Toute l'actualité de la Cybersécurité
Adobe Reader Zero-Day Exploited to Steal Data via Malicious PDFs
2026-04-09 16:45:40
An Adobe Reader zero-day vulnerability is being actively exploited via malicious PDFs, allowing hackers to steal data without user interaction, with no patch available.
UAT-10362 Targets Taiwanese NGOs with LucidRook Malware in Spear-Phishing Campaigns
2026-04-09 16:23:00
A previously undocumented threat cluster dubbed UAT-10362 has been attributed to spear-phishing campaigns targeting Taiwanese non-governmental organizations (NGOs) and suspected universities to deploy...
Smart Slider updates hijacked to push malicious WordPress, Joomla versions
2026-04-09 16:15:26
Hackers hijacked the update system for the Smart Slider 3 Pro plugin for WordPress and Joomla, and pushed a malicious version with multiple backdoors. [...]
Powering the Future of Play: Riyadh Welcomes the Global Games Show
2026-04-09 15:30:52
Riyadh, Saudi Arabia—The Global Games Show is from June 29th to 30th, 2026, in Riyadh, Saudi Arabia. The exhibition enables developers, gaming pioneers, and gaming innovators to meet one another through...
BrowserGate : Une collecte de pétaoctets de données Linkedin interroge
2026-04-09 15:28:30
Grâce à plus d'un milliard d'utilisateurs professionnels inscrits sur Linkedin, la filiale de Microsoft a accès à un tas d'informations (...)
L'IA rapporte déjà 15 milliards $ par an à AWS
2026-04-09 15:25:18
Les chiffres des revenus générés par l'IA au sein d'AWS, dévoilés dans la lettre annuelle aux actionnaires, témoignent d'une montée en puissance spectaculaire.
The post L’IA rapporte déjà...
Google's 540B AI Model Is Changing How Machines Think: Here's Why It Matters
2026-04-09 15:13:23
Google's PaLM is a 540-billion-parameter AI model trained across thousands of TPU chips. It shows that simply scaling models unlocks new abilities—like better reasoning, coding, and multilingual understanding—without...
Separating Detection Authority From Enforcement Authority in LLM Security
2026-04-09 15:01:17
I tested 1,448 real attacks against llm-trust-guard and found regex detection around F1 0.487. ML models are no better, a 2025 paper showed all 12 bypassed at >90% attack success rate. The real defense...
New ClickFix Campaign Uses macOS Script Editor to Deliver Atomic Stealer
2026-04-09 15:01:04
A newly discovered ClickFix campaign is targeting macOS users through a technique that completely bypasses Terminal, using Script Editor to drop the Atomic Stealer infostealer onto compromised systems....
How to Master Claude Code & Gemini Code Assist: A Guide on Agent Skills Architecture
2026-04-09 15:00:52
By utilizing Agent Skills (markdown-based instructions) and MCP Servers (active programmatic tools), you can transform these assistants into customized junior developers.
Investigating Storm-2755: “Payroll pirate” attacks targeting Canadian employees
2026-04-09 15:00:00
Microsoft Incident Response – Detection and Response Team (DART) researchers observed an emerging, financially motivated threat actor, tracked as Storm-2755, compromising Canadian employee accounts...
Why Telecom Billing Is Becoming a Fraud Battleground
2026-04-09 14:56:00
Telecom fraud doesn't start in billing but it always ends there. Product teams that embed AI directly into billing workflows can prevent bad charges before they reach customers, reduce disputes, and...
How I Built a SOC 2-Compliant Cloud-Native Data Lake for Retirement Accounts
2026-04-09 14:47:45
This article breaks down how a cloud-native AWS data platform was designed to meet SOC 2 Type II requirements by treating compliance as a system design problem. By embedding auditability, access control,...
L'Etat réaffirme son intention de réduire ses dépendances numériques
2026-04-09 14:36:44
L'Etat veut accélérer sa démarche pour limiter la dépendance numérique aux solutions extra-européennes. La DINUM sera chargée de coordonner l'ensemble des mesures.
The post L’Etat réaffirme...
Inside the VALR-Onafriq Deal That Could Transform Financial Access Across Africa
2026-04-09 14:33:59
Africa's largest crypto exchange by volume, VALR, has integrated with Onafriq, the continent's largest digital payments network, to let users fund crypto accounts directly through mobile money in local...
Hackers Use ClickFix and Malicious DMG Files to Deliver notnullOSX on macOS
2026-04-09 14:23:37
A new macOS info-stealer named notnullOSX has surfaced, targeting crypto holders with wallets above ,000. Written in Go, it uses two parallel attack paths — ClickFix social engineering and malicious...
Masjesu botnet targets IoT devices while evading high-profile networks
2026-04-09 14:06:34
Masjesu is a stealthy DDoS-for-hire botnet targeting IoT devices, active since 2023 and designed to stay hidden by avoiding high-profile networks. Masjesu is a stealthy botnet active since 2023, advertised...
When attackers already have the keys, MFA is just another door to open
2026-04-09 14:02:12
Stolen credentials turn authentication systems into the attack surface. Token shows how wearable biometric authentication verifies the user—not the session—blocking phishing relays and MFA bypass....
Claude Code Can Be Manipulated via CLAUDE.md to Run SQL Injection Attacks
2026-04-09 13:50:29
LayerX researchers have discovered how to bypass Claude Code's safety rules using the CLAUDE.md file. This exploit allows…
Black Duck Names Dom Glavach as CISO to Bolster Supply Chain and AI Security Push
2026-04-09 13:39:57
Application security firm Black Duck has appointed Dom Glavach as its new Chief Information Security Officer, bringing in a seasoned executive with more than two decades of experience spanning enterprise...
New STX RAT Uses Hidden Remote Desktop and Infostealer Features to Evade Detection
2026-04-09 13:38:21
A newly discovered remote access trojan called STX RAT has emerged as a serious cybersecurity threat in 2026, combining hidden remote desktop access with credential-stealing features to quietly compromise...
Why VALR & Onafriq Are Building the Infrastructure That Could Rewire African Finance
2026-04-09 13:35:46
Africa's largest crypto exchange by volume, VALR, has integrated with Onafriq, the continent's largest digital payments network, to let users fund crypto accounts directly through mobile money in local...
Anthropic vs gouvernement américain : quand le contrôle de l'IA devient un enjeu d'Etat
2026-04-09 13:31:45
Dans cette tribune, l'avocate Corinne Thiérache décrypte la notion de contrôle humain pour l'IA autour du bras de fer entre le gouvernement américain et Anthropic et évoque la notion d'alignement...
La guerre au Moyen-Orient menace les investissements IT
2026-04-09 13:31:23
IDC a réitéré ses mises en garde selon lesquelles la prolongation de la guerre au Moyen-Orient risquerait de réduire considérablement (...)
CyberASAP Secures £10m Boost as UK's Next Wave of Cyber Innovators Take Centre Stage
2026-04-09 13:23:05
After a successful Year 9 Demo Day, Cyber Security Academic Startup Accelerator Programme (CyberASAP) is gaining momentum towards its 10th anniversary kick off, which is due to start later this month....
L'IA précipite la migration vers le WiFi 6E et 7
2026-04-09 13:21:32
Sans une infrastructure WiFi sécurisée et plus évolutive, les entreprises ne peuvent pas tirer parti des opportunités (...)
Intent redirection vulnerability in third-party SDK exposed millions of Android wallets to potential risk
2026-04-09 13:21:18
A severe Android intent‑redirection vulnerability in a widely deployed SDK exposed sensitive user data across millions of apps. Microsoft researchers detail how the flaw works, why it matters, and how...
Math Problem: Cybercrime Divided By Cybersecurity
2026-04-09 13:21:14
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Apr. 9, 2026 – Read the full story in Illumio “Gartner says we are all going to spend 0 billion...
Publishing on HackerNoon Gets You Viral on X. Here's the Data.
2026-04-09 13:07:56
Three brand stories. 51.5M impressions on X. Here's how HackerNoon turns content into viral reach.
Scammers pose as Amazon support to steal your account
2026-04-09 13:05:44
A new wave of Amazon refund scams is spreading, hitting both email inboxes and text messages.
Mallory Launches AI-Native Threat Intelligence Platform, Turning Global Threat Data Into Prioritized Action
2026-04-09 13:00:22
Austin, Texas, United States, 9th April 2026, CyberNewswire
ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories
2026-04-09 12:57:00
Thursday. Another week, another batch of things that probably should've been caught sooner but weren't.
This one's got some range — old vulnerabilities getting new life, a few "why was that...
What's New in Rapid7 Products and Services: Q1 2026 in Review
2026-04-09 12:46:35
If product releases had a runway moment, Q1 at Rapid7 would've walked out in Cloud Dancer; crisp, confident, and quietly powerful, before breaking into a full gallop in the Year of the Horse. At Rapid7,...
Webinar: From noise to signal - What threat actors are targeting next
2026-04-09 12:20:28
Threat actors often signal their intentions before launching attacks, from dark web chatter to access-broker listings and credential requests. Join our upcoming webinar with Flare Systems to learn how...
Rocky Linux: RLSA-2026:6631 fontforge security update Security Advisories Updates
2026-04-09 12:07:30
Important: fontforge security update
Rocky Linux: RLSA-2026:5913 ncurses security update Security Advisories Updates
2026-04-09 12:07:05
Moderate: ncurses security update
Rocky Linux: RLSA-2026:5931 firefox security update Security Advisories Updates
2026-04-09 12:07:05
Important: firefox security update
Rocky Linux: RLSA-2026:6259 gstreamer1-plugins-bad-free Security Advisories Updates
2026-04-09 12:07:05
Important: gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-ugly-free security update
Rocky Linux: RLSA-2026:6344 grafana security update Security Advisories Updates
2026-04-09 12:07:05
Important: grafana security update
Rocky Linux: RLSA-2026:6053 kernel security update Security Advisories Updates
2026-04-09 12:07:05
Moderate: kernel security update
Hackers Use Fake Security Software to Deliver LucidRook Malware in Taiwan Attacks
2026-04-09 12:02:07
A newly identified malware called LucidRook has been spotted targeting organizations across Taiwan, hiding inside what appears to be legitimate security software. The attackers went out of their way to...
You Should Stop Fine-Tuning Blindly: What to Do Instead
2026-04-09 12:00:44
Fine-tuning is not one thing. You're choosing a point on a spectrum: Full FT → PEFT (Adapters/Prompt Tuning/LoRA) → QLoRA → Preference tuning (RLHF/DPO).
- Most teams should start with PEFT (LoRA/QLoRA)....
New macOS Malware notnullOSX Targets Crypto Wallets Over K
2026-04-09 11:54:34
macOS Malware notnullOSX targets crypto wallets over K, using fake apps, Terminal tricks, and backdoors to steal funds and sensitive data.
The Hidden Security Risks of Shadow AI in Enterprises
2026-04-09 11:31:00
As AI tools become more accessible, employees are adopting them without formal approval from IT and security teams. While these tools may boost productivity, automate tasks, or fill gaps in...
Hackers Impersonate Linux Foundation Leader in Slack to Target Open Source Developers
2026-04-09 11:26:52
Open source developers are facing a growing and sophisticated threat — one that does not rely on complex exploits or hidden vulnerabilities but instead uses something far simpler: trust. A social engineering...
Adobe Reader Zero-Day Exploited via Malicious PDFs Since December 2025
2026-04-09 11:15:00
Threat actors have been exploiting a previously unknown zero-day vulnerability in Adobe Reader using maliciously crafted PDF documents since at least December 2025.
The finding, detailed by EXPMON's...
OVHcloud crée une division « Défense »
2026-04-09 11:11:25
Le leader européen du cloud crée une division dédiée à la Défense dédiée. OVHcloud affirme répondre aux sollicitations de plusieurs ministères des Armées.
The post OVHcloud crée une division...
NSFW app leak exposes 70,000 prompts linked to individual users
2026-04-09 11:02:51
MyLovely.AI leaked personal data, explicit prompts, and images of over 100,000 users, exposing many to sextortion and doxxing.
CISA Warns of Critical Ivanti EPMM Code Injection Vulnerability Exploited in Attacks
2026-04-09 10:54:46
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a critical security flaw in Ivanti Endpoint Manager Mobile (EPMM). The agency recently added this flaw,...
Bitter-Linked Hack-for-Hire Campaign Targets Journalists Across MENA Region
2026-04-09 10:40:00
An apparent hack-for-hire campaign likely orchestrated by a threat actor with suspected ties to the Indian government targeted journalists, activists, and government officials across the Middle East...
GitLab Patches Multiple Vulnerabilities That Enables DoS and Code Injection Attacks
2026-04-09 10:33:15
GitLab has released urgent security updates (versions 18.10.3, 18.9.5, and 18.8.9) for its Community Edition (CE) and Enterprise Edition (EE) to address high-severity flaws that enable Denial-of-Service...
Eurail says December data breach impacts 300,000 individuals
2026-04-09 10:31:54
Eurail B.V., a European travel operator that provides digital passes covering 33 national railways, says attackers stole the personal information of over 300,000 individuals in a December 2025 data breach....
Multiple SonicWall Vulnerabilities Enable SQL Injection and Privilege Escalation Attacks
2026-04-09 10:23:27
SonicWall has released a critical security advisory addressing four vulnerabilities affecting its Secure Mobile Access (SMA) 1000 series appliances. These security flaws could allow remote attackers to...
Palo Alto Cortex Microsoft Teams Integration Vulnerability Enables Data Access for Attackers
2026-04-09 10:20:20
Palo Alto Networks released an urgent update to patch a high-severity flaw (CVE-2026-0234) affecting the Microsoft Teams integration in Cortex XSOAR and Cortex XSIAM. This flaw could allow unauthorized...
Avec Muse Spark, Meta signe un modèle rapide, multimodal et… propriétaire
2026-04-09 10:14:34
Après le fiasco Llama 4 et une refonte totale de son organisation IA à coups de milliards, Meta dévoile Muse Spark. Rapide, multimodal et… propriétaire. Un virage stratégique autant qu'un pari...
New Phishing Attack Via Google Storage Deploys Remcos RAT
2026-04-09 10:14:05
A newly identified phishing campaign is using Google Cloud Storage to deliver Remcos RAT, a powerful remote access trojan, to unsuspecting victims across the globe. Attackers are abusing the trust that...
30,000 private Facebook images allegedly downloaded by Meta employee
2026-04-09 10:07:37
The accused didn't just browse around; he built a custom script designed to circumvent Meta's internal detection systems.
Certes launches v7 platform with quantum-safe encryption across hybrid cloud and edge environments
2026-04-09 09:52:15
Certes has released v7 of its Data Protection and Risk Mitigation (DPRM) platform, extending post-quantum cryptography (PQC) protection to the edge and positioning the update as a direct response to the...
AI Agents Are Coming for Crypto's Blockspace
2026-04-09 09:51:52
Blockchains are more than execution environments. They are competitive systems where participants bid for inclusion, ordering, and ultimately value. As agents become more capable, they won't just participate...
Kaspersky découvre une nouvelle variante de SparkCat qui contourne les mesures de sécurité de l'App Store et de Google Play
2026-04-09 09:50:14
Le centre d'expertise Kaspersky Threat Research (recherche sur les menaces) a identifié une nouvelle variante du cheval de Troie SparkCat sur l’AppStore et sur Google Play, un an après la découverte...
Building an AI-Powered Invoice Processing Pipeline
2026-04-09 09:45:49
Manual invoice processing in Accounts Payable doesn't scale and introduces errors. This article outlines an AI-powered architecture that uses OCR, machine learning, and API integration to automate invoice...
This fake Windows support website delivers password-stealing malware
2026-04-09 09:40:52
A convincing Microsoft lookalike tricks users into downloading malware that steals passwords, payments, and account access.
The long road to your crypto: ClipBanker and its marathon infection chain
2026-04-09 09:30:17
Threat actors are distributing a Trojan disguised as Proxifier software; through a multi-stage infection chain, it delivers ClipBanker – malware that replaces cryptocurrency wallet addresses in the...
The alleged breach of China's National Supercomputing Center can have serious geopolitical consequences
2026-04-09 09:27:00
A hacker allegedly stole 10+ PB of sensitive military and aerospace data from China's National Supercomputing Center, risking national security. A massive alleged breach has hit China's National Supercomputing...
Hackers exploiting Acrobat Reader zero-day flaw since December
2026-04-09 09:22:35
Attackers have been exploiting a zero-day vulnerability in Adobe Reader using maliciously crafted PDF documents since at least December. [...]
Keeper Security Expands PAM Browser Isolation to Support Advanced Web Browsing Workflows
2026-04-09 09:03:52
Keeper Security has announced the release of new Remote Browser Isolation (RBI) capabilities within KeeperPAM, delivering major adoption and usability improvements for modern web workflows within privileged...
Avec Trust Office, HPE France met en place un centre de confiance numérique
2026-04-09 08:59:57
Olivier Paris, responsable de la sécurité et de la cybersécurité chez HPE depuis 2020, va diriger le Trust Office, une structure (...)
MIWIC26: Funke Omolere, Senior Technology Compliance Product Owner at Adobe
2026-04-09 08:49:31
Organised by Eskenzi PR in media partnership with the IT Security Guru, the Most Inspiring Women in Cyber Awards aim to shed light on the remarkable women in our industry. The following is a feature...
Détection et blocage d'une attaque supply chain « zéro-day » impliquant un agent IA basé sur la plateforme Claude d'Anthropic
2026-04-09 08:30:26
SentinelOne®, spécialiste de la sécurité basée sur l’IA, annonce avoir détecté et stoppé de manière entièrement autonome une attaque supplychain « zero-day ». Celle-ci exploitait une...
APT28 : Perspectives du Groupe IB
2026-04-09 08:24:53
Suite à l’avertissement lancé hier par le NCSC selon lequel APT28 exploite les routeurs pour détourner le DNS, voici les réflexions d’Anastasia Tikhonova, responsable mondiale de la recherche...
Alerte OFII : l'Office écrit aux internautes français impliqués par le piratage de leurs données
2026-04-09 08:21:40
Alerte OFII : ce que révèle vraiment le courrier envoyé aux usagers après la compromission de données personnelles.
So… You Thought Your VPN Was Keeping You Safe and Secure? Think Again (Hacker's Edition)
2026-04-09 08:01:57
✨ Link for the full article in the first commentContinue reading on InfoSec Write-ups »
Building a SOC Ticketing System with JIRA (Complete Step-by-Step Guide)
2026-04-09 07:59:33
Learn how to build a SOC ticketing system in Jira Service Management from scratch and for free.Continue reading on InfoSec Write-ups »
The Ministry of Silly Walks Presents: Walking the PEB
2026-04-09 07:58:03
Walking the PEB for Windows Process InjectionBackgroundContextIn previous posts, I covered Windows Process Injection Fundamentals and introduced an obfuscation method called Alphabet Soup. These examples...
My eCPPTv3 Exam Review
2026-04-09 07:55:29
بسْمِ اللَّـهِ الرَّحْمَـٰنِ الرَّحِيمِGreetings everyone. Today I'll be writing my own personal experience and review of INE's Certified Professoinal Penetration...
JADX + MCP: I let the AI read the APK so I don't have to
2026-04-09 07:53:26
Hello Hackers, Hope you guys are doing well and hunting lots of bugs and Dollars!This started from something stupid, doing the same repetitive task again and again. I was spending more time copy-pasting...
OWASP API Security Top 10 (Part 1) — TryHackMe Walkthrough ️
2026-04-09 07:51:59
Practical walkthrough of OWASP API Top 10 vulnerabilities with real exploitation steps and effective security fixes.Lab: https://tryhackme.com/room/owaspapisecuritytop105w📌 Task 1 — Introduction🧠...
CI/CD Takeover & Supply Chain Risk! $$$$ Bounty
2026-04-09 07:51:06
Author: Aditya Sunny | Follow on LinkedIn: @adityasunny06Program: Linktree Bug Bounty (Bugcrowd) | Status: Accepted & Rewarded ✅ | Reward: $$$$ 💸What if a single XML file buried inside a popular...
Dig Dug TryHackMe Walkthrough
2026-04-09 07:47:53
IntroductionDig Dug is a quick TryHackMe room focused on DNS enumeration, where the goal is to extract hidden data directly from DNS records instead of exploiting traditional services. It's a clean,...
Love Letter Locker — TryHackMe Writeup
2026-04-09 07:47:18
IntroductionLove Letter Locker is a web-based challenge focused on IDOR. While interacting with the application, I identified how predictable identifiers could be manipulated to access other users' letters.Initial...
“Bug Bounty Bootcamp #30: Time-Based Blind SQL Injection — When Silence Speaks Through Delays”
2026-04-09 07:46:29
The application never shows an error, never says “true” or “false” — just “email added” every time. Yet you can still drain the database…Continue...
Hackers steal .6 million from crypto ATM giant Bitcoin Depot
2026-04-09 07:44:55
Bitcoin Depot, which operates one of the largest Bitcoin ATM networks, says attackers stole .665 million worth of Bitcoin from its crypto wallets after breaching its systems last month. [...]
Internet-Exposed ICS Devices Raise Alarm for Critical Sectors
2026-04-09 07:20:08
Exposed ICS devices and insecure protocols like Modbus increase risks to critical infrastructure, enabling disruption, data access, and potential sabotage. Malware targeting industrial control systems...
Microsoft suspends dev accounts for high-profile open source projects
2026-04-09 06:46:26
Microsoft has suspended developer accounts used to maintain multiple high-profile open-source projects without proper notification and no way to quickly reinstate them, effectively blocking them from...
Russia's Forest Blizzard Nabs Rafts of Logins via SOHO Routers
2026-04-09 01:00:00
Heard of fileless malware? How about malwareless cyber espionage? Russia's APT28 is spying on global organizations by modifying just one DNS setting in vulnerable routers.
USN-8149-2: Linux kernel vulnerabilities
2026-04-09 00:05:19
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Cryptographic API;
...
USN-8148-5: Linux kernel vulnerabilities
2026-04-09 00:01:06
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Cryptographic API;
...
Multiples vulnérabilités dans Google Chrome (09 avril 2026)
09/04/2026
De multiples vulnérabilités ont été découvertes dans Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Multiples vulnérabilités dans les produits Juniper Networks (09 avril 2026)
09/04/2026
De multiples vulnérabilités ont été découvertes dans les produits Juniper Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance,...
Multiples vulnérabilités dans Sonicwall Secure Mobile Access (09 avril 2026)
09/04/2026
De multiples vulnérabilités ont été découvertes dans Sonicwall Secure Mobile Access. Elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité...
Multiples vulnérabilités dans GitLab (09 avril 2026)
09/04/2026
De multiples vulnérabilités ont été découvertes dans GitLab. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à...
Multiples vulnérabilités dans Mitel MiCollab (09 avril 2026)
09/04/2026
De multiples vulnérabilités ont été découvertes dans Mitel MiCollab. Elles permettent à un attaquant de provoquer une élévation de privilèges et une injection SQL (SQLi).
Multiples vulnérabilités dans les produits Palo Alto Networks (09 avril 2026)
09/04/2026
De multiples vulnérabilités ont été découvertes dans les produits Palo Alto Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance,...
Multiples vulnérabilités dans les produits Elastic (09 avril 2026)
09/04/2026
De multiples vulnérabilités ont été découvertes dans les produits Elastic. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte...
Multiples vulnérabilités dans les produits Microsoft (09 avril 2026)
09/04/2026
De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.