Toute l'actualité de la Cybersécurité
Critical Citrix NetScaler memory flaw actively exploited in attacks
2026-03-30 18:28:37
Hackers are exploiting a critical severity vulnerability, tracked as CVE-2026-3055, in Citrix NetScaler ADC and NetScaler Gateway appliances to obtain sensitive data. [...]
12 Best AWS Monitoring Tools in 2026
2026-03-30 18:08:15
Amazon Web Services (AWS) is a cloud computing platform for businesses of all sizes and types. AWS’s architecture is robust and scalable, but dependability, performance, and security must be monitored....
Wave Browser Brings Gaming Tools and Ocean Cleanup into the Same Tab
2026-03-30 17:49:07
Wave Browser for gaming: built for multitasking, streaming, and tabs, with tools for gamers plus ocean cleanup support tied to everyday browsing activity.
Exposed Server Reveals TheGentlemen Ransomware Toolkit, Victim Credentials, and Ngrok Tokens
2026-03-30 17:30:34
A misconfigured server hosted on a Russian bulletproof hosting provider has exposed the complete operational toolkit of a TheGentlemen ransomware affiliate, including harvested victim credentials and...
15-Year-Old strongSwan Flaw Lets Attackers Crash VPNs via Integer Underflow
2026-03-30 17:07:39
15-year-old strongSwan flaw allows attackers to crash VPNs via integer underflow bug, affecting EAP-TTLS plugin and multiple versions worldwide.
North Korean IT Worker Allegedly Used Stolen Identity and AI Resume in Job Application Scam
2026-03-30 16:52:39
A suspected North Korean operative tried to sneak into a remote job at a cybersecurity firm by using a stolen identity, a fake AI-generated resume, and a VoIP phone number. The case, uncovered in June...
Red Teaming in 2026: What to Expect at our 2026 Global Cybersecurity Summit
2026-03-30 16:31:25
Red teaming has always played a role in testing defenses, but in 2026 its role is changing. Security teams are no longer asking whether an attacker can get in. That question has already been answered....
CrySome RAT Emerges as Advanced .NET Malware With AV Killer and HVNC Capabilities
2026-03-30 16:30:44
A new and dangerous piece of malware has surfaced in the threat landscape, and it is built to stay hidden, stay running, and stay in control of any system it infects. CrySome RAT is written in C# and...
24/7 Payments for 24/7 Agents: The Case for Crypto in the Machine Economy
2026-03-30 16:18:32
Crypto enables 24/7 payments for AI agents, replacing fiat limits with scalable machine-to-machine transactions and powering the emerging machine economy.
A peine dévoilée, une faille critique dans Langflow exploitée
2026-03-30 16:12:15
20 heures, le délai est relativement court pour l’exploitation d’une vulnérabilité dans le framework open source Langflow (...)
New ClickFix Variant Uses Rundll32 and WebDAV to Evade PowerShell Detection
2026-03-30 16:01:26
A new and more dangerous version of the ClickFix attack technique has been found actively targeting Windows users. Unlike older versions that used PowerShell or mshta to run malicious commands, this new...
Addressing the OWASP Top 10 Risks in Agentic AI with Microsoft Copilot Studio
2026-03-30 16:00:00
Agentic AI introduces new security risks. Learn how the OWASP Top 10 Risks for Agentic Applications maps to real mitigations in Microsoft Copilot Studio.
The post Addressing the OWASP Top 10 Risks in...
DeepLoad Malware Uses ClickFix and WMI Persistence to Steal Browser Credentials
2026-03-30 15:47:00
A new campaign has leveraged the ClickFix social engineering tactic as a way to distribute a previously undocumented malware loader referred to as DeepLoad.
"It likely uses AI-assisted obfuscation and...
TA446 Hackers Deploying DarkSword Exploit Kit to Attack iOS Users
2026-03-30 15:43:07
A known threat group called TA446 has been caught using a newly discovered exploit kit called DarkSword to target iOS users. This development marks a significant shift in the group’s tactics, as...
AI SOC: Definition, Components & Architecture
2026-03-30 15:35:03
AI-Driven Security and SOC – Christophe Briguet, Senior Director of Product Management – AI & Security Analytics, Stellar Cyber San Jose, Calif. – Mar. 30, 2026 Mid-market organizations...
OpenAI enrichit Codex avec des plugins tiers
2026-03-30 15:33:19
« Nous déployons des plugins dans Codex », a annoncé OpenAI. Le système d'extension pour cette plateforme de (...)
Du couac Fluidstack à la levée de dette, Mistral AI face aux aléas de l'infra
2026-03-30 15:03:46
Mistral AI annonce sa première levée de dette (830 M$). En ligne de mire, son projet de datacenter francilien, en net retard sur le calendrier initial.
The post Du couac Fluidstack à la levée de dette,...
Storm Brews Over Critical, No-Click Telegram Flaw
2026-03-30 15:01:59
The vulnerability, which is allegedly triggered by a corrupted sticker in the messaging app, received a 9.8 CVSS score, but Telegram denies it exists.
From RAG to Instant Knowledge Acquisition: Giving Market-aware Agents Access to the Live Market
2026-03-30 14:46:50
RAG fails dynamic markets. Agents need instant knowledge acquisition: live, verified data. Bright Data delivers the perfect infrastructure to get you to this goal.
From Pipelines to AI Platforms: How Agentic AI Is Redefining the Role of Data Engineers
2026-03-30 14:35:05
This article explains how agentic AI is transforming data engineering by shifting systems from batch-based analytics to real-time, context-driven architectures. Unlike traditional models, agentic systems...
Apple adds macOS Terminal warning to block ClickFix attacks
2026-03-30 14:32:34
Apple has introduced a security feature in macOS Tahoe 26.4 that blocks pasting and executing potentially harmful commands in Terminal and alerts users to possible risks. [...]
From Early Builder to CTO at 19: The Story of Alexandre Genest
2026-03-30 14:29:23
Alexandre Genest started programming at 10 and working on small projects. By 15, he was working with a small business with no internal engineering team. He then moved into finance, working with multiple...
New Homoglyph Attack Techniques Help Cybercriminals Spoof Trusted Domains
2026-03-30 14:28:09
Cybercriminals have found a clever way to trick people by swapping real letters in website addresses with characters that look almost the same. These are called homoglyph attacks, and they are becoming...
New macOS security feature will alert users about possible ClickFix attacks
2026-03-30 14:26:40
Apple introduced an extra layer of protection against ClickFix attacks, only for macOS Tahoe 26.4 and later
Hackers Backdoor Telnyx Python SDK on PyPI to Steal Cloud and Dev Credentials
2026-03-30 14:15:55
A widely used Python package was quietly turned into a weapon, and most developers who got hit had no idea it happened. On March 27, 2026, a threat actor known as TeamPCP uploaded two malicious versions...
It's a mystery … alleged unpatched Telegram zero-day allows device takeover, but Telegram denies
2026-03-30 14:07:27
A critical Telegram flaw could allow zero-click remote code execution on devices, but Telegram denies it. Researcher Michael DePlante (@izobashi) of TrendAI Zero Day disclosed a new Telegram vulnerability...
How to Evaluate AI SOC Agents: 7 Questions Gartner Says You Should Be Asking
2026-03-30 14:01:11
AI SOC agents can reduce alert fatigue, but most teams fail to measure real outcomes. Prophet Security breaks down Gartner's questions for evaluating AI SOC agents and separating real impact from hype....
Open VSX's New Scanner Vulnerability Allows Malicious Extension Goes Live
2026-03-30 13:58:51
A serious security flaw was recently found in Open VSX, the extension marketplace used by popular code editors like Cursor and Windsurf, as well as the broader VS Code fork ecosystem. The vulnerability...
⚡ Weekly Recap: Telecom Sleeper Cells, LLM Jailbreaks, Apple Forces U.K. Age Checks and More
2026-03-30 13:56:00
Some weeks are loud. This one was quieter but not in a good way. Long-running operations are finally hitting courtrooms, old attack methods are showing up in new places, and research that stopped being...
Cybermenace : plus de 100 campagnes d'arnaques fiscales détectées depuis janvier 2026
2026-03-30 13:36:58
La période fiscale est devenue un terrain de jeu privilégié pour les cybercriminels. Les chercheurs de Proofpoint viennent de publier une analyse qui révèle l’ampleur et la sophistication...
Dark Web Market Lists Alleged 375TB Lockheed Martin Data for 0M
2026-03-30 13:36:40
A dark web market known as Threat Market is listing 375TB of Lockheed Martin data, which it claims was provided by a group calling itself ‘APT Iran.'
Debian 11 Asterisk DLA-4515-1 XSS and Privilege Escalation Risks
2026-03-30 13:17:58
Multiple vulnerabilities were discovered in asterisk, an Open Source Private Branch Exchange (PBX) and telephony toolkit. CVE-2026-23738 XSS vulnerability in the /httpstatus page. Cookie names/values...
BlankGrabber Stealer Uses Fake Certificate Loader to Hide Malware Delivery Chain
2026-03-30 13:11:55
A Python-based information stealer known as BlankGrabber has been caught using a deceptive certificate loader trick to hide a multi-stage malware delivery chain. First identified in 2023, this threat...
3 SOC Process Fixes That Unlock Tier 1 Productivity
2026-03-30 13:00:00
What is really slowing Tier 1 down: the threat itself or the process around it? In many SOCs, the biggest delays do not come from the threat alone. They come from fragmented workflows, manual triage steps,...
SUSE Linux Micro 6.1 Important Kernel Security Advisories 2026-20876-1
2026-03-30 12:52:49
An update that solves 655 vulnerabilities, contains four features and has 57 fixes can now be installed.
KubeCon 2026 : d'Istio à Dapr, quand tout un écosystème parle d'IA
2026-03-30 12:51:40
De la GA de Dapr Agents à Istio et son « extension inférence » pour la Gateway API, la KubeCon a donné à voir les avancées de quelques-uns des projets qui structurent l'écosystème Kubernetes.
The...
SUSE Linux Micro 6.1 python-pyasn1 Key Denial of Service Vulnerability
2026-03-30 12:34:32
An update that solves one vulnerability can now be installed.
SUSE Linux Micro 6.1 Python-PyJWT Important Security Fix 2026-20879-1
2026-03-30 12:34:29
An update that solves two vulnerabilities can now be installed.
SUSE Linux Micro 6.0 Kernel Important Security Patch SUSE-SU-2026-20880-1
2026-03-30 12:34:24
An update that solves eight vulnerabilities can now be installed.
Critical Update Notification for Canonical Ubuntu Server 22.04 LTS Kernel
2026-03-30 12:34:10
An update that solves seven vulnerabilities can now be installed.
How to Optimize Big Data Platform Costs Across the Data Lifecycle
2026-03-30 12:29:38
Big data platforms that handle millions of events per second face a constant challenge. This article walks through different strategies to methodically inspect and control costs. An end-to-end big data...
Conventional Commits: A Guide to Writing Structured Git Commit Messages
2026-03-30 12:23:37
Conventional Commits is a lightweight specification for writing commit messages that are human-readable and machine-processable. A conventional commit message mimics the structure of an email, with a...
Russian CTRL Toolkit Delivered via Malicious LNK Files Hijacks RDP via FRP Tunnels
2026-03-30 12:18:00
Cybersecurity researchers have discovered a remote access toolkit of Russian-origin that's distributed via malicious Windows shortcut (LNK) files that are disguised as private key folders.
The CTRL toolkit,...
USN-8131-1: GStreamer Good Plugins vulnerabilities
2026-03-30 12:08:59
It was discovered that GStreamer Good Plugins incorrectly handled certain
X-QDM RTP payloads. A remote attacker could use this issue to cause
GStreamer Good Plugins to crash, resulting in a denial of...
pdfFiller Unveils AI PDF Editor, Bringing Generative AI to Document Workflows
2026-03-30 12:04:34
pdfFiller has launched an AI-powered PDF editor that enables users to generate professional documents using simple text prompts. The tool integrates with its existing document management platform and...
Microsoft protège le noyau Windows de l'injection de code
2026-03-30 12:03:44
La firme de Redmond renforce la sécurité dans Windows 11 en rendant obsolètes les signatures de pilotes noyau de son système (...)
Ursula Paton Breaks Her Silence
2026-03-30 12:00:36
Ursula Paton confides to Poirot the full story of her secret marriage to Ralph Paton and her life as a parlormaid. She recounts her stormy confrontation with Roger Ackroyd, the timing of key events, and...
Why cyber defenders need to be ready for frontier AI
2026-03-30 12:00:00
Understanding the threats and staying ahead of the adversary
Vulnerability affecting F5 BIG-IP APM
2026-03-30 12:00:00
The NCSC is encouraging UK organisations to mitigate an unauthenticated remote code execution vulnerability affecting F5 BIG-IP Access Policy Manager.
USN-8130-1: GStreamer Base Plugins vulnerability
2026-03-30 11:58:14
It was discovered that GStreamer Base Plugins incorrectly handled certain
AVI media files. A remote attacker could use this issue to cause GStreamer
Base Plugins to crash, resulting in a denial of service,...
9 Signals That Could Determine Whether Oracle Reaches a Trillion Valuation
2026-03-30 11:42:34
This article argues that Oracle has a credible path to a trillion valuation if three key engines align: strong growth in Oracle Cloud Infrastructure (OCI), sustained cash flow from its enterprise software...
USN-8129-1: pyasn1 vulnerability
2026-03-30 11:41:01
It was discovered that pyasn1 incorrectly handled recursion when decoding
ASN.1 data. An attacker could use this issue to cause pyasn1 to consume
resources, leading to a denial of service._
The State of Secrets Sprawl 2026: 9 Takeaways for CISOs
2026-03-30 11:30:00
Secrets sprawl isn't slowing down: in 2025, it accelerated faster than most security teams anticipated. GitGuardian's State of Secrets Sprawl 2026 report analyzed billions of commits across public GitHub...
Hackers now exploit critical F5 BIG-IP flaw in attacks, patch now
2026-03-30 10:59:38
F5 has reclassified a BIG-IP APM denial-of-service (DoS) vulnerability as a critical-severity remote code execution (RCE) flaw, warning that attackers are exploiting it to deploy webshells on unpatched...
TeamPCP Uses Fake Ringtone File in Tainted Telnyx SDK to Steal Credentials
2026-03-30 10:50:41
Telnyx issues an urgent alert after hackers TeamPCP uploaded malicious versions (4.87.1 & 4.87.2) of its Python SDK to steal cloud and crypto credentials.
Critical Fortinet FortiClient EMS flaw exploited for Remote Code Execution
2026-03-30 10:43:26
Attackers are exploiting a critical Fortinet FortiClient EMS flaw (CVE-2026-21643) that allows remote code execution via SQL injection. A critical Fortinet FortiClient EMS vulnerability, tracked as CVE-2026-21643...
HPE muscle ses pare-feux hybrides mesh
2026-03-30 10:28:47
A l’occasion de la RSA Conference qui s’est déroulée du 23 au 26 mars à San Francisco, HPE Juniper Networking a présenté (...)
Why ESG Capital Surges After Summits Create Risk for Private Investors
2026-03-30 10:06:08
This article argues that ESG-driven capital inflows, triggered by high-profile geopolitical events like ecological summits, often distort risk and create unfavorable investment conditions for private...
MIWIC26: Laura Price, Cyber Skills & Partnership Lead at BT
2026-03-30 09:55:46
Organised by Eskenzi PR in media partnership with the IT Security Guru, the Most Inspiring Women in Cyber Awards aim to shed light on the remarkable women in our industry. The following is a feature...
Microsoft pulls KB5079391 Windows update over install issues
2026-03-30 09:38:45
Microsoft has pulled a buggy Windows 11 non-security preview update to investigate a known issue that triggers 0x80073712 errors during installation. [...]
World Back Up Day 2026 – What are the takeaways?
2026-03-30 09:26:39
World Backup Day is often seen as a simple reminder to save your data, but this year, security leaders say backup strategies must evolve into fully tested, secure, and recovery-focused resilience plans....
Textbooks, Not the Internet, Trained This Powerful AI
2026-03-30 09:21:17
phi-1.5 is a 1.3B-parameter Transformer trained mainly on synthetic, textbook-quality data. Despite its small size, it matches or beats much larger models on commonsense reasoning, grade-school math,...
Beyond AI Code Review: Why You Need Code Simulation at Scale
2026-03-30 09:00:52
AI code review tools automate style and logic checks but fail to predict real-world production failures in complex, distributed systems. PlayerZero bridges this gap with AI-powered code simulation, integrating...
Move Fast, Patch Slower? The Endpoint Management Tradeoff Haunting SaaS Startups
2026-03-30 09:00:31
SaaS startups often prioritize speed over security, creating hidden endpoint security debt that compounds as they scale. Manual patching drains resources, slows teams, and leaves systems exposed while...
New macOS Infinity Stealer uses Nuitka Python payload and ClickFix
2026-03-30 07:49:36
Infinity Stealer targets macOS via fake Cloudflare CAPTCHA, using Nuitka; first such campaign per Malwarebytes. Researchers at Malwarebytes spotted a new macOS infostealer, named Infinity Stealer, using...
Critical Fortinet Forticlient EMS flaw now exploited in attacks
2026-03-30 07:48:17
Attackers are now actively exploiting a critical vulnerability in Fortinet's FortiClient EMS platform, according to threat intelligence company Defused. [...]
Russia-linked APT TA446 uses DarkSword exploit to target iPhone users in phishing wave
2026-03-30 07:34:40
Russia-linked TA446 is using the DarkSword iOS exploit kit in targeted phishing campaigns to compromise iPhone users. Russia-linked APT group TA446 (aka SEABORGIUM, ColdRiver, Callisto, and Star Blizzard)...
MobSF Exists for Mobile - So I Built One for the Web: Meet Argus
2026-03-30 07:27:49
How a simple question (“why are we still running twelve tools before DAST?”) turned into an open, no-database security intelligence app.The moment it clickedIf you've ever opened MobSF for an APK...
VulnCorp CTF by INE: The Moment I Wanted to Quit, But I Didn't
2026-03-30 07:26:51
INE's Red Teaming CTF · Medium · 14 days ChallengeA Note Before the Technical WalkthroughI almost quit this one.Not because it was too hard…But because it refused to break.This was INE's VulnCorp...
From Paste Site to Payout: How a Single Dump Led to a Critical Bug
2026-03-30 07:12:03
Free Link 🎈Continue reading on InfoSec Write-ups »
Proving Grounds — Practice — Heist
2026-03-30 07:07:59
Proving Grounds — Practice — HeistAI image created by https://deepai.org/machine-learning-model/hologram-3d-generatorProving Grounds Practice box Heist is rated hard by Offsec, but the community...
SSRF to Admin Access: When a “Harmless URL” Took Me Straight to the Kingdom
2026-03-30 07:07:40
Free Link🎈Continue reading on InfoSec Write-ups »
The Phantom Edge: A Cloudflare Pastejacking Attack | Farros
2026-03-30 07:05:50
It was supposed to be a regular day. I opened my browser, navigated to one of my web projects, and was greeted by something that…Continue reading on InfoSec Write-ups »
A week in security (March 23 – March 29)
2026-03-30 07:01:00
A list of topics we covered in the week of March 23 to March 29 of 2026
Three China-Linked Clusters Target Southeast Asian Government in 2025 Cyber Campaign
2026-03-30 07:00:00
Three threat activity clusters aligned with China have targeted a government organization in Southeast Asia as part of what has been described as a "complex and well-resourced operation."
The campaigns...
European Commission confirms data breach after Europa.eu hack
2026-03-30 06:42:58
The European Commission has confirmed a data breach after its Europa.eu web platform was hacked in a cyberattack claimed by the ShinyHunters extortion gang. [...]
List of 13 new domains
2026-03-30 00:00:00
.fr auth-connexion-ar[.fr] (registrar: Dynadot Inc)
connexion-compt[.fr] (registrar: Dynadot Inc)
connexion-portal[.fr] (registrar: Dynadot Inc)
connexion-securisee[.fr] (registrar: Dynadot Inc)
connexion-validation[.fr]...
Vulnérabilité dans Roundcube (30 mars 2026)
30/03/2026
Une vulnérabilité a été découverte dans Roundcube. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
Vulnérabilité dans Docker Desktop (30 mars 2026)
30/03/2026
Une vulnérabilité a été découverte dans Docker Desktop. Elle permet à un attaquant de provoquer une falsification de requêtes côté serveur (SSRF).
Multiples vulnérabilités dans Microsoft Edge (30 mars 2026)
30/03/2026
De multiples vulnérabilités ont été découvertes dans Microsoft Edge. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité et un problème de sécurité non...
Multiples vulnérabilités dans les produits Microsoft (30 mars 2026)
30/03/2026
De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.