Toute l'actualité de la Cybersécurité
Google Warns Ransomware Actors Are Shifting Tactics as Profits Fall and Data Theft Rises
2026-03-17 18:08:07
The ransomware threat landscape entered a new phase in 2025. Once a highly reliable criminal business model built on encrypting victim files and collecting ransom payments, it is now under significant...
CISO DEMO: Cybersecurity Vendors Pitch Chief Information Security Officers On YouTube
2026-03-17 18:04:01
Security chiefs watch short videos produced by Cybercrime Magazine – Steve Morgan, Founder of Cybersecurity Ventures Sausalito, Calif. – Mar. 17, 2026 Around a year ago, Cybersecurity Ventures asked...
Glassworm Hits Popular React Native Packages With Credential-Stealing npm Malware
2026-03-17 17:49:12
A coordinated supply chain attack struck the developer community on March 16, 2026, when a threat actor known as Glassworm backdoored two widely used React Native npm packages, turning them into silent...
Simple Custom Font Rendering Can Poison ChatGPT, Claude, Gemini, and Other AI Systems
2026-03-17 17:23:22
A novel attack technique that exploits a fundamental blind spot in AI web assistants the gap between what a browser renders for a user and what an AI tool actually reads from the underlying HTML. Using...
Le groupe Glassworm cible le référentiel d'extensions Open VSX
2026-03-17 17:18:24
De plus en plus les outils de développement intéressent les cybercriminels pour déployer des malwares. Des experts de l’entreprise (...)
How to Shop Online Safely While Finding Better Deals
2026-03-17 17:04:25
With the rapid growth of e-commerce and mobile payments, online shopping has become an essential part of everyday life for many people. Consumers now purchase everything from electronics and household...
D'OpenShell à NanoClaw, un NVIDIA tentaculaire sur l'agentique
2026-03-17 16:45:13
NVIDIA orchestre, avec ses clients, une communication massive autour de la nouvelle marque Agents Toolkit et des perspectives qu'elle porte.
The post D’OpenShell à NanoClaw, un NVIDIA tentaculaire...
AI Flaws in Amazon Bedrock, LangSmith, and SGLang Enable Data Exfiltration and RCE
2026-03-17 16:39:00
Cybersecurity researchers have disclosed details of a new method for exfiltrating sensitive data from artificial intelligence (AI) code execution environments using domain name system (DNS) queries.
In...
Microsoft réorganise Copilot
2026-03-17 16:23:26
Microsoft annonce une restructuration de son organisation autour de Copilot, unifiant les équipes grand public et entreprise sous une direction unique.
The post Microsoft réorganise Copilot appeared...
Cisco et Nvidia étoffent l'architecture Secure AI Factory
2026-03-17 16:21:55
A l’occasion de la GTC 2026 qui se déroule à San José du 16 au 19 mars, Cisco et Nvidia ont poursuivi leur travail commun pour (...)
Fake Pudgy World site steals your crypto passwords
2026-03-17 16:10:42
The phishing site it is not affiliated with Igloo Inc or Pudgy Penguins, but is designed to lure fans and steal their crypto passwords.
Investing in the people shaping open source and securing the future together
2026-03-17 16:00:00
See how GitHub is investing in open source security funding maintainers, partnering with Alpha-Omega, and expanding access to help reduce burden and strengthen software supply chains.
The post Investing...
AWS Bedrock AgentCore Sandbox Bypass Allows Covert C2 Channels and Data Exfiltration
2026-03-17 15:55:23
A significant security flaw in AWS Bedrock AgentCore Code Interpreter’s “Sandbox” network mode, a feature advertised by AWS as providing complete network isolation that allows outbound...
Market-Aware Agents Need Instant Knowledge Acquisition, Not the Latest Model
2026-03-17 15:52:40
Market-aware agents don't need the latest model. They need instant knowledge acquisition: live, verified data. Bright Data provides the infrastructure to turn hallucinating chatbots into real-time analysts....
GitGuardian Reports an 81% Surge of AI-Service Leaks as 29M Secrets Hit Public GitHub
2026-03-17 12:00:19
New York, NY, 17th March 2026, CyberNewswire
To Beat Alert Overload, Stop Wasting Time on False Positives
2026-03-17 15:39:50
At first glance, false positives in cybersecurity seem almost comforting. An alert fires. A SOC analyst investigates. It turns out to be nothing...
Warlock Ransomware Group Augments Post-Exploitation Activities
2026-03-17 15:36:52
In a recent attack, the group showcased stealthier cross-network activity, thanks to its use of a new BYOVD technique and other tools.
ChangeNOW Launches Private Send to Break Blockchain Address Tracking
2026-03-17 15:31:13
Private Send is a feature designed to prevent direct links between sender and recipient addresses on public blockchains. Instead of a direct wallet-to-wallet transfer, funds are routed through ChangeNOW...
ClickFix Attack Targets Devs with MacSync Malware via Fake Claude Tools
2026-03-17 15:23:53
Cybersecurity researchers at 7AI have revealed a new Claude Fraud campaign in which hackers use fake AI extensions and Google ads to steal data from tech professionals.
Aster Chain Launch: Defining a New Era for Onchain Privacy and Transparency
2026-03-17 15:19:58
Aster Chain is a privacy-focused trading ecosystem backed by YZi Labs. The Layer 1 blockchain is designed to dismantle the "transparency trap" of modern DeFi. It offers institutional-grade privacy and...
Agents IA, collaboration et lutte anti-drone au menu d'Orange Business
2026-03-17 15:12:57
Après avoir dévoilé il y a quelques semaines son plan stratégique sur 3 ans aux investisseurs autour de la notion de confiance, (...)
IA et emploi : Anthropic nuance les craintes de destructions massives de postes
2026-03-17 15:12:13
Une étude d'Anthropic introduit un nouvel indicateur d'exposition réelle au risque de remplacement des emplois par l'IA tout en signalant un ralentissement des embauches de jeunes dans les métiers...
GSR Acquires Autonomous and Architech to Launch Integrated Capital Markets And Treasury Platform
2026-03-17 15:11:23
GSR acquires Autonomous and Architech for million. Deal significantly expands the firm's ability to support tokenized organizations from formation through scale.
Attackers Use SEO Poisoning and Signed Trojans to Steal VPN Credentials
2026-03-17 15:06:00
A financially motivated threat actor known as Storm-2561 has been running a credential theft campaign since May 2025, manipulating search engine rankings to push fake VPN software toward enterprise users....
RondoDox botnet expands arsenal targeting 174 flaws, and hits 15,000 daily exploit attempts
2026-03-17 15:01:52
RondoDox botnet targets 174 flaws, reaching 15,000 daily exploit attempts in a more focused and strategic campaign. RondoDox botnet is ramping up attacks, targeting 174 vulnerabilities with up to 15,000...
MEXC Launches Prediction Market with 0-Fee, Low-Latency Trading Experience
2026-03-17 14:46:21
MEXC has launched a zero-fee prediction market offering millisecond-level trade execution, allowing users to trade on outcomes tied to global events like geopolitics and crypto trends. Integrated within...
Base58 Labs' BASIS 2026 Blueprint Forges a New Standard for BTC, ETH, SOL & PAXG
2026-03-17 14:39:53
Base58 Labs unveiled the [BASIS 2026 Technical Blueprint & Infrastructure Roadmap. New roadmap positions BASIS as an institutional-grade digital asset management platform built for macro volatility.
LeakNet Ransomware Uses ClickFix via Hacked Sites, Deploys Deno In-Memory Loader
2026-03-17 14:34:00
The ransomware operation known as LeakNet has adopted the ClickFix social engineering tactic delivered through compromised websites as an initial access method.
The use of ClickFix, where users are tricked...
Kubernetes CSI Driver for NFS Vulnerability Lets Attackers Delete or Modify NFS Server Directories
2026-03-17 14:24:27
A path traversal vulnerability has been identified in the Kubernetes Container Storage Interface (CSI) Driver for NFS, potentially allowing attackers to delete or modify unintended directories on NFS...
New Windows 11 25H2/24H2 Update Fixes Bluetooth Devices Visibility Issues
2026-03-17 14:03:44
Microsoft has rolled out an out-of-band update for Windows 11 users to address a frustrating interface bug affecting Bluetooth device visibility. Released on March 16, 2026, this emergency patch resolves...
Top 5 Things CISOs Need to Do Today to Secure AI Agents
2026-03-17 14:02:12
AI agents are autonomous actors with real access to data and systems, not just copilots. Token Security explains why identity-based access control is critical to prevent misuse and data exposure. [...]...
Angular XSS Vulnerability Exposes Thousands of web Applications to XSS Attacks
2026-03-17 14:00:55
A high-severity Cross-Site Scripting (XSS) vulnerability has been discovered in the widely used Angular framework. Tracked as CVE-2026-32635 and categorized under CWE-79, this flaw affects both the @angular/compiler and @angular/core packages....
New font-rendering trick hides malicious commands from AI tools
2026-03-17 13:59:12
A new font-rendering attack causes AI assistants to miss malicious commands shown on webpages by hiding them in seemingly harmless HTML. [...]
Microsoft stops force-installing the Microsoft 365 Copilot app
2026-03-17 13:54:37
Microsoft has stopped automatically installing the Microsoft 365 Copilot app on Windows devices that have the Microsoft 365 desktop client apps. [...]
Huntress Launches Two New Security Posture Tools as Cyber Threats Surge
2026-03-17 13:48:29
Cybersecurity firm Huntress has rolled out a pair of new products aimed at helping businesses shore up security weaknesses before attackers can exploit them, a shift from the reactive, detect-and-respond...
Enterprise Cloud Network Solutions for Multi-Cloud Environments: Top Platforms
2026-03-17 13:17:07
Enterprise Cloud Network Solutions secure multi-cloud environments with Zero Trust, visibility, and threat prevention across users, apps, and distributed data systems.
Growing Threat Of Scams Hits Australia's Not-For-Profit (NFP) Sector Hard
2026-03-17 13:06:43
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Mar. 17, 2026 – Read the full story in Eureka Street Mark Gaetani, National President of the St Vincent de Paul...
Orchid Security Recognized by Gartner® as a Representative Vendor of Guardian Agents
2026-03-17 13:00:23
New York, United States, 17th March 2026, CyberNewswire
Memority rachète Zygon pour étendre sa couverture IAM
2026-03-17 12:37:00
Memority met la main sur la start-up américaine Zygon pour combler les angles morts de la gouvernance des identités (IAM) dans les environnements SaaS.
The post Memority rachète Zygon pour étendre...
France Cybersecurity officialise sa promo 2026 : qu'est-ce que ce label ?
2026-03-17 12:31:52
Renouvellements compris, 85 entreprises sont lauréates 2026 du label France Cybersecurity.
The post France Cybersecurity officialise sa promo 2026 : qu’est-ce que ce label ? appeared first on Silicon.fr....
La cyber résilience, de la disponibilité au redémarrage maîtrisé !
2026-03-17 12:29:44
Sandra Maury, CISO/RSSI de Kyndryl France, défend une vision pragmatique de la cyber résilience. Limiter l'impact d'une crise cyber sur la disponibilité des systèmes et se préparer à redémarrer...
90% of people don't trust AI with their data
2026-03-17 12:26:37
AI may be everywhere, but according to our privacy survey, 90% say they don't trust it with their data, and many are pulling back.
LeakNet ransomware uses ClickFix, Deno runtime in stealthy attacks
2026-03-17 12:09:35
The LeakNet ransomware gang is now using the ClickFix technique for initial access into corporate environments and deploys a malware loader based on the open-source Deno runtime for JavaScript and TypeScript....
Rocky Linux: RLSA-2026:4629 libvpx security update Security Advisories Updates
2026-03-17 12:07:50
Important: libvpx security update
Ubuntu 20 04 LTS Linux Kernel Key AppArmor DoS Vulnerability USN-8099-3
2026-03-17 12:03:39
Several security issues were fixed in the Linux kernel.
Microsoft shares fix for Windows C: drive access issues on Samsung PCs
2026-03-17 12:03:38
Microsoft has shared guidance to fix C:\ drive access issues and app failures on some Samsung laptops running Windows 11, versions 25H2 and 24H2. [...]
CL-STA-1087 targets military capabilities since 2020
2026-03-17 12:01:59
China-linked APT group CL-STA-1087 has targeted Southeast Asian militaries since 2020 using AppleChris and MemFun. A suspected China-linked espionage campaign, tracked as CL-STA-1087, has targeted Southeast...
PACT 2026: A Stronger, Simpler, More Profitable Path for Rapid7 Partners
2026-03-17 12:00:00
The cybersecurity channel is evolving fast. Buying behaviors are shifting and customers are rethinking how they evaluate solutions. And partners are rethinking how they deliver value at scale. In this...
How searching for a VPN could mean handing over your work login details
2026-03-17 11:36:23
What looks like a legit VPN download could be a trap, as SEO poisoning is being used to steal corporate logins.
AI is Everywhere, But CISOs are Still Securing It with Yesterday's Skills and Tools, Study Finds
2026-03-17 11:30:00
A majority of security leaders are struggling to defend AI systems with tools and skills that are not fit for the challenge, according to the AI and Adversarial Testing Benchmark Report 2026 from Pentera.
The...
New Windows 11 hotpatch fixes Bluetooth device visibility issue
2026-03-17 11:07:05
Microsoft has released an emergency update to fix a Bluetooth device visibility issue on hotpatch-enabled Windows 11 Enterprise devices. [...]
USN-8098-2: Linux kernel (GCP) vulnerabilities
2026-03-17 10:58:28
Qualys discovered that several vulnerabilities existed in the AppArmor
Linux kernel Security Module (LSM). An unprivileged local attacker could
use these issues to load, replace, and remove arbitrary...
Adobe and NVIDIA Promise to “Reinvent Creativity” — but Mostly in Future Tense
2026-03-17 10:55:33
Adobe and NVIDIA rolled out yet another self-congratulatory “strategic partnership,” promising to “accelerate AI-powered creation, production, and personalization” — corporate speak that translates...
New Vidar 2.0 Infostealer Spreads via Fake Game Cheats on GitHub, Reddit
2026-03-17 10:49:13
The new infostealer campaign spreads Vidar 2.0 via fake game cheats on GitHub and Reddit, stealing crypto, login tokens, and files while targeting young gamers ignoring security warnings
Microsoft: Enabling Teams Meeting add-in breaks Outlook Classic
2026-03-17 10:37:19
Microsoft is working to address a known issue that renders the classic Outlook email client unusable for users who have enabled the Microsoft Teams Meeting Add-in. [...]
The 1,000-Pound Sled Pull That Shocked Alaska
2026-03-17 10:15:05
After John Thornton rescues him, Buck forms his first true bond of love and loyalty with a human. He proves that devotion through incredible feats—attacking a man who assaults Thornton, rescuing him...
Open, Closed and Broken: Prompt Fuzzing Finds LLMs Still Fragile Across Open and Closed Models
2026-03-17 10:00:38
Unit 42 research unveils LLM guardrail fragility using genetic algorithm-inspired prompt fuzzing. Discover scalable evasion methods and critical GenAI security implications.
The post Open, Closed and...
AI Agents Are Great at One Thing at a Time. Life Isn't Built That Way.
2026-03-17 10:00:04
AI agents excel at individual tasks but struggle to coordinate multiple devices and systems at once. Tethral is building a local-first orchestration layer that interprets natural language intent and dynamically...
Google cracks down on Android apps abusing accessibility
2026-03-17 09:59:12
Malware has been abusing Android's accessibility features for years. Google just made that a lot harder.
Konni Deploys EndRAT Through Phishing, Uses KakaoTalk to Propagate Malware
2026-03-17 09:53:00
North Korean threat actors have been observed sending phishing to compromise targets and obtain access to a victim's KakaoTalk desktop application to distribute malicious payloads to certain contacts.
The...
AI Won't Fix Your Broken IAM Data
2026-03-17 09:45:05
Enterprises are rushing to add AI to identity and access management, but fragmented identity data remains a critical weakness. Without a reliable, continuously updated source of identity truth, AI-driven...
From Windows to macOS: ClickFix attacks shift tactics with ChatGPT-based lures
2026-03-17 09:19:49
ClickFix campaigns are evolving, with attackers increasingly targeting macOS users and deploying more advanced infostealers, according to Sophos researchers. ClickFix is a growing social engineering technique...
A Dog on the Edge of Death
2026-03-17 09:00:52
Buck and the exhausted sled team are sold to inexperienced travelers—Hal, Charles, and Mercedes—whose incompetence and cruelty push the dogs to the brink of death. Starved, beaten, and forced across...
Des infostealers diffusés par des techniquess ClickFix
2026-03-17 08:31:15
Découverte en 2024 par Proofpoint, les méthodes ClickFix deviennent de plus en plus sophistiquée en combinant des sites web avec des (...)
Des clients de Lloyds Banking ont incidemment accédé à des comptes tiers
2026-03-17 08:29:48
Hallucination IA, attaque cyber, simple bug ou magie noire ? Le matin du 12 mars, certains clients de trois banques du groupe britannique Lloyds Banking (...)
Attack on Stryker's Microsoft environment wiped employee devices without malware
2026-03-17 08:05:55
The recent cyberattack on Stryker wiped tens of thousands of employee devices through its Microsoft environment, and systems are still offline. A recent cyberattack on medical technology giant Stryker...
From Enumeration to Findings: The Security Findings Report in EntraFalcon
2026-03-17 08:00:00
We just released a big update for EntraFalcon. The new Security Findings Report adds an interactive HTML overview to EntraFalcon that consolidates tenant settings and object-based checks into structured...
Rocky Linux: RLSA-2026:4672 container-tools Security Advisories Updates
2026-03-17 06:00:31
Important: container-tools:rhel8 security update
Alpine Linux 3 RLSB-2026-5783 Key Vulnerability Resolutions Now Released
2026-03-17 06:00:31
Important: container-tools:rhel8 security update
CISA Flags Actively Exploited Wing FTP Vulnerability Leaking Server Paths
2026-03-17 05:23:00
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a medium-severity security flaw impacting Wing FTP to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence...
An Inspiring Write up from Proving grounds
2026-03-17 04:53:03
As we approach any penetration testing engagement we start with information gathering, information gathering in Cyber Security is a crucial step that should not be avoided, same goes for enumeration.There...
Proving Grounds Linux Lab Hub ( Road to OSCP )
2026-03-17 04:52:59
Proving Grounds Linux Box Hub Offsec ( Road to OSCP )As always in every penetration testing engagements we start by reconnaissance and information gathering, in this step we try to get as much information...
Case Study: The Uber Hack
2026-03-17 04:52:47
In this section, we explore a cyberattack experienced by the company Uber. As in the previous case study, we will analyze the methods attackers used to penetrate the organization's network, escalate...
Vulnhub Prime: 1 — A Local File Inclusion (LFI) Vulnerability
2026-03-17 04:52:44
Vulnhub Prime: 1 — A Local File Inclusion (LFI) VulnerabilityThis walkthrough will attempt to solve VulnHub's Prime 1 CTF VM. The box contains several vulnerabilities, but the exploit chain centers...
Flu Proving Grounds linux lab
2026-03-17 04:52:07
Continue reading on InfoSec Write-ups »
How Prompts Break Systems: A Practical Analysis of LLM Defense Architecture
2026-03-17 04:51:54
If you want to understand how LLM defenses fail, stop reading papers for a moment and go break something.Gandalf is Lakera's prompt injection challenge platform. Eight levels, each one adding a new...
TryHackMe — Operation Endgame: Pwning an Active Directory Domain from Zero Credentials
2026-03-17 04:47:42
Difficulty: Medium | Category: Active DirectoryYou've been handed an IP address and nothing else. No username, no password, no hints. The target is a Windows Domain Controller — the crown jewel...
CTI Research: MuddyWater/Seedworm (Mango Sandstorm)
2026-03-17 04:33:47
Evidence-Labeled Threat Intelligence Assessment and SOC Defensive Guidance (2017 — March 2026)PDF here:CTI/muddywater-seedworm at main · anpa1200/CTITable of ContentsReport MetadataMethodology...
Oracle Linux 7 freerdp Significant Security Patch ELSA-2026-2713
2026-03-17 04:01:39
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:
Proofpoint Unveils Industry's Newest Intent-Based AI Security Solution to Protect Enterprise AI Agents
2026-03-17 04:01:03
Fedora 42 mingw-openexr Significant Buffer Overflow DoS CVE-2026-26981
2026-03-17 02:12:11
Update to openexr-3.4.6 resp 3.3.8.
China-Nexus Hackers Skulk in Southeast Asian Military Orgs for Years
2026-03-17 01:00:00
Researchers uncovered an extensive cyber espionage campaign that used novel backdoors and familiar evasion techniques to maintain persistent access to regional targets.
List of 21 new domains
2026-03-17 00:00:00
.fr blakelyhoodiefrance[.fr] (registrar: Hosting Concepts B.V. d/b/a Openprovider)
casino-enlignefiable[.fr] (registrar: Dynadot Inc)
decolis[.fr] (registrar: KEY-SYSTEMS GmbH)
dometicoutlet[.fr] (registrar:...
Multiples vulnérabilités dans Mattermost Server (17 mars 2026)
17/03/2026
De multiples vulnérabilités ont été découvertes dans Mattermost Server. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité et un problème de sécurité...
Multiples vulnérabilités dans les produits Kaspersky (17 mars 2026)
17/03/2026
De multiples vulnérabilités ont été découvertes dans les produits Kaspersky. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Multiples vulnérabilités dans Python (17 mars 2026)
17/03/2026
De multiples vulnérabilités ont été découvertes dans Python. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité et un problème de sécurité non spécifié...
Vulnérabilité dans Microsoft Edge (17 mars 2026)
17/03/2026
Une vulnérabilité a été découverte dans Microsoft Edge. Elle permet à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur. Microsoft indique que la vulnérabilité...
Multiples vulnérabilités dans Xen (17 mars 2026)
17/03/2026
De multiples vulnérabilités ont été découvertes dans Xen. Elles permettent à un attaquant de provoquer une élévation de privilèges, un déni de service à distance et une atteinte à la confidentialité...
Multiples vulnérabilités dans Spring AI (17 mars 2026)
17/03/2026
De multiples vulnérabilités ont été découvertes dans Spring AI. Elles permettent à un attaquant de provoquer une injection SQL (SQLi) et un contournement de la politique de sécurité.
Multiples vulnérabilités dans Redmine (17 mars 2026)
17/03/2026
De multiples vulnérabilités ont été découvertes dans Redmine. Elles permettent à un attaquant de provoquer une injection de code indirecte à distance (XSS), un contournement de la politique de...
Vulnérabilité dans les produits Microsoft (17 mars 2026)
17/03/2026
Une vulnérabilité a été découverte dans les produits Microsoft. Elle permet à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.