Toute l'actualité de la Cybersécurité


North Korea-Linked npm Packages Mimic Rollup Polyfills to Steal Developer Secrets

2026-07-03 16:07:15
Threat actors with ties to North Korea have been linked to a fresh set of malicious npm packages that masquerade as Rollup polyfill tooling to facilitate remote access and data theft. According to JFrog,...

Lire la suite »

Mise à jour massive de Chrome : Google a colmaté près de 400 failles

2026-07-03 16:01:37
Google a déniché 382 vulnérabilités dans le code de Chrome, dont quinze failles de sécurité considérées comme critiques. Elles pourraient permettre à un pirate de prendre le contrôle total de...

Lire la suite »

Spec-Driven Development Is the New Developer Superpower

2026-07-03 15:49:04
The article argues that as AI makes implementation cheaper, the quality of specifications becomes the primary determinant of software quality. It introduces a framework built around Specs, Skills, Workflows,...

Lire la suite »

What Building a Self-Paced Math System Taught Me About Software Design

2026-07-03 15:42:21
I built an automated math learning system called Mathewmatician's Dictionary, and the deeper I went, the more it stopped feeling like an education problem and started looking like a software design problem....

Lire la suite »

The Real Reason Rural Areas Stay Offline Is Not Technology

2026-07-03 15:39:06
The barrier to rural internet access is not hardware, which is cheap and proven. It is the unit economics: high upfront cost, low revenue per user, and a payback period too long for normal investors....

Lire la suite »

I Built a Local AI Linux Assistant That Doesn't Rely on the Cloud

2026-07-03 15:35:50
The article explains how the author built zkzkAgent, a local AI assistant for Linux using LangGraph and Ollama. It covers the move from a monolithic ReAct-style agent to a graph-based architecture, discusses...

Lire la suite »

How to Feed AI Agents Clean Website Screenshots Without Running a Browser

2026-07-03 15:29:45
Vision models perform better when they receive clean webpage screenshots instead of images cluttered with cookie banners, chat widgets, ads, and popups. While you can remove these elements yourself with...

Lire la suite »

Data science : l'IA, facteur de décentralisation

2026-07-03 15:29:38
Favorisant le ciblage de davantage de profils d'utilisateurs, l'IA contribue à la décentralisation des activités de data science. The post Data science : l’IA, facteur de décentralisation appeared...

Lire la suite »

Building Neon Rush 3D for Mobile and Desktop as a Solo Indie Developer

2026-07-03 15:10:39
The article documents the development of Neon Rush 3D, highlighting Unity implementation details such as lane-based movement and object pooling, along with lessons learned about optimization, shipping,...

Lire la suite »

The Death of Notifications: Why Software Needs to Learn How to Converse

2026-07-03 15:00:43
Notifications aren't disappearing—they're evolving. AI is transforming one-way alerts into two-way conversations, while a new communication layer manages context, trust, identity, and continuity. The...

Lire la suite »

Top 10 Best Post-Quantum Cryptographic Solutions in 2026

2026-07-03 14:59:18
Quantum computing has crossed the line from research curiosity to board-level risk. Once a cryptographically relevant quantum computer arrives — an event security planners call “Q-Day” —...

Lire la suite »

Microsoft met le paquet pour se préparer à l'arrivée des ordinateurs quantiques

2026-07-03 14:34:46
Microsoft s'engage à sécuriser ses services critiques contre les ordinateurs quantiques d'ici 2029. Le géant américain rejoint ainsi Google et Cloudflare, qui ont eux aussi accéléré leur calendrier...

Lire la suite »

ARToken PhaaS exposes EvilTokens' Microsoft 365 phishing toolkit

2026-07-03 14:12:22
A new phishing-as-a-service (PhaaS) platform dubbed "ARToken" appears to operate as an affiliate of the EvilTokens phishing platform, giving researchers a glimpse into an extensive toolkit designed...

Lire la suite »

The WebSocket Testing Gap Chrome DevTools Doesn't Fill

2026-07-03 14:12:15
The article argues that existing browser tools are excellent for observing WebSocket traffic but fall short for testing real-world edge cases. It introduces a Chrome extension that wraps the native WebSocket...

Lire la suite »

The TechBeat: The Zero-Cost AI Stack for Developers in 2026 (7/3/2026)

2026-07-03 14:01:00
How are you, hacker? 🪐Want to know what's trending right now?: The Techbeat by HackerNoon has got you covered with fresh content from our trending stories of the day! Set email preference here. ...

