Toute l'actualité de la Cybersécurité
Mageia 10 9 libidn Critical Out-Of-Bounds Read CVE-2026-57053
2026-07-18 18:27:53
Security update
OpenSSL Fixes HollowByte Memory Exhaustion Bug
2026-07-18 18:24:32
Okta disclosed HollowByte, an 11-byte OpenSSL flaw that lets remote attackers exhaust server memory and trigger denial-of-service attacks. Okta’s Red Team disclosed a denial-of-service vulnerability...
Hugging Face Confirms AI-Driven Breach: Attackers used Autonomous Agents, defenders countered with AI
2026-07-18 17:30:35
Hugging Face disclosed this week that it detected and contained a production infrastructure intrusion, driven end-to-end by an autonomous AI agent system, and defended against it using its own AI-based...
WordPress Core "wp2shell" RCE flaws get public exploits, patch now
2026-07-18 17:22:47
Public exploits have been released for the critical "wp2shell" remote code execution vulnerabilities affecting WordPress Core, making it imperative that administrators patch their sites immediately. [...]...
openSUSE Tumbleweed oras Moderate Threat Update 2026-11297-1 CVE-2026-50163
2026-07-18 15:36:25
An update that solves one vulnerability can now be installed.
openSUSE Nginx New Moderate Update Advisory Released 2026-11295-1
2026-07-18 15:36:25
An update that solves 3 vulnerabilities can now be installed.
openSUSE gomuks Moderate Security Issue Fix 2026-11290-1
2026-07-18 15:36:24
An update that solves 6 vulnerabilities can now be installed.
openSUSE Tumbleweed Blender Moderate Security Issue Advisory 2026-11288-1
2026-07-18 15:36:24
An update that solves 3 vulnerabilities can now be installed.
Debian LTS Linux Critical Privilege Escalation and DoS Update DLA-4688-1
2026-07-18 14:17:35
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. For Debian 12 bookworm, these problems have been fixed...
Microsoft warns of surge in ACR Stealer attacks on customers
2026-07-18 14:17:19
Microsoft has observed a surge in attacks using the ACR Stealer malware to steal browser-stored passwords, authentication tokens, and sensitive documents from its enterprise customers. [...]
The TechBeat: How Key Data Slashed Debugging Time and Ramped Up Innovation Velocity (7/18/2026)
2026-07-18 14:01:07
7/18/2026: Trending stories on Hackernoon today!
Daxin: 13-Year-Old China-Linked Malware Found Still Active on Manufacturer's Network
2026-07-18 14:01:03
Researchers found China’s Daxin rootkit and a new Stupig backdoor on a Taiwan firm’s network, suggesting a stealthy intrusion dating back to 2013. Symantec’s Threat Hunter Team found...
The Biggest Audience on My Website Never Clicks
2026-07-18 14:00:53
Over 89 days, my website recorded 95,394 AI bot hits. Here's why AI retrieval may matter more than traditional referral traffic.
137 Blog Posts To Learn About Cloud Native
2026-07-18 14:00:45
Learn everything you need to know about Cloud Native via these 137 free HackerNoon blog posts.
The Future of Age Verification: Your Face Never Leaves Your Device
2026-07-18 13:15:24
As age verification laws expand worldwide, organizations face growing pressure to protect users' privacy while meeting regulatory requirements. Incode explains how on-device age estimation verifies age...
openSUSE 16.0 cyrus-imapd Moderate Threats Update 2026-21368-1
2026-07-18 13:13:28
An update that solves 9 vulnerabilities and has 9 bug fixes can now be installed.
openSUSE Leap 16.0 Lux Important Denial of Service Issues 2026-21367-1
2026-07-18 13:13:20
An update that solves 9 vulnerabilities and has 5 bug fixes can now be installed.
openSUSE Leap 16.0 Grafana Important Request Limit XSS Fix 2026-21366-1
2026-07-18 13:13:14
An update that solves 2 vulnerabilities and has 3 bug fixes can now be installed.
U.S. CISA adds Fortinet FortiSandbox and Microsoft SharePoint flaws to its Known Exploited Vulnerabilities catalog
2026-07-18 11:49:16
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Fortinet FortiSandbox and Microsoft SharePoint flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure...
New Spirals Ransomware Uses IIS Web Shell and PsExec to Encrypt IT Firm in Under 24 Hours
2026-07-18 11:41:32
A previously unseen ransomware family dubbed “Spirals” struck an IT services company in South Asia in June 2026. Symantec’s Threat Hunter Team reports that the attackers moved from the...
Canicule : les serveurs français sous pression pirate
2026-07-18 11:38:31
Seize organisations françaises citées par six groupes pirates entre le 1er et le 16 juillet 2026.
Cyber actualités de la semaine du 19 juillet 2026
2026-07-18 11:20:25
Bonjour à toutes et tous Cette semaine, les fuites de données dominent l'actualité avec NEBBIA, Croqvacances, seize millions de CV exposés et le piratage de l'opérateur Odido. LeakBase voit aussi...
La base piratée de LFI ressurgit sur un forum pirate
2026-07-18 11:08:26
La base volée d'Action populaire ressurgit, exposant militants et organisation aux risques cyber et politiques.
LeakBase : dix téraoctets piratés réapparaissent
2026-07-18 10:13:29
LeakBase fermé, une archive de 10 To de données volées réapparaît via des stockages publics russes.
700 escrocs, 20 centres d'appels : ce réseau criminel a fait des dizaines de milliers de victimes
2026-07-18 10:02:55
La police vient de démanteler un vaste réseau criminel spécialisé dans les arnaques aux faux investissements. Baptisée « Operation Sunflower », l'enquête a duré près de quatre ans et s'est soldée...
Un négociateur de rançongiciel condamné à 70 mois
2026-07-18 09:49:13
Un négociateur de rançongiciel condamné pour avoir aidé BlackCat à extorquer ses propres clients.
La piste néerlandaise se précise après le piratage d'Odido
2026-07-18 09:41:38
La police explore une piste et une voix après le vol des données de six millions de clients d'un important opérateur téléphonique.
How Browser-Based Image Rotation Works Without Uploading Your Files
2026-07-18 09:32:47
Learn how modern browsers rotate images locally using HTML Canvas, FileReader, and Web APIs without uploads for faster, private image editing.
Device Code Phishing: How Attackers Abuse Microsoft's Legitimate Authentication Page Without…
2026-07-18 09:24:57
Device Code Phishing: How Attackers Abuse Microsoft's Legitimate Authentication Page Without Stealing Your PasswordThe most convincing Microsoft phishing attack yet. Learn how attackers abuse Microsoft's...
From SQL Injection to Infrastructure-Level RCE: A PostgreSQL Superuser Compromise
2026-07-18 09:24:45
Imagine finding a backdoor that gives you absolute superuser access to a state infrastructure network, documenting the exploit chain perfectly, and submitting it—only to be met with total bureaucratic...
From User Enumeration to PII Exposure: Chaining Two APIs Into a ,000 Bug
2026-07-18 09:23:37
Free Article Link: Click for free!Continue reading on InfoSec Write-ups »
How I Abused a Group Policy Object (GPO) in Active Directory (And How to Fix It)
2026-07-18 09:23:03
Group Policy Objects (GPOs) are one of the most powerful features in Active Directory. They allow administrators to manage settings across computers and users.But if the wrong user has control over a...
How I Escalated to Domain Admin Using AD CS (And How to Fix It)
2026-07-18 09:22:57
What is AD CS?Active Directory Certificate Services (AD CS) allows users and computers to obtain certificates for authentication, encryption, and other services.If certificate templates are misconfigured,...
How I AES-Roasted My Active Directory Lab (And How to Fix It)
2026-07-18 09:22:46
AS-REP Roasting is one of the easiest ways to obtain Active Directory credentials without knowing a password. If a user has Kerberos Preauthentication disabled, the Domain Controller returns an AS-REP...
eCPPTv3 Review
2026-07-18 09:22:38
Almost a year ago, I took the INE's “eCPPTv3” exam, and here is my honest reviewWhy eCPPT?A year ago (May 29) I've bought the bundle which included 3 months of premium subscription and 2 exam...
CallMeOnTheChain — EtherRAT Lab Writeup [CyberDefenders]
2026-07-18 09:22:34
CallMeOnTheChain — EtherRAT Lab Writeup [CyberDefenders]CallMeOnTheChain - EtherRAT | Blue team challenge.You can read this writeup on my GitBook: LinkScenarioSomething is wrong at Maromalix. On...
600$ For Stealing Podcasts/Show via RSS Feed Manipulation
2026-07-18 09:22:18
Hello hunters! 👋In this write-up, I will share a Business Logic Flaw I discovered in a major podcasting platform (redacted.com).By manipulating a simple XML file (RSS Feed), I was able to bypass the...
Decoding the Obfuscated Layer: A Playbook Walkthrough of Command-Line Forensics
2026-07-18 09:21:20
A full and detailed insight into CLI forensics, going into depth following a TryHackMe labSource: TechFusionFor incident responders, security analysts, and threat hunters, discovering an unknown script...
Why Bigger Context Windows Make AI Agents Worse, Not Better
2026-07-18 09:18:01
Why bigger context windows often make AI agents less accurate. Learn about lost-in-the-middle, context rot, reranking, and smarter context engineering.
Multi-Agent Systems Need a Control Plane, Not Just Better Orchestration
2026-07-18 09:09:11
Multi-agent AI systems need control planes to separate agent recommendations from execution authority, policy enforcement, and auditability.
Designing Software for Change: The Engineering Discipline Behind Systems That Survive Growth
2026-07-18 09:01:59
Learn why resilient software architecture is designed for change, not just scale—and how to reduce technical debt, cognitive load, and future engineering risk.
Critical WordPress Core Flaw Lets Anonymous Hackers Gain Remote Code Execution
2026-07-18 08:47:43
A newly disclosed a pre-authentication remote code execution (RCE) vulnerability in WordPress Core, dubbed “wp2shell,” that requires no authentication and affects stock WordPress installations...
Citrix Secure Access and Endpoint Client for Windows Vulnerability Enables Privilege Escalation
2026-07-18 08:41:45
Cloud Software Group has disclosed two security vulnerabilities affecting Citrix Secure Access Client for Windows and Citrix Endpoint Analysis Client for Windows, with one flaw allowing low-privileged...
Why Superintelligence Won't Be Born on Earth
2026-07-18 08:27:33
Why state regulations, institutional lies, and the "alignment trap" guarantee that true Artificial Superintelligence (ASI) will only be born far beyond Earth.
EY Data Breach – Hackers Access Third-Party IT Support Platform and Steal Client Tax Documents
2026-07-18 08:16:55
Ernst & Young LLP (EY) has confirmed a data security incident in which an unauthorized third party breached a third-party IT service management platform used by its tax practice, exfiltrating documents...
OpenSSL DoS Vulnerability Lets Remote Attackers Exhaust Server Memory With an 11-Byte Payload
2026-07-18 07:33:38
A newly disclosed vulnerability reminds us how deeply our digital infrastructure relies on foundational libraries. The Okta Red Team recently discovered “HollowByte,” a Denial of Service (DoS)...
« Le casse de la mémoire » de Claude : comment un site piégé a poussé l'IA à divulguer toutes vos données
2026-07-18 07:31:04
Un chercheur a démontré qu'un simple site web piégé pouvait pousser Claude à divulguer le nom, l'employeur et la ville d'origine de son utilisateur. Des réponses à des questions de sécurité...
Citrix Secure Access Client Flaw Lets Low-Privileged Windows Users Gain SYSTEM Privileges
2026-07-18 06:46:38
Cloud Software Group has issued a High-severity security bulletin (CTX696734) disclosing two vulnerabilities in the Citrix Secure Access Client for Windows and the Citrix Endpoint Analysis Client for...
TradFi Volumes Triple, 12M Users Reached as BTCC Exchange Marks 15 Years
2026-07-18 06:25:05
On July 10, BTCC hosted an exclusive VIP dinner in Ginza, Tokyo. The invitation-only event brought VIP clients together under the theme of "Tsumugi" (to weave),
Apple alerte les utilisateurs d'iPhone : ces appels FaceTime peuvent vider votre compte bancaire
2026-07-18 06:02:12
Apple et les autorités américaines alertent les utilisateurs d'iPhone sur une escroquerie en pleine expansion. De plus en plus, les cybercriminels se servent de FaceTime pour tenter de piéger les internautes...
Mageia Python-pydantic-settings Critical File Read Issue CVE-2026-58203
2026-07-18 05:49:09
Security update
Mageia LibreOffice Important Buffer Overflow Issues Fix 2026-0259
2026-07-18 05:49:08
Security update
Mageia 10 Sticky Bugfix Advisory 2026-0057 Unraveled and Explained
2026-07-18 05:49:05
Security update
The 5 AWS Services Every Developer Must Know to Build AI Products in 2026 (With Real Projects)
2026-07-18 05:00:56
You don't need to know all 200+ AWS services to build AI products. You need these 5. Here's the complete beginner's guide to Amazon Bedrock, Lambda, API Gateway
MC2: The Best Marvel Alternate Universe You Never Heard of
2026-07-18 03:07:08
The MC2, or Marvel Comics 2, is Marvel's best-kept secret.
New wp2shell RCE Vulnerability Hits Millions of WordPress Sites, Emergency Patch Released
2026-07-18 03:05:23
A critical pre-authentication remote code execution (RCE) vulnerability dubbed “wp2shell” has been discovered in WordPress Core, putting an estimated 500 million+ websites at risk of full...
212 Blog Posts To Learn About Cloud Infrastructure
2026-07-18 02:00:48
Learn everything you need to know about Cloud Infrastructure via these 212 free HackerNoon blog posts.
List of 34 new domains
2026-07-18 00:00:00
.fr 5gringos-fra[.fr] (registrar: Hosting Concepts B.V. d/b/a Openprovider)
air-canada[.fr] (registrar: OVH)
airfrance-relationce[.fr] (registrar: IONOS SE)
bruno-fra[.fr] (registrar: Hosting Concepts...