Toute l'actualité de la Cybersécurité
Ransomware Actors Show Up In Person to Steal Law Firm Data
2026-05-27 20:38:01
The FBI warned that the extortion gang Silent Ransom Group is targeting law firms and socially engineering its way into servers and databases.
Can Big Data Predict Market Movements Accurately?
2026-05-27 20:00:23
Can Big Data predict markets? Learn how AI, investor behavior, and digital signals shape modern forecasting across stocks and crypto trends.
The AI Phishing Revolution: From Spray-and-Pray to Autonomous Operations
2026-05-27 19:31:36
Evolution of AI Phishing As with most cyber threats, AI has created a fundamental shift in the phishing threat landscape. It has become a precision operation powered by AI systems that research, build,...
GHOST STADIUM Phishing Campaign Targets FIFA World Cup Fans With 300+ Fake Domains
2026-05-27 19:18:37
As the 2026 FIFA World Cup draws closer, cybercriminals are moving fast to cash in on the excitement. Researchers have uncovered a massive fraud operation targeting fans of the world’s biggest football...
ECB Urges Banks to Tackle AI Security Threats
2026-05-27 19:04:18
This week the European Central Bank (ECB), which supervises about 111 of the eurozone’s largest banks, convened at an urgent meeting with major lenders to accelerate efforts around AI security and...
Hackers Use Grandoreiro Malware to Target Portuguese Banks and Latin American Companies
2026-05-27 18:57:51
A banking trojan that has been quietly operating since 2016 is making headlines again. Grandoreiro, one of the most widespread banking malware strains globally, has resurfaced with fresh campaigns targeting...
Tycoon 2FA AiTM Kit Bypasses MFA on Entra ID and Google Workspace Accounts
2026-05-27 18:50:18
A powerful phishing kit known as Tycoon 2FA has been making waves across the cybersecurity world since it first appeared in August 2023. The kit operates as a Phishing-as-a-Service (PhaaS) platform, meaning...
Hackers Use Fake ChatGPT and Claude Installers to Deploy DinDoor Backdoor
2026-05-27 18:16:03
A new malware campaign is targeting content creators, gamers, and AI enthusiasts by disguising itself as popular software tools like ChatGPT and Claude. The attackers are spreading a dangerous backdoor...
Iran's Nimbus Manticore Used Trojanized Zoom Installers Against US Firms
2026-05-27 18:08:35
Iran's Nimbus Manticore hackers used trojanized Zoom installers to deploy malware against US firms during a wider IRGC linked cyber campaign.
Hackers Push 22 Versions of npm RAT With Wallet Theft and Persistent Backdoor
2026-05-27 18:07:26
A malicious npm package called forge-jsxy has been quietly stealing cryptocurrency wallet keys, browser credentials, and sensitive developer data across Windows, macOS, and Linux systems. Published to...
How to Detect Data Exfiltration with Elastic SIEM: SOC Analyst Hands-On Lab | Hunt Forward Lab #007
2026-05-27 17:59:53
Hunt Forward Lab #007 — Threat Hunting for Bulk File Transfer & Archive Creation | MITRE ATT&CK T1039, T1560.001, T1048.002🔬 Difficulty: Intermediate — Estimated Time: 45–60 minutes...
USN-8326-1: Foomuuri vulnerabilities
2026-05-27 17:43:35
Matthias Gerstner discovered that Foomuuri's D-Bus service did not properly
enforce authorization. An unprivileged local attacker could possibly use
this issue to manipulate the firewall configuration,...
How Top CISOs Increase Risk Visibility for Zero Critical Incidents
2026-05-27 16:47:39
How many alerts in your SOC are truly business-critical, and how many only look urgent because the team lacks context? This is one of the hardest questions for CISOs today. Without clear visibility, teams...
Latin American Cybercriminals Hoover Up Government Data
2026-05-27 16:19:03
A purported leak exposing 5.8 million records of Uruguayan citizens is the latest incident where cybercriminals targeted government agencies to monetize citizen data.
Hackers Abuse AI Chatbot Recommendations to Push Malicious Software Download Links
2026-05-27 16:13:11
Hackers are finding new ways to trick people into downloading malware, and this time, they are hiding behind tools many of us have come to trust. A newly uncovered cryptojacking campaign is abusing AI...
AI-Assisted Exploit Development Outpaces Scanner Detection
2026-05-27 16:11:19
Attackers are using AI to dramatically reduce the time they need to develop a working exploit for a CVE, according to new research.
Grandoreiro Malware and BTMOB RAT Campaigns Target Windows and Android Users
2026-05-27 16:10:21
Latin America and Europe become the target of two banking trojan campaigns that are designed to infect Windows and Android devices with Grandoreiro and BTMOB malware, respectively.
That's according to...
AI Is Making Software Autonomous, and Governance Must Follow
2026-05-27 15:50:35
In 2011, Marc Andreessen famously wrote that "software is eating the world." Today, software is no longer just a competitive advantage; it is the foundational infrastructure for nearly every...
Malicious npm Package Stole Files From Claude AI User Directory via GitHub
2026-05-27 15:44:29
Cybersecurity researchers have discovered a new malicious package on the npm registry that comes with information stealing capabilities.
According to OX Security, the package, named "mouse5212-super-formatter,"...
L'attaque Megalodon infecte plus de 5 000 dépôts GitHub
2026-05-27 15:43:34
Une opération automatisée et à grande échelle a ciblé des milliers de référentiels GitHub. Elle a été (...)
Motorola Phones Preinstalled App Found Hijacking Amazon App to Inject Affiliate Codes
2026-05-27 15:39:47
A hidden system application bundled with Motorola smartphones has been caught intercepting user-initiated Amazon app launches and silently redirecting them through affiliate tracking URLs, raising serious...
How I Built an AI Study Buddy That Generates Notes, Tutorials, and Self-Validated Tests
2026-05-27 15:36:29
This article documents a multimodal AI study pipeline built on NVIDIA Nemotron Omni and vLLM that converts textbooks, lecture videos, handwritten notes, and study-group chats into three synchronized outputs:...
How to Build Privacy-First AI Personalization Across Multiple Data Domains
2026-05-27 15:31:54
This article outlines practical frameworks for building privacy-first AI personalization systems capable of integrating data across multiple domains like email, photos, calendars, and apps. Rather than...
Attackers Can Exploit BadHost to Access Sensitive AI Agent Server Endpoints
2026-05-27 15:22:51
A newly disclosed critical vulnerability, tracked as CVE-2026-48710 and dubbed “BadHost,” is putting thousands of AI-powered applications at risk by enabling authentication bypass through manipulated...
Rethinking the Socrates Syllogism for Contemporary Logic Education
2026-05-27 15:16:30
This article reexamines the famous “All men are mortal, Socrates is a man” syllogism through the lens of modern pedagogy and philosophy. While acknowledging the formal correctness of deductive logic...
AI coding tools are widening the security validation gap, survey finds
2026-05-27 15:15:37
New research from offensive security firm Pentest-Tools.com has quantified a growing disconnect between the speed at which AI tools are generating code and the ability of security teams to validate it...
Engineering Metrics Are Shifting From Output Tracking to System Health
2026-05-27 15:05:13
Discover the key metrics that truly impact success in engineering leadership with our practical guide. Learn how to track and utilize data for better decision-making and team performance.
USN-8325-1: tgt vulnerability
2026-05-27 15:01:27
It was discovered that tgt incorrectly tried to achieve entropy by calling
rand without srand. An attacker could possibly use this issue to make tgt
generate an identical sequence of challenges, resulting...
New BTMOB Malware Lets Attackers Remotely Control Android Devices
2026-05-27 15:01:25
New Android malware dubbed BTMOB is arming even low-skilled attackers with full remote control over infected phones by combining a powerful RAT engine with a no-code campaign builder toolkit. The threat,...
How Can MSSPs Scale Threat Detection Without Burning Out Their Analysts?
2026-05-27 14:45:46
Disclosure: This article was provided by ANY.RUN. The information and analysis presented are based on their research and findings.
USN-8324-1: Apache Tika vulnerabilities
2026-05-27 14:10:36
It was discovered that Apache Tika incorrectly handled XML external
entities when parsing XFA content in PDF files. An attacker could possibly
use this issue to obtain sensitive information or send malicious...
The TechBeat: The Proxy Metric Engineers Get Wrong Every Time (5/27/2026)
2026-05-27 14:01:04
How are you, hacker?
🪐Want to know what's trending right now?:
The Techbeat by HackerNoon has got you covered with fresh content from our trending stories of the day! Set email preference here.
...
Why Your Python Functions Are Secretly Changing Data You Never Passed to Them
2026-05-27 14:00:54
You defined a function with a list as a default argument. Now, it's accumulating data across calls you never connected.
122 Blog Posts To Learn About Finance And Banking
2026-05-27 14:00:44
Let's learn about Finance And Banking via these 122 free blog posts. They are ordered by HackerNoon reader engagement data. Visit the Learn Repo or LearnRepo.com to find the most read blog posts about...
Can you enforce strong Active Directory password rules without frustrating users?
2026-05-27 14:00:10
Strong Active Directory passwords don't have to come at the expense of usability. Specops Software explains how passphrases, breached password protection, and self-service resets can improve security...
Se préparer à l'expiration des certificats Windows Secure Boot
2026-05-27 13:59:23
La vie des utilisateurs et des administrateurs de systèmes Windows s’apprête à être bouleversée. Microsoft compte (...)
The LA Metro Attack Wasn't Hacktivism. It Was a State Operation With a Costume On.
2026-05-27 13:52:07
Iran’s “hacktivist” group Ababil of Minab, which hit LA Metro and wiped terabytes of data, is forensically linked to Iran’s intelligence service MOIS. In late March, a group calling...
5 Steps to Managing Shadow AI Tools Without Slowing Down Employees
2026-05-27 13:28:48
When an employee installs an AI writing assistant, connects a coding copilot to their IDE, or starts summarizing meetings with a new browser tool, they are doing exactly what a productive employee should...
Glassworm botnet disrupted after resilient C2 infrastructure takedown
2026-05-27 13:28:42
The Glassworm botnet targeting developers in software supply-chain attacks has been disrupted after researchers took down its resilient command-and-control infrastructure relying on Solana blockchain...
USN-8323-1: Postorius vulnerability
2026-05-27 13:28:20
It was discovered that Postorius did not properly escape HTML in message
subjects when rendering the Held messages pop-up. An attacker could
possibly use this issue to inject arbitrary HTML, resulting...
USN-8322-1: Apache Commons BeanUtils vulnerability
2026-05-27 13:20:08
It was discovered that Apache Commons BeanUtils incorrectly allowed
access to the declaredClass property of Java enum objects when handling
externally supplied property paths. An attacker could possibly...
USN-8321-1: Papers vulnerability
2026-05-27 13:02:52
It was discovered that Papers incorrectly handled PDF /GoToR actions. If a
user were tricked into opening a specially crafted PDF file, an attacker
could use this issue to manipulate command lines and...
Football Fever Fuels Scam Campaigns Across Email and Social Media
2026-05-27 12:56:33
Football fans are increasingly targeted by scams exploiting club loyalty, national teams, football collectibles, streaming demand, and the growing excitement around the FIFA World Cup 2026, according...
USN-8320-1: Memcached vulnerabilities
2026-05-27 12:47:44
It was discovered that Memcached's SASL password database authentication
had a timing side channel when handling username and password data. A
remote attacker could possibly use this issue to obtain sensitive
information....
10 000 failles en un mois : Anthropic dévoile le premier bilan de Claude Mythos
2026-05-27 12:43:18
En un mois à peine, l'IA de cybersécurité d'Anthropic, Claude Mythos, a identifié plus de 10 000 failles graves dans des logiciels utilisés par des milliards de personnes. De facto, les équipes...
USN-8319-1: Libgcrypt vulnerabilities
2026-05-27 12:32:26
It was discovered that Libgcrypt incorrectly handled crafted ECDH
ciphertext. An attacker could possibly use this issue to cause Libgcrypt to
crash, resulting in a denial of service. (CVE-2026-41989)
It...
CISOs Turnover Persists As AI Makes Cybersecurity More Crucial Than Ever
2026-05-27 12:29:17
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – May. 27, 2026 –Read the full story Immense stress has infected the brains of CISOs (chief information security...
Data Engineering Teams Need a Different Version of Agile
2026-05-27 12:24:04
Agile is useful for data engineering teams when it creates visibility, reduces context switching, and helps teams manage uncertainty. A visible backlog, regular delivery rhythm, and meaningful retrospectives...
USN-8318-1: libcaca vulnerability
2026-05-27 12:23:40
It was discovered that libcaca incorrectly handled certain malformed files.
An attacker could use this issue to cause libcaca to crash, resulting in a
denial of service, or possibly execute arbitrary...
Link11 is fully committed to Europe and is opening a Customer Excellence Hub in Lisbon
2026-05-27 12:21:39
Frankfurt am Main, Germany, 27th May 2026, CyberNewswire
Cybersecurity Evolution: How We Went From Perimeter Defense to AI-Native Security
2026-05-27 12:11:30
The cybersecurity industry of 2006 barely resembled today's billion-dollar behemoth. As part of Dark Reading's 20th anniversary celebration, we trace the industry's evolution through a technology lens....
USN-8317-1: GStreamer Good Plugins vulnerabilities
2026-05-27 12:07:51
It was discovered that GStreamer Good Plugins incorrectly handled certain
MP4 audio tracks. An attacker could possibly use this issue to cause
GStreamer Good Plugins to crash, resulting in a denial of...
Designing secure access with ZTNA
2026-05-27 12:00:00
New guidance explains how to design Zero Trust Network Access architectures aligned with zero trust principles and not built on old trust assumptions.
FBI warns of in-person data theft attacks from extortion gang
2026-05-27 11:51:12
The FBI warned on Tuesday that the Silent Ransom Group (SRG) extortion gang is now targeting U.S.-based law firms in in-person data theft attacks. [...]
GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure
2026-05-27 11:48:37
CrowdStrike, in partnership with Google and the Shadowserver Foundation, has announced the simultaneous disruption of all command-and-control (C2) channels associated with GlassWorm, a persistent software...
3 SOC Steps that Shut Down Incident Risks Early
2026-05-27 11:45:00
Most organizations still picture cyber defense as a fortress problem: build stronger walls, add more guards, buy another detection engine. But modern incidents rarely crash through the front gate. They...
Kali365 phishing kit bypasses MFA and steals Microsoft logins
2026-05-27 11:41:54
The FBI has warned that attackers are using a new phishing kit to gain long-term access to Microsoft Outlook, Teams, and OneDrive accounts.
How cybersecurity firms took down Glassworm botnet in one shot
2026-05-27 11:35:46
Glassworm infected developers through poisoned tools and packages until a coordinated takedown killed all four of its C2 channels at once. On May 26, 2026, at 14:00 UTC, CrowdStrike Counter Adversary...
G7 numérique : « SBOM for AI », un référentiel pour sécuriser la chaîne d'approvisionnement de l'IA
2026-05-27 11:21:28
Le G7 et plusieurs agences de cybersécurité, dont l'ANSSI, publient "SBOM for AI". Un premier cadre de référence pour cartographier les composants des systèmes d'intelligence artificielle.
The...
Most Organisations Can't See Their AI Traffic and Attackers Are Already Exploiting That
2026-05-27 11:02:41
A new report released today by Check Point Software lays out in stark terms how far enterprise security architecture has fallen behind AI adoption and the incidents already resulting from that gap. The...
L'Ugap cantonne le marché Oracle au support
2026-05-27 10:59:59
La fin des nouveaux contrats pour Oracle via le marché dédié de l'Ugap. Lors de son audition devant la commission d'enquête (...)
Cybersécurité et data plombent la transformation digitale industrielle
2026-05-27 10:57:09
La transformation digitale de la production industrielle sort progressivement des phases pilotes pour entrer en déploiement opérationnel, (...)
Une faille dans Chromium transforme les navigateurs en bot
2026-05-27 10:50:53
Chromium, le navigateur open source qui sous-tend notamment Google Chrome, Microsoft Edge et Opera, contient une vulnérabilité non corrigée (...)
Gitea Vulnerability Exposes Private Container Images without Authentication
2026-05-27 10:06:32
Cybersecurity researchers have disclosed a security flaw in Gitea, an open-source, self-hosted platform for version control, that allows unauthenticated remote attackers to pull private container images...
CISA gives feds 4 days to patch actively exploited cPanel plugin flaw
2026-05-27 10:06:17
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given U.S. federal agencies four days to secure their servers against a critical vulnerability in the LiteSpeed cPanel user-end plugin,...
Company bragged phone mics could listen to conversations. They couldn’t.
2026-05-27 09:56:26
Cox Media said it could spy on users through their devices and use the information for targeted advertising, except it wasn't true.
IA contre IA : sécuriser le code dans un cycle de menaces auto-accéléré
2026-05-27 09:46:35
{ Tribune Expert } - La sécurité applicative doit désormais être pilotée comme une capacité industrielle continue, centrée non plus sur le volume brut d'alertes, mais sur l'exploitabilité...
Fake LinkedIn emails abuse Adobe to track victims
2026-05-27 09:32:09
Phishers are stealing LinkedIn credentials while abusing Adobe Target to track victims and redirect them to real LinkedIn pages.
Le grand retour des CPU et de la mémoire à l'ère de l'IA agentique
2026-05-27 09:16:29
Les CPU et les puces mémoire retrouvent un rôle stratégique avec l'essor de l'IA agentique et des datacenters. Intel, AMD et Micron profitent de ce nouveau cycle.
The post Le grand retour des CPU...
Dutch police arrests suspect linked to Ajax football club hack
2026-05-27 09:09:03
The Dutch National Police arrested a 35-year-old man suspected of hacking the professional football club Ajax Amsterdam (AFC Ajax) earlier this year. [...]
Scale Computing étoffe son catalogue de virtualisation
2026-05-27 08:51:05
Scale Computing enrichit son portfolio avec SC/Connect, une solution sécurisée qui combine un SD-WAN et des services SASE pour les environnements (...)
Windows 11 KB5089573 update released with performance improvements
2026-05-27 08:33:46
Microsoft has released the KB5089573 preview cumulative update for Windows 11 versions 25H2 and 24H2, which comes with 30 changes, including performance and reliability improvements. [...]
Understanding Why OS RAM and Postgres Buffer Cache Compete
2026-05-27 08:30:31
Many PostgreSQL performance issues aren't caused by too little RAM, but by allocating memory to the wrong layer. Postgres and the OS both cache the same data independently, creating a “double buffering”...
Dutch Government just said no to an American firm buying the keys to their digital State
2026-05-27 08:24:45
The Dutch government blocked Kyndryl's €100M bid for Solvinity, citing national security concerns over critical digital infrastructure. Dutch Government told Kyndryl it can’t buy Solvinity....
How AI Systems Can Build Self-Healing Data Infrastructure
2026-05-27 08:15:38
Modern enterprise AI and data platforms are becoming too operationally complex for traditional reactive monitoring systems.
This article explores how self-healing infrastructure architectures can combine...
2 millions d'appareils compromis : le pirate derrière ce redoutable botnet a été arrêté
2026-05-27 08:14:52
Le botnet KimWolf a infecté deux millions d'appareils, pulvérisé des records d'attaques DDoS et ciblé jusqu'à l'armée américaine. Son présumé administrateur, un jeune Canadien de 23 ans, vient...
Proofpoint Introduces Active Exploits Protection to Help Organizations Prioritize Vulnerability Patching for Real-World Attacks in the AI Era
2026-05-27 08:07:39
AI Chatbot Recommendations Redirect Users to Cryptojacking Malware Sites
2026-05-27 07:45:52
Microsoft has warned of an active cryptojacking campaign that makes use of artificial intelligence (AI) chatbot interactions as a mechanism for surfacing malicious download sites.
"This emerging delivery...
Google veut s'attaquer aux apps Android « mortes » qui traînent sur votre smartphone
2026-05-27 07:30:30
Google s'apprête à combler un angle mort de son Play Store. Les utilisateurs Android pourraient être automatiquement alertés lorsqu'une application installée sur leur téléphone a été retirée...
Microsoft SharePoint Has a New RCE Flaw. If You Haven't Patched Yet, Go Do That.
2026-05-27 07:10:59
A critical vulnerability, tracked as CVE-2026-45659, in Microsoft SharePoint can allow attackers to achieve remote code execution with little effort. Microsoft released security updates to patch a high-severity...
2026 Is the Make-or-Break Year for the New Space Race
2026-05-27 07:08:13
From the Gobi Desert to the Arctic Circle, a generation of private rocket startups is finally bending metal. 2026 is the year they either reach orbit—or run out of cash.
Stop Calling It an AI Assistant. It's Already Managing Your Company
2026-05-27 07:06:52
The next enterprise AI risk is not that a chatbot writes a bad email. It is that an AI agent quietly enters the operational layer of the company and starts ranking priorities, routing approvals, classifying...
SSH Labs
2026-05-27 07:00:00
SSH is a widely used protocol that provides secure access to remote systems. It enables encrypted communication, file transfers, command execution and shell access for system administration.
Visit https://sshlabs.compass-security.training...
Mytheresa - 84,108 breached accounts
2026-05-27 05:17:45
In April 2026, the luxury fashion e-commerce platform Mytheresa was listed as a victim of the ShinyHunters "pay or leak" extortion group. After the ransom deadline passed, the group publicly released...
List of 32 new domains
2026-05-27 00:00:00
.fr 1lolajack[.fr] (registrar: Hosting Concepts B.V. d/b/a Openprovider)
avinovaofficielle[.fr] (registrar: GRANSY s.r.o.)
axis-group[.fr] (registrar: OVH)
banque-defrance[.fr] (registrar: Hostinger operations...
Multiples vulnérabilités dans Kaspersky Anti Targeted Attack Platform (27 mai 2026)
27/05/2026
De multiples vulnérabilités ont été découvertes dans Kaspersky Anti Targeted Attack Platform. Elles permettent à un attaquant de provoquer une injection de code indirecte à distance (XSS).
Multiples vulnérabilités dans Joomla! (27 mai 2026)
27/05/2026
De multiples vulnérabilités ont été découvertes dans Joomla!. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des...
Multiples vulnérabilités dans les produits Check Point (27 mai 2026)
27/05/2026
De multiples vulnérabilités ont été découvertes dans les produits Check Point. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la...
Multiples vulnérabilités dans Samba (27 mai 2026)
27/05/2026
De multiples vulnérabilités ont été découvertes dans Samba. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance...
Multiples vulnérabilités dans Veeam Backup & Replication (27 mai 2026)
27/05/2026
De multiples vulnérabilités ont été découvertes dans Veeam Backup & Replication. Elles permettent à un attaquant de provoquer une élévation de privilèges et une atteinte à l'intégrité des...
Multiples vulnérabilités dans Symfony (27 mai 2026)
27/05/2026
De multiples vulnérabilités ont été découvertes dans Symfony. Certaines d'entre elles permettent à un attaquant de provoquer une falsification de requêtes côté serveur (SSRF), une injection de...