Toute l'actualité de la Cybersécurité
Firestarter : la porte dérobée qui survit aux correctifs Cisco
2026-04-28 12:03:02
Des chercheurs en sécurité ont découvert une porte dérobée inquiétante ciblant les pare-feux Cisco Systems, (...)
The Role of Aggregated Liquidity in Modern Crypto Markets
2026-04-28 10:16:50
Aggregated liquidity improves crypto trading by combining multiple sources, offering better rates, deeper markets, and more reliable execution across assets.
Microsoft: New Remote Desktop warnings may display incorrectly
2026-04-28 09:51:26
Microsoft has confirmed a new issue causing newly introduced Windows security warnings to display incorrectly when opening Remote Desktop (.rdp) files. [...]
Q1 2026 Cyber Attack Statistics
2026-04-28 09:51:05
I aggregated the statistics created from the cyber attacks timelines published in the first quarter of 2026. In this period, I collected a total of 528 events (5.87 events/day) dominated by Cyber Crime...
Acronis lutte contre le shadow IA
2026-04-28 09:30:05
Acronis dévoile, pour les MSP, GenAI Protection, la première brique de son offre Cyber Workspace qui propose un espace de travail IA sécurisé. (...)
En Allemagne, une certaine idée de la « souveraineté » du cloud
2026-04-28 09:27:33
Les exigences et les tolérances de l'Allemagne transparaissent dans sa déclinaison du Cloud Sovereignty Framework.
The post En Allemagne, une certaine idée de la « souveraineté » du cloud appeared...
Chinese engineer stole US military and NASA software for years
2026-04-28 09:21:11
He created Gmail accounts, impersonated real US researchers, and convinced NASA, the military, and universities to hand over sensitive code.
New Android spyware Morpheus linked to Italian surveillance firm
2026-04-28 09:18:05
Osservatorio Nessuno uncovered Morpheus spyware spreading via fake Android apps to steal data, highlighting rising covert surveillance tools. The non-partisan, non-religious, nonprofit organization Osservatorio...
Microsoft asks iPhone users to reauthenticate after Outlook outage
2026-04-28 08:37:12
After addressing a widespread outage that affected Outlook.com users worldwide on Monday, Microsoft has asked iPhone users to re-enter their credentials to regain access to their Outlook and Hotmail accounts...
Proofpoint Research Reveals Half of Global Organizations Experienced AI Incidents Despite Having AI Security Controls in Place
2026-04-28 08:34:13
Beyond the perimeter: Why identity and cyber security are one single story
2026-04-28 08:26:57
By James Odom, Director of Cyber, and Jim Small, Director of Identity at Hippo Digital For years, identity and cyber security have been treated as separate disciplines, with identity focusing on...
DORA and the Practical Test of Operational Resilience
2026-04-28 08:25:02
By Alan Stewart-Brown, VP EMEA, Opengear Disruption in financial services rarely follows a clean script. A misconfiguration, a spike in malicious traffic, or a poorly timed change can cascade across...
GoBolt Is Betting Its Supply Chain Can Handle 2026's Next Big Disruption
2026-04-28 08:15:09
GoBolt is betting that sustainability equals resilience. By combining EV fleets, localized fulfillment, and real-time traceability, it reduces fuel volatility and disruption risk. As global logistics...
USN-8214-1: NLTK vulnerability
2026-04-28 08:10:41
It was discovered that NLTK incorrectly handled file extraction when
opening a maliciously crafted zip file. An attacker could possibly use this
issue to create or overwrite files on the system and execute...
Popular PyPI Package With 1 Million Monthly Downloads Hacked to Inject Malicious Scripts
2026-04-28 08:06:00
A major software supply chain attack has compromised the popular Python package elementary-data, exposing thousands of developers to massive credential theft. Threat actors successfully pushed a...
Jolly Shah and the Evolution of Sustainable Firmware Design
2026-04-28 08:00:47
Jolly Shah is advancing sustainable firmware design by treating energy efficiency as a core architectural principle. From low-power embedded systems to large-scale data centers, her “milliwatt mindset”...
MDR Selection is a Partnership Decision
2026-04-28 08:00:00
Managed Detection and Response (MDR) is a cybersecurity service that combines human expertise and technology to detect, investigate, and respond to threats 24/7.I write this as a Field CISO at Rapid7,...
Chinese Silk Typhoon Hacker Extradited to U.S. Over COVID Research Cyberattacks
2026-04-28 07:57:00
A Chinese national accused of being a member of the Silk Typhoon hacking group has been extradited to the U.S. from Italy.
Xu Zewei, 34, was arrested in July 2025 by Italian authorities for his...
Windows Remote Desktop Leaves Behind Image Fragments Attackers Can Stitch Into Screenshots
2026-04-28 07:54:06
Whenever someone uses Windows Remote Desktop, the operating system quietly saves visual fragments of the active session. As recently highlighted by SCYTHE Labs, attackers can easily extract these breadcrumbs...
« Prouvez que vous êtes humain » : L'arnaque au faux CAPTCHA qui fait grimper votre facture de téléphone
2026-04-28 07:50:22
Infoblox Threat Intel révèle que des escroqueries transforment de simples pages « prouvez que vous êtes humain » en envois de SMS internationaux coûteux pour les consommateurs et les opérateurs...
Multiple OpenClaw Vulnerabilities Enables Policy Bypass and Host Override
2026-04-28 07:48:32
Cybersecurity researchers have recently disclosed three moderate-severity vulnerabilities in OpenClaw, an AI agent framework previously known as Clawdbot and Moltbot. Distributed as an npm package, these...
Enquête Akamai : l'IA amplifie les risques pour les API
2026-04-28 07:46:43
La montée en puissance de l'IA entraîne une augmentation des attaques contre les API et des coûts liés aux incidents.. La dernière enquête d'Akamai révèle que 87 % des organisations ont subi...
Linux ELF Malware Generator Evades ML Detection With Semantic-Preserving Changes
2026-04-28 07:46:24
Researchers from the Czech Technical University in Prague have developed a new adversarial malware generator targeting Linux ELF binaries. It achieves a 67.74% evasion rate against ML-based malware detectors...
NCSC launches SilentGlass, a plug-in device to secure HDMI and DisplayPort links
2026-04-28 07:14:23
NCSC's SilentGlass blocks malicious HDMI/DisplayPort links, protecting monitors from hardware attacks. Now commercialized for global use. The UK's National Cyber Security Centre (NCSC) has launched...
OilRig Hides C2 Configuration in Google Drive Image Using LSB Steganography
2026-04-28 07:13:39
A well-known Iranian state-sponsored hacking group called OilRig, also tracked as APT34 and Helix Kitten, has been found hiding its command-and-control (C2) server configuration inside a regular-looking...
Connecting a Windows Endpoint to Wazuh
2026-04-28 07:04:41
A step-by-step guide on connecting a Windows endpoint to Wazuh. Learn how to add a Windows agent and collect logs.Continue reading on InfoSec Write-ups »
Abused an MCP Server to Perform Lateral Movement | Critical Finding | MCP Testing Methodology
2026-04-28 07:04:37
Hi everyone, in this article, I’ll talk about one of my recent assessments which invoked an MCP component.Continue reading on InfoSec Write-ups »
I Changed One Number… and Got Access to Citizens' ID and Address Proofs
2026-04-28 07:04:35
How a simple parameter manipulation exposed highly sensitive government recordsIt Started With a Simple RequestWhile exploring a state government web application, I came across a feature where users...
The Enemy Already Inside — Hunt Forward Lab #002: LOLBAS Detection
2026-04-28 07:03:04
🔬 Lab Difficulty: Intermediate — Estimated Time: 60–90 minutes🗂️ MITRE ATT&CK: T1218 — Signed Binary Proxy Execution | T1047 — WMI | T1059.001 — PowerShellGet Elastic...
Recruit — THM Writeup
2026-04-28 07:02:04
By: Kavin Jindal (@Klevr)https://tryhackme.com/room/recruitwebchallengeRecruit is a newly released medium-rated challenge on TryHackMe. It is based on Path Traversal and SQL Injection to gain user and...
WaTF Bank Walkthrough (Part 3): Exploiting Android App Security Flaws
2026-04-28 07:01:19
Android Mobile Application Security Testing Write-UpContinuing from Part 2, where we explored vulnerabilities in data access, communication, and server-side logic, this part focuses on client-side weaknesses...
Santa's Byte-Level Bookkeeping: Solving pwn.college Day 01
2026-04-28 07:01:04
The Synopsis of the ChallengeBegin by establishing the context. Indicate that the challenge (from pwn.college) features a binary that verifies an input of 1024 bytes. The account states:“it's merely...
Tabletop Simulations: Where Theory Meets Reality
2026-04-28 07:00:00
On paper, the vast majority of crisis plans look reasonable, actionable and complete. Once the rubber hits the road, however, chaos emerges quickly.
New Android Banking Malware Abuses Fake KYC Workflow and WhatsApp Delivery to Hijack Accounts
2026-04-28 06:46:58
A new Android banking malware, tracked as KYCShadow, was discovered targeting bank customers across India through a carefully designed fake Know Your Customer (KYC) verification workflow. Distributed...
Microsoft Patches Entra ID Role Flaw That Enabled Service Principal Takeover
2026-04-28 06:37:00
An administrative role meant for artificial intelligence (AI) agents within Microsoft Entra ID could enable privilege escalation and identity takeover attacks, according to new findings from Silverfort.
Agent...
Tether Collaborates With Fasset to Launch the First Gold-Backed Visa Card and ATMs Globally
2026-04-28 06:19:01
Tether, the largest company in the digital asset industry, today announced the launch of the world's first gold-backed Visa neobanking card in collaboration with Fasset, a stablecoin neobanking and investment...
Solidity Developers Need to Stop Chasing Tools and Start Mastering ERC Standards
2026-04-28 06:01:49
Solidity alone is no longer enough. Here are the ERC standards shaping Ethereum's future in RWAs, vaults, smart accounts, and AI agents.
The Hidden Security Risks Behind WPS on Home Routers
2026-04-28 06:00:52
WPS was introduced in 2006 to simplify Wi-Fi setup for non-technical users — but a flawed PIN design, zero-entropy PBC method, and poor vendor implementations turned it into a major security liability....
The Case for Local AI Has Never Been Stronger
2026-04-28 05:59:41
Open-weight LLMs like Kimi K2.6 (80.2% SWE-Bench), GLM-5.1, and MiniMax M2.7 have effectively closed the benchmark gap with Claude Opus: at API costs 80% lower, or zero if you run them locally.
The...
I Built an LLM Cascade in Python to Cut My API Bill Without Touching My Prompts
2026-04-28 05:57:21
A cascade is a routing layer sitting between your app and your LLM providers. Every incoming query gets scored for complexity, then sent to the cheapest model.
Fake Document Reader On Google Play With 10K Downloads Installing Anatsa Malware
2026-04-28 05:56:28
A new fake document reader app found on the Google Play Store has been silently installing Anatsa, a powerful Android banking trojan, on thousands of user devices. The malicious application surpassed...
How inDrive Detects Silent Android Resource Overrides Before Merge
2026-04-28 05:55:02
inDrive added a lightweight GitHub Actions workflow that detects duplicate Android resources in pull requests. It warns engineers about possible silent resource overrides before merge, reducing hidden...
This Agency Tracked 572,381 AI Prompts Weekly. Here Is What They Found
2026-04-28 05:54:36
AI search is changing how buyers find vendors, and BusySeed's Rankxa data shows why brands need GEO visibility now.
AI in Education Is Moving Into the LMS Layer
2026-04-28 05:53:22
Responsible AI in education works best when embedded inside LMS workflows, not added through disconnected external tools.
From Controls to Code: Embedding Compliance by Design into Enterprise Security Architecture
2026-04-28 05:52:32
Learn how Compliance by Design embeds regulatory controls into architecture, development, CI/CD, and audit readiness from the start.
Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202
2026-04-28 05:50:00
Microsoft on Monday revised its advisory for a now-patched, high-severity security flaw impacting Windows Shell to acknowledge that it has been actively exploited in the wild.
The vulnerability in question...
How to Build Passwordless Sign-In in Flutter With Firebase — Part 3
2026-04-28 05:00:48
Adds unit tests for the authentication logic, focusing on testing business rules (use cases, failures, success paths) in isolation using mocks to ensure the core logic works reliably.
USN-8202-2: jq vulnerabilities
2026-04-28 04:18:39
USN-8202-1 fixed vulnerabilities in jq. This update provides the
corresponding update to Ubuntu 26.04 LTS.
Original advisory details:
It was discovered that jq did not correctly handle certain string
...
AI Coding Agent Powered by Claude Opus 4.6 Deletes Production Database in 9 Seconds
2026-04-28 03:42:35
A Cursor AI coding agent powered by Anthropic’s Claude Opus 4.6 deleted the entire production database and all volume-level backups of PocketOS, a SaaS platform serving car rental businesses nationwide,...
Fedora 44 botan3 Advisory 2026-e7d1590ecd CVE-2026-32877 CVE-2026-32883
2026-04-28 01:36:00
Improve stack protection Fix security vulnerabilities CVE-2026-32877,CVE-2026-32883,CVE-2026-32884,CVE-2026-34580,CVE-2026-34582
Fedora 44 ngtcp2 Critical Denial of Service Fix CVE-2026-40170
2026-04-28 01:35:59
Update to 1.22.1 (rhbz#2452790) Fixes CVE-2026-40170
Fedora 44 libarchive Critical DoS Remote Exec Alert 2026-54ce3fd147
2026-04-28 01:35:58
Rebase to the latest upstream version - 3.8.7
Fedora 44 mingw-python3 Critical Command Injection Execution Bug Fix
2026-04-28 01:35:45
Backport fix for CVE-2026-4786. Backport fixes for CVE-2026-6100, CVE-2026-3479, CVE-2026-1502
Fedora 44 xrdp Critical Security Update CVE-2026-32105 2026-ad9e109ad8
2026-04-28 01:35:39
Security fixes CVE-2026-32105 CVE-2026-32107 CVE-2026-32623 CVE-2026-32624
CentOS 9 Python3.10 Vulnerability Resolutions CVE-2025-4428 2025-cc1d14a24b
2026-04-28 01:35:35
Security fixes for CVE-2026-1502, CVE-2026-4786, CVE-2026-6100, CVE-2026-2297, CVE-2026-3644, CVE-2026-4224