Toute l'actualité de la Cybersécurité
Une faille RCE trouvée dans le SDK Vertex AI de Google
2026-06-18 17:00:59
Une faille de conception dans le kit de développement logiciel Vertex AI pour Python, la plateforme gérée par Google Cloud destinée (...)
Salesforce Data Thefts Continue via Klue App Compromise
2026-06-18 16:49:04
Klue's Battlecards is now the third integrated application that has been compromised to steal customers' Salesforce data, and victims include Huntress, the cybersecurity vendor.
Fortibleed : les identifiants de 75 000 pare-feux Fortinet exposés
2026-06-18 16:23:45
Un chercheur en sécurité, Bob Dianchenko, a trouvé un serveur contenant des identifiants VPN Fortinet apparemment valides notamment (...)
USB worm spreads crypto-stealing malware via Windows shortcut files
2026-06-18 16:20:06
Threat actors targeting cryptocurrency wallets have been distributing clipboard-stealing malware with self-spreading capabilities and using the Tor network to conceal communication. [...]
Cisco fixed a critical ISE vulnerability that lets attackers to gain root access
2026-06-18 16:11:00
Cisco addressed CVE-2026-20181, a critical ISE vulnerability that lets authenticated admins execute commands and gain root access. Cisco addressed a critical command execution vulnerability, tracked as...
Hackers Breached Klue Integration to Steal Salesforce CRM Data via OAuth Tokens
2026-06-18 16:01:39
Threat actors exploited a trusted third-party SaaS integration to silently harvest enterprise CRM data, marking the latest chapter in an escalating wave of OAuth-abuse attacks targeting Salesforce ecosystems....
Microsoft et le secteur public : les mille facettes d'un ancrage profond
2026-06-18 15:42:41
Les auditions de la commission parlementaire sur les dépendances numériques ont témoigné du niveau d'ancrage de Microsoft dans les SI de la sphère publique... et des stratégies mises en place pour...
What Businesses Should Know Before Migrating Their CMS
2026-06-18 15:42:16
Plan your CMS migration with clean content audits, SEO safeguards, tested data transfer, integrations, staff training, and a safe launch rollback plan with care.
Orphaned AI Agents: How to Find Hidden Access Risks Inside Your Network
2026-06-18 15:33:49
If an autonomous AI agent interacts with your company's core intellectual property today, can your security team instantly name the person who authorized it?
For most enterprises, the answer is a simple...
ThreatsDay Bulletin: Claude Chat Abuse, NastyC2 npm Packages, Device-Code Phishing + 25 More Stories
2026-06-18 15:27:54
The internet did not break this week. It got used exactly as designed, which is worse.
Searches were siphoned through shady browser add-ons. AI chat links turned into malware delivery paths. macOS attacks...
Multiple Vulnerabilities in Firefox 152 Enables Remote Code Execution Attacks
2026-06-18 15:10:56
Mozilla has released Firefox 152 to address multiple high-severity vulnerabilities that could allow remote code execution (RCE) and sandbox escape attacks. The security advisory, published on June 16,...
Why SDD Breaks Down in Microservices—Part 3: Distributed Systems Need Distributed Context
2026-06-18 15:08:47
In microservices, spec-driven development with an LLM needs architecture-level context, not just local specs. This article shows how machine-readable service contracts and a plan-first workflow (archspec,...
ClawBank and Shodai Ship the First Ricardian Contract Signed Between Agents
2026-06-18 15:07:57
ClawBank and Shodai announced on June 18, 2026 the first Ricardian contract signed between two AI agents, with both parties operating through incorporated US legal entities.
A Ricardian contract is one...
Les lauréats du second programme Pionniers de l'IA dévoilés
2026-06-18 15:00:57
Lancé en septembre 2025, l’appel à projets Pionniers de l’IA financé par France 2030 a pour ambition de soutenir des projets (...)
The Offboarding Blindspot: The Costly Security Mistake Remote Startups Make
2026-06-18 15:00:04
Remote startup offboarding is one of the most overlooked cybersecurity risks. Former employees often retain access to SaaS tools, shared credentials, and company devices long after departure, increasing...
Ces écouteurs pouvaient espionner leurs utilisateurs, Apple corrige une faille critique
2026-06-18 15:00:03
Une faille de sécurité affectant les Beats Studio Buds permettait d'écouter l'environnement des écouteurs. Il était également possible d'initier des appels, d'utiliser le profil mains libres...
Hackers Can Leverage SQL Server 2025 AI Features to Exfiltrate Sensitive Data
2026-06-18 14:57:57
Hackers are increasingly finding new ways to abuse legitimate enterprise features, and Microsoft SQL Server 2025's newly introduced AI capabilities are now raising serious security concerns. SpecterOps...
Hackers Abuse Microsoft Fondue.exe to Side-Load APPWIZ.cpl and Execute Malware
2026-06-18 14:52:15
A newly uncovered attack campaign has brought a rarely scrutinized Windows executable into the spotlight. Threat actors are actively abusing Fondue.exe, a legitimate Microsoft utility built into the...
Hackers Abuse Legitimate RMM Tools to Maintain Persistent Access and Evade Detection
2026-06-18 14:49:28
Hackers have found a new way to get AI tools to do their dirty work without paying for it. Instead of using their own resources, attackers are hijacking exposed AI model servers and plugging them into...
Engineering End-to-End Observability for Kubernetes Workloads
2026-06-18 14:46:52
Most Kubernetes observability failures aren't caused by a lack of data but by a lack of shared context between metrics, logs, traces, and infrastructure events. This article outlines a signal-first observability...
Près de 15 000 sites WordPress assainis, 106 serveurs et domaines mis hors ligne, et 54 % des entreprises analysées exposées : Operation Endgame s'attaque à l'infrastructure SocGholish
2026-06-18 14:46:15
Dans le cadre d’Operation Endgame, les forces de l’ordre de quatre pays ont démantelé, cette semaine, une infrastructure criminelle liée au groupe russe Evil Corp : 14 971 sites WordPress...
Why Security Teams Need To Start Earlier
2026-06-18 14:45:55
Security leaders are facing an unusual set of circumstances. The drumbeat for better security prioritization has been rising for years in boardrooms around the world. The desire is there, but the processes...
Hackers Abuse Claude.ai Shared Chat Feature to Host the ClickFix Social Engineering Instructions
2026-06-18 14:41:37
Hackers are increasingly exploiting trusted AI platforms to deliver sophisticated social engineering attacks, with a recent campaign abusing Claude.ai's shared chat feature to host malicious ClickFix...
Everpure oriente le data management vers les agents IA
2026-06-18 14:39:40
Pour Everpure (ex Pure Storage), la conférence Accelerate qui se déroule à Las Vegas du 16 au 18 juin a clairement mis l’accent (...)
Microsoft Details Windows Clipper Malware Campaign Using USB LNK Worm and Tor-Based C2
2026-06-18 14:30:42
Microsoft has disclosed details of a Windows-based cryptocurrency clipper campaign that has targeted users since February 2026.
"The clipper in this campaign relies on Windows Script Host and ActiveX-driven...
Critical Cisco ISE Vulnerability Allows Attacker to Execute Malicious Code Remotely
2026-06-18 14:29:49
Cisco has disclosed critical security vulnerabilities in its Identity Services Engine (ISE) that could allow attackers to execute malicious code remotely and access sensitive data, posing a significant...
Klue OAuth breach linked to 'Icarus' Salesforce data theft attacks
2026-06-18 14:19:50
Market intelligence platform Klue suffered a OAuth breach that enabled the "Icarus" threat actors to steal Salesforce CRM data from multiple organizations in an ongoing extortion campaign. [...]
INC Ransomware Emerges as Major RaaS Threat in 2026 with 830+ Victims Since 2023
2026-06-18 14:12:48
Cybersecurity researchers have charted the evolution of INC from an nascent ransomware-as-a-service (RaaS) operation to one of the most prolific cybercrime groups in 2026, claiming no less than 830 victims...
Yann LeCun juge xAI : c'est « un échec »
2026-06-18 14:11:19
Le fondateur d'AMI Labs juge xAI condamné à l'échec et alerte sur le modèle économique des leaders du secteur.
The post Yann LeCun juge xAI : c’est « un échec » appeared first on Silicon.fr....
Opération Endgame : coup dur contre SocGholish, le « parrain » des fausses mises à jour
2026-06-18 14:11:00
Une action conjointe des forces de police mondiales et d’acteurs privés, dont Proofpoint, vient de frapper TA569/SocGholish, l’un des groupes cybercriminels les plus actifs de ces dernières...
F5 Patches Critical NGINX Vulnerabilities Enabling Unauthenticated Code Execution
2026-06-18 14:07:14
F5 released emergency updates for critical NGINX flaws (CVE-2026-42530, CVE-2026-42055) that could enable unauthenticated code execution. F5 has issued out-of-band patches for multiple NGINX vulnerabilities,...
The TechBeat: Building Data Quality Into the Pipeline Instead of Cleaning Up After It (6/18/2026)
2026-06-18 14:00:59
How are you, hacker?
🪐Want to know what's trending right now?:
The Techbeat by HackerNoon has got you covered with fresh content from our trending stories of the day! Set email preference here.
...
Agent Behavior Specification: A New Development for the AI Era
2026-06-18 14:00:32
As AI agents take over code writing, the engineer's most valuable output is no longer code itself but ABS — Agent Behavior Specification files like CLAUDE.md, NEVER.md, and BEST_PRACTICES.md that define...
500 Blog Posts To Learn About Startup
2026-06-18 14:00:23
Let's learn about Startup via these 500 free blog posts. They are ordered by HackerNoon reader engagement data. Visit the Learn Repo or LearnRepo.com to find the most read blog posts about any technology.
Startups...
The Scripts on Your Checkout Page Are Now a PCI DSS Problem
2026-06-18 13:58:39
An independent PCI assessor tested Reflectiz against the new PCI DSS rules. Here is the verdict: See the full QSA assessment here →
When a customer types their card number into your checkout, their...
5 reasons Microsoft 365 backup isn't enough for business data protection
2026-06-18 13:48:56
Microsoft 365 helps keep services running, but protecting and recovering business data remains your responsibility. Acronis breaks down five gaps organizations should consider when evaluating Microsoft...
Why Cloud Transformations Fail: The Business Translation Problem That Technology Alone Cannot Solve
2026-06-18 13:36:06
Most cloud transformations fail not because of bad technology, but because organizations skip the harder work of aligning cloud decisions with business goals. Drawing on experience across Microsoft, McKinsey,...
USN-8449-1: ldns vulnerability
2026-06-18 13:33:51
Pablo Ruiz discovered that ldns did not properly validate DNS
responses when used as a stub resolver over UDP. A remote
attacker could possibly use this issue to inject arbitrary DNS
responses.
DragonForce Hackers Abuse Microsoft Teams Relays to Hide Backdoor.Turn C2 Traffic
2026-06-18 13:30:07
Threat actors associated with the DragonForce ransomware have been observed using a custom Go-based remote access trojan (RAT) called Backdoor.Turn to conceal command-and-control (C2) traffic inside Microsoft...
Police cleans nearly 15,000 SocGholish-infected sites tied to Evil Corp
2026-06-18 13:25:47
International law enforcement agencies cleaned nearly 15,000 malware-infected WordPress websites and took down more than 100 servers linked to the SocGholish botnet and the Evil Corp Russian cybercrime...
Get Out of Security Debt by Tackling the Exposure Problem
2026-06-18 13:00:00
Teams digging out of security debt need to answer only two simple questions: Which vulnerabilities in our systems are exposed, and how long should they stay that way?
Microsoft working on a fix for RoguePlanet, a flaw that grants full PC control
2026-06-18 12:58:30
Microsoft says it's working on a fix for an unpatched Defender vulnerability that can give attackers the highest level of access on Windows.
ShapedPlugin update flow hacked to infect WordPress sites
2026-06-18 12:55:36
Multiple WordPress plugins from ShapedPlugin were compromised in a supply chain attack that distributed infected releases to paying customers via the vendor's official update system. [...]
FortiBleed leak exposes Fortinet VPN credentials for 73,000 devices.
2026-06-18 12:54:39
A newly discovered data leak dubbed "FortiBleed" has exposed what appears to be a collection of Fortinet and FortiGate VPN credentials for 73,932 firewall URLs at organizations worldwide. [...]
Modern Data Protection Standards: How Organizations Are Strengthening Cybersecurity in 2026
2026-06-18 12:48:56
Organizations today operate in an increasingly hostile cyber threat landscape where data protection has become a critical business requirement. While digital transformation delivers greater efficiency...
DragonForce Ransomware Abused Microsoft Teams to Hide Malware Activity
2026-06-18 12:34:24
DragonForce ransomware abused Microsoft Teams relay systems to hide a custom backdoor, steal files and encrypt systems at a US services firm.
Apple fixes Beats Studio Buds flaw that let hackers spy on conversations
2026-06-18 12:23:58
Apple has released security updates to patch a high-severity flaw affecting the Beats Studio Buds wireless earbuds that could allow attackers in Bluetooth range to spy on users' conversations. [...]
Telegram admits it couldn't police exam-leak channels, India tells court
2026-06-18 12:18:49
India's government has told the Delhi High Court that Telegram was warned about two weeks before it was blocked, and that the platform admitted it could not proactively detect the channels selling leaked...
F5 Patches NGINX Vulnerability That Enables Code Execution and DoS Attacks
2026-06-18 12:15:43
F5 has released an out-of-band security advisory addressing multiple high-severity vulnerabilities in NGINX that could allow attackers to execute arbitrary code and launch denial-of-service (DoS) attacks...
Why Legacy MVNO Infrastructure Is Overdue for a Rethink
2026-06-18 12:10:27
Legacy MVNO platforms helped operators launch quickly, but monolithic infrastructure is becoming a bottleneck as subscriber growth accelerates. Cloud-native architectures offer modular scaling, faster...
{ VivaTech 2026 } –TotalEnergies lance MethaneLive pour traquer le méthane en temps réel
2026-06-18 12:03:20
TotalEnergies renforce sa stratégie de réduction des émissions avec MethaneLive, un centre de surveillance capable de détecter en temps réel les fuites de méthane sur ses sites industriels.
The...
The 'vibe coding spectrum' approach to AI-assisted software development
2026-06-18 12:00:00
Different code deserves different levels of oversight, so calibrate your approach to ‘vibe coding' accordingly.
Alert: NCSC issues advice following global targeting of Fortinet firewalls and VPN gateways
2026-06-18 12:00:00
Organisations using Fortinet services are being urged to take action following a campaign affecting firewalls and VPN gateways.
US Stock Trading Volume Analysis: What High Volume, Low Volume, and Volume-Price Divergence Indicate
2026-06-18 11:53:27
Trading volume only becomes meaningful when analyzed alongside price. High volume confirms participation and strengthens breakouts, while low volume can signal weak conviction or healthy consolidation...
F5 issues out-of-band patches for critical NGINX vulnerabilities
2026-06-18 11:33:00
Cybersecurity company F5 has released out-of-band security updates to address multiple NGINX web server vulnerabilities, including two critical-severity flaws that could allow attackers to execute code...
Retro gaming fans are the new target for fake GitHub malware
2026-06-18 11:27:42
Retro gaming fans should be careful with GitHub projects that claim to be tools or plugins for their consoles. We looked at one example aimed at PlayStation Vita owners.
Hackers Abuse PowerShell Commands to Deliver SmartRAT Through Brazilian Bank Phishing Page
2026-06-18 11:22:18
A new cyberattack campaign has emerged, using cleverly crafted phishing pages and PowerShell tricks to deliver a dangerous piece of malware called SmartRAT. The attack targets Brazilian banking customers...
Oracle Linux 9 ELSA-2026-50318 Important Kernel Security Issues
2026-06-18 11:18:40
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:
Oracle Linux 9 Kernel Security Advisory ELSA-2026-50318 for CVEs
2026-06-18 11:18:31
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:
Oracle Linux 8 ELSA-2026-50318 Kernel Important Security Issue
2026-06-18 11:18:24
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
Oracle Linux 8 xorg-x11-server Important Bug Fix ELSA-2026-26709
2026-06-18 11:18:09
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
Oracle Linux 8 xorg-x11-server-Xwayland Important Bug Fix ELSA-2026-26562
2026-06-18 11:18:07
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
Oracle Linux 8 rsync Important Integer Overflow TOCTOU ELSA-2026-26408
2026-06-18 11:18:05
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
Oracle Linux 8 libxml2 Advisory for Low Severity Patch ELSA-2026-26354
2026-06-18 11:18:02
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
Oracle Linux 8 ELSA-2026-26347 Libpng15 Moderate Use After Free
2026-06-18 11:17:57
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
Oracle Linux 8 Postfix Important Buffer Over-Read Vuln ELSA-2026-25932
2026-06-18 11:17:53
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
Oracle Linux 8 Webkit2gtk3 Major Security Advisory ELSA-2026-25918
2026-06-18 11:17:51
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
Oracle Linux 7 gstreamer-plugins-base Vital Security Flaws ELSA-2026-7850
2026-06-18 11:17:31
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:
Oracle Linux 7 - Firefox Major Security Alert - ELSA-2026-19704
2026-06-18 11:17:27
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:
JFrog révèle une nouvelle campagne d'attaques par chaîne d'approvisionnement qui a touché 143 paquets npm de Mastra
2026-06-18 11:07:27
Une attaque sophistiquée visant la chaîne d'approvisionnement a compromis 143 paquets de Mastra, un framework open source populaire dédié aux agents d'IA. Une analyse menée par l'équipe de...
Privilege Escalation: The Step Between Foothold and Full Compromise
2026-06-18 10:40:58
Privilege escalation is the pivot point in almost every serious intrusion. This guide explains where it fits in the attack chain, the tooling attackers use, and what defenders need to monitor to catch...
Microsoft fixes Windows Server 2016 security update failures
2026-06-18 10:14:20
Microsoft has fixed a known issue causing the June 2026 security updates to fail on Windows Server 2016 systems that weren't up to date. [...]
Agentjacking: Researchers Show How One Fake Bug Report Can Hijack AI Coding Agents
2026-06-18 10:08:14
Tenet researchers reveal how fake Sentry bug reports can trick AI coding agents into running code, exposing a new Agentjacking risk for developers today.
Kodak confirms breach as ShinyHunters’ leak threat reaches deadline
2026-06-18 09:52:08
The photography giant confirmed a data breach after ShinyHunters claimed it stole 2.2 million records and threatened to leak them.
Microsoft Confirms RoguePlanet Zero-Day in Defender, Patch Under Development
2026-06-18 09:21:15
Microsoft confirmed the RoguePlanet Defender zero-day (CVE-2026-50656), a privilege escalation flaw, and is developing a security patch. Microsoft has acknowledged the RoguePlanet zero-day affecting Microsoft...
Autosur exposé par une nouvelle fuite
2026-06-18 09:20:30
Fuite Autosur : données clients, véhicules et contrôleurs exposées, avec risque de phishing ciblé.
Twindo Built the World's First Offline AI Copilot for Technicians on Mobile
2026-06-18 09:00:05
Twindo has developed an offline AI copilot that runs directly on mobile devices, giving technicians instant access to operational knowledge even with no internet connection. Founded by former wind technician...
L'autonomie des agents IA de codage multiplie les risques
2026-06-18 08:57:02
En 2025, une étude sur l'expérience développeurs de l'éditeur Atlassian, menée auprès de 3500 développeurs (...)
Pour l'IA, la Caisse des dépôts mise sur Numspot
2026-06-18 08:56:29
Le groupe Caisse des Dépôts adopte les nouvelles briques du cloud Numspot à vocation souveraine, créé par Dassault Systèmes (...)
Avec son approche multi-CDN, IO River joue le chef d'orchestre réseau
2026-06-18 08:55:37
Créé en Israël en 2022 par Edward Tsinovoi et Michael Hakimi, IO River est né d'un constat tiré d'une longue expérience (...)
Alibaba Cloud inaugure sa région France sans services IA
2026-06-18 08:38:13
Alibaba Cloud a officiellement ouvert sa région France, avec un socle d'une vingtaine de services pour commencer.
The post Alibaba Cloud inaugure sa région France sans services IA appeared first on...
Évolution de l'opération de ranswomware DragonForce : les commentaires de Filigran
2026-06-18 08:10:44
Ci-dessous, les commentaires de Deborah Galea, Senior Product Marketing Manager chez Filigran, à propos des dernières activités de l’opération de ransomware DragonForce. « DragonForce est...
Messageries : le braquage à 200 milliards de dollars qui saigne à blanc l'économie mondiale
2026-06-18 08:09:30
Une nouvelle étude de Kaspersky met en lumière l’ampleur des escroqueries par messagerie, un fléau frappant les ménages du monde entier qui devient, en toute discrétion, une menace macroéconomique....
L'IA fait basculer la cybercriminalité : moins d'attaques, mais d'une précision redoutable
2026-06-18 08:04:59
Alors que le nombre de campagnes de phishing recule pour la deuxième année consécutive, ThreatLabz a identifié 413 524 sites générés par IA, preuve que les attaquants peuvent désormais industrialiser...
Rokarolla : un nouveau malware Android capable de prendre le contrôle total des smartphones et de cibler plus de 200 applications bancaires et crypto
2026-06-18 07:45:16
Les chercheurs de zLabs, l'équipe de recherche de Zimperium, ont identifié Rokarolla, un nouveau cheval de Troie bancaire Android particulièrement sophistiqué, conçu pour compromettre les comptes...
FortiBleed Exposes Admin Passwords for 75,000 Fortinet Firewalls
2026-06-18 07:31:49
FortiBleed: Admin Passwords for 75,000 Fortinet Firewalls Are Out in the Wild. Half the Internet-Facing Fortinets on the Planet. Security researcher Bob Diachenko found a server sitting open on the internet...
Faille de Microsoft Defender : l'éditeur confirme un grave dysfonctionnement dans l'antivirus de Windows
2026-06-18 07:19:44
Une faille critique, baptisée RoguePlanet, permet à un attaquant de retourner Windows Defender contre lui-même. Alerté par les divulgations publiques d'un chercheur en sécurité, Microsoft confirme...
EU Gets a Head Start in Developing 6G Network Security
2026-06-18 07:00:00
"Shield-6G" will combine AI threat detection, digital twins, honeypots, and more, to help carriers protect 6G networks against the threats of tomorrow.
Slort — RFI via PHP allow_url_include + Writable Scheduled Task Binary to Administrator | OffSec PG…
2026-06-18 06:49:07
Slort — RFI via PHP allow_url_include + Writable Scheduled Task Binary to Administrator | OffSec PG PlaySlort is a Windows machine that chains a PHP remote file inclusion vulnerability with a world-writable...
“Bug Bounty Bootcamp #47: Account Takeover 101 — How to Steal Everyone's Account (Legally)”
2026-06-18 06:47:27
You don’t need to be a hacker in a hoodie. Just a missing IDOR, a leaky invite link, or a mass-assignable “role” field — and suddenly…Continue reading on InfoSec Write-ups...
Build an IDOR Vulnerability Lab: Why WHERE Clauses Don't Protect Your API.
2026-06-18 06:47:04
Last time we covered SQL injection. I promised IDOR was next. Today you are going to see why a WHERE clause alone will not save you.When you learn about backend APIs feeding your frontend, you are really...
BEARCAT CTF 2026 WRITEUPS
2026-06-18 06:46:37
Flag Format: BCCTF{}#1.RIVER RAIDER (OSINT)For this challenge, we were given a picture of a rogue pirate ship sailing through a river, and we needed to find the name of the bridge right behind it.I...
I almost ordered a product for free. (Business Logic Vulnerability)
2026-06-18 06:46:25
How does it sound that you ordered something and almost got it for free? Wouldn't that make you happy? Well, that's exactly how I felt. But let me assure you, it wasn't as simple as it sounds. Allow me...
Building a Hackbot for Bug Bounties — Auth Testing Subagent Setup
2026-06-18 06:45:33
If you have been keeping up with the current state of Bug Bounties on X, you probably heard that some hunters are making small fortunes using their own custom-made hackbots to aid them in Bug Bounty Hunting.I...
“Bug Bounty Bootcamp #46: Not Allowed From Your IP?”
2026-06-18 06:45:26
— How to Spoof, Brute-Force, and Mass-Assign Your Way Past Authentication Walls”Continue reading on InfoSec Write-ups »
TryHackMe — Blog CTF | Full Write-Up
2026-06-18 06:43:47
Platform: TryHackMeRoom: BlogDifficulty: MediumAuthor: Shikhali Jamalzade“Billy Joel made a blog on his home computer and has started working on it. It's going to be so awesome!”IntroductionThe...
VulnHub — Shenron: 1 | Full Walkthrough
2026-06-18 06:43:39
Author: Shikhali Jamalzade GitHub: github.com/alisalive LinkedIn: linkedin.com/in/camalzadsPlatform: VulnHub Machine: Shenron: 1 by Shubham Mandloi Difficulty: Easy/Medium OS: Ubuntu 20.04.1 LTSOverviewShenron:...
I Pentested a Real CRM System and Found 4 Critical Vulnerabilities — Here's the Full Attack Chain
2026-06-18 06:43:28
Author: Shikhali JamalzadeGitHub: github.com/alisalive LinkedIn: linkedin.com/in/camalzadsDisclosure Notice: This assessment was conducted with explicit written authorization from the organization's...
I Patented a Four-Sided Box. It's the Best Mental Model I Have for Building Agents.
2026-06-18 06:34:25
Every time my AI agents broke in production, my instinct was to reach for a bigger model and it almost never worked. A method I patented years ago in chaotic Indian traffic (a trapezoid bounding box instead...
CVE-2026-48907: How the Joomla JCE Exploit Works and What to Do About It
2026-06-18 05:57:42
CVE-2026-48907 in the Joomla JCE plugin lets unauthenticated attackers drop PHP web shells with a single crafted request. Here is how the attack works and how to check if your site was hit.
CVE-2026-48907:...
From package to postinstall payload: Inside the Mastra npm supply chain compromise
2026-06-18 03:43:04
A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend against supply chain attacks using Microsoft Defender and actionable threat...
CFGI - 248,235 breached accounts
2026-06-18 03:22:51
In March 2026, the financial consulting and advisory firm CFGI was the target of a ShinyHunters "pay-or-leak" extortion campaign. The group subsequently publicised data allegedly obtained from CFGI comprising...
Leak confirms OpenAI is testing a ChatGPT for Science subscription
2026-06-18 01:30:08
OpenAI appears to be testing a new subscription and experience for science use cases, but it's unclear if it'll be available to everyone regardless of their background. [...]
List of 82 new domains
2026-06-18 00:00:00
.fr 9-casinos[.fr] (registrar: PDR Ltd. d/b/a PublicDomainRegistry.com)
9casinoo[.fr] (registrar: PDR Ltd. d/b/a PublicDomainRegistry.com)
arlequincasino-fr[.fr] (registrar: PDR Ltd. d/b/a PublicDomainRegistry.com)
babolatsfrance[.fr]...
Multiples vulnérabilités dans les produits Mitel (18 juin 2026)
18/06/2026
De multiples vulnérabilités ont été découvertes dans les produits Mitel. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte...
Multiples vulnérabilités dans Drupal (18 juin 2026)
18/06/2026
De multiples vulnérabilités ont été découvertes dans Drupal. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une injection SQL (SQLi)...
Multiples vulnérabilités dans les produits Cisco (18 juin 2026)
18/06/2026
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une atteinte à la confidentialité...
Multiples vulnérabilités dans les produits Atlassian (18 juin 2026)
18/06/2026
De multiples vulnérabilités ont été découvertes dans les produits Atlassian. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni...
Multiples vulnérabilités dans Splunk AI Toolkit (18 juin 2026)
18/06/2026
De multiples vulnérabilités ont été découvertes dans Splunk AI Toolkit. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un contournement de la politique...
Multiples vulnérabilités dans Nginx (18 juin 2026)
18/06/2026
De multiples vulnérabilités ont été découvertes dans Nginx. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte...
Vulnérabilité dans Synacor Zimbra Collaboration (18 juin 2026)
18/06/2026
Une vulnérabilité a été découverte dans Synacor Zimbra Collaboration. Elle permet à un attaquant de provoquer un déni de service à distance.
Multiples vulnérabilités dans Mattermost Desktop App (18 juin 2026)
18/06/2026
De multiples vulnérabilités ont été découvertes dans Mattermost Desktop App. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Multiples vulnérabilités dans Google Android 17 (18 juin 2026)
18/06/2026
De multiples vulnérabilités ont été découvertes dans Google Android 17. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation...