaS Ecosystem for Brand Impersonation and Browser Hijacking
2026-06-11 16:45:48
A sophisticated Phishing-as-a-Service (PhaaS) platform called SniperDz has been quietly enabling a wide range of online fraud that goes far beyond basic credential theft. The platform provides cybercriminals...
Researcher Hacked Google Using AI and Earned 0,000 Bug Bounty
2026-06-11 16:43:02
A security researcher known as brutecat has disclosed how an AI-driven fuzzing pipeline uncovered more than 0,000 in vulnerabilities across Google’s infrastructure in under three months, exposing...
Decade-Long SniperDz Phishing Network Disrupted in Operation Ramz
2026-06-11 16:18:37
Group-IB, INTERPOL and Algerian Police dismantle decade-old SniperDZ phishing network used to steal credentials, with its alleged developer arrested.
Google can be liable for false AI Overviews, court rules
2026-06-11 16:09:13
"AI can make mistakes" isn't a good enough legal defense for defamatory or incorrect AI Overviews, a German court has ruled.
LLMs Shouldn't Do Math: Why Your Agents Need Classical ML Tools
2026-06-11 16:00:37
Writing custom JSON parsers and Pydantic validation scripts to connect classical ML models to agent frameworks like LangGraph or CrewAI is a massive time sink. This article shows how to eliminate that...
Why Agentic Software Development Needs Documentation Stewardship
2026-06-11 16:00:33
This article defines the governance layer of the contract-style comments framework, arguing that documentation must evolve from a passive reference into an actively maintained system artifact. It introduces...
Making secret scanning more trustworthy: Reducing false positives at scale
2026-06-11 16:00:00
Alerts are more trustworthy and actionable when noise is reduced. See how we improved the verification step with context-aware LLM reasoning.
The post Making secret scanning more trustworthy: Reducing...
Authorities dismantle 'AudiA6' ransomware crypto-laundering service
2026-06-11 15:55:41
Law enforcement has dismantled the “AudiA6” cryptocurrency service allegedly used by ransomware actors and other cybercriminals to launder more than 0 million. [...]
GitHub to Automate Disable npm Script Installs to Block Supply Chain Attacks
2026-06-11 15:55:00
GitHub has announced a major security-focused update to the Node Package Manager (npm), introducing breaking changes in the upcoming npm v12 release to reduce software supply chain attack risks significantly....
Claude Mythos Turning N-Days Into N-Hours With Rapid Working Exploit Creation
2026-06-11 15:50:54
A new study has revealed that advanced large language models (LLMs), particularly Anthropic's Claude Mythos Preview, are dramatically accelerating the development of N-day exploits, reducing timelines...
CISA Warns of Check Point Security Gateway Vulnerability Actively Exploited in Ransomware Attacks
2026-06-11 15:47:03
CISA has added a critical vulnerability in Check Point Security Gateway to its Known Exploited Vulnerabilities (KEV) catalog, warning that threat actors are actively exploiting the flaw in ransomware...
Hackers Use Weaponized DMG Files to Target macOS Users With Infostealer Malware
2026-06-11 15:43:53
Hackers are using weaponized DMG files to target macOS users with infostealer malware, exploiting the long-standing myth that Apple devices are safe from cyber threats. These attacks rely on fake software...
Piratage de la messagerie Tchap : le Parquet de Paris ouvre une enquête
2026-06-11 15:37:04
Suite au piratage de la messagerie ultra-sécurisée Tchap, le Parquet de Paris a annoncé l'ouverture d'une enquête. L'Office anti-cybercriminalité (OFAC) a été saisi pour identifier l'auteur...
Hackers Use BLUERABBIT Backdoor to Encrypt Files and Wipe Disks Across Windows Systems
2026-06-11 15:32:55
A newly discovered backdoor called BLUERABBIT has been found targeting Windows systems with a dangerous mix of file encryption, disk wiping, and data theft. First observed in mid-to-late March 2026, the...
USN-8424-1: Ubuntu Kylin Software Center vulnerability
2026-06-11 15:20:07
It was discovered that Ubuntu Kylin Software Center incorrectly
handled user-supplied input in its D-Bus service. A local attacker
could possibly use this issue to gain administrative privileges.
So, You Want to Develop a Game, Huh? 3 Things Every Gaming Startup Should Know Beforehand
2026-06-11 15:00:50
Here are 3 things your gaming startup should consider before developing a game: Do you have a marketing strategy in place? Do you know what ideas you want to implement? Do you know who your target audience...
Segmentation Works for OT If Operators Are Paying Attention
2026-06-11 14:51:48
Operational technology security remains as difficult as ever, with even the best practice recommendation falling short.
