Toute l'actualité de la Cybersécurité
'InstallFix' Attacks Spread Fake Claude Code Sites
2026-03-09 20:42:25
A fresh cyberattack campaign blends malvertising with a ClickFix-style technique that highlights risky behavior with AI coding assistants and command-line interfaces.
Hackers Use Fake CleanMyMac Site to Deploy SHub Stealer and Hijack Crypto Wallets
2026-03-09 20:24:51
A convincing fake website posing as the popular Mac utility CleanMyMac is actively pushing dangerous macOS malware called SHub Stealer onto unsuspecting users. The site, hosted at cleanmymacos[.]org,...
BoryptGrab Stealer Spreads via Fake GitHub Repositories, Stealing Browser and Crypto Wallet Data
2026-03-09 20:18:16
A new data-stealing malware called BoryptGrab has been quietly spreading across Windows systems through a network of fake GitHub repositories, tricking users into downloading what appear to be popular...
Are We Ready for Auto Remediation With Agentic AI?
2026-03-09 20:13:01
With the rapid innovations in AI, we are entering an exciting era of automated risk remediation. Learn about security team readiness to leverage agentic AI for threat and exposure management.
Iran-Linked Hackers Target U.S. Critical Infrastructure Amid Rising Cyber Threat Activity
2026-03-09 19:18:44
The Iranian advanced persistent threat group known as Seedworm — also tracked as MuddyWater, Temp Zagros, and Static Kitten — has been found actively operating inside the networks of multiple U.S....
Ericsson US discloses data breach after service provider hack
2026-03-09 19:07:50
Ericsson Inc., the U.S. subsidiary of Swedish networking and telecommunications giant Ericsson, says attackers have stolen data belonging to an undisclosed number of employees and customers after hacking...
Malicious npm Package Posing as OpenClaw Installer Deploys RAT, Steals macOS Credentials
2026-03-09 18:31:00
Cybersecurity researchers have discovered a malicious npm package that masquerades as an OpenClaw installer to deploy a remote access trojan (RAT) and steal sensitive data from compromised hosts.
The...
MaaS VIP Keylogger Campaign Uses Steganography and In-Memory Execution to Steal Credentials at Scale
2026-03-09 17:37:29
A sophisticated credential-stealing campaign built around a tool called VIP Keylogger has emerged as a serious threat to organizations and individuals. Unlike conventional malware that drops files onto...
Fake CleanMyMac Site Uses ClickFix Trick to Install SHub Stealer on macOS
2026-03-09 17:31:55
Researchers warn of a fake CleanMyMac site using a ClickFix attack to install SHub Stealer on macOS and steal passwords and crypto wallets.
Microsoft Teams will tag third-party bots trying to join meetings
2026-03-09 17:12:49
Microsoft says Teams will soon automatically tag third-party bots in lobbies, allowing organizers to control whether they can join meetings. [...]
ShinyHunters claims ongoing Salesforce Aura data theft attacks
2026-03-09 17:12:22
Salesforce is warning customers that hackers are targeting websites with misconfigured Experience Cloud platforms that give guest users access to more data than intended. However, the ShinyHunters extortion...
Signal Confirms Targeted Phishing Attacks Resulting in Account Takeovers
2026-03-09 17:10:32
Signal has officially confirmed an ongoing wave of targeted phishing campaigns resulting in successful account takeovers for high-profile users, including journalists and government officials. The encrypted...
Vietnam-Based Cybercrime Network Enables Fraudulent Account Signups at Scale
2026-03-09 16:32:44
A sprawling cybercrime ecosystem rooted in Vietnam has been linked to large-scale fraudulent account registration campaigns targeting service providers and online platforms worldwide. Researchers traced...
Accelerate Attack Surface Discovery with new AI-Powered Connectors
2026-03-09 16:28:20
Discovery: The foundation of exposure managementTo understand your attack surface, and all related exposures, Rapid7's Command Platform provides Attack Surface Management, (included in Surface Command,...
USN-8080-1: YARA vulnerabilities
2026-03-09 16:06:04
Kamil Frankowicz discovered that a number of YARA's functions
generated memory exceptions when processing specially crafted
rules or files. A remote attacker could possibly use these
issues to cause YARA...
Security Risk Advisors Releases “The Purple Perspective 2026” Report
2026-03-09 14:59:23
Philadelphia, PA, United States, 9th March 2026, CyberNewswire
Interview de HexDex, le pirate qui secoue le web francophone
2026-03-09 15:34:00
Il fait partie d'un triptyque de pirates informatiques qui, depuis plusieurs mois, bousculent la cybersphère hexagonale. Sous le pseudonyme HexDex, ce pirate revendique des dizaines d'intrusions,...
FBI warns of phishing attacks impersonating US city, county officials
2026-03-09 15:30:50
The Federal Bureau of Investigation (FBI) warns that criminals are impersonating U.S. officials in phishing attacks targeting businesses and individuals who request city and county planning and zoning...
Comment Icade a fait de son IT un moteur stratégique
2026-03-09 15:23:58
Avec la nomination d'Alexis de Nervaux, le groupe ICADE a engagé une transformation profonde de sa DISN avec l'ambition affichée de s'imposer comme le leader de l'intelligence artificielle dans le secteur...
L'IA transforme les DNS fantômes en vecteur d'exfiltration de données
2026-03-09 15:09:28
Lorsqu'une entreprise ferme un environnement de test, un bucket AWS, une application en ligne ou une instance SaaS, l'entrée DNS peut parfois rester (...)
AI Dev Tool Stack for 2026
2026-03-09 15:00:55
AI coding tools speed up development, but AI testing is what helps teams ship reliable software faster in 2026.
Russia-linked hackers target Signal, WhatsApp of officials globally
2026-03-09 14:54:23
Russia-linked hackers are targeting Signal and WhatsApp accounts of government and military officials worldwide, warns Dutch intelligence. Dutch intelligence agencies (MIVD and AIVD) warn of a global...
Critical ExifTool Flaw Lets Malicious Images Trigger Code Execution on macOS
2026-03-09 14:51:42
A serious security flaw has been found in ExifTool, a popular open-source tool used to read and edit image file metadata. Tracked as CVE-2026-3102, this vulnerability affects macOS systems and allows...
UNC4899 Breached Crypto Firm After Developer AirDropped Trojanized File to Work Device
2026-03-09 14:50:00
The North Korean threat actor known as UNC4899 is suspected to be behind a sophisticated cloud compromise campaign targeting a cryptocurrency organization in 2025 to steal millions of dollars in cryptocurrency.
The...
Ce que l'on sait de Microsoft 365 E7 à 99 $ par mois
2026-03-09 14:36:50
Microsoft prévoit de lancer Microsoft 365 E7 à 99 $ par mois, un abonnement premium qui intègre nativement Copilot avancé et Agent 365. Plusieurs sources évoquent ce lancement début mai.
The post...
Iran's MuddyWater Hackers Target US Firms with New Dindoor Backdoor
2026-03-09 14:23:54
Researchers say Iran's MuddyWater hackers targeted US companies and an Israeli software firm's department in a cyber campaign using the Dindoor malware - All this amid the ongoing conflict.
Microsoft Launches Copilot Cowork, a New AI Feature in Microsoft 365 to Automate Tasks
2026-03-09 14:20:21
Microsoft has introduced Copilot Cowork, a new AI-powered feature embedded within Microsoft 365 that moves beyond conversational assistance to autonomous task execution. Unlike traditional Copilot interactions...
Celebrating International Women's Day 2026
2026-03-09 14:12:59
International Women's Day is celebrated every year to commemorate the social, economic, political and economic achievements of women. At The IT Security Guru we make it our mission to empower and amplify...
Entretien Christophe Lesur, DG de Cloud Temple : « La souveraineté est un accélérateur de croissance »
2026-03-09 14:12:42
Dans le concert des fournisseurs disposant de la qualification SecNumCloud de l’Anssi, Cloud Temple est peut-être le plus discret. Les entretiens (...)
Why Password Audits Miss the Accounts Attackers Actually Want
2026-03-09 14:10:20
Password audits often focus on complexity rules but miss the accounts attackers actually target. Specops Software explains how breached passwords, orphaned users, and service accounts can leave organizations...
Microsoft still working to fix Windows Explorer white flashes
2026-03-09 14:10:17
Microsoft has confirmed that it's still working to fully address a known issue that causes bright white flashes when opening the File Explorer on some Windows 11 systems. [...]
M365Pwned – Red Team GUI Toolkit for Microsoft 365 Exploitation via Graph API
2026-03-09 14:00:20
A red teamer operating under the handle OtterHacker has publicly released M365Pwned, a pair of WinForms GUI tools designed to enumerate, search, and exfiltrate data from Microsoft 365 environments using...
⚡ Weekly Recap: Qualcomm 0-Day, iOS Exploit Chains, AirSnitch Attack & Vibe-Coded Malware
2026-03-09 13:46:00
Another week in cybersecurity. Another week of "you've got to be kidding me."
Attackers were busy. Defenders were busy. And somewhere in the middle, a whole lot of people had a very bad Monday morning....
Building a Zero-Click AI Evaluation Pipeline for Production
2026-03-09 13:36:11
Evaluating AI systems is fundamentally different from testing traditional software because GenAI outputs are non-deterministic. This article walks through a practical framework for AI evaluation, combining...
« More agents is all you need »… ou pas : une esquisse de lois d'échelle pour l'IA agentique
2026-03-09 13:34:19
Google Research a déterminé des principes de scaling pour les systèmes agentiques et a conçu un modèle qui prédit la bonne architecture en fonction de la tâche.
The post « More agents is all you...
Handala, la cyber-guerre revendiquée contre Israël
2026-03-09 13:33:48
Le groupe hacktiviste Iranien Handala revendique une série de cyberattaques contre Israël, visant infrastructures critiques et organisations stratégiques.
Why AI Security Is Emerging as the Fourth Pillar of Cybersecurity
2026-03-09 13:27:07
For decades, cybersecurity strategy has been built around three familiar pillars: endpoint security, network security, and cloud security. These domains have shaped how security teams are organised, where...
The Emperor's Monday: Why History is the Ultimate Stress-Test for Your Code
2026-03-09 13:23:44
A mathematically perfect weekday algorithm fails when faced with real historical dates, showing that software engineering is about managing assumptions, not just calculations.
Fake Claude Code install pages hit Windows and Mac users with infostealers
2026-03-09 13:07:25
Researchers uncovered fake Claude Code install pages spreading infostealers that steal passwords and browser sessions.
Global Scam Machines: Inside a Meta-Powered Investment Fraud Ecosystem Spanning 25 Countries
2026-03-09 13:06:14
In February-March 2026, Bitdefender Labs identified and mapped a sprawling global scam infrastructure and scalable disinformation-for-profit network that uses trusted news brands, real personalities,...
Is Cybersecurity the Dark Horse for Venture Investors During the Iran Conflict?
2026-03-09 13:02:31
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Mar. 9, 2026 – Read the full story in Forbes If Defense Tech is the loud winner during the Iran conflict, Cybersecurity...
Secure agentic AI for your Frontier Transformation
2026-03-09 13:00:00
Learn how Microsoft Agent 365 and Microsoft 365 E7 can help secure your Frontier Transformation.
The post Secure agentic AI for your Frontier Transformation appeared first on Microsoft Security Blog.
Quiz sites trick users into enabling unwanted browser notifications
2026-03-09 12:53:38
The quiz is just bait. The real goal is to win permission to send browser notifications that can later be used for ads, scams, or shady promotions.
Ubuntu 22.04 LTS Python Important IMAP POP3 Regression Fix USN-8018-2
2026-03-09 12:28:02
USN-8018-1 introduced a regression in Python
Chinese Cyber Threat Lurks In Critical Asian Sectors for Years
2026-03-09 12:05:06
An undefined Chinese-speaking actor wields a combo of custom malware, open source tools, and LOTL binaries against Windows and Linux, likely for spying.
Alastair Monte Carlo: From Flash to IoT to Humanoid Robots
2026-03-09 11:52:30
Alastair Monte Carlo argues that humanoid robots face the same structural challenges earlier computing cycles exposed. Lessons from Flash interaction timing and IoT security failures reveal why perceptual...
Can the Security Platform Finally Deliver for the Mid-Market?
2026-03-09 11:45:00
Mid-market organizations are constantly striving to achieve security levels on a par with their enterprise peers. With heightened awareness of supply chain attacks, your customers and business partners...
USN-7968-2: Apache HTTP Server regression
2026-03-09 11:42:29
USN-7968-1 fixed vulnerabilities in Apache HTTP Server. The update
introduced a regression in mod_md where the MDStapleOthers setting was
ignored which resulted in OCSP being broken for some domains....
Michel Paulin, CSF Logiciels et Numérique de Confiance – « 5 % de commandes en plus, c'est 10 % de croissance pour la filière »
2026-03-09 11:35:47
Michel Paulin, Président du Comité Stratégique de Filière Logiciels et Solutions Numériques de Confiance, dresse un état des lieux sans concession du secteur et regrette le manque de commandes des...
AI Bot Hackerbot-Claw Targets Microsoft, DataDog and CNCF GitHub Repos
2026-03-09 11:26:51
Security firm Pillar reveals the Chaos Agent in which Hackerbot-Claw, an AI agent, used natural language to compromise major GitHub projects and hijack developer tools.
Meet the Writer: How Samiran Mondal Writes About AI Threats, Crypto Markets, and the Future of Cyber
2026-03-09 11:20:47
Samiran Mondal is a writer and founder of a PR and media distribution platform. His work focuses on technology, AI, cybersecurity, and cryptocurrency topics. His latest article explored how AI-generated...
“AI as Muse, Not Replacement: How Virtual Session Players Sparked My Most Creative Year
2026-03-09 11:14:59
Mellotron strings, a Hammond B3, and an AI drummer. One musician's year of discovering that technology can fuel creativity instead of killing it.
Blood on the Canvas
2026-03-09 11:00:33
The morning after the murder, Dorian appears calm but is consumed by fear. He summons Alan Campbell and, through blackmail, forces him to chemically dissolve the body in a locked attic room. While science...
Cognizant's TriZetto Provider Solutions data breach impacted over 3.4 million patients
2026-03-09 10:57:43
A breach at Cognizant's TriZetto Provider Solutions exposed sensitive health data belonging to more than 3.4 million patients. A data breach at Cognizant's TriZetto Provider Solutions exposed sensitive...
The Real Reason Most Web3 Startups Fail (It's Not the Market)
2026-03-09 10:53:03
Many Web3 startups have been launched with lofty promises of decentralized finance revolutions. The real reasons why most Web3 startup fail aren't cyclical; they're structural.
Nvidia dope ses partenariats pour sécuriser les systèmes industriels
2026-03-09 10:51:41
A l'occasion de la conférence sur la sécurité S4x26 (23-26 février, Miami), Nvidia a étendu ses collaborations (...)
SEO Best Practices For Modern Web Apps
2026-03-09 10:44:46
Server-side meta injection is the solution to the single-page application (SPA) problem. It injects SEO meta tags at the server level before sending HTML to the client. Crawlers see everything — title,...
Chrome Extension Turns Malicious After Ownership Transfer, Enabling Code Injection and Data Theft
2026-03-09 10:28:00
Two Google Chrome extensions have turned malicious after what appears to be a case of ownership transfer, offering attackers a way to push malware to downstream customers, inject arbitrary code, and harvest...
Comment fonctionne la nouvelle « garantie ransomware » de Scality
2026-03-09 09:28:21
Scality adosse une « garantie cyber » à son offre ARTESCA. Elle instaure un dédommagement forfaitaire... sous diverses conditions.
The post Comment fonctionne la nouvelle « garantie ransomware »...
USN-8018-2: Python regression
2026-03-09 09:24:18
USN-8018-1 fixed vulnerabilities in python3. That update introduced
regressions. The patches for CVE-2025-15366 and CVE-2025-15367 caused
behavior regressions in IMAP and POP3 handling, which upstream...
The Death of the Centralized Internet: Why Decentralization Is Humanity's Last Act of Digital Rebel
2026-03-09 09:18:56
The centralized internet is a sophisticated cage. Decentralization through blockchain and Web3 is humanity's only path to true digital freedom.
Shipping Isn't the Hard Part. Listening after the launch is
2026-03-09 09:12:11
Product teams spend enormous energy getting to launch. The hardest part of product management isn't shipping. It's listening honestly to what happens after, and being willing to act.
La fraude par deepfake a progressé en 2025
2026-03-09 09:11:59
Depuis l'apparition d'outils comme les éditeurs vidéo par IA Veo de Google ou Sora d'OpenAI, puissants et simples à utiliser par tout (...)
There's Always Room for Optimization: How I Use Sheets, Jira, Arc, and AI to Run My Work
2026-03-09 09:05:20
Nearly three out of every four new pages online are already touched by AI. Optimization is not about replacing creativity, it is about improving how we use our time.
Microsoft prêt à lancer une licence M365 incluant des agents IA
2026-03-09 08:54:42
Bientôt des licences pour les agents IA en environnements Microsoft ? Selon Mary Jo Foley, analyste chez Directions on Microsoft et bonne connaisseuse (...)
De nouvelles campagnes de phishing exploitent l'espace de noms de domaine réservé
2026-03-09 08:49:33
De nouvelles recherches d'Infoblox Threat Intel montrent comment des cybercriminels détournent un élément fondamental d'Internet pour contourner de nombreux contrôles de sécurité actuels. Tribune...
OpenSUSE 15.6 Python-Markdown Important Crash Risk Fix SUSE-2026-0846-1
2026-03-09 08:31:33
An update that solves one vulnerability can now be installed.
openSUSE Leap 15.6 Important python-Markdown Markup Issue CVE-2025-69534
2026-03-09 08:31:33
An update that solves one vulnerability can now be installed.
SUSE Linux Micro 6.2 Podman Important Security Update 2026-20641-1
2026-03-09 08:31:21
An update that solves eight vulnerabilities can now be installed.
SUSE Linux Micro 6.2 Security Patch for expat Vulnerability Alert
2026-03-09 08:31:12
An update that solves two vulnerabilities can now be installed.
SUSE 2026 20643-1 Kernel Important Data Race Fix for CVE-2025-40130
2026-03-09 08:31:08
An update that solves one vulnerability can now be installed.
Web Server Exploits and Mimikatz Used in Attacks Targeting Asian Critical Infrastructure
2026-03-09 07:21:00
High-value organizations located in South, Southeast, and East Asia have been targeted by a Chinese threat actor as part of a years-long campaign.
The activity, which has targeted aviation, energy, government,...
A week in security (March 2 – March 8)
2026-03-09 07:21:00
A list of topics we covered in the week of March 2 to March 8 of 2026
Anthropic Claude Opus AI model discovers 22 Firefox bugs
2026-03-09 07:10:04
Anthropic used Claude Opus 4.6 to identify 22 Firefox vulnerabilities, most of which were high severity, all of which were fixed in Firefox 148, released in January 2026. Anthropic discovered 22 security...
List of 5 new domains
2026-03-09 00:00:00
.fr bracelet-swarovski-bijoux[.fr] (registrar: OVH)
espace-foot[.fr] (registrar: OVH)
lucky8enligne[.fr] (registrar: Hosting Concepts B.V. d/b/a Openprovider)
procedure-labanquepostale[.fr] (registrar:...
Vulnérabilité dans Apereo CAS (09 mars 2026)
09/03/2026
Une vulnérabilité a été découverte dans Apereo CAS. Elle permet à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Multiples vulnérabilités dans Apache Zookeeper (09 mars 2026)
09/03/2026
De multiples vulnérabilités ont été découvertes dans Apache Zookeeper. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et un contournement de la politique...
Multiples vulnérabilités dans les produits Moxa (09 mars 2026)
09/03/2026
De multiples vulnérabilités ont été découvertes dans les produits Moxa. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, un déni de service à distance...
Multiples vulnérabilités dans Microsoft Edge (09 mars 2026)
09/03/2026
De multiples vulnérabilités ont été découvertes dans Microsoft Edge. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.