Toute l'actualité de la Cybersécurité


Mageia 10 9 libidn Critical Out-Of-Bounds Read CVE-2026-57053

2026-07-18 18:27:53
Security update

Lire la suite »

OpenSSL Fixes HollowByte Memory Exhaustion Bug

2026-07-18 18:24:32
Okta disclosed HollowByte, an 11-byte OpenSSL flaw that lets remote attackers exhaust server memory and trigger denial-of-service attacks. Okta’s Red Team disclosed a denial-of-service vulnerability...

Lire la suite »

Hugging Face Confirms AI-Driven Breach: Attackers used Autonomous Agents, defenders countered with AI

2026-07-18 17:30:35
Hugging Face disclosed this week that it detected and contained a production infrastructure intrusion, driven end-to-end by an autonomous AI agent system, and defended against it using its own AI-based...

Lire la suite »

WordPress Core "wp2shell" RCE flaws get public exploits, patch now

2026-07-18 17:22:47
Public exploits have been released for the critical "wp2shell" remote code execution vulnerabilities affecting WordPress Core, making it imperative that administrators patch their sites immediately. [...]...

Lire la suite »

openSUSE Tumbleweed oras Moderate Threat Update 2026-11297-1 CVE-2026-50163

2026-07-18 15:36:25
An update that solves one vulnerability can now be installed.

Lire la suite »

openSUSE Nginx New Moderate Update Advisory Released 2026-11295-1

2026-07-18 15:36:25
An update that solves 3 vulnerabilities can now be installed.

Lire la suite »

openSUSE gomuks Moderate Security Issue Fix 2026-11290-1

2026-07-18 15:36:24
An update that solves 6 vulnerabilities can now be installed.

Lire la suite »

openSUSE Tumbleweed Blender Moderate Security Issue Advisory 2026-11288-1

2026-07-18 15:36:24
An update that solves 3 vulnerabilities can now be installed.

Lire la suite »

Debian LTS Linux Critical Privilege Escalation and DoS Update DLA-4688-1

2026-07-18 14:17:35
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. For Debian 12 bookworm, these problems have been fixed...

Lire la suite »

Microsoft warns of surge in ACR Stealer attacks on customers

2026-07-18 14:17:19
Microsoft has observed a surge in attacks using the ACR Stealer malware to steal browser-stored passwords, authentication tokens, and sensitive documents from its enterprise customers. [...]

Lire la suite »

The TechBeat: How Key Data Slashed Debugging Time and Ramped Up Innovation Velocity (7/18/2026)

2026-07-18 14:01:07
7/18/2026: Trending stories on Hackernoon today!

Lire la suite »

Daxin: 13-Year-Old China-Linked Malware Found Still Active on Manufacturer's Network

2026-07-18 14:01:03
Researchers found China’s Daxin rootkit and a new Stupig backdoor on a Taiwan firm’s network, suggesting a stealthy intrusion dating back to 2013. Symantec’s Threat Hunter Team found...

Lire la suite »

The Biggest Audience on My Website Never Clicks

2026-07-18 14:00:53
Over 89 days, my website recorded 95,394 AI bot hits. Here's why AI retrieval may matter more than traditional referral traffic.

Lire la suite »

137 Blog Posts To Learn About Cloud Native

2026-07-18 14:00:45
Learn everything you need to know about Cloud Native via these 137 free HackerNoon blog posts.

Lire la suite »

The Future of Age Verification: Your Face Never Leaves Your Device

2026-07-18 13:15:24
As age verification laws expand worldwide, organizations face growing pressure to protect users' privacy while meeting regulatory requirements. Incode explains how on-device age estimation verifies age...

Lire la suite »

openSUSE 16.0 cyrus-imapd Moderate Threats Update 2026-21368-1

2026-07-18 13:13:28
An update that solves 9 vulnerabilities and has 9 bug fixes can now be installed.