Les salaires des experts infrastructures et data au sommet en 2026
2026-06-11 14:46:04
En 2026, les salaires dans l’IT en France resteront stables poursuivant la phase de consolidation amorcée en 2024. Toutefois, les niveaux (...)
Fraude bancaire : 84 % des dirigeants bancaires mondiaux classent les agents IA comme étant leur vulnérabilité majeure de 2026
2026-06-11 14:30:59
Les institutions financières internationales tirent la sonnette d'alarme face à la montée en puissance de la fraude pilotée par l'IA. Une nouvelle étude menée par BioCatch, spécialiste de la...
88 % des entreprises françaises touchées par des incidents API : l'IA fait exploser les risques cyber
2026-06-11 14:28:56
Basée sur les retours de 540 décideurs experts de la cybersécurité en France, en Allemagne et au Royaume-Uni, elle met en lumière une tendance de fond : la croissance des API dépasse désormais...
Les relations de confiance et les failles dans les applications destinées au grand public renforcent leur position de principaux vecteurs d'attaque
2026-06-11 14:26:40
En 2025, bien que les principaux vecteurs d'attaque restent similaires à ceux de 2024, leur part combinée a augmenté pour dépasser les 80 %. Les applications accessibles depuis Internet (public-facing)...
OnyxC2 Malware-as-a-Service Offers Enterprise-Grade Data Theft
2026-06-11 14:22:21
OnyxC2 is a MaaS stealer targeting 210+ apps, using DLL sideloading, encrypted payloads, and remote access features to evade detection. OnyxC2 appeared on a cybercrime forum earlier this year and is sold...
NIS 2 : Bruxelles hausse le ton contre la France
2026-06-11 14:18:18
La Commission européenne s'apprête à traduire la France devant la Cour de justice de l'UE pour ne pas avoir transposé la directive NIS 2 dans les délais.
The post NIS 2 : Bruxelles hausse le...
Hackers Abuse Residential Proxy Networks to Hide Malicious Activity and Evade Detection
2026-06-11 14:02:47
Hackers are getting harder to catch, and residential proxy networks are a key reason why. These services allow attackers to route malicious traffic through everyday home internet connections, making activity...
The TechBeat: Architecting Secure AI Agents: The Fatal Flaw in Standard API Integrations (6/11/2026)
2026-06-11 14:00:50
How are you, hacker?
🪐Want to know what's trending right now?:
The Techbeat by HackerNoon has got you covered with fresh content from our trending stories of the day! Set email preference here.
...
153 Blog Posts To Learn About Product Strategy
2026-06-11 14:00:38
Let's learn about Product Strategy via these 153 free blog posts. They are ordered by HackerNoon reader engagement data. Visit the Learn Repo or LearnRepo.com to find the most read blog posts about any...
Criminal IP at Infosecurity Europe 2026: Introducing AITEM, the Next Chapter of Attack Surface Management
2026-06-11 14:00:25
Torrance, United States / California, 11th June 2026, CyberNewswire
Why AI-driven threats are exposing the limits of MSP security stacks
2026-06-11 14:00:10
AI-driven attacks are exposing the limits of fragmented MSP security stacks and slow response workflows. Kaseya breaks down why integrated security, automation, and recovery are becoming essential. [...]...
Cybersecurity Stars Awards 2026: Winners Announced Across 95 Categories
2026-06-11 13:26:13
Most good security work is invisible by design. Today is the exception.
The 2026 Cybersecurity Stars Awards winners are announced across 95 subcategories in four main award categories.
The reason is...
I Got Tired of Tofu Boxes and Built a Font That Can't Tofu
2026-06-11 13:23:43
After discovering that a simple star character (★) rendered as a tofu box due to a missing glyph, the author dug into how browsers resolve font stacks on a per-character basis. Rather than relying on...
ThreatsDay Bulletin: Worm Code Leaked, AI Agent Phished, Claude Code Patch + 28 New Stories
2026-06-11 13:20:41
It's been one of those weeks. You expect the usual noise: recycled malware, sloppy attacks, another easy target getting hit. Instead, there's a supply chain attack kit in a public repo, a ,000-a-month...
Solidity's Memory Safety Model and the Special Case of the Zero Slot
2026-06-11 13:11:33
This article examines Solidity's handling of memory safety in inline assembly, focusing on the zero slot at address 0x60. Rather than treating compiler warnings as arbitrary restrictions, it argues they...
Parents: How To Help Your College Students Avoid Roommate Scams
2026-06-11 13:08:04
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 11, 2026 – Listen to the podcast Media outlets and cybersecurity industry experts have been warning for...
