Toute l'actualité de la Cybersécurité
Hackers exploit SolarWinds WHD flaws to deploy DFIR tool in attacks
2026-02-09 20:28:15
Hackers are now exploiting SolarWinds Web Help Desk (WHD) vulnerabilities to gain code execution rights on exposed systems and deploy legitimate tools, including the Velociraptor forensics tools, for...
Black Basta Bundles BYOVD With Ransomware Payload
2026-02-09 20:14:22
Researchers discovered a newly disclosed vulnerable driver embedded in Black Basta's ransomware, illustrating the increasing popularity of the defense-evasion technique.
BeyondTrust fixes critical pre-auth bug allowing remote code execution
2026-02-09 19:52:26
BeyondTrust patched a critical pre-auth flaw in Remote Support and PRA that could let attackers execute code remotely. BeyondTrust released security updates to address a critical flaw, tracked as CVE-2026-1731...
CVE-2026-1731: Critical Unauthenticated Remote Code Execution in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)
2026-02-09 19:15:00
OverviewOn February 6, 2026, BeyondTrust released security advisory BT26-02, disclosing a critical pre-authentication Remote Code Execution (RCE) vulnerability affecting its Remote Support (RS) and Privileged...
Hackers breach SmarterTools network using flaw in its own software
2026-02-09 19:08:58
SmarterTools confirmed last week that the Warlock ransomware gang breached its network after compromising an email system, but did not impact business applications or account data. [...]
Vulnerability Found in InsightVM & Nexpose: CVE-2026-1814 (FIXED)
2026-02-09 19:00:00
We are grateful to the research team at Atredis for sharing their findings around a vulnerability (CVE-2026-1814) impacting our vulnerability management offerings (InsightVM and Nexpose). We have identified...
Is your phone listening to you? (re-air) (Lock and Code S07E03)
2026-02-09 18:49:48
This week on the Lock and Code podcast, we revisit an episode from 2025 in which we tried to answer: Is your phone listening to you?
Cyber Attack Hits European Commission Staff Mobile Systems
2026-02-09 18:16:09
The European Commission reports a cyber attack on its central mobile infrastructure that may have exposed staff names and phone numbers.
A one-prompt attack that breaks LLM safety alignment
2026-02-09 17:12:11
As LLMs and diffusion models power more applications, their safety alignment becomes critical.
The post A one-prompt attack that breaks LLM safety alignment appeared first on Microsoft Security Blog.
Yves Pellemans devient directeur général délégué de Constellation
2026-02-09 17:07:49
Un retour au source pour Yves Pellemans qui rejoint le fournisseur de services IT Constellation au poste de directeur général délégué. (...)
Aux Cloud Native Days, les start-ups françaises portées par la souveraineté IT
2026-02-09 17:01:29
La « souveraineté numérique » - pour peu qu'elle existe vraiment - est sur (presque) toutes les lèvres des DSI et RSSI (...)
China-Linked UNC3886 Targets Singapore Telecom Sector in Cyber Espionage Campaign
2026-02-09 17:01:00
The Cyber Security Agency (CSA) of Singapore on Monday revealed that the China-nexus cyber espionage group known as UNC3886 targeted its telecommunications sector.
"UNC3886 had launched a deliberate,...
How AI Is Atomizing Society: A Look Back at Stand on Zanzibar
2026-02-09 16:52:40
AI-driven personalization, especially in social media, fragments shared reality by optimizing for individual engagement rather than social coherence, quietly eroding collective agency and social cohesion...
Hackers Exploiting Ivanti EPMM Devices to Deploy Dormant Backdoors
2026-02-09 16:52:38
Hackers are actively exploiting Ivanti Endpoint Manager Mobile (EPMM) appliances to plant “dormant” backdoors that can sit unused for days or weeks. Ivanti recently disclosed two critical EPMM flaws,...
The HackerNoon Newsletter: Your Sales Team Isn't a Growth Hack (2/9/2026)
2026-02-09 16:03:16
How are you, hacker?
🪐 What's happening in tech today, February 9, 2026?
The
HackerNoon Newsletter
brings the HackerNoon
...
Meet BrowserStack: HackerNoon Company of the Week
2026-02-09 16:00:04
HackerNoon is proud to showcase BrowserStack - the platform for all your testing needs. According to BrowserStack's website, you get access to 30,000 real devices, real-world conditions, and multi-device...
Criminal IP Integrates with IBM QRadar to Deliver Real-Time Threat Intelligence Across SIEM and SOAR
2026-02-09 14:00:20
Torrance, United States / California, 9th February 2026, CyberNewswire
AI chat app leak exposes 300 million messages tied to 25 million users
2026-02-09 15:17:48
A security researcher found an exposed database belonging to the Chat & Ask AI app, once again traced back to a Firebase misconfiguration.
Noname057(16) tente de brouiller les JO d'hiver en Italie
2026-02-09 15:13:48
Noname vise les JO d'hiver en Italie par DDoS, impacts limités mais stratégie pro-Kremlin axée sur le récit....
Discord to Age-Restrict User Access to Key Features Starting Next Month
2026-02-09 15:13:05
Discord announced it will begin globally rolling out “teen-by-default” safety controls and an expanded “age assurance” system in early March, introducing clearer boundaries around age-restricted...
Shortlist: Most Inspiring Women in Cyber Awards 2026
2026-02-09 15:09:45
We're pleased to announce the shortlist for this year's Most Inspiring Women in Cyber Awards! This year's awards are sponsored by BT, Fidelity International, Plexal and Bridewell. The awards are...
Password guessing without AI: How attackers build targeted wordlists
2026-02-09 15:01:11
Attackers don't need AI to crack passwords, they build targeted wordlists from an organization's own public language. This article explains how tools like CeWL turn websites into high-success password...
TDD Is Backwards: Why Assertions Should Come First in Disruptive Development
2026-02-09 14:48:04
When requirements are unclear, traditional TDD stalls at setup. By reversing Arrange-Act-Assert and starting with the assertion, developers can clarify intent, design cleaner APIs, and let tests drive...
Why Web3 Projects Fail IP Due Diligence
2026-02-09 14:44:26
Most Web3 projects fail due to unclear IP ownership, fragmented rights, and lack of legal structure. Fix these early to protect value, NFTs, and DAOs.
SolarWinds Web Help Desk Exploited for RCE in Multi-Stage Attacks on Exposed Servers
2026-02-09 14:42:00
Microsoft has revealed that it observed a multi‑stage intrusion that involved the threat actors exploiting internet‑exposed SolarWinds Web Help Desk (WHD) instances to obtain initial access and move...
Our K-a-Week AI Bill Nearly Killed Our App. Here's How We Fixed It
2026-02-09 14:27:25
A startup hit an unexpected surge in AI API costs and built a lightweight, open-source optimizer using caching, model routing, and real-time monitoring—saving over K and extending runway by months....
Who is Liable When AI Spends Your Money?
2026-02-09 14:16:15
The agentic economy powered by cryptocurrency is witnessing a liability gap without an explicit accountability layer. The industry needs three foundational standards to establish an accountability layer...
European Commission probes cyberattack on mobile device management system
2026-02-09 14:00:29
The European Commission is investigating a cyberattack after detecting signs that its mobile device management system was compromised. The European Commission is investigating a cyberattack on its mobile...
L'infrastructure mobile de la Commission européenne cyberattaquée
2026-02-09 13:58:13
L'infrastructure centrale de gestion des terminaux mobiles de la Commission européenne a été touchée par une cyberattaque. (...)
En 2027, Microsoft débranchera définitivement Exchange Web Services
2026-02-09 13:49:33
Cette fois-ci, c’est la bonne. Exchange Web Services (EWS) disparaîtra bientôt de Exchange Online. En effet, Microsoft a indiqué (...)
TV Show “Scam Interceptors”: The Intersection Of Ethical Hacking And Investigative Journalism
2026-02-09 13:46:31
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Feb. 9, 2026 –Watch the YouTube video “Scam Interceptors is kind of a unique show in that we basically...
Claude Desktop Extensions 0-Click RCE Vulnerability Exposes 10,000+ Users to Remote Attacks
2026-02-09 13:40:48
A new critical vulnerability discovered by security research firm LayerX has exposed a fundamental architectural flaw in how Large Language Models (LLMs) handle trust boundaries. The zero-click remote...
BeyondTrust warns of critical RCE flaw in remote support software
2026-02-09 13:07:03
BeyondTrust warned customers to patch a critical security flaw in its Remote Support (RS) and Privileged Remote Access (PRA) software that could allow unauthenticated attackers to execute arbitrary code...
⚡ Weekly Recap: AI Skill Malware, 31Tbps DDoS, Notepad++ Hack, LLM Backdoors and More
2026-02-09 12:59:00
Cyber threats are no longer coming from just malware or exploits. They're showing up inside the tools, platforms, and ecosystems organizations use every day. As companies connect AI, cloud apps, developer...
Hackers Use Signal QR Codes to Spy on Military and Political Leaders
2026-02-09 12:35:04
Hackers are using Signal QR codes and fake support scams to spy on military and political leaders, German security agencies warn.
Attackers abuse SolarWinds Web Help Desk to install Zoho agents and Velociraptor
2026-02-09 12:28:54
Huntress confirmed active SolarWinds Web Help Desk exploits, where attackers installed Zoho tools for persistence, and used Velociraptor for control. On February 7, 2026, Huntress investigated an active...
Microsoft Exchange Online Flags Customers Legitimate Email as Phishing
2026-02-09 12:17:35
Microsoft Exchange Online is experiencing a service degradation that incorrectly flags legitimate customer emails as phishing, quarantining them and disrupting communications. The issue, identified as...
Hackers Exploit Legitimate Apple and PayPal Invoice Emails in DKIM Replay Attacks
2026-02-09 12:16:41
Cybersecurity threats are swiftly evolving beyond easily spotted, poorly written phishing emails to sophisticated methods that leverage trusted digital infrastructure. Attackers are now exploiting legitimate...
openSUSE 2026-0042-1 Chromium Important Update Heap Corruption Risks
2026-02-09 12:05:12
An update that fixes two vulnerabilities is now available.
openSUSE 2026-0041-1 chromium Critical Memory Integrity Breach
2026-02-09 12:04:45
An update that fixes two vulnerabilities is now available.
Men charged in FanDuel scheme fueled by thousands of stolen identities
2026-02-09 11:41:17
Two Connecticut men face federal charges for allegedly defrauding FanDuel and other online gambling sites of million over several years using the stolen identities of approximately 3,000 victims. [...]...
Roundcube Webmail Vulnerability Let Attackers Track Email Opens
2026-02-09 11:35:52
Roundcube, one of the world’s most popular open-source webmail solutions, has released critical security updates to address a privacy bypass vulnerability. The flaw detailed by NULL CATHEDRAL allowed...
New Node.js Based LTX Stealer Attack Users to Exfiltrate Login Credentials
2026-02-09 11:32:10
A sophisticated new malware strain dubbed “LTX Stealer” has emerged in the cyber threat landscape, utilizing a unique Node.js-based architecture to compromise Windows systems. First surfacing...
January 2026 Cyber Attacks Statistics
2026-02-09 11:23:24
After the cyber attacks timelines (part I and part II), it's time to publish the statistics for January 2026 where I collected and analyzed 178 events.
In January 2026, Cyber Crime continued to lead...
How Top CISOs Solve Burnout and Speed up MTTR without Extra Hiring
2026-02-09 11:23:00
Why do SOC teams keep burning out and missing SLAs even after spending big on security tools? Routine triage piles up, senior specialists get dragged into basic validation, and MTTR climbs, while stealthy...
En rachetant Square X, Zscaler étend le zero trust aux navigateurs
2026-02-09 11:10:46
Zscaler a annoncé le rachat de SquareX, une start-up singapourienne spécialisée dans les technologies de détection et (...)
ScarCruft Abuses Legitimate Cloud Services for C2 and OLE-based Chain to Drop Malware
2026-02-09 11:03:13
ScarCruft, a prolific North Korean-backed advanced persistent threat (APT) group, has significantly refined its cyberespionage capabilities in a newly identified campaign distributing the ROKRAT malware....
The Visi-Screen Ordeal
2026-02-09 11:00:04
In Chapter X of Astounding Stories of Super-Science (March 1932), Hawk Carse endures the harrowing Visi-Screen ordeal, witnessing Eliot Leithgow strapped to an operating table under Dr. Ku Sui's cruel...
Bloody Wolf Targets Uzbekistan, Russia Using NetSupport RAT in Spear-Phishing Campaign
2026-02-09 10:58:00
The threat actor known as Bloody Wolf has been linked to a campaign targeting Uzbekistan and Russia to infect systems with a remote access trojan known as NetSupport RAT.
Cybersecurity vendor Kaspersky...
Piratage du SIV : des garages piégés, des cartes grises en série
2026-02-09 10:54:31
Piratage du SIV : des garages usurpés pour fabriquer massivement de vraies/fausses cartes grises. Un garage doit payer 145 000€ de taxe....
Fake 7-Zip downloads are turning home PCs into proxy nodes
2026-02-09 10:51:18
A convincing lookalike of the popular 7-Zip archiver site has been silently turning victims' machines into residential proxy nodes.
European Commission Contains Cyber-Attack Targeting Staff Mobile Data
2026-02-09 10:51:06
The European Commission has confirmed the detection and containment of a security incident affecting the central infrastructure that manages staff mobile devices. The breach, identified on January 30...
Fuite des données en France : l'hémorragie continue avec 40,3 millions de comptes compromis en 2025
2026-02-09 10:48:00
Le dernier bilan annuel sur les violations de données réalisé par Surfshark classe la France au 2e rang des pays les plus touchés, avec 40,3 millions de comptes compromis en 2025. À l’échelle...
Microsoft: Exchange Online flags legitimate emails as phishing
2026-02-09 10:47:25
Microsoft is investigating an ongoing Exchange Online issue that mistakenly flags legitimate emails as phishing and quarantines them. [...]
Apple intègre nativement Claude Code et Codex dans Xcode 26.3
2026-02-09 10:46:54
L’environnement de développement pour macOS, ainsi que pour iOS, watchOS, tvOS et visionOS met le cap sur les agents IA de codage. Apple vient (...)
China-Linked DKnife Spyware Hijacking Internet Routers Since 2019
2026-02-09 10:46:18
Cisco Talos uncovers DKnife, a China-nexus framework targeting routers and edge devices. Learn how seven stealthy implants hijack data and deliver malware via AitM attacks.
Solving Crypto's Trillion Problem: Inside Ramp Network's Fiat-to-Crypto Infrastructure
2026-02-09 09:58:40
Przemek Kowalczyk is the co-founder and CEO of Ramp Network. Ramp Network is building the financial pipes that connect 150+ countries to the crypto economy. The simple act of converting fiat to crypto...
European Commission discloses breach that exposed staff data
2026-02-09 09:49:04
The European Commission is investigating a breach after finding evidence that its mobile device management platform was hacked. [...]
Romania's national oil pipeline firm Conpet reports cyberattack
2026-02-09 08:55:40
Romania's national oil pipeline operator Conpet said a cyberattack disrupted its business systems and temporarily knocked its website offline. Conpet is a state-controlled company that owns and operates...
Ubuntu 20.04 LTS python-pip Important Security Fix USN-8010-1 2025-47273
2026-02-09 08:54:33
Several security issues were fixed in pip.
Celeste mise sur OpenShift pour remplacer VMware
2026-02-09 08:42:47
Fêtant ses 25 ans en 2026, l'opérateur souverain de services numériques Celeste se renforce dans le cloud en proposant une alternative (...)
TeamPCP Worm Exploits Cloud Infrastructure to Build Criminal Infrastructure
2026-02-09 08:37:00
Cybersecurity researchers have called attention to a "massive campaign" that has systematically targeted cloud native environments to set up malicious infrastructure for follow-on exploitation.
The activity,...
openSUSE govulncheck-vulndb Important Security Update 2026-0403-1
2026-02-09 08:30:15
An update that solves 76 vulnerabilities and contains one feature can now be installed.
openSUSE Govulncheck Important Update 76 Issues Fixed 2026-0403-1
2026-02-09 08:30:15
An update that solves 76 vulnerabilities and contains one feature can now be installed.
SUSE xrdp Important Security Overflow Threat CVE-2025-68670
2026-02-09 08:30:08
An update that solves one vulnerability can now be installed.
BeyondTrust Fixes Critical Pre-Auth RCE Vulnerability in Remote Support and PRA
2026-02-09 08:03:00
BeyondTrust has released updates to address a critical security flaw impacting Remote Support (RS) and Privileged Remote Access (PRA) products that, if successfully exploited, could result in remote code...
A week in security (February 2 – February 8)
2026-02-09 08:01:00
A list of topics we covered in the week of February 2 to February 8 of 2026
The TechBeat: The SEPA Instant Deadlines Have Passed. But Did Europe Really Go Instant? (2/9/2026)
2026-02-09 07:11:13
How are you, hacker?
🪐Want to know what's trending right now?:
The Techbeat by HackerNoon has got you covered with fresh content from our trending stories of the day! Set email preference here.
...
Your Sales Team Isn't a Growth Hack
2026-02-09 04:41:38
Here's what nobody tells you about scaling sales teams: Your reps can't manufacture demand that doesn't exist. They can't fix broken messaging. And they definitely can't turn bad leads into good ones...
Backdoors With Manners: When AI Writes Clean Code That Turns Malicious Later
2026-02-09 04:32:34
Backdoors don't have to break tests. This summary explains CTVP—how consistency across semantic orbits can expose malicious code model behavior.
Flickr moves to contain data exposure, warns users of phishing
2026-02-09 00:33:55
Flickr says a flaw at a third-party email provider may have exposed users' names, email addresses, IPs, and account activity. Flickr is a photo-sharing platform owned by SmugMug. It has over 100 million...
List of 6 new domains
2026-02-09 00:00:00
.fr birk-outlet-store[.fr] (registrar: IONOS SE)
lyon-metro-e[.fr] (registrar: Catchtiger B.V.)
ma-carte-vitale[.fr] (registrar: Dynadot Inc)
permisdeconduire-gov[.fr] (registrar: Hostinger operations...
Multiples vulnérabilités dans VMware Tanzu Greenplum (09 février 2026)
09/02/2026
De multiples vulnérabilités ont été découvertes dans VMware Tanzu Greenplum. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Multiples vulnérabilités dans Roundcube (09 février 2026)
09/02/2026
De multiples vulnérabilités ont été découvertes dans Roundcube. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un contournement de la politique de...
Vulnérabilité dans Microsoft Edge (09 février 2026)
09/02/2026
Une vulnérabilité a été découverte dans Microsoft Edge. Elle permet à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Vulnérabilité dans GitLab AI Gateway (09 février 2026)
09/02/2026
Une vulnérabilité a été découverte dans GitLab AI Gateway. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service à distance.
Vulnérabilité dans Fortinet FortiClientEMS (09 février 2026)
09/02/2026
Une vulnérabilité a été découverte dans Fortinet FortiClientEMS. Elle permet à un attaquant de provoquer une injection SQL (SQLi).