📰CISA credential leak raises alarms, and Capitol Hill demands answers
A researcher who found a repository that leaked on GitHub said it was one of the worst he’s witnessed. The post CISA credential leak raises alarms, and Capitol Hill demands answers appeared first...
📰Attackers hit vulnerabilities hard last year, making exploits the top entry point for breaches
Verizon’s annual Data Breach Investigations Report uncovered a surge of exploited vulnerabilities, and a growing lack of critical defect remediation industrywide. The post Attackers hit...
🔥Trapdoor Android Ad Fraud Scheme Hit 659 Million Daily Bid Requests Using 455 Apps
Cybersecurity researchers have disclosed details of a new ad fraud and malvertising operation dubbed Trapdoor targeting Android device users. The activity, per HUMAN's Satori Threat Intelligence and...
📰Mini Shai-Hulud returns, compromising hundreds of npm packages
Another malware wave is washing through open-source software repos, stealing publishing tokens, installing OS‑level backdoors and persisting in developer tools and CI pipelines. The post Mini...
📰Microsoft disrupts cybercrime service that abused software verification systems en masse
Fox Tempest, a financially-motivated threat group, allowed ransomware operators and other cybercriminals to slip malware-laced software past security controls. The post Microsoft disrupts cybercrime...
🔥DirtyDecrypt PoC Released for Linux Kernel CVE-2026-31635 LPE Vulnerability
Proof-of-concept (PoC) exploit code has now been released for a recently patched security flaw in the Linux kernel that could allow for local privilege escalation (LPE). Dubbed DirtyDecrypt (aka...
🔥The New Phishing Click: How OAuth Consent Bypasses MFA
In February 2026, a phishing-as-a-service (PhaaS) platform called EvilTokens went live. Within five weeks, it had compromised more than 340 Microsoft 365 organizations across five countries. The...
🔥Drupal to Release Urgent Core Security Updates on May 20, Sites Told to Prepare
Drupal has issued an alert stating that it intends to release a "core security release" for all supported branches on May 20, 2026, from 5-9 p.m. UTC. "The Drupal Security Team urges you to reserve...
🔥SEPPMail Secure E-Mail Gateway Vulnerabilities Enable RCE and Mail Traffic Access
Critical security vulnerabilities have been disclosed in SEPPMail Secure E-Mail Gateway, an enterprise-grade email security solution, that could be exploited to achieve remote code execution and...
🕵️CISA Admin Leaked AWS GovCloud Keys on Github
Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS...
📰AI might cut false positives, but it won’t stop the slop
Anthropic and OpenAI promise their latest tools will find more vulnerabilities. Cybersecurity employees say they’re already flooded with AI-generated reports. The post AI might cut false positives,
🖥️« Personne n’est épargné » : face à un nombre record de violations de données en 2025, la Cnil va renforcer ses contrôles
L’autorité protectrice de la vie privée des Français déplore une hausse de 50 % des violations de données sur les trois dernières années. Plus de …
🖥️Sept interpellations, 200 kg de drogue saisis, 100 000 euros récupérés : un vaste réseau de narcotrafic démantelé en Côte-d’Or
Laurent Nuñez, le ministre de l’Intérieur, affirme que les criminels écoulaient leur drogue en France, en Australie et à Dubaï via le darknet. Pour …
🖥️Tourisme : les vols de données qui ont frappé Belambra, Pierre & Vacances et Gîtes de France sont-ils liés ?
Après Belambra et une marque du groupe Pierre & Vacances-Centers Parcs, Gîtes de France a annoncé dimanche soir avoir été victime d'une cyberattaque. …
🖥️Piratages massifs, cyberattaques, la France "est la risée du monde" : Pourquoi cette sénatrice réclame une commission d'enquête
France Travail, ANTS, EDF, Gîtes de France : les cyberattaques contre les services publics et les grandes entreprises se multiplient. Pour lutter …
📰CISA credential leak raises alarms, and Capitol Hill demands answers
A researcher who found a repository that leaked on GitHub said it was one of the worst he’s witnessed. The post CISA credential leak raises alarms, and Capitol Hill demands answers appeared first...
📰Attackers hit vulnerabilities hard last year, making exploits the top entry point for breaches
Verizon’s annual Data Breach Investigations Report uncovered a surge of exploited vulnerabilities, and a growing lack of critical defect remediation industrywide. The post Attackers hit...
🔥Trapdoor Android Ad Fraud Scheme Hit 659 Million Daily Bid Requests Using 455 Apps
Cybersecurity researchers have disclosed details of a new ad fraud and malvertising operation dubbed Trapdoor targeting Android device users. The activity, per HUMAN's Satori Threat Intelligence and...
📰Mini Shai-Hulud returns, compromising hundreds of npm packages
Another malware wave is washing through open-source software repos, stealing publishing tokens, installing OS‑level backdoors and persisting in developer tools and CI pipelines. The post Mini...
📰Microsoft disrupts cybercrime service that abused software verification systems en masse
Fox Tempest, a financially-motivated threat group, allowed ransomware operators and other cybercriminals to slip malware-laced software past security controls. The post Microsoft disrupts cybercrime...
🔥DirtyDecrypt PoC Released for Linux Kernel CVE-2026-31635 LPE Vulnerability
Proof-of-concept (PoC) exploit code has now been released for a recently patched security flaw in the Linux kernel that could allow for local privilege escalation (LPE). Dubbed DirtyDecrypt (aka...
🔥The New Phishing Click: How OAuth Consent Bypasses MFA
In February 2026, a phishing-as-a-service (PhaaS) platform called EvilTokens went live. Within five weeks, it had compromised more than 340 Microsoft 365 organizations across five countries. The...
🔥Drupal to Release Urgent Core Security Updates on May 20, Sites Told to Prepare
Drupal has issued an alert stating that it intends to release a "core security release" for all supported branches on May 20, 2026, from 5-9 p.m. UTC. "The Drupal Security Team urges you to reserve...
🔥SEPPMail Secure E-Mail Gateway Vulnerabilities Enable RCE and Mail Traffic Access
Critical security vulnerabilities have been disclosed in SEPPMail Secure E-Mail Gateway, an enterprise-grade email security solution, that could be exploited to achieve remote code execution and...
🕵️CISA Admin Leaked AWS GovCloud Keys on Github
Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS...
📰AI might cut false positives, but it won’t stop the slop
Anthropic and OpenAI promise their latest tools will find more vulnerabilities. Cybersecurity employees say they’re already flooded with AI-generated reports. The post AI might cut false positives,
🖥️« Personne n’est épargné » : face à un nombre record de violations de données en 2025, la Cnil va renforcer ses contrôles
L’autorité protectrice de la vie privée des Français déplore une hausse de 50 % des violations de données sur les trois dernières années. Plus de …
🖥️Sept interpellations, 200 kg de drogue saisis, 100 000 euros récupérés : un vaste réseau de narcotrafic démantelé en Côte-d’Or
Laurent Nuñez, le ministre de l’Intérieur, affirme que les criminels écoulaient leur drogue en France, en Australie et à Dubaï via le darknet. Pour …
🖥️Tourisme : les vols de données qui ont frappé Belambra, Pierre & Vacances et Gîtes de France sont-ils liés ?
Après Belambra et une marque du groupe Pierre & Vacances-Centers Parcs, Gîtes de France a annoncé dimanche soir avoir été victime d'une cyberattaque. …
🖥️Piratages massifs, cyberattaques, la France "est la risée du monde" : Pourquoi cette sénatrice réclame une commission d'enquête
France Travail, ANTS, EDF, Gîtes de France : les cyberattaques contre les services publics et les grandes entreprises se multiplient. Pour lutter …