Lire la suite »

500 Blog Posts To Learn About Security

2026-07-03 14:00:53
Let's learn about Security via these 500 free blog posts. They are ordered by HackerNoon reader engagement data. Visit the Learn Repo or LearnRepo.com to find the most read blog posts about any technology. According...

Lire la suite »

Scammers Impersonate Trusted Brands in Gambling Ads to Drive Casino Traffic

2026-07-03 14:00:10
Scammers are hijacking trusted brand names to push people toward online casinos unrelated to those companies. Instead of building fake bank sites or phishing emails, they exploit the trust people place...

Lire la suite »

Multiple Apache ActiveMQ Vulnerabilities Enable DoS Attacks and Lead to Crashes

2026-07-03 13:57:01
Apache ActiveMQ users are advised to urgently update their deployments after three important vulnerabilities were disclosed, exposing messaging infrastructure to denial-of-service (DoS) attacks, broken...

Lire la suite »

Hackers Abuse SEO Poisoning and Hidden HTML to Trick AI Agents Into Following Malicious Instructions

2026-07-03 13:55:56
Artificial intelligence agents are quickly becoming the new front door to the internet, and attackers have noticed. A fresh wave of malicious websites is using search engine tricks and invisible code...

Lire la suite »

BTSE Group Launches BTSE Indonesia, Enters One of Asia's Fastest-Growing Crypto Markets

2026-07-03 13:53:27
Jakarta, Indonesia, July 3rd, 2026/Chainwire/--BTSE Group, a leading provider of blockchain asset trading and technology solutions, today announced the official launch of BTSE Indonesia, a regulated Indonesian...

Lire la suite »

Alibaba to Ban Claude Code Over Alleged Embedded Backdoor Risks

2026-07-03 13:53:13
Alibaba is reportedly set to ban Anthropic’s Claude Code from its internal workplace environments starting July 10, 2026, over alleged embedded backdoor risks. The company has not officially confirmed...

Lire la suite »

Armored Likho Targets Government Agencies, Power Sector with BusySnake Stealer

2026-07-03 13:36:33
A previously undocumented threat actor known as Armored Likho has been attributed to cyber attacks targeting government agencies and the electric power sector across Russia, Brazil, and Kazakhstan. "Armored...

Lire la suite »

New PamStealer Malware Targets macOS Users via Fake Maccy Clipboard App

2026-07-03 13:35:08
The newly spotted PamStealer is spreading through a fake Maccy clipboard app and steal Mac passwords, browser data and clipboard content.

Lire la suite »

Verified X ad spreads Mac malware, while ConsentFix steals Microsoft accounts

2026-07-03 13:30:36
Two new campaigns show how cybercriminals are increasingly relying on social engineering instead of software exploits to compromise devices and accounts.

Lire la suite »

Nebula AI-Powered Penetration Testing Platform Automates Vulnerability Assessments

2026-07-03 13:30:32
A new open-source security tool is bringing large language models directly into the penetration tester’s terminal. Nebula, developed by BerylliumSec, integrates state-of-the-art AI models into the...

Lire la suite »

TryHackMe — Simple CTF: The Note That Gave Everything Away

2026-07-03 13:19:42
The FTP server was anonymous. The password was “secret”. The vim binary was sudo. This box didn't hide anything, it just waited to see if you'd look.Some rooms on TryHackMe are designed to humble you.Simple...

Lire la suite »

TryHackMe — Pickle Rick: Rick Left the Door Open. I Just Walked In.

2026-07-03 13:19:38
The password was in robots.txt. The sudo was unrestricted. The box didn't fight back, and that's exactly the point.I wasn't expecting much from a Rick and Morty themed room.Then I found the password...

Lire la suite »

TryHackMe: Checkpoint Walkthrough

2026-07-03 13:19:29
Tryhackme Premium room — armank8000Four candidates. Three threats. Make the production call.TryTrainMe's CISO issued a standing order: no model reaches production without completing a full sandboxed...

Lire la suite »

Certified AD Red Team Specialist (AD-RTS): Full Exam Write-Up

2026-07-03 13:19:23
Author: Shikhali JamalzadeGitHub: alisalive LinkedIn: camalzads Platform: CyberWarfare Labs (CWL) Certification: AD-RTS — Active Directory Red Team Specialist Environment: TELECOM INC. — Simulated...

Lire la suite »

Unauthenticated Stored XSS in NEX-Forms Express WP Form Builder (≤ 9.1.10)

2026-07-03 13:17:39
Unauthenticated Stored XSS in NEX-Forms Express WP Form Builder (≤ 9.1.10) — CVSS 8.8 High (CVE-2026–10525)TL;DR: Any anonymous visitor can POST a JavaScript payload to NEX-Forms' form submission...

Lire la suite »

Suricata Caught It. Zeek Explained It. Here's Why You Need Both.

2026-07-03 13:17:05
An alarm tells you something happened. A camera tells you the whole story. You need both running at once.Continue reading on InfoSec Write-ups »

Lire la suite »

Host & Network Penetration Testing: Exploitation CTF 1 — eJPT (INE)

2026-07-03 13:16:46
A walkthrough covering flatCore CMS exploitation, SSH brute-forcing, WordPress plugin enumeration, and unauthenticated file read to capture all four flags.Hello everyone!In this blog, I'll walk through...

Lire la suite »

I Found an Unauthenticated File Disclosure Bug in a WordPress Plugin — Then Found Out I Was a Few…

2026-07-03 13:16:20
I Found an Unauthenticated File Disclosure Bug in a WordPress Plugin — Then Found Out I Was a Few Weeks LateAuthor: Shikhali Jamalzade GitHub: alisalive LinkedIn: camalzadsDisclosure Notice: This...

Lire la suite »

openSUSE nilfs-utils Moderate CVE-2026-55392 Threat Fix 2026-0228-1

2026-07-03 13:04:44
An update that fixes one vulnerability is now available.

Lire la suite »

Chinese LLMs Broaden the Gap Between Attackers & Defenders

2026-07-03 13:01:00
Two new models from Chinese firms compete with top US mainstream and frontier models. Should cyber-defenders be worried?

Lire la suite »

C# PDF Libraries: What 'Free' Really Costs You (2026 Guide)

2026-07-03 13:00:57
Free C# PDF libraries can still cost engineering time. Compare PDFsharp, QuestPDF, IronPDF, iText, and headless browser tools.

Lire la suite »

Ubuntu 25.10 Perl Critical Denial of Service Fix USN-8467-2

2026-07-03 12:33:04
Several security issues were fixed in Perl.

Lire la suite »

FBI Warns TeamPCP Hackers Compromise Developer Tools in Large-Scale Supply Chain Attacks

2026-07-03 12:24:04
A new wave of software supply chain attacks has put developers and security teams on high alert. The threat group behind it, known as TeamPCP, has been quietly slipping malicious code into trusted development...

Lire la suite »

Hackers Abuse Blogspot and PowerShell Download Cradles to Deploy PureLog Steale

2026-07-03 12:08:12
Hackers have found a clever way to sneak data-stealing malware onto victims’ computers by hiding their tracks inside a trusted platform, Google Blogspot. Researchers recently uncovered a campaign...

Lire la suite »

L'UE grave l'IA dans sa stratégie éducation-formation

2026-07-03 11:37:56
L'IA jalonne la feuille de route 2026-2030 du Conseil européen pour l'éducation et la formation. Les STIM y ont une place importante. The post L’UE grave l’IA dans sa stratégie éducation-formation...

Lire la suite »

Hackers Use Fake Cisco AnyConnect and Google Update Installers to Drop SharkLoader

2026-07-03 11:31:10
Cybersecurity researchers have uncovered a new malware loader called SharkLoader that is quietly slipping into networks by hiding inside fake software installers. The tool has been spotted delivering...

Lire la suite »

JADEPUFFER: First End-to-End AI-Driven Ransomware Operation

2026-07-03 11:29:03
Sysdig reports an AI agent ran a full ransomware attack end-to-end, exploiting flaws, stealing creds, moving laterally, and encrypting data without humans. Sysdig’s Threat Research Team has documented...

Lire la suite »

European Parliament Member Investigating Spyware Was Hacked With Pegasus

2026-07-03 11:05:43
A new report from the Citizen Lab has revealed that former Member of the European Parliament Stelios Kouloglou had his mobile device repeatedly hacked with the notorious Pegasus spyware while serving...

Lire la suite »

Your iphone Will Alert You in Real Time if You Are Falling Victim to a Scam

2026-07-03 11:02:44
Apple is taking a major step toward combating social engineering attacks with a new feature in iOS 27 that can warn users in real time if they are likely being targeted by a scam. The new framework, called...

Lire la suite »

The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident

2026-07-03 10:34:14
Vercel breach happened after an employee used an unvetted AI tool. Attackers exploited it as a trusted link to access systems, steal data, and extort M. The Vercel breach of April 2026 did not begin...

Lire la suite »

Google and FBI Dismantle NetNut Residential Proxy Botnet

2026-07-03 10:13:48
Google, the FBI and the IRS Criminal Investigation division disrupted NetNut, a residential proxy network built on two million hijacked devices and used by 316 threat clusters in a single week. Google...

Lire la suite »

Une extension usurpant Perplexity AI dans Chromium découverte

2026-07-03 10:11:10
Google a supprimé une extension malveillante pour les navigateurs basés sur Chromium usurpant l’identité de Perplexity AI. Des (...)

Lire la suite »

Armored Likho digging a snake pit: inside the covert BusySnake Stealer campaign

2026-07-03 10:00:33
An inside look at the active Armored Likho APT campaign. The attackers are using spear-phishing, AI-generated loaders, and a new Python-based tool, BusySnake Stealer, to target organizations in Russia,...

Lire la suite »

Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut

2026-07-03 09:02:17
Google disrupted NetNut, a major proxy network that routed internet traffic through compromised home devices used by cybercriminals. Google has disrupted NetNut, one of the world’s largest residential...

Lire la suite »

Suez teste la vidéosurveillance en 5G privée

2026-07-03 08:51:59
Pour répondre aux enjeux de sécurité de ses sites industriels, Suez adopte une nouvelle approche alliant la vidéosurveillance (...)

Lire la suite »

Apple : une faille dans « Masquer mon adresse e-mail » permet de retrouver votre véritable adresse e-mail

2026-07-03 08:07:08
Des chercheurs en sécurité ont découvert une faille dans la fonction Masquer mon adresse e-mail d'Apple. Présente depuis plus d'un an, elle permettrait à des tiers de retrouver la véritable adresse...

Lire la suite »

PamStealer Uses Fake Maccy Sites and PAM Checks to Steal Mac Login Passwords

2026-07-03 08:03:37
Cybersecurity researchers have flagged a new macOS information stealer called PamStealer that employs a series of clever tricks to infect systems and siphon sensitive data. The stealer, discovered by...

Lire la suite »

Government and Healthcare Are the Weakest Links in Global Email Security

2026-07-03 08:01:37
Government and healthcare sectors have weak email security. Many domains lack SPF, DMARC, DKIM, and MTA-STS, leaving them open to phishing attacks. Comparitech analyzed live DNS records for 5,849 domains...

Lire la suite »

Ce malware valide vos identifiants avant de les voler : les Mac sont en danger

2026-07-03 06:06:45
Un malware nommé PamStealer parvient à valider des mots de passe de connexion avant de les voler. De plus, il s'attaque aux cookies du navigateur, à l'historique de navigation et aux portefeuilles...

Lire la suite »

Claude Fable 5 isn't permanently leaving subscriptions, Anthropic says

2026-07-03 01:37:09
Anthropic says Claude Fable 5 won't be accessible via Claude subscriptions after July 7, but it's not a permanent change, and the company expects the model to return outside the usage-based plan soon....

Lire la suite »

Claude Fable relaunch disappoints users with nerfed performance

2026-07-03 00:48:30
Claude Fable, the company's most powerful model, is now available to all users, but early impressions are disappointing, as it appears to be nowhere near the original release. [...]

Lire la suite »

Vulnérabilité dans FreeBSD (03 juillet 2026)

03/07/2026
Une vulnérabilité a été découverte dans FreeBSD. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.

Lire la suite »

Multiples vulnérabilités dans le noyau Linux d'Ubuntu (03 juillet 2026)

03/07/2026
De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation de...

Lire la suite »

Multiples vulnérabilités dans le noyau Linux de Red Hat (03 juillet 2026)

03/07/2026
De multiples vulnérabilités ont été découvertes dans le noyau Linux de Red Hat. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une...

Lire la suite »

Multiples vulnérabilités dans le noyau Linux de SUSE (03 juillet 2026)

03/07/2026
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité...

Lire la suite »

Multiples vulnérabilités dans les produits IBM (03 juillet 2026)

03/07/2026
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation...

Lire la suite »