Toute l'actualité de la Cybersécurité
L'UE présente des mesurettes pour renforcer sa souveraineté numérique
2026-06-03 17:24:18
Les propositions étaient attendues depuis plusieurs mois dans un contexte géopolitique tendu. La Commission européenne vient de publier (...)
Hackers Use Fake Purchase Orders to Deploy JS.MonoGlyphRAT Targeting US Enterprises
2026-06-03 15:56:27
A stealthy new threat is quietly making its way through US businesses, and most traditional security tools are completely missing it. Researchers have uncovered a previously unknown piece of malware that...
CISA and Partners Warns of Cyberattacks Targeting U.S.-based Automatic Tank Gauge Systems
2026-06-03 15:52:01
A serious wave of cyberattacks is now targeting a piece of infrastructure that most people never think about. Automatic Tank Gauge systems, commonly known as ATG systems, are used across the United States...
CISA warns of active attacks exploiting Android, Linux bugs
2026-06-03 15:36:16
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are exploiting vulnerabilities in the Linux kernel and Android operating system. [...]
BlueSecure lance un serious game de gestion de crise
2026-06-03 15:13:16
Confronter de façon ludique des collaborateurs aux décisions et aux arbitrages de chaque fonction clé de l’entreprise (...)
Avec Scout, Microsoft greffe un agent OpenClaw dans M365
2026-06-03 14:24:21
Dévoilé ce mardi lors de la conférence Build organisée du 2 au 3 juin à San Francisco, l'agent IA Scout développé (...)
5 Steps to Turn Your RMF Backlog Into a Continuous ATO: The CSRMC Migration Playbook
2026-06-03 14:17:02
Let's be honest about the legacy Risk Management Framework (RMF): for the last decade, achieving an ATO has been less about actual cybersecurity and more about creative writing. We built three-year...
Five OpenClaw 0-Days let Attackers to Hijack Trusted AI Agent Access
2026-06-03 14:15:22
Five zero-day flaws in OpenClaw allowed attackers to bypass trust boundaries and hijack AI agent access across multiple messaging platforms. OpenClaw, which integrates AI agents with services such as...
WordPress Plugin Vulnerability Exposes 500,000+ Websites to Privilege Escalation Attacks
2026-06-03 14:11:42
A critical security flaw in the widely used Kirki WordPress plugin has exposed over 500,000 websites to potential account takeover attacks, with researchers warning that approximately 150,000 sites are...
What 345 Days of Untested Exposure Looks Like at a Bank
2026-06-03 14:02:12
A two-week penetration test can leave roughly 345 days of real-world exposure unvalidated. Sprocket Security explores why continuous testing is becoming critical as attack surfaces constantly change....
Russia's FSB Says Foreign Spies Infected Officials' Phones With Malware
2026-06-03 13:50:14
Russia’s FSB claims foreign intelligence planted malware on senior officials’ phones to intercept calls and activate cameras. No technical evidence, no country named. On June 2, 2026, Russia’s...
Workday contrôle les agents IA avec Agent Passport
2026-06-03 13:49:18
Lors de son événement DevCon, Workday a dévoilé cette semaine une série d'outils destinés à aider les (...)
Hackers Using AI Tools to Automate Active Directory Attacks and EDR Evasion
2026-06-03 13:47:15
A threat actor used AI-assisted tools to automate Active Directory discovery and test endpoint detection and response (EDR) evasion techniques, highlighting the rise of AI-supported post-exploitation...
China-Linked TA4922 Hackers Target UK, Europe With New SilentRunLoader Malware
2026-06-03 13:30:03
Proofpoint says TA4922, a suspected China aligned cybercrime group, is targeting UK and European organisations with tax, payroll and benefits themed malware campaigns.
DNS-AID à la Fondation Linux : qu'est-ce que ce projet d'« annuaire agentique » ?
2026-06-03 13:07:55
La Fondation Linux a pris sous son aile le projet DNS-AID, qui a émergé l'an dernier sous l'impulsion d'Infoblox.
The post DNS-AID à la Fondation Linux : qu’est-ce que ce projet d’« annuaire...
One-Click GitHub Dev Attack Lets Attackers Steal Full GitHub OAuth Tokens
2026-06-03 12:58:22
Cybersecurity researchers have disclosed a one-click attack via Microsoft Visual Studio Code (VS Code) that makes it possible to steal a user's GitHub token.
"Just by clicking a link, it's possible for...
500 Ransomware Statistics For 2026
2026-06-03 12:50:44
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 3, 2026 – Read the full story from Bright Defense Ransomware has existed for more than 35 years and...
Critical Apache ActiveMQ Vulnerability Allows Malicious Security Header Injections
2026-06-03 12:47:14
A critical vulnerability in Apache ActiveMQ has been disclosed, allowing attackers to inject malicious HTTP security headers through improperly handled message properties, potentially leading to cross-site...
Ivanti ITSM Vulnerability Lets Attackers Gain Admin Privilege
2026-06-03 12:44:59
Ivanti has disclosed a high-severity vulnerability in its Ivanti Neurons for ITSM platform that could allow attackers with valid credentials to escalate privileges and gain full administrative access....
Cisco muscle l'orchestration et la sécurité des agents IA
2026-06-03 12:43:43
A l’occasion de son évènement Cisco Live qui se déroule à Las Vegas du 1er au 4 juin, la société dirigée (...)
Keep getting calls from questionable numbers? Meet Scam Number Check
2026-06-03 12:16:04
Scam Number Check lets you quickly check whether a number has been linked to scams before you call back, share information, or send money.
Laravel CRLF Injection Vulnerability Enables an Attacker to Interfere with Outbound Email Processing
2026-06-03 12:14:30
A high-severity CRLF injection vulnerability in the Laravel framework, tracked as CVE-2026-48019, could allow attackers to interfere with outbound email processing in affected applications. The issue...
Guerre contre l'IPTV : la police européenne démantèle 9 groupes spécialisés dans le streaming illégal
2026-06-03 12:01:54
La guerre contre l'IPTV continue. Une vague d'arrestations vient de frapper le monde du streaming illégal en Europe. Les forces de l'ordre de treize pays ont en effet démantelé neuf réseaux criminels...
Malicious Notifications Could Trick Google Gemini Users
2026-06-03 12:01:00
A prompt injection flaw in Google Gemini's voice assistant let attackers hide malicious commands in notifications, enabling social engineering and more.
Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)
2026-06-03 11:58:00
The Fragmented State of Modern Enterprise Identity
Enterprise IAM is approaching a breaking point. As organizations scale, identity becomes increasingly fragmented across thousands of applications, decentralized...
Hackers Use YouTube and SEO Poisoning to Spread WeedHack Minecraft Malware
2026-06-03 11:52:29
Hackers are hiding dangerous malware inside what look like popular Minecraft mods and game clients, using YouTube videos and search engine tricks to pull unsuspecting players into their trap. The campaign,...
Acer working to patch max severity zero-days in Wave 7 routers
2026-06-03 11:35:47
Acer is working to address two maximum-severity zero-day vulnerabilities affecting its Wave 7 mesh routers. [...]
Beyond the Zero-Day: See Your Network Like an Attacker | Webinar with HD Moore
2026-06-03 11:28:59
Assume the breach. Zero-days keep shipping, AI is writing exploits faster than anyone patches, and "patch everything in time" stopped working years ago. Stop betting the org on winning that race. You...
Alcasec, “Robin Hood of Spanish Hackers,” Jailed for 31 Months Over Data Theft
2026-06-03 11:27:59
Alcasec, the "Robin Hood of Spanish Hackers," is jailed for 31 months after admitting to stealing and selling Spanish citizens' banking data.
Claude Mythos s'ouvre au Monde…et à la France
2026-06-03 11:27:41
Anthropic étend son programme Project Glasswing à 150 organisations dans plus de 15 pays, dont la France. Son modèle Claude Mythos est devenu un enjeu géopolitique.
The post Claude Mythos s’ouvre...
Build 2026 : ce que Microsoft met dans sa « plate-forme agentique »
2026-06-03 10:58:15
La notion de « plate-forme agentique » se répand dans la communication de Microsoft. Focus sur quelques-unes des briques qui la composent.
The post Build 2026 : ce que Microsoft met dans sa « plate-forme...
U.S. CISA adds Android and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog
2026-06-03 10:43:39
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Android and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency...
Fuite massive ou coup de bluff ? Un pirate revendique le vol des données médicales de 34 millions de Français, l'Assurance Maladie dément
2026-06-03 10:39:25
Un pirate affirme avoir dérobé les données personnelles de plus de 34 millions d'assurés français via le Dossier Médical Partagé (DMP), le carnet de santé numérique géré par l'Assurance Maladie....
Unpatched Windows Search URI Vulnerability Lets Attackers Steal NTLMv2 Hashes
2026-06-03 10:18:52
Cybersecurity researchers have disclosed details of an unpatched issue that could be exploited to disclose a user's NTLMv2 hash to the attacker.
Like in the case of CVE-2026-33829, which impacted the...
ComoDoS - Exploiting a Remote Kernel Vulnerability in Comodo Internet Security
2026-06-03 10:13:00
Sometimes firewall stops attackers, sometimes attackers stop firewall. analyzing a zero-day vulnerability in Comodo Internet Security's Firewall driver.
Police dismantles 9 crime groups in illegal streaming crackdown
2026-06-03 10:12:24
European and international law enforcement agencies have dismantled nine organized crime groups and arrested 29 suspects in a major crackdown on illegal streaming operations. [...]
Global Stock Exchange Hit by Monthslong Email Campaign
2026-06-03 10:01:00
A threat actor got a near-continuous view into an influential finance executive's email inbox, thanks to clever use of legitimate, native Windows tools.
Google Patches Actively Exploited Android Flaw Affecting Millions of Devices
2026-06-03 09:44:47
Google fixed 124 Android flaws, including CVE-2025-48595, an actively exploited privilege escalation bug linked to targeted attacks. Google has released its June 2026 Android security updates, fixing...
USN-8344-3: pip vulnerability
2026-06-03 09:16:40
USN-8344-1 introduced a regression in pip. This update provides a complete fix for this issue..
We apologize for the inconvenience.
Original advisory details:
It was discovered that pip's bundled...
Google adds Android protection against AI deepfake scam calls
2026-06-03 09:02:11
Google is introducing a new Android security feature that will detect and flag phone calls in which scammers use artificial intelligence to impersonate a user's personal contacts. [...]
Why the AI Agent Utilization Gap Is an Infrastructural Problem, Not a Managerial One
2026-06-03 09:00:40
Enterprises are creating massive numbers of AI agents, but most never reach production because companies lack the infrastructure needed to trust them at scale. Without confidence scoring, traceability,...
Onlyoffice Releases API 9.4, Giving Developers Deeper Control Over Document Workflows
2026-06-03 09:00:38
ONLYOFFICE has released a major API update spanning its Docs API, Plugins and Macros API, and Office JavaScript API. The release introduces stronger document automation, enhanced form controls, improved...
Argamal: Malware hidden in hentai games
2026-06-03 09:00:22
Kaspersky researchers analyze new Argamal RAT distributed via infected hentai games and allowing the attacker to control the target machine.
Infostealers are becoming the go-to phishing payload
2026-06-03 08:59:47
Cybercriminals prefer infostealers to traditional phishing techniques because they reduce friction, scale well, and are widely available.
Faille critique dans l'implémentation MCP stdio de Flowise
2026-06-03 08:57:53
Une brèche de sécurité doit mobiliser l’attention des entreprises qui utilisent la plateforme low-code open source Flowise servant (...)
New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare
2026-06-03 08:33:35
Cybersecurity researchers have discovered a remote denial-of-service exploit that affects major web servers, including NGINX, Apache HTTPD, Microsoft IIS, Envoy, and Cloudflare Pingora.
The vulnerability...
Unify Your Plant-Floor Data with Claude Code and TimescaleDB
2026-06-03 08:30:37
Building a Unified Namespace is less about the namespace itself and more about enforcing consistency across fragmented industrial data sources. This guide shows how Claude Code Agent Teams can build protocol-specific...
The AI Agent Economy Has a Fatal Flaw: No One Built the Identity Layer. Luffa AI Is Building It
2026-06-03 08:30:30
AI agents can generate value, but they still lack a core capability: verifiable identity. Luffa AI is building the infrastructure layer that gives agents wallets, decentralized identity, payments, and...
Microsoft 365 Android Apps Account Takeover Vulnerability Impacted Billions of Android Users
2026-06-03 08:12:12
A single forgotten development flag left active in production code silently handed Microsoft account tokens to any app on an Android device, exposing billions of users across six major Microsoft 365 apps...
USN-8363-2: MySQL vulnerabilities
2026-06-03 07:43:47
USN-8363-1 fixed several vulnerabilities in MySQL. This update
provides the corresponding fixes for MySQL on Ubuntu 20.04 LTS.
Original advisory details:
Multiple security issues were discovered in...
Une faille critique d'Android a été exploitée dans des attaques « ciblées », Google déploie un correctif
2026-06-03 07:30:42
Une faille critique dans le code d'Android a été exploitée par des cybercriminels. Google indique avoir enregistré une série d'attaques « ciblées ». En guise de contre-attaque, Google vient de...
Why I Wrote My Own Terminal Emulator (and How)
2026-06-03 07:18:55
Inside the process of building AnyClaude, a custom terminal emulator for Claude Code with GPU rendering, pixel scrolling, and a glyph atlas.
How I Stress-Tested 3 AI 3D Generators on the Same Inputs: What the Numbers Actually Show
2026-06-03 07:18:09
TL;DR: I'm Marcus Chen from the Meshy team. I ran the same five prompts through Meshy 6, Tripo v3.1, and Rodin Gen-2.5 and compared the outputs on latency, mesh cost, geometry quality, and topology. No...
Building A Powerful Earnings Surprise Radar with Python
2026-06-03 07:15:28
A step-by-step tutorial to creating a earnings surprise radar with EODHD APIs and Python.
USN-8375-1: nginx vulnerabilities
2026-06-03 07:11:56
It was discovered that the nginx ngx_mail_smtp_module module incorrectly
handled certain memory operations when doing SMTP authentication. This
could possibly result in sensitive information being sent...
AI Agents Don't Fail Because of the LLM. They Fail Because of the System Around It.
2026-06-03 07:05:13
Most production (AI) agents don't fail due to an unreliable language model (LLM). Agents most commonly fail because of an unreliable environment in which they are running. The same issues that cause an...
Tokenized Markets Need Guardrails, Not Gatekeepers
2026-06-03 07:04:08
Wall Street is moving toward tokenized markets, but the future of finance needs open networks with built-in protections, not permissioned gatekeepers.
The RAG Data-Flow Audit: A Practical Framework for Enterprise AI Teams
2026-06-03 07:01:57
A practical framework for auditing enterprise RAG pipelines before legal, security, or compliance teams approve AI agents.
Linux Kernel vulnerability Dirty Frag
2026-06-03 07:00:00
CVSSv3 Score:
7.9
Linux kernel is impacted by CVE-2026-43284 and CVE-2026-43500 which chained together create the Dirty Frag vulnerability.CVE-2026-43284In the Linux kernel, the following vulnerability...
I'm Proudly AI-Assisted. I'm Done Apologizing for It.
2026-06-03 06:59:24
AI did not replace my thinking. It reduced the cost of turning thought into production. This essay argues that the real AI debate is not about tools replacing humans, but about who gets access to creation,...
Why LLMs Rewrite History (And How Multi-Agent Systems Can Help Restore It)
2026-06-03 06:57:36
To stop LLMs from silently modernizing historical archives, developers must use multi-agent AI systems to enforce visual accuracy and authentically restore the past.
VS Code zero-day lets hackers steal GitHub tokens in one click
2026-06-03 06:50:30
A security researcher has released exploit code for a Visual Studio Code (VS Code) zero-day vulnerability that allows attackers to steal GitHub authentication tokens by tricking users into clicking a...
Weedhack Attacks Minecraft Users, CountLoader Hits 86K, Miners Spread via Pirated Content
2026-06-03 06:16:54
Cybersecurity researchers have flagged a new campaign targeting Minecraft players via YouTube to spread malware capable of gaining control of victims' systems.
The Minecraft-focused malware-as-a-service...
Chrome s'attaque au vol de cookies : comment fonctionne la nouvelle protection de Google ?
2026-06-03 05:30:23
Vos cookies de connexion sont une cible de choix pour les pirates, qui s'en servent pour contourner la double authentification. Chrome déploie une parade qui rend ces cookies volés inutilisables.
Why an HP Poly VoIP Phones Bug Could Become an Enterprise Foothold
2026-06-03 05:03:30
Rapid7 details a critical unauthenticated overflow in HP Poly VoIP phones that can lead to root RCE, with patches available for affected models. Rapid7's latest disclosure on CVE-2026-0826 should get...
USN-8348-1: GoBGP vulnerabilities
2026-06-03 04:50:51
It was discovered that GoBGP incorrectly handled certain specially crafted
BGP UPDATE messages. A remote attacker could possibly use this issue to
cause GoBGP to crash, resulting in a denial of service....
Preinstall to persistence: Inside the Red Hat npm Miasma credential-stealing campaign
2026-06-03 04:45:06
A large-scale npm supply chain attack compromised over 90 versions of @redhat-cloud-services packages, silently infecting CI/CD environments and developer systems. The malicious code steals credentials...
Vulnérabilité dans les produits Laravel (03 juin 2026)
03/06/2026
Une vulnérabilité a été découverte dans les produits Laravel. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
Vulnérabilité dans HPE Aruba Networking AOS-CX (03 juin 2026)
03/06/2026
Une vulnérabilité a été découverte dans HPE Aruba Networking AOS-CX. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
Multiples vulnérabilités dans Mozilla Firefox (03 juin 2026)
03/06/2026
De multiples vulnérabilités ont été découvertes dans Mozilla Firefox. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Multiples vulnérabilités dans Microsoft Azure Linux (03 juin 2026)
03/06/2026
De multiples vulnérabilités ont été découvertes dans Microsoft Azure Linux. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.