Toute l'actualité de la Cybersécurité
AMD étoffe sa gamme Versal pour l'embarqué
2026-06-05 16:03:29
En rachetant Xilinx en 2022 pour 35 Md$, AMD a hérité du portefeuille de puces Versal. Un catalogue qui continue à s’enrichir (...)
Over 900 US gas station tank gauge systems exposed to attacks
2026-06-05 14:50:15
Over 900 automatic tank gauge (ATG) systems across the United States, used to monitor fuel and chemical storage tanks across various critical infrastructure sectors, have been found exposed online and...
Microsoft 365 Service Degradation Bypassed Windows Driver Auto-Update Controls
2026-06-05 14:42:30
Microsoft has resolved a Microsoft 365 service degradation issue that temporarily bypassed Windows driver auto-update controls, leading to unintended driver installations on managed devices. The issue...
Adaptive, Agentic AI Worms Loom as Next Enterprise Threat
2026-06-05 14:40:11
AI worms, or "viruses with wings and brains," adapt to new environments, seek out vulnerabilities, and will likely strike within a year, researchers say.
Threat Brief: Active Exploitation of PAN-OS CVE-2026-0257
2026-06-05 14:05:42
We include indicators of activity and mitigations for PAN-OS vulnerability CVE-2026-0257.
The post Threat Brief: Active Exploitation of PAN-OS CVE-2026-0257 appeared first on Unit 42.
What 2026 DBIR Confirms: Attacks Are Living in the Browser
2026-06-05 14:00:10
Phishing, shadow AI, malicious extensions, and credential theft increasingly happen inside the browser. Keep Aware explains what the 2026 Verizon DBIR reveals about browser-layer security gaps and modern...
New SHub Stealer Variant Malware Targets Chrome, Firefox, Brave, Edge, Opera, and Crypto Wallets
2026-06-05 13:50:54
A dangerous new variant of the SHub Stealer malware has emerged, targeting Mac users in ways that are smarter and harder to detect than before. The updated build, now called Reaper, spreads through fake...
Cisco SD-WAN Has a New Root-Level Problem, and There's No Fix Yet
2026-06-05 13:35:46
Cisco warns of CVE-2026-20245 in SD-WAN Manager, a flaw that can lead to root access via file upload command injection; no patch or workaround yet. Cisco warns of a privilege escalation flaw, tracked...
Malicious Browser Add-Ons Target ChatGPT, Claude, Copilot, Gemini, and DeepSeek Users
2026-06-05 13:33:29
Millions of people now use AI platforms like ChatGPT, Claude, Copilot, Gemini, and DeepSeek every single day, sharing personal thoughts, work documents, and sensitive data without a second thought. That...
Virginia Is For Cyber
2026-06-05 13:18:29
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 5, 2026 – Listen to the podcast Virginia is home to the second largest cybersecurity industry in the country,...
Reaper macOS Infostealer Abuses Script Editor to Steal Crypto and Passwords
2026-06-05 13:06:01
Threat actors are deploying an updated SHub Stealer variant named Reaper that exploits the native macOS Script Editor to bypass OS-level protections and compromise cryptocurrency assets.
Trump AI Order Seeks Voluntary Frontier Model Testing
2026-06-05 13:00:00
The White House's executive order establishes voluntary framework for early government access to frontier models while investing in federal security.
New Threat Cluster OP-512 Targets Microsoft IIS Servers with Custom Web Shell Framework
2026-06-05 12:33:38
Cybersecurity researchers have discovered a previously unreported threat cluster dubbed OP-512 (where "OP" stands for "opponent") that has been observed targeting Microsoft Internet Information Services...
Agentic AI Red Teaming Reveals Zero-Click Human-in-the-Loop Bypass Attack Chains
2026-06-05 12:27:12
Artificial intelligence systems are changing the way software operates, but they are also introducing new security risks that many organizations are not fully prepared for. Agentic AI, which refers to...
Chinese APT VerdantBamboo Uses BRICKSTORM Malware to Compromise Firewalls and Appliances
2026-06-05 12:03:27
A Chinese state-linked hacking group has been quietly living inside corporate networks for well over a year, using a custom malware toolkit to compromise firewalls, storage systems, and network appliances...
Moratoire sur l'IA : Anthropic veut geler un marché qu'elle domine
2026-06-05 12:00:05
Anthropic propose un mécanisme de coordination internationale pour ralentir, voire suspendre temporairement, le développement de l'intelligence artificielle de pointe.
The post Moratoire sur l’IA...
Les failles non corrigées deviennent le principal vecteur d'attaque
2026-06-05 11:31:15
La gestion des correctifs est sous forte pression alors que les délais d’exploitation se réduisent. Une tendance qui pourrait (...)
Only 10% of SOCs Say They're Getting Excellent Value From AI. Here's What the Second Wave Has to Deliver
2026-06-05 11:20:00
Eighteen months ago, the AI SOC was a marketing line. Today it's a budget item. The category has crossed over from interesting to inevitable, with billions of dollars now flowing into AI-powered security...
Entre hyperscalers, les stacks agentiques se suivent… et se ressemblent ?
2026-06-05 10:51:06
Y a-t-il convergence ou divergence dans les stratégies des clouders américains sur l'IA agentique ? Au Google Cloud Summit Paris, les avis furent partagés.
The post Entre hyperscalers, les stacks agentiques...
PCPJack Exposed: Researchers Uncover 230-Node Cloud Email Relay Network
2026-06-05 10:19:21
Researchers uncovered a 230-node cloud-based email relay network after the actor PCPJack accidentally exposed tools, logs, and C2 files online A threat actor tracked as PCPJack compromised 230 cloud servers...
AI Living Visuals Earns a 72 PoU Score by Embedding AI Directly Into Enterprise Publishing Workflows
2026-06-05 09:57:14
Flipsnack's AI Living Visuals turns static images into cinematic motion directly inside digital documents — no video production workflow required. Since launching in March 2026, the feature has averaged...
Un virus qui se propage de PC en PC : une cyberattaque mondiale massive a été évitée de justesse
2026-06-05 09:25:25
Un virus baptisé IronWorm a infecté 36 bibliothèques de code sur npm, la plateforme utilisée par des millions de développeurs dans le monde. Capable de voler des mots de passe et des clés d'accès,...
Les ETI s'assurent davantage contre les risques de cybersécurité
2026-06-05 09:04:41
Un nombre de sinistres indemnisés et un montant total d'indemnisation en hausse, mais une baisse du total des cotisations. Tel est le portrait de (...)
Devenex Has Introduced the Execution Control Plane for Enterprise AI
2026-06-05 09:00:17
As AI agents move from answering questions to taking actions across enterprise systems, traditional identity, security, and monitoring tools are no longer enough. Devenex is introducing the Execution...
AI: Threat, tool, or both?
2026-06-05 08:56:57
Public concern about AI is rising. We look at what's driving it, and why cybersecurity occupies a unique place in this debate.
Hackers Exploit Critical Everest Forms Pro WordPress Plugin Flaw to Take Over Sites
2026-06-05 08:38:59
Threat actors are actively exploiting a critical security flaw in Everest Forms Pro, a WordPress plugin with about 4,000 active installations, to execute arbitrary code, leading to a complete site compromise.
The...
Simplifier pour résister – Comment les entreprises peuvent renforcer leur sécurité tout en réduisant leurs coûts
2026-06-05 08:37:05
Le retour de l'incertitude Tribune par Jérôme BEAUFILS, CEO de SASETY – Les entreprises évoluent dans un climat économique particulièrement instable. La multiplication des tensions géopolitiques,...
Flare identifie KeyCat, un nouveau malware multiplateforme « clés en main »
2026-06-05 08:21:57
Les chercheurs de Flare, référence du Threat Exposure Management, ont dévoilé les détails d’une nouvelle menace nommée KeyCat, un infostealer et outil d’accès à distance (RAT) multiplateforme....
VECT 2.0 Ransomware Can Damage Files Its Own Decryptor Cannot Reliably Restore
2026-06-05 07:51:33
A new ransomware strain called VECT 2.0 is raising serious concerns among security professionals, and for a troubling reason — even if a victim pays the ransom, the attacker’s own decryptor may...
Fake Context Alignment: The Attack That Made Gemini Obey Strangers Through Your Notifications
2026-06-05 07:32:14
SafeBreach tricked Gemini into obeying attackers via WhatsApp notifications, using hidden foreign-language text to bypass Google’s defenses and control smart home devices. SafeBreach Labs researcher...
FIFA World Cup 2026 Scams Are Already Live: Fake Sites, Banking Malware, and Stolen Logins
2026-06-05 07:01:41
Security researchers and the FBI are warning that a wave of FIFA-themed fraud is already hitting World Cup 2026 fans, days before the June 11 kickoff.
Recent reports describe thousands of lookalike FIFA...
BCD Travel - 396,313 breached accounts
2026-06-05 06:53:15
In May 2026, the corporate travel management company BCD Travel was claimed as a victim of the ShinyHunters "pay or leak" extortion campaign. Data allegedly obtained from BCD was subsequently published...
I Started Learning AWS and Realised I Didn't Fully Understand the Internet
2026-06-05 06:43:40
My journey into cloud computing and the concepts that changed how I view modern technology.IntroWhen I first learnt about the cloud, I believed the cloud was just a computer in a different location. But...
Host & Network Penetration Testing: System-Host Based Attacks CTF 1 — eJPT (INE)
2026-06-05 06:40:13
A walkthrough covering HTTP brute-forcing, WebDAV exploitation, and SMB enumeration to capture all four flagsHello everyone! 👋In this blog, I'll walk through the System/Host-Based Attacks CTF 1...
“Bug Bounty Bootcamp #44: No Login?
2026-06-05 06:40:01
You stumble on a login page. No “Register”, no “Forgot Password”. Just two lonely text boxes staring back at you. Most hunters give up…Continue reading on InfoSec Write-ups...
Cisco SD-WAN Vulnerability Exploited in the Wild to Execute Arbitrary Commands as Root User
2026-06-05 06:30:52
Cisco has disclosed a high-severity vulnerability in its Catalyst SD-WAN Manager that is actively being exploited in the wild, allowing attackers to execute arbitrary commands with root privileges. The...
Cisco warns of unpatched SD-WAN zero-day exploited in attacks
2026-06-05 06:24:20
On Thursday, Cisco warned of a high-severity, unpatched zero-day in the Cisco Catalyst SD-WAN Manager (tracked as CVE-2026-20245) actively exploited in attacks enabling root privilege escalation. [...]...
Sort and Uniq — How to Turn Noise Into Signal
2026-06-05 05:48:11
sort and uniq are the tools that turn raw terminal output into something you can actually act on — sort groups and orders lines, uniq deduplicates and counts them, and together they power the frequency...
How I Beat Context Rot and Saved 6 Out of 47 AI Agents in Production
2026-06-05 05:46:44
I deployed 47 AI agents in real enterprise environments between late 2025 and early 2026. Only 6 are still successful today. The hidden reason most failed wasn't hallucinations or cost — it was Context...
Building Safer Burp Suite Extensions for API Security Testing
2026-06-05 05:44:53
Learn how to build safer Burp Suite extensions for API security testing, with practical checks for JWT, BOLA, mass assignment and rate limits.
Vibecoding Won. What's Next?
2026-06-05 05:43:43
Vibecoding has already won. The debate is over. But the consequences are just arriving: skill atrophy in developers, a generation of juniors who may never build foundational understanding, and a growing...
Why Claude.ai Streams Its Answers Over POST (and How I Reused the Trick Without EventSource)
2026-06-05 05:42:41
Open devtools on claude.ai and its streaming answers arrive over a POST request — which the browser's EventSource can't read, since it only does GET. I unpack why this one-request streaming pattern...
The Trillion-Dollar Token Trap: Why Microsoft and Uber Are Pulling the Plug on Cloud AI Billing
2026-06-05 05:40:51
The cloud AI boom is hitting a massive financial wall as usage based token billing causes catastrophic enterprise budget overruns. With Uber burning its annual AI budget in four months and Microsoft canceling...
Why Waiting for AI to Mature Is the Most Expensive Choice CPA Firm Can Make
2026-06-05 05:38:26
Financial due diligence hasn't fundamentally changed in 30 years. It still takes 6–8 weeks, with half the time spent on data cleaning and reconciliation—mechanical work that doesn't require senior...
Let's Encrypt Unveils Merkle Tree Certificates to Secure the Web Against Quantum Threats
2026-06-05 05:37:31
Let’s Encrypt has announced its roadmap for post-quantum Web PKI, centering on a novel approach called Merkle Tree Certificates (MTCs), a design that delivers quantum-resistant authentication without...
The Best SEO Strategy in 2026 Is Becoming a Source
2026-06-05 05:37:07
Most content online is derivative. Search engines and AI models increasingly reward original data, research, benchmarks, and public experiments. The future of SEO is not creating more content—it is...
The API Gateway Pattern for Safer Enterprise AI Agents
2026-06-05 05:35:48
A practical API gateway framework for safer enterprise AI agents, covering scoped access, data minimization, audit trails, and policy controls.
PCPJack Hijacks 230 AWS, Google Cloud, and Azure Servers for Covert SMTP Relay Network
2026-06-05 05:34:19
The threat actor known as PCPJack has hijacked cloud servers associated with Amazon Web Services (AWS), Google Cloud, and Microsoft Azure to create a covert SMTP email relay network.
"Compromised business...
Your AI Chat Will Break in Production: 3 Lifecycle Bugs Nobody Warns You About
2026-06-05 05:33:49
TL;DR: A stream and React are two different lifecycles — fail to sync them and your AI chat breaks silently in prod. Three fixes: (1) Stream Identity — unique ID per stream, every callback checks...
Microsoft Edge Vulnerability Allows Remote Attackers to Execute Arbitrary Code
2026-06-05 04:56:43
Microsoft has released a security update addressing a critical vulnerability in Microsoft Edge that could allow remote attackers to execute arbitrary code on vulnerable systems. Tracked as CVE-2026-45495...
Dashlane Details How Hackers Managed to Download Encrypted Password Vaults
2026-06-05 04:07:55
Dashlane has disclosed that threat actors successfully brute-forced two-factor authentication (2FA) protections to register unauthorized devices and download encrypted password vaults belonging to fewer...
Multiples vulnérabilités dans Traefik (05 juin 2026)
05/06/2026
De multiples vulnérabilités ont été découvertes dans Traefik. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité.
Multiples vulnérabilités dans CPython (05 juin 2026)
05/06/2026
De multiples vulnérabilités ont été découvertes dans CPython. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à l'intégrité des données, un contournement de la politique...
Multiples vulnérabilités dans Google Chrome (05 juin 2026)
05/06/2026
De multiples vulnérabilités ont été découvertes dans Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Multiples vulnérabilités dans Microsoft Azure Linux (05 juin 2026)
05/06/2026
De multiples vulnérabilités ont été découvertes dans Microsoft Azure Linux. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Multiples vulnérabilités dans le noyau Linux de Red Hat (05 juin 2026)
05/06/2026
De multiples vulnérabilités ont été découvertes dans le noyau Linux de Red Hat. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la...
Multiples vulnérabilités dans le noyau Linux d'Ubuntu (05 juin 2026)
05/06/2026
De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation de...
Multiples vulnérabilités dans le noyau Linux de Debian LTS (05 juin 2026)
05/06/2026
De multiples vulnérabilités ont été découvertes dans le noyau Linux de Debian LTS. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à...
Multiples vulnérabilités dans le noyau Linux de SUSE (05 juin 2026)
05/06/2026
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une...
Multiples vulnérabilités dans les produits IBM (05 juin 2026)
05/06/2026
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation...
Vulnérabilité dans Cisco Catalyst SD-WAN (05 juin 2026)
05/06/2026
Une vulnérabilité a été découverte dans Cisco Catalyst SD-WAN. Elle permet à un attaquant de provoquer une élévation de privilèges. Cisco indique que la vulnérabilité CVE-2026-20245 est activement...