Breaking Free Of The Cyber Insurance Market's Moment Of Frustration
2026-06-11 13:00:53
Cyber insurance is experiencing a prolonged “moment of frustration.” Insurers face volatile cycles, pricing pressures and inconsistent growth. A recent report by Munich Re found the global cyber...
Criminal AI-as-a-Service in 2026: How the Underground Market Is Operationalizing Cybercrime
2026-06-11 13:00:00
IntroductionThe underground market for criminally oriented generative AI has moved beyond the early hype surrounding 'malicious chatbots.' The gradual integration of AI as a productivity layer within...
USN-8422-1: Mistral vulnerability
2026-06-11 12:55:21
Eduardo Gonzalez Gutierrez and Arnaud Morin discovered that Mistral
did not properly enforce access policies on some API endpoints. An
attacker could possibly execute arbitrary code on a Mistral worker...
Coupang hit with record 9 million data breach fine in Korea
2026-06-11 12:52:41
The Personal Information Protection Commission (PIPC), South Korea's data protection regulator, has fined e-commerce giant Coupang a record 624.6 billion won (roughly 9 million) following a massive...
The Hidden Security Risks of Poor Software Testing
2026-06-11 12:49:34
Poor Software Testing can expose hidden flaws, vulnerable dependencies and weak controls, increasing breach risks, downtime and costly fixes after release.
CISA tells govt agencies to patch critical exploited flaws in 3 days
2026-06-11 12:46:44
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced a new Binding Operational Directive, 26-04, that prioritizes security updates for Federal Civilian Executive Branch (FCEB) agencies....
BRO SEARCH Review After Three Months on the Tor Network
2026-06-11 12:23:17
The author reviews BRO SEARCH after three months of use, praising its deduplication, filtering, advertising platform, and privacy features. However, the article relies heavily on product claims, subjective...
Best Day Trading Platforms in the US: 2026 Comparison & Reviews
2026-06-11 12:16:15
The US day trading platform market is crowded, competitive, and more accessible to retail traders than ever. Zero commissions are now the baseline, not a differentiator. What separates platforms in 2026...
Le toolkit Miasma siphonne les dépôts GitHub
2026-06-11 11:52:25
Les bibliothèques et autres dépôts de code en ligne constituent une cible de choix pour les cyberattaquants. Logique donc de voir ces (...)
La soutenabilité budgétaire de la CNIL questionnée
2026-06-11 11:39:53
La Cour des comptes juge intenable la trajectoire de masse salariale de la CNIL. Elle l'impute à plusieurs éléments de politique RH.
The post La soutenabilité budgétaire de la CNIL questionnée appeared...
Data of 2.4 million VRChat users stolen
2026-06-11 11:31:01
We explain what data was exposed, the potential risks, and the steps you should take now.
AI Broke Vulnerability Management. That's Why CISOs Are Moving Budget to BAS.
2026-06-11 11:30:00
For thirty years, vulnerability management ran on a buffer: the months between when a vulnerability was found and when someone could figure out how to weaponize it. The solution was straightforward enough;...
Chaotic Eclipse Strikes Again: New Zero-Day Unlocks BitLocker in Four Hours of Research
2026-06-11 10:58:21
GreatXML bypasses BitLocker via Defender offline scan artifacts, giving SYSTEM shell in Recovery Mode. No patch exists. Any machine that ran an offline scan is vulnerable. On June 10, security researcher...
Children’s phones must block nude images by September, UK says
2026-06-11 10:55:26
Apple and Google have three months to block nude images on children's phones. They're not allowed to collect any data while they do it.
May 2026 Cyber Attacks Statistics
2026-06-11 10:49:02
During May 2026 I collected 165 events: Cyber Crime accounted for 73.8% of events, Malware remained the dominant weapon (48.8%) and Information & Communication was hit the most (37.6%)
Commerce agentique : OpenAI signe avec Visa
2026-06-11 10:46:42
Visa va sécuriser les achats effectués via ChatGPT à l'heure où les chatbots sont un terrain de conquête pour le commerce en ligne.
The post Commerce agentique : OpenAI signe avec Visa appeared first...
Trust No Skill: Integrity Verification for AI Agent Supply Chains
2026-06-11 10:00:24
Protect enterprise AI agents from supply chain risks by auditing third-party skills for hidden vulnerabilities and multi-stage attack chains.
The post Trust No Skill: Integrity Verification for AI Agent...
Fortinet patched a new critical FortiSandbox flaw
2026-06-11 09:51:29
Fortinet patched a critical FortiSandbox vulnerability that could let unauthenticated attackers remotely execute commands via crafted HTTP requests. Fortinet released security updates to address several...
OceanLotus Hits Vietnam Investors With SPECTRALVIPER in FireAnt Attack
2026-06-11 09:45:58
The Vietnam-aligned threat actor known as OceanLotus has been attributed to two distinct campaigns that targeted domestic entities and stock investors with a backdoor known as SPECTRALVIPER.
The campaigns...
Keeping AI Documentation Clean With the Narrowest-Scope Rule
2026-06-11 09:00:46
This article introduces the Narrowest-Scope Rule (NSR), a governance principle within the contract-style comments framework that determines where system updates should be recorded. By requiring changes...
Thales migre ses ERP SAP chez S3ns
2026-06-11 08:45:23
A la tête du cloud de confiance S3NS, sur lequel SAP a annoncé viser la certification SecNumCloud pour son ERP S/4 Hana, le groupe Thales (...)
Microsoft fixes BitLocker recovery bug on Windows Server 2025
2026-06-11 08:44:22
Microsoft has resolved a known issue causing some Windows Server 2025 devices to boot into BitLocker recovery after installing the April 2026 security update. [...]
Siddhish Sutaria and Jolly Shah: Shaping Embedded System Evolution
2026-06-11 08:30:21
Apple and Google engineers working in embedded systems describe how AI, firmware, and power management are converging across consumer devices and large-scale infrastructure. Their work highlights real-time...
Amit Kumar Padhy Showcases Enterprise Agentic AI Architecture at Data Summit 2026
2026-06-11 08:00:38
Data Summit 2026 showcased how AI is evolving from experimentation to production-scale enterprise deployment. A key presentation by Adobe architect Amit Kumar Padhy explored multi-agent AI systems for...
JDY Botnet Evolves After KV Takedown, Targets Military Networks
2026-06-11 07:46:54
JDY botnet scans SOHO/IoT devices globally to map services and targets, especially US military networks. Lumen’s Black Lotus Labs reported the resurgence of the JDY botnet, a covert reconnaissance...
Nottingham University data breach affects over 450,000 students
2026-06-11 07:27:53
The University of Nottingham confirmed on Wednesday that a hacking group gained access to its student records system in a breach affecting both current students and alums. [...]
GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks
2026-06-11 06:23:03
GitHub has announced what it said are "breaking changes" coming to npm version 12, one of which turns off install scripts by default to combat software supply chain threats.
The changes aim to combat...
Max severity Ivanti Sentry vulnerability now exploited in attacks
2026-06-11 06:20:22
Attackers are now targeting a recently patched maximum-severity flaw in Ivanti Sentry, enabling them to execute code with root privileges on Internet-exposed secure mobile gateways. [...]
Check Point VPN Authentication Bypass Vulnerability
2026-06-11 00:15:46
What is the Vulnerability?
A critical authentication bypass vulnerability, CVE-2026-50751 (CVSS 9.3), is being actively exploited against vulnerable...
Chinese, N. Korean Threat Groups Build on Asia-Pacific Success
2026-06-11 00:01:00
North Korea's gross domestic product (GDP) has grown, in part because of the nation's state-sponsored cybercrime groups, which target financial firms and other businesses.
List of 29 new domains
2026-06-11 00:00:00
.fr amoncasino-fr[.fr] (registrar: NETIM)
birken-stock[.fr] (registrar: SAS Ligne Web Services - LWS)
buddys-imrnobilier[.fr] (registrar: KEY-SYSTEMS GmbH)
casinowinamax[.fr] (registrar: Dynadot Inc)
confirmation-rendezvous-leboncoin[.fr]...
Multiples vulnérabilités dans LibreNMS (11 juin 2026)
11/06/2026
De multiples vulnérabilités ont été découvertes dans LibreNMS. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance.
Multiples vulnérabilités dans GitLab (11 juin 2026)
11/06/2026
De multiples vulnérabilités ont été découvertes dans GitLab. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et...
Multiples vulnérabilités dans les produits Palo Alto Networks (11 juin 2026)
11/06/2026
De multiples vulnérabilités ont été découvertes dans les produits Palo Alto Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance,...
Multiples vulnérabilités dans MongoDB (11 juin 2026)
11/06/2026
De multiples vulnérabilités ont été découvertes dans MongoDB. Elles permettent à un attaquant de provoquer un déni de service à distance et une atteinte à la confidentialité des données.
Multiples vulnérabilités dans les produits Splunk (11 juin 2026)
11/06/2026
De multiples vulnérabilités ont été découvertes dans les produits Splunk. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte...
Multiples vulnérabilités dans les produits Microsoft (11 juin 2026)
11/06/2026
De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Vulnérabilité dans Traefik (11 juin 2026)
11/06/2026
Une vulnérabilité a été découverte dans Traefik. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
Multiples vulnérabilités dans les produits Spring (11 juin 2026)
11/06/2026
De multiples vulnérabilités ont été découvertes dans les produits Spring. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte...