Toute l'actualité de la Cybersécurité
Signed software abused to deploy antivirus-killing scripts
2026-04-15 17:59:30
A digitally signed adware tool has deployed payloads running with SYSTEM privileges that disabled antivirus protections on thousands of endpoints, some in the educational, utilities, government, and healthcare...
AI clickbait can turn your notifications into a scam feed
2026-04-15 17:43:40
A new AI-driven campaign known as Pushpaganda is using clickbait to turn your browser notifications into a stream of scams and fake alerts.
OpenAI défie Claude Mythos avec GPT‑5.4-Cyber
2026-04-15 17:15:37
La cybersécurité est le terrain de jeu entre les grands fournisseurs IA. Après le projet Glasswing et le modèle Claude (...)
n8n Webhooks Abused Since October 2025 to Deliver Malware via Phishing Emails
2026-04-15 17:09:00
Threat actors have been observed weaponizing n8n, a popular artificial intelligence (AI) workflow automation platform, to facilitate sophisticated phishing campaigns and deliver malicious payloads...
Fake Ledger Live App on Apple Store Linked to .5M Crypto Theft
2026-04-15 16:47:20
Apple approved a fake Ledger Live app on its App Store, allowing scammers to steal .5 million from more than 50 users. Did you install this app?
Piratage d'Europa.eu : une leçon de configuration IAM
2026-04-15 16:30:46
Le piratage d'Europa.eu a été facilité par un contrôle d'accès lâche sur plusieurs aspects au niveau de l'infrastructure AWS.
The post Piratage d’Europa.eu : une leçon de configuration IAM...
Microsoft pays .3M for cloud and AI flaws at Zero Day Quest
2026-04-15 16:20:21
Microsoft has awarded .3 million to security researchers after receiving nearly 700 submissions during this year's Zero Day Quest hacking contest. [...]
Incident response for AI: Same fire, different fuel
2026-04-15 16:00:45
AI changes how incidents unfold and how we respond. Learn which IR practices still apply and where new telemetry, tools, and skills are needed.
The post Incident response for AI: Same fire, different...
Nobody Is QA Testing Their LLM Apps (That's Going to Be a Problem)
2026-04-15 15:59:40
AI-powered applications don't crash when they fail — they hallucinate confidently, drift silently, and get exploited in ways traditional QA was never designed to catch. This article breaks down a six-layer...
TradFi and DeFi Operate in Parallel – Ault Makes Them Work as One
2026-04-15 15:56:16
What do TradFi and DeFi actually have in common? Right now, aside from sharing the same suffix, not much.
Some TradFi assets, stocks, commodities, are now accessible within DeFi, and a growing tranche...
Writing for the "marketing-proof" Reader: What Performs on HackerNoon
2026-04-15 15:46:13
HackerNoon's global audience of engineers and product leaders has a high "marketing filter." To reach them, skip the generic trends and press releases. Instead, focus on Technical Deep-Dives, Implementation...
Reflection-Driven Development in Pure C: Eliminating Boilerplate at Scale
2026-04-15 15:45:36
Pure C provides absolute hardware control but lacks native runtime reflection, leading to endless boilerplate for ECS, serialization, and UI bindings. This article explores "Reflection Driven Development"...
I Found 221 Bugs in vLLM. They All Had the Same Root Cause
2026-04-15 15:18:08
I audited vLLM's C++ and CUDA code and found 221 places where PyTorch's 64-bit tensor metadata is silently truncated to 32-bit int before being used in GPU buffer allocations. For GGUF model file code...
Prepping for 'Q-Day': Why Quantum Risk Management Should Start Now
2026-04-15 15:12:01
Quantum computers are coming and may impact systems in unexpected ways, and it will "take years to be fully quantum-safe, if ever," cryptography expert warns.
SkillGauge Earns a 256 Proof of Usefulness Score by Building an AI-Powered Interview Platform
2026-04-15 15:06:26
SkillGauge is an AI-powered interview platform designed to automate technical hiring through real-time video interviews, live coding assessments, and instant feedback. With over 50,000 monthly interviews...
CISA flags Windows Task Host vulnerability as exploited in attacks
2026-04-15 14:51:05
CISA warned U.S. government agencies to secure their systems against a Windows Task Host privilege escalation vulnerability that could allow attackers to gain SYSTEM privileges. [...]
Pharos Network and Hong Kong University Are Quietly Building the Next Layer of On-Chain Forecasting
2026-04-15 14:41:22
Pharos Network, the Layer 1 chain founded by former Ant Group leadership, has signed a Capstone research collaboration with the HKU-SCF FinTech Academy at the University of Hong Kong. Eight master's students...
SaaS : l'IA enterre-t-elle la « Règle des 40 » ?
2026-04-15 14:40:40
Une étude de Bain & Company révèle que l'IA bouscule le principal indicateur de performance du secteur des logiciels. Entre explosion des coûts et promesses de croissance, les éditeurs sont...
Audit: Big Tech Often Ignores CA Privacy Law Opt-Out Requests
2026-04-15 14:38:53
Google, Meta, and Microsoft about half the time don't comply with requests to opt out of online tracking per a California law mandate, privacy watchdog finds.
Distributed Systems are Easy to Design, Until You Run Them
2026-04-15 14:34:52
Distributed systems don't fail because of bugs—they fail because of assumptions.
Traditional microservices rely on predictability, but AI introduces uncertainty, making systems harder to debug and...
Google, Microsoft, Meta Tracking You Even if You Opt Out – New Research
2026-04-15 14:16:38
In a massive blow to consumer privacy, a new forensic audit reveals that tech giants Google, Microsoft, and Meta are systematically ignoring legally defined privacy opt-out signals. According to the March...
Collabora et LibreOffice en froid : ce qui se joue après des années de conflit
2026-04-15 14:16:27
Empêtrés dans un litige de gouvernance sur fond de prétendus conflits d'intérêts, Collabora et la Document Foundation en sont arrivés à s'invectiver publiquement.
The post Collabora et LibreOffice...
Microsoft Releases Cumulative Update KB5083769 for Windows 11, Version 25H2 and 24H2
2026-04-15 14:14:05
Microsoft has officially released the April 2026 Patch Tuesday cumulative update, KB5083769, for Windows 11 versions 25H2 and 24H2. Released on April 14, 2026, this mandatory security update addresses...
Windows Active Directory Vulnerability Allow Attackers to Execute Malicious Code
2026-04-15 14:11:19
Microsoft has released urgent security updates to address a critical vulnerability in Windows Active Directory that allows attackers to execute malicious code. Disclosed on April 14, 2026, the vulnerability...
New PHP Composer Vulnerability Let Attackers Execute Arbitrary Commands
2026-04-15 14:08:50
PHP Composer released urgent security updates to address two critical command injection vulnerabilities. PHP Composer is an essential dependency management tool used globally by developers, making any...
Adobe Acrobat Reader Vulnerabilities Let Attackers Execute Arbitrary Code
2026-04-15 14:05:46
Adobe has released a critical security bulletin on April 14, 2026, to address multiple vulnerabilities in Adobe Acrobat and Reader for Windows and macOS. According to the official advisory, successful...
U.S. CISA adds Microsoft SharePoint Server, and Microsoft Office Excel flaws to its Known Exploited Vulnerabilities catalog
2026-04-15 14:03:57
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft SharePoint Server, and Microsoft Office Excel flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and...
Rolling Networks: Securing the Transportation Sector
2026-04-15 14:00:10
Modern trucks are rolling networks packed with sensors, connectivity, and attack surfaces, creating new cyber risks. NMFTA's Cybersecurity Conference brings industry leaders together to tackle emerging...
Fake YouTube copyright notices can steal your Google login
2026-04-15 13:21:25
This convincing copyright scam is targeting YouTube creators. Attackers can take over your channel, plus your entire Google account.
MuddyWater-Style Hackers Scan 12,000+ Systems Before Hitting Middle East Critical Sectors
2026-04-15 13:08:56
A sophisticated cyber campaign bearing strong operational similarities to the MuddyWater threat group has been caught sweeping more than 12,000 internet-exposed systems across multiple regions before...
Why Software Supply Chain Security Requires a New Playbook
2026-04-15 13:00:06
Software is being built faster than ever, but application security has not kept up.
Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover
2026-04-15 12:56:00
A recently disclosed critical security flaw impacting nginx-ui, an open-source, web-based Nginx management tool, has come under active exploitation in the wild.
The vulnerability in question is CVE-2026-33032...
Hackers Using Google Cloud Storage to Bypass Email Filters and Deliver Remcos RAT
2026-04-15 12:47:15
Cybercriminals are always looking for smarter ways to bypass security, and their latest method is both simple and effective. Instead of building suspicious new websites, attackers now use Google Cloud...
CISO Salaries In 2026: 0K to M; Stock Grants, Bonuses, Other Compensation
2026-04-15 12:43:52
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Apr. 15, 2026 – Read the full story from RSAC The top line on chief information security officer pay packages...
The Digital Iron Curtain: How the EU AI Act Is Strangling European Innovation
2026-04-15 12:37:46
Brussels has dropped a digital iron curtain. The EU AI Act locks 99.8 percent of European firms out of the global race. While US rivals leverage Google Personal Intelligence, local startups face setup...
April Patch Tuesday Fixes Critical Flaws Across SAP, Adobe, Microsoft, Fortinet, and More
2026-04-15 12:37:00
A number of critical vulnerabilities impacting products from Adobe, Fortinet, Microsoft, and SAP have taken center stage in April's Patch Tuesday releases.
Topping the list is an SQL injection...
A Clearer Path from Prioritized Exposures to Remediation Progress
2026-04-15 12:37:00
Security leaders know that reducing risk is not just about finding the right exposures, but helping the organization act on them before known issues turn into real incidents. That is often where remediation...
Threat landscape for industrial automation systems in Q4 2025
2026-04-15 12:30:48
The report contains industrial threat statistics for Q4 2025. It covers various infection vectors and malware types, as well as regional statistics and statistics by industry.
EDR Killers : l'évasion industrialisée, socle des attaques par ransomware
2026-04-15 12:16:34
{ Tribune Expert } - Les EDR Killers créent une fenêtre d'exécution contrôlée et garantissent que la phase finale de l'attaque se déroule sans alerter les équipes sécurité.
The post EDR Killers...
Hackers Hide Backdoor in Trusted WordPress Plugins for 8 Months Before Activating Malware
2026-04-15 12:14:21
A group of trusted WordPress plugins quietly carried a hidden backdoor for eight full months, and nobody noticed until the damage had already been done. The attack, uncovered in April 2026, did not begin...
Retaining defensive advantage in the age of frontier AI cyber capabilities
2026-04-15 12:00:00
As AI accelerates vulnerability discovery, organisations must raise their security baselines to safeguard their cyber security.
Microsoft, Salesforce Patch AI Agent Data Leak Flaws
2026-04-15 12:00:00
Two recently fixed prompt injections in Salesforce Agentforce and Microsoft Copilot would have enabled an external attacker to leak sensitive data.
ShinyHunters Leak Rockstar Games Data, No Player Records Impacted
2026-04-15 11:55:37
ShinyHunters hackers leak 7.54 GB of Rockstar Games data from Snowflake analytics systems, confirming no player records or personal information were exposed.
Microsoft corrige 165 failles en avril dont une zero day
2026-04-15 11:53:01
Le patch tuesday Microsoft d'avril est particulièrement garni. Avec 165 failles corrigées, il se place en effet dans le trio des plus grands (...)
Microsoft: April updates trigger BitLocker key prompts on some servers
2026-04-15 11:41:35
Microsoft confirmed on Tuesday that some Windows Server 2025 devices will boot into BitLocker recovery after installing the April 2026 KB5082063 Windows security update. [...]
Mirax malware campaign hits 220K accounts, enables full remote control
2026-04-15 11:41:10
Mirax, a new Android RAT, spread via Meta ads, infected 220,000 users and turns devices into SOCKS5 proxies, giving attackers full remote control. Mirax is a new Android remote access trojan spreading...
Hackers Create Hidden Mailbox Rules in Microsoft 365 to Intercept Sensitive Business Emails
2026-04-15 11:34:45
Cybercriminals have found a quiet way to sit inside a corporate email account and read everything being sent and received — without the account owner ever knowing. Attackers are now abusing a built-in...
Deterministic + Agentic AI: The Architecture Exposure Validation Requires
2026-04-15 11:30:00
Few technologies have moved from experimentation to boardroom mandate as quickly as AI. Across industries, leadership teams have embraced its broader potential, and boards, investors, and executives...
How the enterprise supply chain has created a global attack surface
2026-04-15 11:28:01
For years, organisations have treated cyber security as something that happens within their own walls. Protect the network, secure the endpoints, monitor the environment. Job done. Security was architected...
Only 16% of Businesses are Fully Compliant with NIS2 Despite 2024 Compliance Deadline
2026-04-15 10:57:09
New research from CyberSmart has revealed that, despite a compliance deadline that has now passed, only 16% of businesses required to comply with the EU's Network and Information Security Directive...
The 0 Billion Question: Who's Accountable When Enterprise Security Fails?
2026-04-15 10:51:43
The Green Dashboard Illusion: Despite 0 billion projected in cybersecurity spending, major security platforms frequently fail silently while their management consoles falsely report a "Connected" and...
Agentic LLM Browsers Expose New Attack Surface for Prompt Injection and Data Theft
2026-04-15 10:45:11
Artificial intelligence is changing how people browse the internet. AI-powered browsers no longer just show web pages — they read content, take actions, and complete tasks for the user. These tools,...
From fake Proton VPN sites to gaming mods, this Windows infostealer is everywhere
2026-04-15 10:37:33
Hiding in imposter sites, GitHub downloads, and YouTube links, this infostealer is designed to hijack accounts and drain cryptocurrency wallets.
La Centrale accélère ses déploiements multi-agents IA
2026-04-15 10:37:23
Spécialiste français depuis 55 ans dans la vente en ligne de véhicules (occasions ou neufs avec promotion), le conseil et (...)
Why Digital Identity Systems Need Zero-Knowledge Age Verification
2026-04-15 10:30:12
Age verification is becoming mandatory across online platforms worldwide.
Traditional systems require users to reveal sensitive personal information.
Zero-knowledge proofs allow users to verify age...
Microsoft fixes bug behind Windows Server 2025 automatic upgrades
2026-04-15 10:24:53
Microsoft has finally fixed a known issue that was causing systems running Windows Server 2019 and 2022 to "unexpectedly" upgrade to Windows Server 2025. [...]
OpenAI lance GPT-5.4-Cyber…une réponse à Claude Mythos
2026-04-15 10:13:06
OpenAI lance GPT-5.4-Cyber, en réponse directe à Claude Mythos d'Anthropic.
The post OpenAI lance GPT-5.4-Cyber…une réponse à Claude Mythos appeared first on Silicon.fr.
What Firmware Execution Patterns Reveal: Detecting Anomalies in EDK2 Using Runtime Heatmaps
2026-04-15 10:06:29
One misconfigured PCD turned a 2-second boot into a 17.5-second one. It took runtime heat maps across multiple runs to find it.
13.5M Device Botnet Drives 2 Tbps DDoS Attacks on FinTech, Qrator Finds
2026-04-15 09:58:42
A new Qrator Labs report reveals that the largest DDoS botnet has grown to 13.5 million devices, and…
April Patch Tuesday fixes two zero-days, including one under active attack
2026-04-15 09:57:15
This month's Patch Tuesday addresses 167 vulnerabilities, including two zero-days that could lead to system compromise, data exposure, and privilege escalation.
Credit Resources Vault: Why this credit email set off our scam alarms
2026-04-15 09:08:47
Inside a targeted email campaign that funnels the most vulnerable financial people into handing over sensitive data, and signing up for weekly fees.
Microsoft Issues Patches for SharePoint Zero-Day and 168 Other New Vulnerabilities
2026-04-15 08:40:00
Microsoft on Tuesday released updates to address a record 169 security flaws across its product portfolio, including one vulnerability that has been actively exploited in the wild.
Of...
Active HanGhost Loader Campaign Targets Enterprise Payment and Logistics Workflows
2026-04-15 08:36:40
Active HanGhost Loader campaign targets enterprise payment and logistics workflows with fileless attacks, multi-stage execution, and stealthy malware delivery.
Marché PC : comment l'instabilité mondiale se traduit dans les chiffres
2026-04-15 08:31:37
Le marché des PC dessine une courbe heurtée, reflet d'une adaptation par phases aux événements économiques et géopolitiques qui le secouent.
The post Marché PC : comment l’instabilité mondiale...
SUSE Xwayland Identifies Five Key Threats with Fix 2026-1328-1
2026-04-15 08:31:12
An update that solves five vulnerabilities can now be installed.
openSUSE Leap 15.6 Xwayland Important Security Issues 2026-1329-1
2026-04-15 08:31:03
An update that solves five vulnerabilities can now be installed.
openSUSE Leap 15.6 Update SUSE-2026-1351-2 Major Wayland Enhancements
2026-04-15 08:31:03
An update that solves five vulnerabilities can now be installed.
SUSE 15-SP7 xorg-x11-server Important Patch DoS 2026-1330-1
2026-04-15 08:30:53
An update that solves five vulnerabilities can now be installed.
SUSE 2026 xorg-x11-server Important Fix for Multiple Issues 1331-1
2026-04-15 08:30:44
An update that solves five vulnerabilities can now be installed.
openSUSE 2026 xorg-x11-server Important DoS Issues SUSE-SU-2026-1331-1
2026-04-15 08:30:44
An update that solves five vulnerabilities can now be installed.
PHP Composer flaws enable remote command execution via Perforce VCS
2026-04-15 08:19:26
Two high-severity flaws in PHP Composer could let attackers run arbitrary commands via malicious repository configs and crafted inputs affecting Perforce VCS. Two high-severity vulnerabilities in PHP...
Out-Of-Bounds Write in administrative interface
2026-04-15 07:00:00
CVSSv3 Score:
6.7
An out-of-bounds write vulnerability [CWE-787] in FortiWeb CGI daemon may allow a remote privileged attacker to execute arbitrary code or command via crafted HTTP requests.
...
Lazy RC4: Payload Encryption Using SystemFunction032
2026-04-15 05:58:58
Photo by Gabriela on UnsplashIt's the weekend and I was writing malware for fun. A thought popped into my mind: what are the other ways we can implement RC4 in our code to encrypt a payload? So here...
DVRIP/Sofia Protocol Dissector for Wireshark (Written in Lua)
2026-04-15 05:58:30
DVRIP/Sofia protocol dissector for Wireshark.Wireshark protocol dissector written in Lua aimed at analysis of a DVRIP ( sometimes also called Sofia) proprietary communication protocol found in Xiongmai-based...
How To Hack Part 4
2026-04-15 05:58:10
Linux Capture The Flag Bandit Level 12Continue reading on InfoSec Write-ups »
Breaking 2FA in WordPress: Account Takeover via CSRF in Google Authenticator
2026-04-15 05:57:47
In the WordPress ecosystem, security plugins are the first line of defense. However, when they fail, the impact can be critical.In this article, we analyze a Cross-Site Request Forgery (CSRF) vulnerability...
Microsoft Patch Tuesday for April 2026 fixed actively exploited SharePoint zero-day
2026-04-15 05:18:18
Microsoft Patch Tuesday security updates for April 2026 fixed 165 vulnerabilities, including an actively exploited SharePoint zero-day. Microsoft Patch Tuesday security updates addressed 165 vulnerabilities,...
La France prépare un remplaçant à Windows : derrière Sécurix, une peur devenue très concrète
2026-04-15 05:02:40
Face à des dépendances technologiques jugées de plus en plus risquées, l'État français accélère sa stratégie de souveraineté numérique. La prochaine étape est un système d'exploitation...
OpenAI Launches GPT-5.4-Cyber with Expanded Access for Security Teams
2026-04-15 04:30:00
OpenAI on Tuesday unveiled GPT-5.4-Cyber, a variant of its latest flagship model, GPT‑5.4, that's specifically optimized for defensive cybersecurity use cases, days after rival Anthropic unveiled...
Azure-Hosted Scanning Cluster Launches WordPress Webshell Discovery Campaign
2026-04-15 00:40:40
Sensor Intel Series: March 2026 CVE Trends
Microsoft Bets B to Boost Japan's AI, Cybersecurity
2026-04-15 00:00:08
The deal aims to accelerate AI adoption, train workers, and develop cybersecurity partnerships — the latest move by a hyperscaler to compete for sovereign AI and data centers.
Multiples vulnérabilités dans Tenable Identity Exposure (15 avril 2026)
15/04/2026
De multiples vulnérabilités ont été découvertes dans Tenable Identity Exposure. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, un déni de service...
Vulnérabilité dans Python (15 avril 2026)
15/04/2026
Une vulnérabilité a été découverte dans Python. Elle permet à un attaquant de provoquer un déni de service à distance.
Multiples vulnérabilités dans les produits Adobe (15 avril 2026)
15/04/2026
De multiples vulnérabilités ont été découvertes dans les produits Adobe. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance...
Multiples vulnérabilités dans Ivanti Neurons (15 avril 2026)
15/04/2026
De multiples vulnérabilités ont été découvertes dans Ivanti Neurons. Elles permettent à un attaquant de provoquer une injection de code indirecte à distance (XSS) et un contournement de la politique...
Multiples vulnérabilités dans les produits Fortinet (15 avril 2026)
15/04/2026
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation...
Multiples vulnérabilités dans Microsoft Office (15 avril 2026)
15/04/2026
De multiples vulnérabilités ont été découvertes dans Microsoft Office. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une atteinte à la confidentialité...
Multiples vulnérabilités dans Microsoft Windows (15 avril 2026)
15/04/2026
De multiples vulnérabilités ont été découvertes dans Microsoft Windows. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation...
Multiples vulnérabilités dans Microsoft .Net (15 avril 2026)
15/04/2026
De multiples vulnérabilités ont été découvertes dans Microsoft .Net. Elles permettent à un attaquant de provoquer un déni de service à distance et un contournement de la politique de sécurité....
Multiples vulnérabilités dans Microsoft Azure (15 avril 2026)
15/04/2026
De multiples vulnérabilités ont été découvertes dans Microsoft Azure. Elles permettent à un attaquant de provoquer une élévation de privilèges.
Multiples vulnérabilités dans les produits Microsoft (15 avril 2026)
15/04/2026
De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation...