Toute l'actualité de la Cybersécurité
Ubiquiti Patches Critical UniFi OS Vulnerabilities Allowing Remote Privilege Escalation
2026-05-22 17:58:17
Ubiquiti Networks has released urgent security updates to address a series of highly critical vulnerabilities affecting its UniFi OS platform. These severe flaws could allow unauthenticated, remote attackers...
First VPN Dismantled in Global Takedown Over Use by 25 Ransomware Groups
2026-05-22 17:35:02
Authorities in Europe and North America have announced the dismantling of a criminal virtual private network (VPN) service used by criminal actors to obscure the origins of ransomware attacks, data theft,...
Netherlands seizes 800 servers of hosting firm enabling cyberattacks
2026-05-22 17:24:52
Financial crime investigators in the Netherlands (FIOD) arrested two men and seized 800 servers linked to a web hosting company that enabled cyberattacks, interference operations, and disinformation campaigns....
LiteSpeed cPanel Plugin 0-Day Exploited in the wild to Gain Server Root Access
2026-05-22 17:16:57
LiteSpeed has disclosed and patched a critical 0‑day privilege escalation flaw in its user-end cPanel plugin that is already being actively exploited to gain root access on Linux hosting servers. The...
Microsoft recognized as a Leader in The Forrester Wave™ for Workforce Identity Security Platforms
2026-05-22 17:00:00
Microsoft has been recognized as a Leader in The Forrester Wave™: Workforce Identity Security Platforms, Q2 2026, receiving the highest scores in both the current offering and strategy categories.
The...
From edge appliance to enterprise compromise: Multi-stage Linux intrusion via F5 and Confluence
2026-05-22 16:53:39
A multi-stage attack on Linux devices began with an exposed F5 BIG-IP edge appliance and pivoted to an internal Confluence server for credential theft and identity compromise. Learn how the threat actor...
CISA adds Langflow Origin Validation Flaw to Known Exploited Vulnerabilities Catalog
2026-05-22 16:37:14
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Langflow vulnerability, tracked as CVE-2025-34291, to its Known Exploited Vulnerabilities (KEV) Catalog, signaling...
Deleted Google API Keys Continue Accessing Gemini, BigQuery, and Maps APIs
2026-05-22 16:34:49
A newly disclosed issue with Google Cloud API keys reveals that deleted credentials may remain usable for up to 23 minutes, exposing projects to potential abuse even after revocation. The finding raises...
Lawmakers Demand Answers as CISA Tries to Contain Data Leak
2026-05-22 16:34:24
Lawmakers in both houses of Congress are demanding answers from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) after KrebsOnSecurity reported this week that a CISA contractor intentionally...
Ghostwriter Targets Ukraine Government Entities with Prometheus Phishing Malware
2026-05-22 16:20:32
The Belarus-aligned threat actor known as Ghostwriter (aka UAC-0057 and UNC1151Ukraine's National Security and Defense Council) has been observed using lures related to Prometheus, a Ukrainian online...
CISA Warns of Microsoft Defender 0-Day Vulnerabilities Exploited in Attacks
2026-05-22 16:09:10
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two critical Microsoft Defender vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, warning organizations of...
Dans les coulisses d'un lookup
2026-05-22 16:00:02
Vidéo exclusive ZATAZ : plongée dans un lookup, outil lié aux fuites de données et au darkweb.
Microsoft Security success stories: How St. Luke's and ManpowerGroup are securing AI foundations
2026-05-22 16:00:00
How Frontier firms secure AI at scale: read how Microsoft customers embed governance, identity, and cloud security to make protection an enabler of AI growth.
The post Microsoft Security success stories:...
I Gave Hermes Agent 5 Impossible Tasks
2026-05-22 15:59:59
I put Nous Research's open-source Hermes Agent framework through five brutal development workloads to stress-test its autonomous, self-improving GEPA memory loop. Running persistently on a local VPS,...
4 DynamoDB Configuration Changes for Significant Cost Savings
2026-05-22 15:55:32
Most DynamoDB teams are overspending because they rely on default configurations. This guide breaks down four low-effort optimizations that can reduce costs by 50–80%: switching from on-demand to reserved...
SpaceX : derrière les fusées, l'IA est le vrai moteur
2026-05-22 15:53:37
Avec son IPO historique, SpaceX dévoile sa vraie stratégie : faire de l'IA le cœur de son empire. Un pari d'Elon Musk à 1 750 milliards $.
The post SpaceX : derrière les fusées, l’IA est le...
LookUp : un suspect arrêté pour trafic de données
2026-05-22 15:50:41
Un suspect interpellé après un trafic de données lié à Telegram, crypto-actifs et 79 millions d'entrées.
Akamai Joins Growing Chorus of Vendors Betting Big on Secure Enterprise Browsers
2026-05-22 15:43:50
When Akamai announced its LayerX acquisition, the company joined a growing list of vendors adding secure enterprise browsers to their product portfolios.
Former US execs plead guilty to aiding tech support scammers
2026-05-22 15:32:18
Two former executives of a call-tracking and analytics company pleaded guilty to concealing a years-long tech support fraud scheme that victimized individuals worldwide. [...]
Why On-Device ML Is the Future of Mobile Apps (And How to Get Started)
2026-05-22 15:25:27
On-device ML delivers 1-50ms inference vs 200-900ms cloud roundtrips, zero server costs, and full privacy. Here's a practical guide to getting started with Core ML, model optimization, and production...
Android Malware Silently Subscribes Victims to Premium Services Without Consent
2026-05-22 15:23:52
A newly uncovered Android malware campaign has been quietly draining money from mobile users across four countries by signing them up for paid services they never asked for. The operation ran for nearly...
How to Build a Product Overview Section with shadcn/ui
2026-05-22 15:19:12
Product overview sections are the core conversion point in e-commerce interfaces. In this guide, you'll build a production-ready product overview component using shadcn/ui Base UI primitives. You'll learn...
Amikoo Earns a 95 Proof of Usefulness Score for Automating AI-Native QA Workflows
2026-05-22 15:14:11
Amikoo earned a 95 Proof of Usefulness score for its AI-powered QA system that automatically generates, maintains, and self-heals Playwright tests for fast-moving software teams.
GT7 Daily Races: Some of My Unpopular Opinions
2026-05-22 14:59:59
Most GT7 Daily Race complaints come from drivers who won't examine their own racecraft. After years on iRacing and months in GT7 online, I've found that treating the sim like you own the car. Real consequences,...
Stablecoins and Swift Are Not Competing for the Same Thing
2026-05-22 14:58:10
SWIFT is a messaging protocol. Stablecoins address the settlement layer underneath it, where capital sits idle in pre-funded correspondent accounts on a schedule built in the 1970s. These are different...
Operation Dragon Whistle Uses Malicious LNK Files to Target Changzhou University
2026-05-22 14:44:33
A newly uncovered cyber operation has raised concerns among security professionals after a coordinated wave of attacks targeted government institutions in Pakistan. The campaign, now tracked as Operation...
USN-8277-2: Linux kernel (Oracle) vulnerabilities
2026-05-22 14:05:12
It was discovered that the Linux kernel algif_aead module did not properly
handle in-place cryptographic operations. This flaw is known as Copy Fail.
A local attacker could use this to escalate privileges,...
Canadian Man Arrested for Operating KimWolf DDoS Botnet Hacking 2 Million Devices
2026-05-22 14:01:34
Canadian and U.S. authorities have arrested and charged a 23‑year‑old Ottawa resident for allegedly operating “KimWolf,” a massive Internet‑of‑Things (IoT) DDoS‑for‑hire botnet that weaponized...
The TechBeat: Recommendation Systems Became Political the Moment They Began Controlling Visibility (5/22/2026)
2026-05-22 14:00:47
How are you, hacker?
🪐Want to know what's trending right now?:
The Techbeat by HackerNoon has got you covered with fresh content from our trending stories of the day! Set email preference here.
...
170 Blog Posts To Learn About Content Strategy
2026-05-22 14:00:41
Let's learn about Content Strategy via these 170 free blog posts. They are ordered by HackerNoon reader engagement data. Visit the Learn Repo or LearnRepo.com to find the most read blog posts about any...
Authorities arrest 23-year-old accused of running the Kimwolf botnet
2026-05-22 13:57:49
Canadian authorities arrested a 23-year-old Ottawa man accused of running the Kimwolf DDoS botnet. The US is now seeking extradition. US authorities have charged 23-year-old Jacob Butler (aka “Dort”),...
5,561 GitHub Repositories Hit by Megalodon Supply Chain Attack in Six Hours
2026-05-22 13:51:21
SafeDep uncovered the Megalodon attack targeting 5,561 GitHub repositories with malicious CI workflows and cloud credential theft.
USN-8291-2: Linux kernel (Low Latency) vulnerabilities
2026-05-22 13:47:02
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- SMB network file...
Infrastructures LAN : une gestion plus assistée qu'automatisée
2026-05-22 13:45:35
Si l'assistance IA devient un socle de base, l'automatisation en boucle fermée se développe pour le moment sur des cas d'usage spécifiques.
The post Infrastructures LAN : une gestion plus assistée...
USN-8296-1: Linux kernel (FIPS) vulnerabilities
2026-05-22 13:39:49
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
...
Trend Micro warns of Apex One zero-day exploited in the wild
2026-05-22 13:39:19
Japanese cybersecurity software company Trend Micro has addressed an Apex One zero-day vulnerability exploited in attacks targeting Windows systems. [...]
The Feedback Loop Fix: How to Read Critiques Without Getting Defensive
2026-05-22 13:20:46
Editorial feedback is not a judgment of the writer. It is a response to a draft that is still being shaped. This article breaks down what common editor comments actually mean, including “needs data,”...
Verizon DBIR: Healthcare Fends Off Increased Social Engineering Attacks
2026-05-22 13:17:25
Ransomware and vendor breaches persist, but the 2026 Data Breach Investigations Report (DBIR) highlights how evolving social engineering tactics make the sector more vulnerable.
USN-8295-1: Evince vulnerability
2026-05-22 13:16:26
It was discovered that Evince did not properly sanitize command-line
arguments in PDF /GoToR actions. If a user opened a specially crafted PDF
file, an attacker could possibly use this issue to execute...
Drupal: Critical SQL injection flaw now targeted in attacks
2026-05-22 13:14:40
Drupal is warning that hackers are attempting to exploit a "highly critical" SQL injection vulnerability announced earlier this week. [...]
Why Chargebacks are Just One Piece of the Fraud Puzzle
2026-05-22 13:09:18
Fraud losses don't stop at chargebacks. False declines, account takeovers, and abuse also damage revenue and trust. IPQS breaks down why fraud teams need broader visibility into risk and customer impact....
A Hybrid ML and Rule-Based Approach to SQL Backup Monitoring
2026-05-22 13:01:15
This article presents a hybrid approach to SQL Server backup monitoring that combines telemetry collection, statistical anomaly detection, and rule-based alerting to identify performance drift before...
Tracking Iranian APT Screening Serpens' 2026 Espionage Campaigns
2026-05-22 13:00:42
Unit 42 details Screening Serpens' use of AppDomainManager hijacking and new RAT variants to target tech and defense sectors in recent campaigns.
The post Tracking Iranian APT Screening Serpens' 2026...
Hackers Hide Malware Payloads Inside Nested macOS-Like Folders to Evade Scanning
2026-05-22 12:54:31
Hackers are quietly hiding Windows malware inside nested folders that imitate macOS system paths, making dangerous payloads look like harmless archives to the untrained eye. By burying their tools several...
Your AI Agent Processed That Invoice. So Did the Attacker
2026-05-22 12:47:47
Using a real reimbursement automation workflow as a case study, this article examines how prompt injection attacks in agentic AI systems can lead to silent, continuous data exfiltration without triggering...
Update Chrome now: Critical bugs could let attackers run code
2026-05-22 12:10:36
This Chrome update fixes critical flaws attackers could exploit through malicious websites, but not the “Browser Fetch” vulnerability.
Ubiquiti patches three max severity UniFi OS vulnerabilities
2026-05-22 12:00:42
Ubiquiti has released security updates to patch three maximum severity vulnerabilities in UniFi OS that can be exploited by remote attackers without privileges. [...]
Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows
2026-05-22 11:55:24
Cybersecurity researchers have disclosed details of a new automated campaign called Megalodon that has pushed 5,718 malicious commits to 5,561 GitHub repositories within a six-hour window.
"Using throwaway...
Making Vulnerable Drivers Exploitable Without Hardware - The BYOVD Perspective
2026-05-22 11:38:12
1 Introduction
This article provides a technical analysis of how many Windows kernel mode drivers can be interacted with from user mode without the hardware they were developed for. This work was motivated...
Zscaler rachète Symmetry Systems pour sécuriser les agents IA
2026-05-22 10:59:06
Zscaler rachète Symmetry Systems pour adresser la gouvernance des agents IA.
The post Zscaler rachète Symmetry Systems pour sécuriser les agents IA appeared first on Silicon.fr.
Une erreur de Google met en danger des millions d'internautes
2026-05-22 10:01:21
Google a accidentellement publié les détails d'une faille critique de Chromium, non corrigée depuis plus de quatre ans. La faille permet à un botnet de prendre le contrôle de votre navigateur, qu'il...
Paved With Intent: ROADtools and Nation-State Tactics in the Cloud
2026-05-22 10:00:24
Open-source framework ROADtools is being misused by threat actors for cloud intrusions. Learn how to identify its malicious use.
The post Paved With Intent: ROADtools and Nation-State Tactics in the Cloud...
Splunk Patches Multiple Vulnerabilities that Enable DOS Attacks and Expose Sensitive Data
2026-05-22 09:48:54
Splunk has released security updates addressing multiple vulnerabilities across Splunk Enterprise, Splunk Cloud Platform, and the Splunk AI Toolkit that could lead to denial-of-service (DoS) conditions...
Mister IA lève 10 millions € pour accélérer en France et en Europe
2026-05-22 09:44:49
Le cabinet spécialisé dans le conseil et la formation en IA générative va recruter une cinquantaine de consultants dans les douze prochains mois et étudie des acquisitions en Europe pour accélérer...
Accessibilité numérique : ce qui coince encore selon le Cigref
2026-05-22 09:13:39
De la maturité des fournisseurs à l'implication des métiers, le Cigref pointe quantité d'éléments bloquants dans les démarches d'accessibilité numérique.
The post Accessibilité numérique :...
U.S. CISA adds Trend Micro Apex One and Langflow to its Known Exploited Vulnerabilities catalog
2026-05-22 09:13:30
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Trend Micro Apex One and Langflow flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security...
Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload
2026-05-22 09:12:13
Cloud Atlas attacks the public sector and diplomatic structures of Russia and Belarus, using ReverseSocks, SSH, and Tor for persistence in infected systems and its new tool, PowerCloud.
US and Canada arrest and charge suspected Kimwolf botnet admin
2026-05-22 09:01:20
U.S. and Canadian authorities arrested and charged a Canadian man with operating the KimWolf distributed denial-of-service (DDoS) botnet, which infected nearly two million devices worldwide. [...]
Kimwolf DDoS Botnet Operator Arrested in Canada Over DDoS-for-Hire Attacks
2026-05-22 08:50:18
The U.S. Department of Justice (DoJ) on Thursday announced the arrest of a Canadian man in connection with allegedly operating a distributed denial-of-service (DDoS) botnet known as Kimwolf.
In tandem,...
Coupe du Monde 2026 : Flare détecte une vaste fraude mondiale
2026-05-22 08:24:40
A quelques semaines du 1er match de la Coupe du Monde de la FIFA 2026 aux États-Unis, au Canada et au Mexique, les experts en cybersécurité de Flare, référence mondiale du Threat Exposure Management,...
One Telecom Provider Hosted Most of the Middle East 's Active C2 Infrastructure
2026-05-22 07:29:37
Hunt.io mapped 1,350+ C2 servers across the Middle East, revealing how a small group of providers quietly supports major malware activity. For years, threat intelligence focused mostly on malware families,...
Cette faille Windows donne un accès total à votre PC et n'a jamais été corrigée en 6 ans
2026-05-22 07:02:50
Depuis début avril, un chercheur publie un exploit Windows par semaine sur GitHub. Six failles, six composants critiques, et un seul correctif déployé par Microsoft à ce jour.
China's Webworm Uses Discord, Microsoft Graphs to Hack EU Governments
2026-05-22 07:01:00
The advanced persistent threat group also relied on SOCKS proxies like SoftEther VPN, tunneling tools that act as a middleman between victim and attacker.
CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV
2026-05-22 05:47:33
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two security flaws impacting Langflow and Trend Micro Apex One to its Known Exploited Vulnerabilities (KEV) catalog,...
Cisco Patches CVSS 10.0 Secure Workload REST API Flaw Enabling Data Access
2026-05-22 05:36:18
Cisco has rolled out updates for a maximum-severity security flaw impacting Secure Workload that could allow an unauthenticated, remote attacker to access sensitive data.
Tracked as CVE-2026-20223 (CVSS...
List of 22 new domains
2026-05-22 00:00:00
.fr bet-on-red-france[.fr] (registrar: NETIM)
betonredfr[.fr] (registrar: NETIM)
cbetfr[.fr] (registrar: NETIM)
coupe-du-monde-football-2026[.fr] (registrar: EPAG Domainservices GmbH)
coupedumondefootball2026[.fr]...
Multiples vulnérabilités dans Tenable Sensor Proxy (22 mai 2026)
22/05/2026
De multiples vulnérabilités ont été découvertes dans Tenable Sensor Proxy. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données...
Vulnérabilité dans Stormshield Network Security (22 mai 2026)
22/05/2026
Une vulnérabilité a été découverte dans Stormshield Network Security (SNS). Elle permet à un attaquant de provoquer un déni de service à distance.
Multiples vulnérabilités dans les produits Mattermost (22 mai 2026)
22/05/2026
De multiples vulnérabilités ont été découvertes dans les produits Mattermost. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Multiples vulnérabilités dans Microsoft Edge (22 mai 2026)
22/05/2026
De multiples vulnérabilités ont été découvertes dans Microsoft Edge. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Vulnérabilité dans les produits Microsoft (22 mai 2026)
22/05/2026
Une vulnérabilité a été découverte dans les produits Microsoft. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.
Vulnérabilité dans SPIP (22 mai 2026)
22/05/2026
Une vulnérabilité a été découverte dans SPIP. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
Vulnérabilité dans le noyau Linux de Debian LTS (22 mai 2026)
22/05/2026
Une vulnérabilité a été découverte dans le noyau Linux de Debian LTS. Elle permet à un attaquant de provoquer une élévation de privilèges et une atteinte à la confidentialité des données.
Multiples vulnérabilités dans le noyau Linux de Debian (22 mai 2026)
22/05/2026
De multiples vulnérabilités ont été découvertes dans le noyau Linux de Debian. Elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des...
Multiples vulnérabilités dans le noyau Linux d'Ubuntu (22 mai 2026)
22/05/2026
De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Elles permettent à un attaquant de provoquer une élévation de privilèges et un problème de sécurité non spécifié...
Multiples vulnérabilités dans le noyau Linux de SUSE (22 mai 2026)
22/05/2026
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité et un problème de sécurité...
Multiples vulnérabilités dans le noyau Linux de Red Hat (22 mai 2026)
22/05/2026
De multiples vulnérabilités ont été découvertes dans le noyau Linux de Red Hat. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation...
Multiples vulnérabilités dans les produits IBM (22 mai 2026)
22/05/2026
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation...