🔥Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft
A new software supply chain attack campaign has been observed using sleeper packages as a conduit to subsequently push malicious payloads that enabled credential theft, GitHub Actions tampering, and...
🖥️"Un casse du siècle, mais qui a pratiquement lieu tous les mois": face à la recrudescence de cyberattaques, Sébastien Lecornu annonce une rallonge de 200 millions d'euros
Le Premier ministre Sébastien Lecornu a annoncé son souhait de créer une "autorité numérique" qui évaluerait les risques encourus dans le domaine du …
🖥️Internet sous surveillance : l’alerte du patron de Proton
Andy Yen dénonce une dérive vers la collecte massive de données personnelles pour accéder au web. L’anonymat numérique en danger : l’alerte du patron …
🖥️Piratage de l'ANTS : le coupable n'aurait que 15 ans
Le hacker « breach3d » qui a piraté France Titres (ANTS) serait un mineur âgé de 15 ans. Le parquet requiert une mise en examen du suspect. Encore un …
📰Former incident responders sentenced to 4 years in prison for committing ransomware attacks
Ryan Goldberg and Kevin Martin attacked five companies in 2023 and extorted nearly $1.3 million from one of their victims. The post Former incident responders sentenced to 4 years in prison for...
📰FCC tightens KYC rules for telecoms, closes loophole for banned foreign services
The commission wants telecoms to do more to verify their callers and prevent illegal calls and scams from reaching Americans. The post FCC tightens KYC rules for telecoms, closes loophole for banned...
📰Congress kicks the can down the road on surveillance law (again)
It’s the second extension of Section 702 of the Foreign Intelligence Surveillance Act in 10 days, and a regular ritual for the Hill. The post Congress kicks the can down the road on surveillance...
📰cPanel’s authentication bypass bug is being exploited in the wild, CISA warns
The agency added the flaw to the KEV list days after hosting providers confirmed active, ongoing attacks. The post cPanel’s authentication bypass bug is being exploited in the wild, CISA warns...
🖥️Cette mini-série thriller Netflix a été vue plus de 70 millions de fois : une légende hollywoodienne prouve qu'il ny a pas d'âge pour sauver le monde
Robert de Niro s'est associé à Netflix pour sa première série. Avec Zero Day, la plateforme a su capitaliser sur le talent de l'acteur pour offrir à …
🔥PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials
In yet another software supply chain attack, threat actors have managed to compromise the popular Python package Lightning to push two malicious versions to conduct credential theft. According to...
📰Two new extortion crews are speedrunning the Scattered Spider playbook
CrowdStrike says The Com-affiliated threat groups are using voice phishing and fake SSO pages to break into SaaS environments and steal data fast for extortion. The post Two new extortion crews are...
🕵️Anti-DDoS Firm Heaped Attacks on Brazilian ISPs
A Brazilian tech firm that specializes in protecting networks from distributed denial-of-service (DDoS) attacks has been enabling a botnet responsible for an extended campaign of massive DDoS attacks
🔥ThreatsDay Bulletin: SMS Blaster Busts, OpenEMR Flaws, 600K Roblox Hacks and 25 More Stories
The internet is noisy this week. We are seeing some wild new tactics, like people using fake cell towers to send scam texts, while some developers are accidentally downloading tools that peek into...
🔥New Python Backdoor Uses Tunneling Service to Steal Browser and Cloud Credentials
Cybersecurity researchers have disclosed details of a stealthy Python-based backdoor framework called DEEP#DOOR that comes with capabilities to establish persistent access and harvest a wide range of
🔥EtherRAT Distribution Spoofing Administrative Tools via GitHub Facades
Intro A sophisticated, high-resilience malicious campaign was identified by Atos Threat Research Center (TRC) in March 2026. This operation specifically targets the high-privilege professional...
🔥Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft
A new software supply chain attack campaign has been observed using sleeper packages as a conduit to subsequently push malicious payloads that enabled credential theft, GitHub Actions tampering, and...
🖥️"Un casse du siècle, mais qui a pratiquement lieu tous les mois": face à la recrudescence de cyberattaques, Sébastien Lecornu annonce une rallonge de 200 millions d'euros
Le Premier ministre Sébastien Lecornu a annoncé son souhait de créer une "autorité numérique" qui évaluerait les risques encourus dans le domaine du …
🖥️Internet sous surveillance : l’alerte du patron de Proton
Andy Yen dénonce une dérive vers la collecte massive de données personnelles pour accéder au web. L’anonymat numérique en danger : l’alerte du patron …
🖥️Piratage de l'ANTS : le coupable n'aurait que 15 ans
Le hacker « breach3d » qui a piraté France Titres (ANTS) serait un mineur âgé de 15 ans. Le parquet requiert une mise en examen du suspect. Encore un …
📰Former incident responders sentenced to 4 years in prison for committing ransomware attacks
Ryan Goldberg and Kevin Martin attacked five companies in 2023 and extorted nearly $1.3 million from one of their victims. The post Former incident responders sentenced to 4 years in prison for...
📰FCC tightens KYC rules for telecoms, closes loophole for banned foreign services
The commission wants telecoms to do more to verify their callers and prevent illegal calls and scams from reaching Americans. The post FCC tightens KYC rules for telecoms, closes loophole for banned...
📰Congress kicks the can down the road on surveillance law (again)
It’s the second extension of Section 702 of the Foreign Intelligence Surveillance Act in 10 days, and a regular ritual for the Hill. The post Congress kicks the can down the road on surveillance...
📰cPanel’s authentication bypass bug is being exploited in the wild, CISA warns
The agency added the flaw to the KEV list days after hosting providers confirmed active, ongoing attacks. The post cPanel’s authentication bypass bug is being exploited in the wild, CISA warns...
🖥️Cette mini-série thriller Netflix a été vue plus de 70 millions de fois : une légende hollywoodienne prouve qu'il ny a pas d'âge pour sauver le monde
Robert de Niro s'est associé à Netflix pour sa première série. Avec Zero Day, la plateforme a su capitaliser sur le talent de l'acteur pour offrir à …
🔥PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials
In yet another software supply chain attack, threat actors have managed to compromise the popular Python package Lightning to push two malicious versions to conduct credential theft. According to...
📰Two new extortion crews are speedrunning the Scattered Spider playbook
CrowdStrike says The Com-affiliated threat groups are using voice phishing and fake SSO pages to break into SaaS environments and steal data fast for extortion. The post Two new extortion crews are...
🕵️Anti-DDoS Firm Heaped Attacks on Brazilian ISPs
A Brazilian tech firm that specializes in protecting networks from distributed denial-of-service (DDoS) attacks has been enabling a botnet responsible for an extended campaign of massive DDoS attacks
🔥ThreatsDay Bulletin: SMS Blaster Busts, OpenEMR Flaws, 600K Roblox Hacks and 25 More Stories
The internet is noisy this week. We are seeing some wild new tactics, like people using fake cell towers to send scam texts, while some developers are accidentally downloading tools that peek into...
🔥New Python Backdoor Uses Tunneling Service to Steal Browser and Cloud Credentials
Cybersecurity researchers have disclosed details of a stealthy Python-based backdoor framework called DEEP#DOOR that comes with capabilities to establish persistent access and harvest a wide range of
🔥EtherRAT Distribution Spoofing Administrative Tools via GitHub Facades
Intro A sophisticated, high-resilience malicious campaign was identified by Atos Threat Research Center (TRC) in March 2026. This operation specifically targets the high-privilege professional...