Toute l'actualité de la Cybersécurité
Fin de BreachForums et ShinyHunters : autopsie d'un message de guerre psychologique ?
2026-03-16 18:05:31
Analyse cyber d'un message lié à ShinyHunters et à la fin de BreachForums, entre intimidation, propagande et stratégie de réputation dans l'écosystème cybercriminel.
CISA flags Wing FTP Server flaw as actively exploited in attacks
2026-03-16 18:00:22
CISA warned U.S. government agencies to secure their Wing FTP Server instances against an actively exploited vulnerability that may be chained in remote code execution attacks. [...]
L'écosystème Google reste en travaux pour le DMA
2026-03-16 17:22:42
Après bientôt 3 ans sous le régime du DMA, Google poursuit l'adaptation de ses services, notamment Android.
The post L’écosystème Google reste en travaux pour le DMA appeared first on Silicon.fr....
Hacked sites deliver Vidar infostealer to Windows users
2026-03-16 17:15:10
We found fake “verify you are human” pages on hacked WordPress sites that trick Windows users into installing the Vidar infostealer.
IBM Uncovers ‘Slopoly,' Likely AI-Generated Malware Used in Hive0163 Ransomware Attack
2026-03-16 17:11:43
A concerning development has emerged in early 2026, as IBM X-Force uncovered a likely AI-generated malware strain they named “Slopoly,” deployed during a ransomware attack by the financially...
New Microsoft Purview innovations for Fabric to safely accelerate your AI transformation
2026-03-16 17:10:00
As organizations adopt AI, security and governance remain core primitives for safe AI transformation and acceleration.
The post New Microsoft Purview innovations for Fabric to safely accelerate your AI...
UK's Companies House confirms security flaw exposed business data
2026-03-16 17:07:25
Companies House, a British government agency that operates the registry for all U.K. companies, says its WebFiling service is back online after it was closed on Friday to fix a security flaw that exposed...
Qihoo 360 Leaked Its Own Wildcard SSL Private Key Inside Public AI Installer
2026-03-16 16:56:44
China’s largest cybersecurity firm, Qihoo 360, has inadvertently exposed its own wildcard SSL private key by bundling it directly inside the public installer of its newly launched AI assistant,...
Fake FileZilla Downloads Lead to RAT Infections Through Stealthy Multi-Stage Loader
2026-03-16 16:48:36
A new malware campaign has been discovered delivering a Remote Access Trojan through fake websites impersonating the official FileZilla download page. Attackers designed these fraudulent sites to closely...
Companies House Restores WebFiling After Flaw Exposed Director Details
2026-03-16 16:29:51
Companies House fixed a WebFiling flaw that allowed users to view director details and alter company records before the service was taken offline and restored.
Zombie ZIP method can fool antivirus during the first scan
2026-03-16 16:09:08
Researchers published about the Zombie ZIP vulnerability (or not a vulnerability, that's up for debate) that can bypass a first AV inspection.
Microsoft Exchange Online outage blocks access to mailboxes
2026-03-16 16:05:02
Microsoft is working to address an ongoing Exchange Online outage that is preventing customers from accessing their mailboxes and calendars. [...]
Help on the line: How a Microsoft Teams support call led to compromise
2026-03-16 16:00:00
A DART investigation into a Microsoft Teams voice phishing attack shows how deception and trusted tools can enable identity-led intrusions and how to stop them.
The post Help on the line: How a Microsoft...
Who the AI Works For
2026-03-16 15:59:54
The sci-fi canon kept circling the same pattern across different writers, eras, and technologies: machines enter the world already attached to institutions, ownership, and interests. By the time most...
Vibe Coding Is an Addiction
2026-03-16 15:52:34
Vibe coding gives you the illusion of progress because shipping features feels productive. But if nobody needs what you're building and you haven't reviewed the security of AI-generated code, you're just...
Scientists Built a GPU Engine That Simulates Brain Cells 1,500× Faster
2026-03-16 15:50:33
Researchers created DeepDendrite, a GPU-powered framework that dramatically speeds up simulations of biologically detailed brain neurons. Using a new algorithm called Dendritic Hierarchical Scheduling...
Rapid7 Guidance on Observed Microsoft Teams Phishing Campaigns
2026-03-16 15:49:17
The Rapid7 MDR team is currently monitoring an increase in phishing campaigns where threat actors (TAs) impersonate internal IT departments via Microsoft Teams. The primary objective is to persuade users...
USN-8097-1: Roundcube Webmail vulnerabilities
2026-03-16 15:28:13
It was discovered that Roundcube Webmail did not properly sanitize the
animate tag within SVG documents. An attacker could possibly use
this issue to cause a cross-site scripting attack.
Vinci Airports s'appuie sur l'IA et Google Cloud pour piloter la performance de ses 70 aéroports
2026-03-16 15:22:29
Vinci Airports, le gestionnaire d'aéroports, déploie une Data Factory centralisée pour anticiper les flux de passagers, optimiser ses opérations et affiner ses stratégies commerciales à l'échelle...
A New Privacy-First AI Predicts COVID Severity Using X-Rays and Medical Records
2026-03-16 15:21:43
Researchers built EXAM, a global AI model that predicts COVID-19 patients' oxygen needs within 24–72 hours using chest X-rays and medical records. Instead of pooling sensitive hospital data, the team...
USN-8098-1: Linux kernel vulnerabilities
2026-03-16 15:20:24
Qualys discovered that several vulnerabilities existed in the AppArmor
Linux kernel Security Module (LSM). An unprivileged local attacker could
use these issues to load, replace, and remove arbitrary...
FBI launches inquiry into Steam games spreading malware
2026-03-16 15:16:09
The FBI is asking gamers who installed malware-infected Steam games between May 2024 and January 2026 to come forward as part of an ongoing investigation. The FBI is seeking gamers who downloaded Steam...
The AI Breakthrough That Lets Hospitals Train Algorithms Without Sharing Patient Data
2026-03-16 15:00:57
Medical AI needs massive datasets, but privacy laws and data silos make sharing patient data nearly impossible. Federated learning solves this by sending the AI model to hospitals instead of moving the...
Why Docker Desktop is Still the Go-To for Local Development
2026-03-16 14:57:48
Many alternatives to Docker Desktop can run containers, but they often require extra setup, troubleshooting, and maintenance. Docker Desktop still wins in real teams because it reduces friction, speeds...
New ACRStealer Variant Uses Syscall Evasion, TLS C2 and Secondary Payload Delivery
2026-03-16 14:57:11
A new variant of ACRStealer has emerged with upgraded capabilities that make it significantly harder to detect and more dangerous to the systems it targets. First reported by Proofpoint in early 2025...
Twofold CEO: We Built a Multi-Million ARR Healthcare AI Company With Three People and Zero VC Money
2026-03-16 14:56:47
Twofold is building what may become the defining AI infrastructure layer for outpatient healthcare. Twofold reached multi-million ARR from zero in eighteen months with a three-person team and no outside...
Microsoft Exchange Online Mailbox Access Outage Affects Users Globally
2026-03-16 14:50:22
Microsoft is currently investigating a service disruption affecting Exchange Online users who are experiencing difficulties accessing their mailboxes through one or more connection methods. The issue,...
How to Properly Install JetBrains Toolbox on Linux (Kubuntu/Ubuntu)
2026-03-16 14:43:00
JetBrains Toolbox for Linux comes as a tar archive, not a .deb package. Here's the proper way to install it:
1. Download and extract the archive
2. Move files to `/opt/jetbrains-toolbox` (standard location...
USN-8096-1: Linux kernel vulnerabilities
2026-03-16 14:37:39
Qualys discovered that several vulnerabilities existed in the AppArmor
Linux kernel Security Module (LSM). An unprivileged local attacker could
use these issues to load, replace, and remove arbitrary...
Your AI Coding Assistant is Probably Writing Vulnerabilities. Here's How to Catch Them
2026-03-16 14:37:32
Increased vibe coding and exponentially increased security risks with no great tooling at hand. This post covers about the risks developers need to be aware of and the free MCP server that they can use...
Former Germany's foreign intelligence VP hit in Signal account takeover campaign
2026-03-16 14:32:37
Former BND VP Arndt Freytag von Loringhoven was targeted in a Signal cyberattack, part of a wave hitting officials and politicians in Germany. A cyberattack targeting Signal and WhatsApp users has hit...
Veeam répare des failles critiques dans Backup et Replication
2026-03-16 14:29:15
Après une première alerte en début d’année, Veeam récidive en publiant des mises à jour de sécurité (...)
Delete doesn't mean gone. Here's how File Shredder fixes that
2026-03-16 14:22:31
When you delete a file, it's not really gone. We explain what really happens to deleted files and how File Shredder erases them for good.
Cybermenaces 2025 : espionnage, extorsion et sabotage
2026-03-16 14:21:28
Panorama ANSSI 2025 : espionnage, rançongiciels et sabotage redessinent la cybermenace mondiale et la guerre du renseignement numérique.
Adobe to Pay 0 Million Over Hidden Fees and Hard-to-Cancel Subscriptions
2026-03-16 14:17:32
The Justice Department says Adobe buried the real cost of cancelling a subscription where most customers would never think to look.
⚡ Weekly Recap: Chrome 0-Days, Router Botnets, AWS Breach, Rogue AI Agents & More
2026-03-16 14:17:00
Some weeks in security feel normal. Then you read a few tabs and get that immediate “ah, great, we're doing this now” feeling.
This week has that energy. Fresh messes, old problems getting sharper,...
Attackers Abuse LiveChat to Phish Credit Card, Personal Data
2026-03-16 14:10:47
A social engineering campaign impersonating PayPal and Amazon uses customer support interactions to acquire sensitive info.
Amazon S3 fête ses 20 ans : l'API qui a colonisé le cloud
2026-03-16 14:04:07
Vingt ans après son lancement, S3 occupe une position centrale dans l'économie de l'intelligence artificielle générative.
The post Amazon S3 fête ses 20 ans : l’API qui a colonisé le cloud...
USN-8095-1: Linux kernel vulnerabilities
2026-03-16 14:03:41
Qualys discovered that several vulnerabilities existed in the AppArmor
Linux kernel Security Module (LSM). An unprivileged local attacker could
use these issues to load, replace, and remove arbitrary...
Shadow AI is everywhere. Here's how to find and secure it.
2026-03-16 14:01:11
Shadow AI is quietly spreading across SaaS environments as employees adopt new AI tools without IT oversight. Nudge Security explains how security teams can discover AI apps, monitor usage, and govern...
The Best 9 HR Management Platforms in 2026
2026-03-16 13:53:50
This comprehensive guide reviews the best 9 HR Management Platforms for 2026 to help mid-market companies move beyond basic HR tools into strategic people management. HiBob takes the top slot.
USN-8094-1: Linux kernel vulnerabilities
2026-03-16 13:42:27
Qualys discovered that several vulnerabilities existed in the AppArmor
Linux kernel Security Module (LSM). An unprivileged local attacker could
use these issues to load, replace, and remove arbitrary...
Betterleaks – A New Open-Source Tool to Scan Directories, Files, and Git Repositories
2026-03-16 13:40:25
The creator of the widely popular Gitleaks tool has launched a new open-source secrets scanner called Betterleaks. Sponsored by Aikido Security, this modern tool is a faster, highly configurable successor...
From Threat Detection to Response: What to Expect from Our MDR Sessions
2026-03-16 13:24:20
Detection and response are under pressure. Expanding attack surfaces, identity misuse, cloud sprawl, and AI-accelerated threats have changed what “ready” looks like for a SOC. That's why this year's...
Konni APT Hijacks KakaoTalk Accounts to Spread Malware in Multi-Stage Spear-Phishing Campaign
2026-03-16 13:20:42
A threat group known as Konni APT has been caught running a multi-stage attack campaign that starts with targeted spear-phishing emails and ends with hijacking victims’ KakaoTalk messaging accounts...
Microsoft pulls Samsung app blocking Windows C: drive from Store
2026-03-16 13:14:32
Microsoft has removed the Samsung Galaxy Connect app from the Microsoft Store because it was causing issues on specific Samsung Galaxy Book 4 and desktop models running Windows 11. [...]
How Secure Is The Data Stored By Cloud Providers?
2026-03-16 12:54:54
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Mar. 16, 2026 – Read the full Forbes story The cloud is home to a dizzying amount of data. According to Cybersecurity...
Justin Fulcher on AI's Role in Modernizing Government Operations
2026-03-16 12:29:00
Government systems weren’t built for the digital age. Many federal agencies still operate on infrastructure designed decades ago, creating bottlenecks that slow decision-making, strain resources,...
Swatting : deux ans d'enfer pour une famille de Saint-Malo
2026-03-16 12:24:01
Swatting à Saint-Malo : seize fausses alertes policières visant une famille après un conflit sur Discord.
Handala Hack, un groupe hacktiviste iranien aux méthodes destructrices
2026-03-16 12:02:44
Un rapport de Check Point Research lève le voile sur les méthodes opératoires de Void Manticore, le groupe derrière le persona "Handala Hack", affilié au ministère iranien du Renseignement et de...
Why Security Validation Is Becoming Agentic
2026-03-16 11:58:00
If you run security at any reasonably complex organization, your validation stack probably looks something like this: a BAS tool in one corner. A pentest engagement, or maybe an automated pentesting product,...
Android 17 Advanced Protection Mode to Block Malicious Service Usage
2026-03-16 11:54:39
Google is preparing to launch Android 17, bringing a comprehensive set of new APIs and system capabilities to fundamentally improve device security, user privacy, and performance debugging. At the forefront...
ClickFix Campaigns Spread MacSync macOS Infostealer via Fake AI Tool Installers
2026-03-16 11:41:00
Three different ClickFix campaigns have been found to act as a delivery vector for the deployment of a macOS information stealer called MacSync.
"Unlike traditional exploit-based attacks, this method...
USN-8087-2: python-cryptography regression
2026-03-16 11:35:04
USN-8087-1 fixed a vulnerability in python-cryptography. The update caused
a regression when using ECC algorithms with certain software. This update
fixes the problem.
We apologize for the inconvenience.
Original...
AWS S3 fête ses 20 ans
2026-03-16 11:24:00
Ce week-end, AWS a soufflé les bougies du 20ème anniversaire de son service de stockage objet S3, acronyme de simple storage service. Le (...)
Claude Code Security Analysis: Understanding the CVE-2026-21852 API Key Exfiltration Vulnerability
2026-03-16 11:18:35
The vulnerability has already been patched by Anthropic. Claude Code communicates with Anthropic's services using an API key, transmitted with each authenticated request. By manipulating a repository-controlled...
New XWorm 7.1 and Remcos RAT Attacks Abuse Windows Tools to Evade Detection
2026-03-16 11:02:44
New XWorm 7.1 and Remcos RAT campaigns abuse trusted Windows tools to evade detection. The attacks exploit a WinRAR flaw and use process hollowing to spy on victims.
Free real estate: GoPix, the banking Trojan living off your memory
2026-03-16 11:00:25
Kaspersky GReAT experts describe the unprecedentedly complex Brazilian banking Trojan GoPix that employs memory-only implants, Proxy AutoConfig (PAC) files for man-in-the-middle attacks, and malvertising...
Attackers Abuse Microsoft Teams and Quick Assist to Drop Stealthy A0Backdoor
2026-03-16 10:57:44
A newly identified backdoor called A0Backdoor has emerged as part of a calculated social-engineering campaign that abuses Microsoft Teams and the Windows remote assistance tool Quick Assist. The threat...
OpenClaw AI Agents Leaking Sensitive Data in Indirect Prompt Injection Attacks
2026-03-16 10:47:18
Attackers can exploit insecure defaults and prompt injection vulnerabilities to turn normal agent behavior into a silent data-exfiltration pipeline. The core issue is not just confusing the AI model;...
{ Tribune Expert } – De l'ère du cloud à l'IA agentique : pourquoi la cybersécurité doit rattraper l'innovation
2026-03-16 10:37:16
Au moment où les systèmes agentiques commencent à transférer du travail d'une organisation à une autre, la surface d'attaque se multiplie.
The post { Tribune Expert } – De l'ère du cloud...
Advanced Protection Mode in Android 17 prevents apps from misusing Accessibility Services
2026-03-16 10:34:26
Android 17 will block non-accessibility apps from using the Accessibility API under Advanced Protection Mode to reduce malware abuse. Android 17 introduces a new security feature in Advanced Protection...
Kevuru Games Outlines the Shift Toward Flexible Art Production in the Games Industry
2026-03-16 10:24:26
Kyiv, Ukraine, 16th March 2026, CyberNewswire
DMA : Microsoft règle (encore) un peu la mire pour Windows
2026-03-16 10:02:51
Microsoft continue à ajuster Windows pour le DMA, notamment sur le paramétrage des applications par défaut.
The post DMA : Microsoft règle (encore) un peu la mire pour Windows appeared first on Silicon.fr....
A Sled Dog's Final Loyalty
2026-03-16 09:45:17
After defeating Spitz, Buck refuses to accept any position but leader of the sled team and finally wins the role. Under his command the team becomes stronger, faster, and more disciplined, completing...
Group-IB soutient l'opération Synergia III d'INTERPOL et contribue au démantèlement mondial de la cybercriminalité
2026-03-16 09:15:29
Group-IB, spécialiste dans la conception de technologies de cybersécurité pour enquêter sur la cybercriminalité, la prévenir et la combattre, a annoncé aujourd’hui sa contribution à l’opération...
DRILLAPP Backdoor Targets Ukraine, Abuses Microsoft Edge Debugging for Stealth Espionage
2026-03-16 09:07:00
Ukrainian entities have emerged as the target of a new campaign likely orchestrated by threat actors linked to Russia, according to a report from S2 Grupo's LAB52 threat intelligence team.
The campaign,...
Frappes militaires au Moyen-Orient : conséquences et perspectives cyber
2026-03-16 09:00:05
Les récentes frappes américano-israéliennes contre des cibles iraniennes et les représailles visant des présumés soutiens à ces attaques induisent des préoccupations majeures quant à la perspective...
La Canut étoffe son catalogue cloud et hébergement
2026-03-16 08:56:59
Dans le cadre de sa stratégie de souveraineté numérique, la Canut (Centrale d'achat du numérique et des télécoms) (...)
Rapport HID 2026 : à l'ère de NIS2, l'identité devient un enjeu critique de cybersécurité
2026-03-16 08:55:19
La convergence des identités redéfinit les priorités : confiance, protection et maîtrise des usages. HID publie son rapport annuel 2026 State of Security and Identity, une étude internationale basée...
Le rôle clé de l'identité numérique au cœur des élections municipales
2026-03-16 08:50:57
Le gouvernement français a une fois de plus placé la cybersécurité au premier plan, annonçant le lancement de sa Stratégie nationale de cybersécurité 2026-2030 (SNC), qui identifie la cybersécurité...
Rethinking Data Protection in Modern Linux Cloud Environments
2026-03-16 08:37:25
For a long time, security teams approached infrastructure with a fairly simple idea. Protect the perimeter, patch the servers inside it, and keep attackers from crossing the boundary. That model made...
openSUSE Leap 15.4 python-black Moderate File Write Risk 2026-0900-1
2026-03-16 08:30:09
An update that solves one vulnerability can now be installed.
urgent security warning for openSUSE Leap 15.4 python-flake8 advisory
2026-03-16 08:30:09
An update that solves one vulnerability can now be installed.
Unprivileged users could exploit AppArmor bugs to gain root access
2026-03-16 08:05:09
Researchers found nine “CrackArmor” flaws in Linux AppArmor that could let unprivileged users bypass protections, gain root privileges, and weaken container isolation. Qualys researchers disclosed...
A week in security (March 9 – March 15)
2026-03-16 07:16:13
A list of topics we covered in the week of March 9 to March 15 of 2026
Android 17 Blocks Non-Accessibility Apps from Accessibility API to Prevent Malware Abuse
2026-03-16 05:43:00
Google is testing a new security feature as part of Android Advanced Protection Mode (AAPM) that prevents certain kinds of apps from using the accessibility services API.
The change, incorporated in Android...
My AI Agent Hunted APT29 under 60 Seconds. Here's How I Built It.
2026-03-16 05:32:52
Hello defenders, I hope you are having a great day! In this blog, I am going to talk about an AI Agent which I built recently whose task is to perform the duties of a threat hunter. I will be going through...
AI-Powered Malware Debugger That Explains Every Function It Sees
2026-03-16 05:31:03
How I combined Claude AI, Frida, Capstone, and a suite of static analysis engines into a reverse engineering tool that talks backIntrodactionMalware reverse engineering is one of the most skill-intensive...
How Threat Actors Accidentally Documented My Recon Strategy ️
2026-03-16 05:30:04
Hey there! 😁Continue reading on InfoSec Write-ups »
Breaking and Reporting Bugs: The Story Behind My Comet and Black Hole Wins on YesWeHack
2026-03-16 05:27:30
It's been a while since my last bug bounty write-up. Over the past few months, I simply haven't had much time to turn my findings into public write-ups. Recently, I had an exciting experience while...
How I Recovered a Deleted Instagram Photo from Data Backup, deleted two years ago and Earned a 0…
2026-03-16 05:27:06
How I Recovered a Deleted Instagram Photo from Data Backup, deleted two years ago and Earned a 0 BountySo this write up is about the bug in Instagram data download feature. So this features allows...
Exploiting Promo Code Flaw: Abusing Codes to Buy Items for Free
2026-03-16 05:25:19
In the world of online shopping, promo codes are a popular method for consumers to access discounts, special offers, and free products. However, when the security behind these promo codes is compromised,...
Debian Bookworm DSA-6165-1 Chromium Critical Exec Denial of Service CVEs
2026-03-16 04:39:02
Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. Google is aware that exploits for both CVEs exist in the...
Fedora 42 Chromium Severe Heap Buffer Overflow CVE-2026-3913 Warning
2026-03-16 01:12:32
Update to 146.0.7680.71 CVE-2026-3913: Heap buffer overflow in WebML CVE-2026-3914: Integer overflow in WebML CVE-2026-3915: Heap buffer overflow in WebML CVE-2026-3916: Out of bounds read in Web Speech...
Fedora 42 pgAdmin4 Critical ReDoS and XSS Threats 2026-416a89747f
2026-03-16 01:11:20
Update to pgadmin4-9.13.
Fedora 42 qgis Important Remote Code Exec Vuln 2026-24480
2026-03-16 01:11:18
Update to qgis-3.44.8.
List of 22 new domains
2026-03-16 00:00:00
.fr adidas-superstar[.fr] (registrar: RANXPLORER)
assurance-sociale[.fr] (registrar: IONOS SE)
credit-agri[.fr] (registrar: SAS Ligne Web Services - LWS)
esim-sfr[.fr] (registrar: KEY-SYSTEMS GmbH)
espace-rendezvous[.fr]...
Vulnérabilité dans OpenSSL (16 mars 2026)
16/03/2026
Une vulnérabilité a été découverte dans OpenSSL. Elle permet à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Vulnérabilité dans Google Chrome (16 mars 2026)
16/03/2026
Une vulnérabilité a été découverte dans Google Chrome. Elle permet à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur. Google indique que la vulnérabilité CVE-2026-3909...
Multiples vulnérabilités dans Microsoft Edge (16 mars 2026)
16/03/2026
De multiples vulnérabilités ont été découvertes dans Microsoft Edge. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité et un problème de sécurité non...
Multiples vulnérabilités dans les produits Microsoft (16 mars 2026)
16/03/2026
De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.