Lire la suite »

openSUSE Leap 16.0 Lux Important Denial of Service Issues 2026-21367-1

2026-07-18 13:13:20
An update that solves 9 vulnerabilities and has 5 bug fixes can now be installed.

Lire la suite »

openSUSE Leap 16.0 Grafana Important Request Limit XSS Fix 2026-21366-1

2026-07-18 13:13:14
An update that solves 2 vulnerabilities and has 3 bug fixes can now be installed.

Lire la suite »

U.S. CISA adds Fortinet FortiSandbox and Microsoft SharePoint flaws to its Known Exploited Vulnerabilities catalog

2026-07-18 11:49:16
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Fortinet FortiSandbox and Microsoft SharePoint flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure...

Lire la suite »

New Spirals Ransomware Uses IIS Web Shell and PsExec to Encrypt IT Firm in Under 24 Hours

2026-07-18 11:41:32
A previously unseen ransomware family dubbed “Spirals” struck an IT services company in South Asia in June 2026. Symantec’s Threat Hunter Team reports that the attackers moved from the...

Lire la suite »

Canicule : les serveurs français sous pression pirate

2026-07-18 11:38:31
Seize organisations françaises citées par six groupes pirates entre le 1er et le 16 juillet 2026.

Lire la suite »

Cyber actualités de la semaine du 19 juillet 2026

2026-07-18 11:20:25
Bonjour à toutes et tous Cette semaine, les fuites de données dominent l'actualité avec NEBBIA, Croqvacances, seize millions de CV exposés et le piratage de l'opérateur Odido. LeakBase voit aussi...

Lire la suite »

La base piratée de LFI ressurgit sur un forum pirate

2026-07-18 11:08:26
La base volée d'Action populaire ressurgit, exposant militants et organisation aux risques cyber et politiques.

Lire la suite »

LeakBase : dix téraoctets piratés réapparaissent

2026-07-18 10:13:29
LeakBase fermé, une archive de 10 To de données volées réapparaît via des stockages publics russes.

Lire la suite »

700 escrocs, 20 centres d'appels : ce réseau criminel a fait des dizaines de milliers de victimes

2026-07-18 10:02:55
La police vient de démanteler un vaste réseau criminel spécialisé dans les arnaques aux faux investissements. Baptisée « Operation Sunflower », l'enquête a duré près de quatre ans et s'est soldée...

Lire la suite »

Un négociateur de rançongiciel condamné à 70 mois

2026-07-18 09:49:13
Un négociateur de rançongiciel condamné pour avoir aidé BlackCat à extorquer ses propres clients.

Lire la suite »

La piste néerlandaise se précise après le piratage d'Odido

2026-07-18 09:41:38
La police explore une piste et une voix après le vol des données de six millions de clients d'un important opérateur téléphonique.

Lire la suite »

How Browser-Based Image Rotation Works Without Uploading Your Files

2026-07-18 09:32:47
Learn how modern browsers rotate images locally using HTML Canvas, FileReader, and Web APIs without uploads for faster, private image editing.

Lire la suite »

Device Code Phishing: How Attackers Abuse Microsoft's Legitimate Authentication Page Without…

2026-07-18 09:24:57
Device Code Phishing: How Attackers Abuse Microsoft's Legitimate Authentication Page Without Stealing Your PasswordThe most convincing Microsoft phishing attack yet. Learn how attackers abuse Microsoft's...

Lire la suite »

From SQL Injection to Infrastructure-Level RCE: A PostgreSQL Superuser Compromise

2026-07-18 09:24:45
Imagine finding a backdoor that gives you absolute superuser access to a state infrastructure network, documenting the exploit chain perfectly, and submitting it—only to be met with total bureaucratic...

Lire la suite »

From User Enumeration to PII Exposure: Chaining Two APIs Into a ,000 Bug

2026-07-18 09:23:37
Free Article Link: Click for free!Continue reading on InfoSec Write-ups »

Lire la suite »

How I Abused a Group Policy Object (GPO) in Active Directory (And How to Fix It)

2026-07-18 09:23:03
Group Policy Objects (GPOs) are one of the most powerful features in Active Directory. They allow administrators to manage settings across computers and users.But if the wrong user has control over a...

Lire la suite »

How I Escalated to Domain Admin Using AD CS (And How to Fix It)

2026-07-18 09:22:57
What is AD CS?Active Directory Certificate Services (AD CS) allows users and computers to obtain certificates for authentication, encryption, and other services.If certificate templates are misconfigured,...

Lire la suite »

How I AES-Roasted My Active Directory Lab (And How to Fix It)

2026-07-18 09:22:46
AS-REP Roasting is one of the easiest ways to obtain Active Directory credentials without knowing a password. If a user has Kerberos Preauthentication disabled, the Domain Controller returns an AS-REP...

Lire la suite »

eCPPTv3 Review

2026-07-18 09:22:38
Almost a year ago, I took the INE's “eCPPTv3” exam, and here is my honest reviewWhy eCPPT?A year ago (May 29) I've bought the bundle which included 3 months of premium subscription and 2 exam...

Lire la suite »

CallMeOnTheChain — EtherRAT Lab Writeup [CyberDefenders]

2026-07-18 09:22:34
CallMeOnTheChain — EtherRAT Lab Writeup [CyberDefenders]CallMeOnTheChain - EtherRAT | Blue team challenge.You can read this writeup on my GitBook: LinkScenarioSomething is wrong at Maromalix. On...

Lire la suite »

600$ For Stealing Podcasts/Show via RSS Feed Manipulation

2026-07-18 09:22:18
Hello hunters! 👋In this write-up, I will share a Business Logic Flaw I discovered in a major podcasting platform (redacted.com).By manipulating a simple XML file (RSS Feed), I was able to bypass the...

Lire la suite »

Decoding the Obfuscated Layer: A Playbook Walkthrough of Command-Line Forensics

2026-07-18 09:21:20
A full and detailed insight into CLI forensics, going into depth following a TryHackMe labSource: TechFusionFor incident responders, security analysts, and threat hunters, discovering an unknown script...

Lire la suite »

Why Bigger Context Windows Make AI Agents Worse, Not Better

2026-07-18 09:18:01
Why bigger context windows often make AI agents less accurate. Learn about lost-in-the-middle, context rot, reranking, and smarter context engineering.

Lire la suite »

Multi-Agent Systems Need a Control Plane, Not Just Better Orchestration

2026-07-18 09:09:11
Multi-agent AI systems need control planes to separate agent recommendations from execution authority, policy enforcement, and auditability.

Lire la suite »

Designing Software for Change: The Engineering Discipline Behind Systems That Survive Growth

2026-07-18 09:01:59
Learn why resilient software architecture is designed for change, not just scale—and how to reduce technical debt, cognitive load, and future engineering risk.

Lire la suite »

Critical WordPress Core Flaw Lets Anonymous Hackers Gain Remote Code Execution

2026-07-18 08:47:43
A newly disclosed a pre-authentication remote code execution (RCE) vulnerability in WordPress Core, dubbed “wp2shell,” that requires no authentication and affects stock WordPress installations...

Lire la suite »

Citrix Secure Access and Endpoint Client for Windows Vulnerability Enables Privilege Escalation

2026-07-18 08:41:45
Cloud Software Group has disclosed two security vulnerabilities affecting Citrix Secure Access Client for Windows and Citrix Endpoint Analysis Client for Windows, with one flaw allowing low-privileged...

Lire la suite »

Why Superintelligence Won't Be Born on Earth

2026-07-18 08:27:33
Why state regulations, institutional lies, and the "alignment trap" guarantee that true Artificial Superintelligence (ASI) will only be born far beyond Earth.

Lire la suite »

EY Data Breach – Hackers Access Third-Party IT Support Platform and Steal Client Tax Documents

2026-07-18 08:16:55
Ernst & Young LLP (EY) has confirmed a data security incident in which an unauthorized third party breached a third-party IT service management platform used by its tax practice, exfiltrating documents...

Lire la suite »

OpenSSL DoS Vulnerability Lets Remote Attackers Exhaust Server Memory With an 11-Byte Payload

2026-07-18 07:33:38
A newly disclosed vulnerability reminds us how deeply our digital infrastructure relies on foundational libraries. The Okta Red Team recently discovered “HollowByte,” a Denial of Service (DoS)...

Lire la suite »

« Le casse de la mémoire » de Claude : comment un site piégé a poussé l'IA à divulguer toutes vos données

2026-07-18 07:31:04
Un chercheur a démontré qu'un simple site web piégé pouvait pousser Claude à divulguer le nom, l'employeur et la ville d'origine de son utilisateur. Des réponses à des questions de sécurité...

Lire la suite »

Citrix Secure Access Client Flaw Lets Low-Privileged Windows Users Gain SYSTEM Privileges

2026-07-18 06:46:38
Cloud Software Group has issued a High-severity security bulletin (CTX696734) disclosing two vulnerabilities in the Citrix Secure Access Client for Windows and the Citrix Endpoint Analysis Client for...

Lire la suite »

TradFi Volumes Triple, 12M Users Reached as BTCC Exchange Marks 15 Years

2026-07-18 06:25:05
On July 10, BTCC hosted an exclusive VIP dinner in Ginza, Tokyo. The invitation-only event brought VIP clients together under the theme of "Tsumugi" (to weave),

Lire la suite »

Apple alerte les utilisateurs d'iPhone : ces appels FaceTime peuvent vider votre compte bancaire

2026-07-18 06:02:12
Apple et les autorités américaines alertent les utilisateurs d'iPhone sur une escroquerie en pleine expansion. De plus en plus, les cybercriminels se servent de FaceTime pour tenter de piéger les internautes...

Lire la suite »

Mageia Python-pydantic-settings Critical File Read Issue CVE-2026-58203

2026-07-18 05:49:09
Security update

Lire la suite »

Mageia LibreOffice Important Buffer Overflow Issues Fix 2026-0259

2026-07-18 05:49:08
Security update

Lire la suite »

Mageia 10 Sticky Bugfix Advisory 2026-0057 Unraveled and Explained

2026-07-18 05:49:05
Security update

Lire la suite »

The 5 AWS Services Every Developer Must Know to Build AI Products in 2026 (With Real Projects)

2026-07-18 05:00:56
You don't need to know all 200+ AWS services to build AI products. You need these 5. Here's the complete beginner's guide to Amazon Bedrock, Lambda, API Gateway

Lire la suite »

MC2: The Best Marvel Alternate Universe You Never Heard of

2026-07-18 03:07:08
The MC2, or Marvel Comics 2, is Marvel's best-kept secret.

Lire la suite »

New wp2shell RCE Vulnerability Hits Millions of WordPress Sites, Emergency Patch Released

2026-07-18 03:05:23
A critical pre-authentication remote code execution (RCE) vulnerability dubbed “wp2shell” has been discovered in WordPress Core, putting an estimated 500 million+ websites at risk of full...

Lire la suite »

212 Blog Posts To Learn About Cloud Infrastructure

2026-07-18 02:00:48
Learn everything you need to know about Cloud Infrastructure via these 212 free HackerNoon blog posts.

Lire la suite »

List of 34 new domains

2026-07-18 00:00:00
.fr 5gringos-fra[.fr] (registrar: Hosting Concepts B.V. d/b/a Openprovider) air-canada[.fr] (registrar: OVH) airfrance-relationce[.fr] (registrar: IONOS SE) bruno-fra[.fr] (registrar: Hosting Concepts...

Lire la suite »