Toute l'actualité de la Cybersécurité
Fuite de données pour Tchap la messagerie instantanée de l'Etat
2026-06-08 17:31:36
Tout a commencé par un message d’un cybercriminel sur un forum (et diffusé par French Breaches) qui revendique avoir eu accès (...)
Hackers Clone Ghidra, dnSpy and Other Tool Sites to Spread Malware
2026-06-08 16:56:23
Hackers are cloning Ghidra, dnSpy, ILSpy and other free tool sites to spread Malware like RemusStealer, crypto clippers and loaders through fake downloads.
New Linux Kernel Vulnerability Lets Attackers Escalate Privileges to Root
2026-06-08 16:45:41
A use-after-free vulnerability in the Linux kernel’s nftables subsystem has been disclosed, enabling unprivileged local attackers to escalate privileges to root on widely deployed distributions...
De la « fédération EuroCloud » aux « zones d'accélération », ce qui se dessine avec le CADA
2026-06-08 16:33:33
La Commission européenne a publié sa proposition de règlement CADA (Cloud and AI Development Act). En voici les grands axes.
The post De la « fédération EuroCloud » aux « zones d’accélération...
New Pink Hacking Group Attacking Enterprise Users to Steal Cloud Storage Passwords
2026-06-08 16:22:46
A newly identified extortion group called Pink has emerged as a serious threat to enterprise organizations, using social engineering tactics to steal cloud storage credentials and sensitive data. The...
Gogs patches critical zero-day enabling remote code execution
2026-06-08 16:18:40
Gogs has patched a critical security zero-day flaw that can allow attackers to compromise Internet-facing instances and access any repositories (including private ones). [...]
Malspam Attack Uses Google DoubleClick Redirects to Deliver Fileless .NET Loader
2026-06-08 16:01:55
Cybercriminals have found a new way to sneak malware past email security tools, and this time they are hiding behind a name that most systems trust without question. A recent malspam campaign has been...
AI brands as bait: How threat actors are using the AI hype in social engineering
2026-06-08 16:00:00
As threat actors operationalize AI to accelerate attacks, they are also leveraging the wider global interest around AI itself as a social engineering lure.
The post AI brands as bait: How threat actors...
USN-8405-1: CUPS vulnerabilities
2026-06-08 15:51:32
Ariel Silver discovered that CUPS incorrectly handled username comparisons
during authorization checks. A local attacker could possibly use this issue
to gain unauthorized access to restricted operations....
Critical UniFi OS bug lets hackers gain root without authentication
2026-06-08 15:51:19
Attackers can chain three already fixed vulnerabilities in the Ubiquiti UniFi OS server to execute remote code with root privileges and without authentication. [...]
Tchap, la messagerie ultra sécurisée du gouvernement français a été piratée
2026-06-08 15:41:43
Tchap, la messagerie ultra sécurisée du gouvernement français, a été piratée, exposant potentiellement les données de 73 000 agents et 643 000 messages. De son côté, le gouvernement assure que...
UNC3753 Attacking US Law Firms Using Vishing and RMM Tools to Exfiltrate Data
2026-06-08 15:21:48
A sophisticated cybercriminal group known as UNC3753 has been running an aggressive campaign against US law firms since early 2026, using phone calls, screen-sharing tricks, and remote monitoring software...
Vibe Coding Ends at Localhost
2026-06-08 15:16:40
AI coding tools have become extraordinary at producing working code and remained useless at the last step: putting it on the internet. This isn't because the models are dumb. It's structural. Coding agents...
USN-8404-1: Transmission vulnerability
2026-06-08 15:15:55
It was discovered that Transmission had a clickjacking weakness in the
browser-facing WebUI and RPC response paths. An attacker could possibly use
this issue to trick users into performing unintended...
New Lucid Stealer Targets 18 Browsers, Crypto Wallets, and Discord Tokens With Hidden Remote Access
2026-06-08 15:04:36
A newly identified piece of Windows malware is raising serious concerns among cybersecurity professionals for its wide reach and unusually deep set of capabilities. Discovered through underground channels...
Americans lost nearly 0 million to AI-powered scams, FBI says
2026-06-08 15:02:13
Deepfakes, voice cloning, and other AI-powered scams cost Americans nearly 0 million in 2025, says the 2025 FBI Internet Crime Report.
WhatsApp Disrupts NSO-Linked Cyberattack Targeting Users with Pegasus Spyware
2026-06-08 14:54:14
Meta’s WhatsApp has identified and disrupted a fresh wave of spear-phishing campaigns linked to NSO Group, the Israeli spyware firm blacklisted by the U.S. government, and is now asking a federal...
Chrome Patches 429 Vulnerabilities Including 22 Critical Ones – Update Now!
2026-06-08 14:29:52
Chrome users should treat the latest stable update as an urgent security priority, with Google patching 429 vulnerabilities, including 22 rated critical, in Chrome 149.0.7827.53 across Windows, macOS,...
USN-8403-1: Kea DHCP vulnerability
2026-06-08 14:28:06
Ali Norouzi discovered that Kea DHCP did not properly handle maliciously
crafted messages over configured API sockets and HA listeners. A remote
attacker could possibly use this issue to cause Kea DHCP...
Critical Check Point VPN Flaw Exploited to Bypass Passwords in IKEv1 Setups
2026-06-08 14:17:39
Check Point has warned of active exploitation of a critical vulnerability impacting Remote Access VPN and Mobile Access deployments that are configured to use the deprecated IKEv1 key exchange protocol.
The...
AI First or Data First? Why Scale Requires a Balanced Approach
2026-06-08 14:15:16
Many organisations rush into AI expecting models alone to create value. Research and industry evidence suggest otherwise. Successful AI depends on balancing model development with data quality, governance,...
Everest Forms Pro WordPress Flaw is Handing Attackers Admin Access
2026-06-08 14:11:44
Hackers exploit CVE-2026-3300 in Everest Forms Pro to inject PHP via form fields, creating rogue admin accounts. 29,300 attempts blocked. Researcher h0xilo submitted a flaw in Everest Forms Pro for WordPress,...
Reducing security operations complexity with Wazuh Cloud
2026-06-08 14:01:11
Security teams are increasingly overwhelmed by alert fatigue, infrastructure maintenance, and complex hybrid environments. This article explores how Wazuh Cloud helps simplify SIEM/XDR operations through...
The TechBeat: How I Stress-Tested 3 AI 3D Generators on the Same Inputs: What the Numbers Actually Show (6/8/2026)
2026-06-08 14:01:06
How are you, hacker?
🪐Want to know what's trending right now?:
The Techbeat by HackerNoon has got you covered with fresh content from our trending stories of the day! Set email preference here.
...
138 Blog Posts To Learn About Online Education
2026-06-08 14:00:38
Let's learn about Online Education via these 138 free blog posts. They are ordered by HackerNoon reader engagement data. Visit the Learn Repo or LearnRepo.com to find the most read blog posts about any...
Mythos Found 10,000 Vulnerabilities. The Bigger Challenge Is Fixing Them
2026-06-08 14:00:00
You don't need an AI-scale fortune to be Mythos ready. You need automated, policy-driven remediation that can close the gap between vulnerability discovery and verified fixes. Keep reading for...
What a Decade in Government Software Taught Me About Technical Debt
2026-06-08 13:58:56
Drawing on years of experience modernizing public-sector systems, the author argues that most "technical debt" in government software has little to do with poor engineering. Instead, it reflects decades...
Silent Ransom Group Uses Fast Flux Botnet to Hide Law Firm Leak Sites
2026-06-08 13:40:06
Cybersecurity firm Resecurity reports Silent Ransom Group is using a fast flux botnet to hide data leak sites while targeting law firms with theft and vishing.
Un pirate affirme avoir aspiré des centaines de milliers de messages sur la messagerie sécurisée de l'État
2026-06-08 13:23:00
Tchap, c'est la messagerie ultra-sécurisée et souveraine du gouvernement. Elle était censée assurer une protection maximale, mais un pirate affirme avoir exfiltré plus de 643 000 messages et les...
AI Phishing Is Crushing SOCs with Alert Volume: How to Reduce Tier 1 Overload
2026-06-08 13:19:13
Phishing has always been a numbers game. AI has turned it into a volume machine.
Attackers can now create convincing emails, fake login pages, and tailored lures in minutes. Every polished message adds...
⚡ Weekly Recap: Instagram Account Hacks, Android Zero-Day, GitHub Worm and More
2026-06-08 13:18:57
Monday again. The weekend was meant to be quiet. It wasn't. Last week had poisoned packages, a broken AI helper, and a worm tearing through repos. The ugly part: basic tricks still worked.
A chatbot...
USN-8402-1: systemd vulnerabilities
2026-06-08 13:17:14
It was discovered that systemd-nspawn incorrectly handled certain optional
configuration files. A local attacker could possibly use this issue to
escape to the host system and execute arbitrary code....
Check Point links VPN zero-day attacks to Qilin ransomware gang
2026-06-08 13:05:16
Israeli cybersecurity company Check Point has released security updates to patch a critical flaw affecting Remote Access VPN and Mobile Access deployments, which was exploited in zero-day attacks. [...]...
WhatsApp attaque NSO pour violation d'injonction
2026-06-08 12:57:40
Malgré une condamnation en 2025, NSO, le fabricant du logiciel espion Pegasus, a de nouveau tenté de cibler des utilisateurs de WhatsApp. Meta saisit le tribunal fédéral.
The post WhatsApp attaque...
USN-8400-1: poppler vulnerability
2026-06-08 12:52:52
It was discovered that poppler incorrectly handled certain malformed PDF
tiling patterns in the Splash backend. An attacker could possibly use this
issue to execute arbitrary code, obtain sensitive information,...
WireBadger Malicious Cable Detector For Penetration Testers And Red Teams
2026-06-08 12:46:56
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 8, 2026 – WireBadger production information USB technology was designed for convenience and universal compatibility....
USN-8399-1: Pillow vulnerabilities
2026-06-08 12:43:16
It was discovered that Pillow incorrectly handled large glyph advance
values in fonts. An attacker could possibly use this issue to cause Pillow
to crash, resulting in a denial of service. (CVE-2026-42308)
It...
Build NotebookLM-Style Videos From Markdown With SceneDown
2026-06-08 12:35:20
SceneDown is an open-source tool that generates NotebookLM-style videos from simple Markdown files.
Unlike NotebookLM, it gives you full control over the script, images, narration, timing, and subtitles.
The...
USN-8398-1: nginx vulnerability
2026-06-08 12:32:23
It was discovered that nginx incorrectly handled certain cookie headers in
the HTTP/2 implementation. A remote attacker could possibly use this issue
to cause nginx to consume excessive resources, resulting...
Chips Act 2.0 : ce qui change, ce qui reste
2026-06-08 12:25:18
La Commission européenne propose de réviser la terminologie du Chips Act, ses priorités ainsi que les organismes et les dispositifs pour le mettre en œuvre.
The post Chips Act 2.0 : ce qui change,...
USN-8397-1: libjxl vulnerability
2026-06-08 12:20:37
It was discovered that libjxl did not properly handle certain crafted PBM
images. An attacker could possibly use this issue to cause libjxl to crash,
resulting in a denial of service, or execute arbitrary...
Selon Kaspersky, 17 % des points d'accès Wi-Fi publics dans les grandes villes mexicaines ne sont pas sécurisés
2026-06-08 12:01:36
Les experts du GReAT Kaspersky (équipe d'analyse et de recherche globale) ont analysé plus de 84 000 signaux de réseau Wi-Fi gratuits dans trois grandes villes mexicaines qui accueilleront la Coupe...
Le point de bascule de l'IT : quand la gestion des identités devient une condition de croissance
2026-06-08 12:00:12
La gestion des identités et des accès est longtemps restée un sujet technique, traité par les équipes IT en marge des priorités stratégiques. Cette époque touche à sa fin. Dans les organisations...
The Hardest Fork
2026-06-08 11:53:00
Mythos is real. I know a big chunk of the industry thinks it's a marketing stunt, and I get why. I get it. But I've seen the findings, and they're bad. These aren't "whoops, this line right here is wrong,...
La plupart des modèles IA non conformes au droit européen
2026-06-08 11:45:53
Selon la fondation de recherche à but non lucratif Aithos, tous les grands modèles IA enfreignent, à des degrés divers, (...)
OWASP Releases AI Security Report to Empower Security Professionals with New Tools
2026-06-08 11:42:18
OWASP has released the “State of Agentic AI Security and Governance v2.01” report, a technical blueprint aimed at security teams racing to secure rapidly proliferating autonomous AI agents in production....
Instagram Recovery Tool Bug Exposed 20,225 Accounts to Password Reset Abuse
2026-06-08 11:34:20
Meta says an Instagram recovery tool bug allowed attackers to abuse password resets, affecting 20,225 accounts and exposing users without 2FA to account takeover risk.
Oxford University discloses data breach after careers platform hack
2026-06-08 11:14:41
The University of Oxford disclosed a new data breach last week after being informed by its third-party provider, Group GTI, that its CareerConnect career services platform had been compromised. [...]
Revealing the Hidden Costs of Codebase Complexity
2026-06-08 11:00:37
As AI-generated code accelerates software development, many enterprises are losing visibility into how their systems actually work. The result is longer outages, slower releases, growing technical debt,...
How MoEngage Achieved Millisecond Personalization with ScyllaDB
2026-06-08 11:00:29
MoEngage rebuilt its real-time data infrastructure to support instant personalization, segmentation, and customer engagement. Its ScyllaDB-powered Eventstore processes more than 250,000 writes per second...
Pirated PC games are delivering password-stealing malware
2026-06-08 10:53:06
Cybercriminals are hiding malware in cracked and repacked games, infecting more than 400,000 devices worldwide.
UNC3753 Escalates: From Vishing Calls to Physical Office Intrusions at US Legal and Financial Firms
2026-06-08 10:46:36
UNC3753 phones staff posing as IT, hijacks screen sessions, steals sensitive legal files, and now sends operatives physically into offices to plug in USB drives. Google Mandiant and the Google Threat...
Rachat de SFR : c'est signé…mais c'est pas fait
2026-06-08 10:37:13
Orange, Bouygues Telecom et Free ont paraphé le protocole d'accord pour le rachat de SFR. Une opération qui reste soumise au feu vert des autorités de concurrence.
The post Rachat de SFR : c’est...
Faille Instagram : le bouton « Mot de passe oublié » a divulgué des numéros de téléphone et des adresses mail
2026-06-08 10:31:41
Pendant quelques heures, Instagram a divulgué les coordonnées complètes, adresses email et numéro de téléphone, de ses utilisateurs. Cette faille dans le système de récupération de compte de...
VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux Appliances
2026-06-08 10:27:32
A China-nexus cyber espionage group has been observed deploying a BSD variant of a known backdoor called BRICKSTORM, as well as two other malware families codenamed PLENET (aka GRIMBOLT) and AGENTPSD...
Instagram Glitch Reportedly Exposed Contact Info of Zuckerberg and Other Users
2026-06-08 10:17:38
Instagram glitch exposed Mark Zuckerberg's email addresses and phone number, plus contact details of other top users, through a password reset flaw.
Internet Explorer WebBrowser Control Attack Chain Turns Clicks Into RCE
2026-06-08 10:06:02
Internet Explorer's legacy WebBrowser control can still be abused to turn a single user click into full remote code execution (RCE) on Windows systems, even though the browser is officially retired....
Meet the Writer: Hacker Noon's Contributor Matias Denda, Systems Engineer/Technical Architect
2026-06-08 09:54:06
From cave diving to Go runtimes: Matías on building Mycel, writing in the margins, and why your biggest annoyances point to your next project.
MokN lève 15 millions $ pour industrialiser son « phish-back «
2026-06-08 09:48:48
Avec sa technologie de "phish-back ", MokN piège les attaquants avec de faux portails d'accès pour récupérer les identifiants volés avant leur exploitation.
The post MokN lève 15 millions $ pour...
Meta AI Recovery Tool Flaw Exposed 20,000+ Instagram Accounts
2026-06-08 09:33:45
A flaw in Meta’s AI-powered Instagram recovery tool exposed over 20,000 accounts, letting attackers reset passwords and take over profiles. Meta’s High Touch Support tool, known as HTS, was...
Your RAG System Might Be Confidently Wrong
2026-06-08 09:22:00
Most RAG confidence scores only describe the model output. They do not tell you whether the retrieved index was fresh, whether the source changed after indexing, or whether old embeddings are still being...
Curing the Multi Agent Hallucination Contagion in Production Clusters
2026-06-08 09:17:13
In production multi-agent clusters, a hallucination from a single node can quickly act like a software contagion, spreading through shared memory and corrupting downstream tasks. To stop this cascading...
Why Your Kafka Pipeline Looks Fine in Staging but Breaks in Production
2026-06-08 09:11:58
Staging never breaks your Kafka pipeline. Production does. I cover offset mismanagement, rebalance storms, schema drift, Spark backpressure, and the governance controls most teams skip, including ACLs,...
Multiple VMware Stored XSS Vulnerabilities Allow Attackers to Inject Malicious Scripts
2026-06-08 09:02:24
Broadcom has disclosed three stored cross-site scripting (XSS) vulnerabilities affecting VMware Cloud Foundation Operations and several related products, warning that authenticated attackers could inject...
ChatGPT se verrouille contre les cyberattaques : ce nouveau mode va mieux protéger vos données, comment l'activer ?
2026-06-08 09:00:57
OpenAI vient de déployer le « Lockdown Mode », une fonctionnalité de sécurité destinée à protéger les utilisateurs de ChatGPT contre les attaques par injection de requêtes. Disponible sur tous...
UNC3753 Used Vishing and Physical Intrusions in U.S. Data Theft Extortion Campaign
2026-06-08 07:39:28
Cybersecurity researchers have disclosed details of a financially motivated data theft extortion campaign that has targeted dozens of organizations across professional, legal, and financial services in...
A week in security (June 1 – June 7)
2026-06-08 07:07:07
A list of topics we covered in the week of June 1 to June 7 of 2026
IoT Botnet C0XMO Adds Competitor-Killing Capability
2026-06-08 07:03:30
C0XMO is a new Gafgyt botnet variant exploiting old router flaws, spreading across IoT devices, killing rivals, and enabling large-scale DDoS attacks. In March 2026, FortiGuard Labs discovered a new variant...
VS Code Adds 2-Hour Extension Auto-Update Delay to Limit Supply Chain Attacks
2026-06-08 06:08:44
Microsoft has announced that Visual Studio Code (VS Code) will apply a two-hour delay before extensions for the integrated development environment (IDE) are updated automatically to a newer version in...
Over 20,000 Instagram accounts stolen in Meta AI support hack
2026-06-08 06:00:27
Meta has revealed that 20,225 Instagram users had their accounts hijacked in a recent incident where attackers used Meta's AI-powered support system to reset passwords. [...]
Applying Sherman Kent's Analytic Discipline to CTI: A Practical Analyst Guide
2026-06-08 04:31:26
Estimative language, evidence discipline, and analytic integrity for cyber threat intelligenceExecutive SummaryThis is an analyst guide, not a formal CTI report. It does not answer a single priority intelligence...
Operation Desert Hydra — AI-Assisted CTI Pipeline: MuddyWater to Kibana
2026-06-08 04:31:01
11 validated detections from public sources, OpenCTI graph, and a one-command labTable of ContentsMost threat actor writeups stop too early. They describe the group, list ATT&CK techniques, and paste...
CTI as a Code: Complete Step-by-Step Methodology
2026-06-08 04:30:49
Version-controlled threat intelligence — from first call to deployed Sigma rule.Why This Methodology ExistsMost CTI work degrades in three predictable ways:The evidence problem. An analyst writes...
CTI as a Code in Practice: Reactive Investigation — LifeTech Pharma
2026-06-08 04:30:34
A complete walkthrough of the methodology applied to a real training scenario: pharmaceutical IP theft, dual entry points, and a DCSync that changes everything.All organizations, names, and data are fictional....
ThreatMapper: I Built a Self-Hosted AI Threat Intelligence Platform — Here's How to Use It
2026-06-08 04:30:09
Map adversary behaviour to MITRE ATT&CK in seconds, compare against 160+ APT groups, and generate PDF reports — all running locally with your own LLM keys.Table of ContentsThe ProblemWhat...
OSCP Windows Enumeration Checklist: My Complete Privilege Escalation Workflow for Every Box
2026-06-08 04:26:28
Learn the exact Windows enumeration process for OSCP, including WinPEAS analysis, credential hunting, token abuse, service…Continue reading on InfoSec Write-ups »
JavaScript Prototype Pollution Deep Dive : — Reconnaissance, Exploitation & Bug Bounty Guideline
2026-06-08 04:26:08
From Recon to RCE — A comprehensive deep-dive into one of JavaScript's most misunderstood vulnerabilitiesJavaScript Prototype Pollution Deep DiveTable of ContentsWhat Is Prototype Pollution?The...
Multiples vulnérabilités dans Microsoft Edge (08 juin 2026)
08/06/2026
De multiples vulnérabilités ont été découvertes dans Microsoft Edge. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Multiples vulnérabilités dans les produits Microsoft (08 juin 2026)
08/06/2026
De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Multiples vulnérabilités dans Spring Micrometer (08 juin 2026)
08/06/2026
De multiples vulnérabilités ont été découvertes dans Spring Micrometer. Elles permettent à un attaquant de provoquer un déni de service à distance.
Vulnérabilité dans Laravel (08 juin 2026)
08/06/2026
Une vulnérabilité a été découverte dans Laravel. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.