Le gouvernement a tenu un séminaire interministériel pour accélérer la réduction des dépendances numériques extra-européennes. Il en ressort une migration de Microsoft vers Linux, et un plan d'action ministériel à rendre d'ici l'automne.
Microsoft is running one of the largest corporate espionage operations in modern history. Every time any of LinkedIn’s one billion users visits linkedin.com, hidden code searches their computer for installed software, collects the results, and transmits them to LinkedIn’s servers and to third-party companies including an American-Israeli cybersecurity firm. The user is never asked. Never told. LinkedIn’s privacy policy does not mention it. Because LinkedIn knows each user’s real name, employer, and job title, it is not searching anonymous visitors. It is searching identified people at identified companies. Millions of companies. Every day. All over the world.
A security researcher operating under the alias Chaotic Eclipse (@ChaoticEclipse0) has publicly dropped a working zero-day local privilege escalation (LPE) exploit for Windows, dubbed BlueHammer, along with full proof-of-concept (PoC) source code on GitHub. The disclosure was confirmed by vulnerability researcher Will Dormann, who…Read more →
Cisco patches two 9.8 CVSS flaws (CVE-2026-20093, CVE-2026-20160), preventing authentication bypass and root access.
766 hosts breached via CVE-2025-55182 in Next.js apps, enabling mass credential theft and targeted follow-on attacks.
Claude Code 2.1.88 leak exposed 512,000 lines via npm error, fueling supply chain risks and typosquatting attacks.
Trivy supply chain attack pushed malicious Docker images on March 22, enabling credential theft and worm spread, impacting cloud environments.
Les noms, prénoms, adresses postales, numéros de téléphone et périodes d'absence sans mention du motif figurent parmi les données volées.
Critical vulnerabilities in Veeam Backup & Replication could allow authenticated users to execute code on backup servers, prompting calls for urgent patching.
APT28 exploited CVE-2026-21513, an MSHTML zero-day (CVSS 8.8), using malicious LNK files to bypass security controls and execute code.
Bon, vous connaissez la théorie du travailleur nomade... vous vous posez dans un café avec votre laptop, vous chopez du WiFi gratuit, et vous vous dites ...
Une nouvelle vulnérabilité (CVE-2026-26012) a été corrigée dans Vaultwarden : elle permet de récupérer les mots de passe chiffrés d'autres collections.