Toute l'actualité de la Cybersécurité


Gemini Live Voice Session Flaw Enables Tool Injection Through Misconfigured Ephemeral Tokens

2026-07-06 16:38:17
A security flaw in how developers implement Google’s Gemini Live API allows attackers to hijack browser-based AI voice sessions, override system prompts, and trigger unauthorized code execution...

Lire la suite »

De l'IAM à l'IaC, des angles morts dans les solutions de sauvegarde

2026-07-06 16:20:19
Les fournisseurs classés « leaders » dans le Magic Quadrant de la sauvegarde affichent une diversité de déficits de couverture fonctionnelle. The post De l’IAM à l’IaC, des angles morts...

Lire la suite »

5 insights from Frost & Sullivan's 2025 Frost Radar™ for Cloud Security Posture Management

2026-07-06 16:00:00
Read five key learnings from the Frost & Sullivan 2025 Frost Radar™ for CSPM to learn how CSPM is evolving from point-in-time compliance to continuous risk management. The post 5 insights from...

Lire la suite »

I Automated My Communication, and Everything Worked. Then I Slowly Disappeared

2026-07-06 15:49:47
AI can make communication faster, cleaner, and more reliable. But when too much of it is delegated, something harder to measure can disappear: the feeling that a real person is present. This piece explores...

Lire la suite »

The Gentlemen Ransomware Uses 21 Remote Execution Techniques to Encrypt Entire Networks

2026-07-06 15:49:31
A new ransomware strain called The Gentlemen has emerged as one of the more aggressive threats tracked this year, combining strong encryption with a self-spreading worm engine that can take down an entire...

Lire la suite »

The Stablecoin Gold Rush Has a Plot Twist

2026-07-06 15:45:27
Rather than competing to issue stablecoins, major asset managers are positioning themselves to manage the reserves backing them. The article argues that the GENIUS Act created an entirely new asset management...

Lire la suite »

Developing Engineering Judgment in the Age of AI Code Generation

2026-07-06 15:29:17
The article argues that AI is changing the role of software engineers rather than replacing them. As code generation becomes increasingly automated, developers who excel at system design, verification,...

Lire la suite »

What Five Years in Banking Taught Me About Building Consumer Apps

2026-07-06 15:16:29
Drawing on experience in both banking and children's mobile apps, the article explores which product management skills transfer across industries. It argues that fintech builds rigor around trust, metrics,...

Lire la suite »

From Image-to-3D to AI Agents: How AI 3D Generation Operates in 2026

2026-07-06 15:09:19
Learn how AI 3D generation turns text, images, and video into usable 3D models, with Meshy AI tools for design, games, 3D printing, and content creation today.

Lire la suite »

Crypto Portfolio Tracking Is Broken. It Needs to Become Action-Aware.

2026-07-06 15:03:39
Otomato is a portfolio-aware DeFi assistant that helps crypto users monitor positions across DeFi, perps, prediction markets, tokens, and NFTs. Instead of forcing users to refresh dashboards manually,...

Lire la suite »

SilverFox Hackers Use Go RAT, AV Killer, and Kernel Rootkit in Live ValleyRAT Campaign

2026-07-06 15:01:13
A new strain of remote access malware is quietly moving through corporate networks, and it does not behave like anything defenders have seen from this threat group before. The malware, tracked as ValleyRAT,...

Lire la suite »

OpenSSH 10.4 Released with Multiple Security Fixes and New Features

2026-07-06 14:49:15
OpenSSH 10.4 launched on July 6, 2026, delivering a batch of security patches, protocol hardening, and early post-quantum cryptography support, available through mirrors listed on the official OpenSSH...

Lire la suite »

Une faille dans Argo CD fragilise les clusters Kubernetes

2026-07-06 14:44:46
Les chercheurs de Synacktiv ont trouvé une faille dans Argo CD, un outil populaire de développement pour Kubernetes. Elle affecte le composant (...)

Lire la suite »

USN-8514-1: OpenSSH vulnerability

2026-07-06 14:32:58
It was discovered that OpenSSH incorrectly handled file permissions when downloading files as root using the legacy scp protocol without the preserve-mode option. An attacker could use this to install...

Lire la suite »

A Day With Your Vector Command Red Team Pod

2026-07-06 14:26:46
Anyone trying to understand continuous red teaming usually gets the same high-level explanation: it is ongoing, attacker-informed, and designed to uncover risk between formal assessments. Useful as that...

Lire la suite »

Insignary Closes SBOM Accuracy Gap With Binary-Level Clarity for Regulatory Risk

2026-07-06 12:30:06
Toronto, Canada, 6th July 2026, CyberNewswire

Lire la suite »

Microsoft Edge Vulnerability Allows Remote Attacker to Execute Arbitrary Code

2026-07-06 14:23:22
Microsoft has disclosed a new security vulnerability in Microsoft Edge (Chromium-based) that could allow a remote attacker to execute arbitrary code on affected systems. Tracked as CVE-2026-57992, the...

Lire la suite »

IA en entreprise : pourquoi Microsoft et AWS court-circuitent les intermédiaires

2026-07-06 14:18:28
En déployant par milliers leurs propres ingénieurs directement au cœur des entreprises clientes, Microsoft et AWS court-circuitent les ESN, partenaires traditionnels de l'intégration de leurs offres. The...

Lire la suite »

350 € pour une fausse carte d'identité : la France découvre un trafic de faux documents sur Telegram

2026-07-06 14:01:56
Un couple de Français résidant à Béziers a été arrêté pour avoir vendu de faux papiers sur Telegram. Les prix des faux documents variaient de 350 € pour une carte d'identité à 1 600 € pour...

Lire la suite »

The TechBeat: How Small Postgres Metadata Tables Quietly Throttle Your Largest Queries (7/6/2026)

2026-07-06 14:01:24
How are you, hacker? 🪐Want to know what's trending right now?: The Techbeat by HackerNoon has got you covered with fresh content from our trending stories of the day! Set email preference here. ...

Lire la suite »

117 Blog Posts To Learn About Amazon Web Services

2026-07-06 14:00:45
Let's learn about Amazon Web Services via these 117 free blog posts. They are ordered by HackerNoon reader engagement data. Visit the Learn Repo or LearnRepo.com to find the most read blog posts about...

Lire la suite »

Software Is Now Written at the Speed of Thought. Security Isn't.

2026-07-06 14:00:10
Every evolution in software development has reduced the friction between an idea and a deployable application. AI may remove the final barrier, but it also removes many of the moments where security decisions...

Lire la suite »

Windows 11 24H2 and 25H2 Issue Causes Black Screen, Start Menu Failure, and Taskbar Crashes

2026-07-06 13:43:26
Microsoft fixes issues affecting Windows 11 versions 24H2 and 25H2, which are causing critical user interface failures, including black screens, Start menu malfunctions, and taskbar crashes in certain...

Lire la suite »

Le piratage de GPS sème la zizanie dans la marine marchande

2026-07-06 13:40:31
Le hacking de GPS de bâtiments maritimes n'est pas nouveau, en particulier en zone de guerre. Mais selon le site californien gCaptain, spécialiste (...)

Lire la suite »

USN-8502-1: GnuTLS vulnerabilities

2026-07-06 13:37:09
It was discovered that GnuTLS had a timing side-channel when processing malformed ciphertexts in RSA-PSK ClientKeyExchange. A remote attacker could possibly use this issue to recover sensitive information....

Lire la suite »

We Used Benchmaxxers' Favourite Trick to Climb 10 Places on the Hugging Face Open ASR Leaderboard

2026-07-06 13:32:29
There is a well-known trick for climbing ASR leaderboards: fine-tune on data that closely resembles a testset, submit, watch your rank improve. We did exactly that with AMI, the one testset that consistently...

Lire la suite »

Dmytro Rukin on Building Cross-Border Payment Infrastructure in Latin America

2026-07-06 13:25:42
Dmytro Rukin is the CEO of LaFinteca, a payment infrastructure company operating across Latin America (Brazil, Mexico, Chile, Peru, Colombia) and Europe. He has spent close to a decade in payments, starting...

Lire la suite »

Multiple IBM WebSphere Vulnerabilities Enable XSS and Path Traversal Attacks

2026-07-06 13:23:49
Multiple vulnerabilities have been disclosed in IBM WebSphere Application Server that could allow attackers to execute cross-site scripting (XSS) attacks and perform path traversal, potentially exposing...

Lire la suite »

USN-8513-1: PHP vulnerabilities

2026-07-06 13:22:54
It was discovered that PHP incorrectly handled SOAP object deduplication when processing apache:Map nodes with duplicate keys. An attacker could possibly use this to cause a use-after-free, resulting...

Lire la suite »

Max severity Adobe ColdFusion flaw now exploited in attacks

2026-07-06 13:18:37
Attackers are now exploiting a maximum-severity Adobe ColdFusion vulnerability tracked as CVE-2026-48282, according to vulnerability intelligence company KEVIntel. [...]

Lire la suite »

Hidden Web Prompts Trick AI Agents Into Sending Money

2026-07-06 13:03:25
Hidden prompts on malicious websites trick AI agents into making payments or trusting fake sites, exposing new risks for autonomous AI workflows. Zscaler ThreatLabz documented two active campaigns that...

Lire la suite »

Hackers Abuse 2026 FIFA World Cup Hype to Harvest PII and Payment Card Details

2026-07-06 13:02:54
Football fans searching for World Cup deals are running into a different kind of contest this year, one designed by criminals rather than FIFA. A phishing operation tied to the 2026 FIFA World Cup has...

Lire la suite »

⚡ Weekly Recap: Proxy Botnets, Browser Ransomware, AI Agent Tricks, Fake PoC Malware and More

2026-07-06 13:01:14
A streaming box should not need a threat model. Neither should a username field, a demo repo, a reset flow, or a browser permission prompt. That is the irritating part this week: the risky pieces were...

Lire la suite »

Convert DOCX to PDF in C#: 5 Methods Compared in 2026

2026-07-06 13:00:49
Compare five ways to convert DOCX to PDF in C#, from Office Interop to LibreOffice, cloud APIs, and native .NET libraries.

Lire la suite »

AI Is Forcing a New Open Source Security Model

2026-07-06 13:00:03
Open source security has spent years getting better at finding problems. Scanning improved, as did intelligence, disclosure and prioritization. All of these still matter, but they are not enough....

Lire la suite »

USN-8512-1: Gzip vulnerabilities

2026-07-06 12:52:06
It was discovered that Gzip's gzexe utility handled temporary files in an insecure manner. When the mktemp utility was not available, gzexe constructed a temporary file path based on the process ID, which...

Lire la suite »

Choose your WhatsApp username carefully

2026-07-06 12:51:52
WhatsApp is introducing usernames to help protect your phone number. Just make sure you don't undermine that privacy by choosing the wrong one.

Lire la suite »

Inside Android's New Lockscreen Rate-Limiting Rules

2026-07-06 12:47:24
Google has replaced Android's 1,800-guess lockscreen limit with a 20-attempt hard cap. Here is how the new rate limiter works and what it means for anyone testing or managing Android devices. Inside Android’s...

Lire la suite »

ClickFix Scams Abuse Google, Cloudflare Checks to Deliver 7 Malware Families

2026-07-06 12:39:37
Malwarebytes links fake Google and Cloudflare verification pages to shared ClickFix infrastructure delivering StealC, NetSupport and other malware.

Lire la suite »

The Next Step In Cybersecurity: Prevent Risks Before They Reach Production

2026-07-06 12:38:29
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jul. 6, 2026 – Watch the YouTube video “One of the biggest misconceptions in cybersecurity is that seeing...

Lire la suite »

USN-8511-1: socat vulnerabilities

2026-07-06 12:37:17
It was discovered that socat incorrectly handled the SOCKS5 proxy server reply parser. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2026-56123) It was discovered that...

Lire la suite »

Albert Dadon Is Building Financial Rails No Single Government Can Switch Off

2026-07-06 12:32:29
The thesis: AEREDIUM founder Albert Dadon argues the 2022 SWIFT disconnection was misread as a political story when it was an engineering one — credible neutrality can't be voted into existence, it...

Lire la suite »

Ubuntu 20.04 LTS ncurses Critical DoS Vulnerability USN-8503-1

2026-07-06 12:29:38
ncurses could be made to crash if it opened a specially crafted file.

Lire la suite »

Multiple PHP Vulnerabilities Enable DoS and Memory Corruption Attacks

2026-07-06 12:05:54
Multiple security vulnerabilities in PHP have been disclosed that could allow attackers to trigger denial-of-service (DoS) conditions and cause memory corruption, impacting widely deployed web applications....

Lire la suite »

OLTP vs OLAP: Why Your App Database Isn't Built for Analytics

2026-07-06 11:59:17
OLTP databases like PostgreSQL are optimized for fast reads and writes on specific records - orders, users, payments. OLAP databases like ClickHouse are built for a different job: aggregating and analyzing...

Lire la suite »

USN-8510-1: tar vulnerability

2026-07-06 11:57:49
It was discovered that tar incorrectly handled symlinks when extracting archives. An attacker could possibly use this issue to overwrite arbitrary files.

Lire la suite »

NetNut botnet takes a hit. Don't be part of the next one.

2026-07-06 11:52:14
Google, the FBI, and other partners have disrupted a residential proxy network built on millions of hijacked devices and used by criminals.

Lire la suite »

USN-8509-1: Python vulnerabilities

2026-07-06 11:48:55
It was discovered that Python incorrectly normalized paths in the tarfile module. An attacker could possibly use this issue to bypass path restrictions. This issue only affected Ubuntu 22.04 LTS and Ubuntu...

Lire la suite »

How to Evaluate an AI SOC Platform in 2026: 6 Capabilities That Separate Leaders from Bolt-On AI solutions

2026-07-06 11:30:02
Building a shortlist for an AI SOC evaluation can be tough. SIEM, SOAR, and pureplay AI SOC vendors are all saying the same thing. But behind the identical label sit very different products, from chat...

Lire la suite »

USN-8506-1: Request Tracker vulnerabilities

2026-07-06 11:15:39
Aleksander Iwicki discovered that Request Tracker did not properly sanitize the search "Page" URL parameter. A remote attacker could possibly use this issue to conduct a reflected cross-site scripting...

Lire la suite »

USN-8505-1: Parsl vulnerability

2026-07-06 11:03:31
It was discovered that Parsl incorrectly constructed SQL queries using unsafe string formatting with user-supplied input in the parsl-visualize component. A remote attacker could possibly use this issue...

Lire la suite »

Suspected China-Nexus Hackers Use Fake Indian Tax Filing Utility to Deploy DcRAT

2026-07-06 10:58:16
A suspected China-nexus threat activity cluster has been observed targeting Indian taxpayers, tax professionals, and corporate finance teams to deliver a remote access trojan designed to steal sensitive...

Lire la suite »

PC IA : le NPU, emblème d'un marché qui se cherche encore

2026-07-06 10:49:30
Pièce maîtresse du narratif autour des PC IA, le NPU trouve très progressivement sa place dans les usages pratiques. The post PC IA : le NPU, emblème d'un marché qui se cherche encore appeared...

Lire la suite »

AI Can Forge Documents in Minutes – “Looks Right” Is No Longer Enough

2026-07-06 10:28:11
Generative AI is making document fraud faster and harder to spot, pushing security teams to verify provenance, signatures and file integrity at intake securely.

Lire la suite »

La Coupe du monde de football, une vitrine des apports de l'IA

2026-07-06 10:26:14
La Coupe du monde de la FIFA est la plus grande vitrine publicitaire mondiale. L'édition de 2022 a touché près de 2,8 milliards de (...)

Lire la suite »

Seven Bugs in FatFs Put IoT and Embedded Devices at Risk

2026-07-06 10:20:56
runZero found 7 flaws in FatFs, a filesystem used in IoT and embedded devices. Bugs can cause memory corruption, crashes, or data leaks via crafted storage. Cybersecurity firm runZero has disclosed seven...

Lire la suite »

Apple adapte sa politique de correctifs à l'ère de l'IA

2026-07-06 10:07:13
En matière de cybersécurité, l'IA est en train de profondément bouleversé la politique de gestion des correctifs. Les (...)

Lire la suite »

Faux résultats du bac : l'IA durcit l'arnaque

2026-07-06 10:02:27
Faux sites du bac : données personnelles, IA et publicité exploitent l'impatience des candidats avant les résultats.

Lire la suite »

2 millions de TV et de boîtiers Android ont été piratés, mais Google contre-attaque

2026-07-06 10:01:04
Google vient de porter un coup fatal à NetNut, l'un des plus vastes réseaux de proxy résidentiels malveillants jamais identifiés. Ce réseau était parvenu à compromettre plus de deux millions d'appareils...

Lire la suite »

USN-8492-3: Linux kernel (Raspberry Pi Real-time) vulnerabilities

2026-07-06 09:33:53
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; ...

Lire la suite »

When checking the URL isn't enough: a Device Code Phishing attack via a Microsoft website

2026-07-06 09:00:43
The OAuth 2.0 Device Authorization Grant specification was designed to streamline authentication for Smart TVs, IoT devices, and printers. Today, threat actors are weaponizing it.

Lire la suite »

Paritel cible les PME avec son firewall managé

2026-07-06 08:54:53
L’opérateur télécom Paritel lance une offre de firewalling managée, basée sur les technologies de Fortinet, à (...)

Lire la suite »

Lancom et Rohde & Schwarz Cybersecurity fusionnent pour devenir Rohde & Schwarz Networks and Cybersecurity

2026-07-06 08:54:35
Lancom Systems et Rohde & Schwarz Cybersecurity, les deux filiales du groupe allemand Rohde & Schwarz, fusionnent pour donner naissance à (...)

Lire la suite »

La ville Gentilly s'émancipe de Microsoft pour Jamespot

2026-07-06 08:53:36
Le 12 février 2025, la commune de Gentilly (Val-de-Marne) est la cible, comme de nombreuses autres municipalités, d'une cyberattaque, tentative (...)

Lire la suite »

New TrojPix Attack Leaks Data From Air-Gapped Systems via Video Cable Emissions

2026-07-06 08:50:54
Researchers at Shandong University have shown a fast new way to pull data off computers that are cut off from every network. The technique, called TrojPix, tweaks on-screen pixels in ways...

Lire la suite »

Bad Epoll Flaw Gives Attackers Root Access on Linux and Android

2026-07-06 08:24:22
Bad Epoll (CVE-2026-46242) lets local attackers gain root on Linux and Android. The flaw was missed by AI but found by a security researcher. A newly disclosed Linux kernel vulnerability, named Bad...

Lire la suite »

New Java-Based QuimaRAT MaaS Built to Run on Windows, Linux, and macOS

2026-07-06 08:13:33
Cybersecurity researchers have flagged a novel Java-based remote access trojan (RAT) called QuimaRAT that's capable of targeting Windows, Linux, and macOS environments. According to LevelBlue, the cross-platform...

Lire la suite »

Opera GX Flaw Let Malicious Sites Auto-Install Mods to Steal Data From Visited Pages

2026-07-06 07:27:50
Researchers found a flaw in Opera GX, the gaming-focused version of the Opera browser, that let a malicious website silently install a browser add-on and use it to lift specific data from the pages...

Lire la suite »

A week in security (June 29 – July 5)

2026-07-06 07:14:12
A list of topics we covered in the week of June 29 to July 5 of 2026

Lire la suite »

Wazuh File Integrity Monitoring: Tracking Endpoint Modifications in Real Time

2026-07-06 06:34:23
OverviewIn this project, I implemented File Integrity Monitoring (FIM) using Wazuh to detect file system and Windows Registry changes in a lab environment. Custom FIM rules was configured to monitor user...

Lire la suite »

SkillCloak Lets Malicious AI Agent Skills Evade Static Scanners with Self-Extracting Packing

2026-07-06 06:33:56
Scanners meant to catch malicious add-on "skills" for AI coding agents can be fooled by a few simple changes that leave the malware working, according to a new study from researchers at the...

Lire la suite »

Mastering curl Commands Bug Bounty Hunter's Guide

2026-07-06 06:30:13
Every bug bounty hunter has curl installed. Few use it to its full potential. While Burp Suite and custom scripts get the limelight, curl…Continue reading on InfoSec Write-ups »

Lire la suite »

Mass Assignment and the Identity Drift: From Profile Edit to Insurance Takeover

2026-07-06 06:29:11
No customer support call. No re-verification.Yet the name changes. The date of birth changes. The government ID number changes. But the eKYC status remains verified and every system that relies on that...

Lire la suite »

The File That Answered Back — XXE Hidden in Cell A2

2026-07-06 06:28:59
Most people know XXE. Few think to look for it inside a spreadsheet upload. But beneath every .xlsx is really a ZIP archive full of XML, and the parser reading it doesn't always know where to stop....

Lire la suite »

RCE via Gemini Live AI Voice Session Misconfiguration.

2026-07-06 06:28:53
RCE via Gemini Live AI Voice Session Misconfiguration. Injecting Client-Controlled Setup Frames Through Unconstrained Ephemeral TokensSource: https://ai.google.dev/gemini-api/docs/live-api/ephemeral-tokensA...

Lire la suite »

How I Found a Critical OAuth Misconfiguration That Led to Account Takeover

2026-07-06 06:28:43
A bug bounty story about OAuth, PKCE, open client registration, and how multiple low-level issues chained together into a critical account takeover vulnerability.IntroductionWhile testing a self-hosted...

Lire la suite »

How I Found a Data Deletion Bypass via Subdomain Synchronization

2026-07-06 06:28:09
This is what I did after my lunch break and immediately got enough cash to buy stuff in the premium store🙌🏻IntroductionHello everyone! Shortly after my lunch break one afternoon, I accidentally...

Lire la suite »

RingZeroCTF Coding Challenge 1 [Hash Me If You Can] Writeup

2026-07-06 06:27:38
Ok so guys this is my first writeup i have been writing on the medium platform of the recent CTF i was practicing on the platform RingZero.In that i selected the coding challenges and decided to do the...

Lire la suite »

PicoCTF Web Exploitation Easy Category Web Challenge [SSTL 1]

2026-07-06 06:25:35
Photo by Alexandre Debiève on UnsplashChallenge Statement :- I made a cool website where you can announce whatever you want! Try it out. Additional details will be available after launching your challenge...

Lire la suite »

Multiples vulnérabilités dans Roundcube (06 juillet 2026)

06/07/2026
De multiples vulnérabilités ont été découvertes dans Roundcube. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une falsification de requêtes côté...

Lire la suite »

Multiples vulnérabilités dans OpenSSH (06 juillet 2026)

06/07/2026
De multiples vulnérabilités ont été découvertes dans OpenSSH. Certaines d'entre elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, un déni de service et...

Lire la suite »

Vulnérabilité dans PostgreSQL JDBC (06 juillet 2026)

06/07/2026
Une vulnérabilité a été découverte dans PostgreSQL JDBC. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.

Lire la suite »