Lutano — Veille Cyber

Actualités 64

Publications SOC/VOC/DLP 118NEW

CVE NVD 30

CISA KEV 25

BleepingComputer News CRITICAL

Critical Marimo pre-auth RCE flaw now under active exploitation

A critical pre-authentication remote code execution (RCE) vulnerability in Marimo is now under active exploitation, leveraged for credential theft. [...]

12/04/2026 14:20:31

The Hacker News News MEDIUM

CPUID Breach Distributes STX RAT via Trojanized CPU-Z and HWMonitor Downloads

Unknown threat actors compromised CPUID ("cpuid[.]com"), a website that hosts popular hardware monitoring tools like CPU-Z, HWMonitor, HWMonitor Pro, and PerfMonitor, for less than 24 hours to serve m

12/04/2026 05:54:00

The Hacker News News CRITICAL

Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621

Adobe has released emergency updates to fix a critical security flaw in Acrobat Reader that has come under active exploitation in the wild. The vulnerability, assigned the CVE identifier CVE-2026-3462

12/04/2026 04:25:00

BleepingComputer News CRITICAL

Over 20,000 crypto fraud victims identified in international crackdown

An international law enforcement action led by the U.K.'s National Crime Agency (NCA) has identified over 20,000 victims of cryptocurrency fraud across Canada, the United Kingdom, and the United State

11/04/2026 14:20:40

The Hacker News News CRITICAL

Citizen Lab: Law Enforcement Used Webloc to Track 500 Million Devices via Ad Data

Hungarian domestic intelligence, the national police in El Salvador, and several U.S. law enforcement and police departments have been attributed to the use of an advertising-based global geolocation

11/04/2026 06:02:00

BleepingComputer News MEDIUM

ChatGPT rolls out new $100 Pro subscription to challenge Claude

OpenAI has rolled out a new Pro subscription that costs $100 and is in line with Claude's pricing, which also has a $100 subscription, in addition to the $200 Max monthly plan. [...]

11/04/2026 02:08:16

Schneier Blog HIGH

Friday Squid Blogging: Squid Overfishing in the South Pacific

Regulation is hard: The South Pacific Regional Fisheries Management Organization (SPRFMO) oversees fishing across roughly 59 million square kilometers (22 million square miles) of the South Pacific hi

10/04/2026 21:03:27

Dark Reading News MEDIUM

Hims Breach Exposes the Most Sensitive Kinds of PHI

Threat actors breached the telehealth brand, and now they may know who's bald, overweight, and impotent. What could they do with that information?

10/04/2026 20:02:30

Dark Reading News MEDIUM

Your Next Breach Will Look Like Business as Usual

These are the fundamental detection model shifts cybersecurity teams need to make to keep up with the rising number of credential-based attacks.

10/04/2026 19:21:55

BleepingComputer News CRITICAL

Nearly 4,000 US industrial devices exposed to Iranian cyberattacks

The attack surface targeted by Iranian-linked hackers in cyberattacks against U.S. critical infrastructure networks includes thousands of Internet-exposed programmable logic controllers (PLCs) manufac

10/04/2026 15:52:45

Dark Reading News MEDIUM

FINRA Launches Financial Intelligence Fusion Center to Combat Cybersecurity and Fraud Threats

10/04/2026 15:52:28

Dark Reading News MEDIUM

Orange Business Reimagines Enterprise Voice Communications With Trust and AI

10/04/2026 15:05:14

BleepingComputer News CRITICAL

Analysis of one billion CISA KEV remediation records exposes limits of human-scale security

Analysis of 1 billion CISA KEV remediation records reveal a breaking point for human-scale security. Qualys shows most critical flaws are exploited before defenders can patch them. [...]

10/04/2026 14:01:11

Dark Reading News MEDIUM

Industrial Controllers Still Vulnerable As Conflicts Move to Cyber

The US government warns programmable logic controllers are being targeted, and research turns up 179 vulnerable operational technology (OT) devices.

10/04/2026 13:30:00

The Hacker News News MEDIUM

GlassWorm Campaign Uses Zig Dropper to Infect Multiple Developer IDEs

Cybersecurity researchers have flagged yet another evolution of the ongoing GlassWorm campaign, which employs a new Zig dropper that's designed to stealthily infect all integrated development environm

10/04/2026 13:23:00

BleepingComputer News MEDIUM

CPUID hacked to deliver malware via CPU-Z, HWMonitor downloads

Hackers gained access to an API for the CPUID project and changed the download links on the official website to serve malicious executables for the popular CPU-Z and HWMonitor tools. [...]

10/04/2026 13:12:42

Dark Reading News CRITICAL

Can Anthropic Keep Its Exploit-Writing AI Out of the Wrong Hands?

Its Mythos Preview model, which can allegedly find and exploit critical zero-days, also comes with certain controls, the vendor said.

10/04/2026 13:00:00

BleepingComputer News MEDIUM

Microsoft: Canadian employees targeted in payroll pirate attacks

A financially motivated threat actor tracked as Storm-2755 is stealing Canadian employees' salary payments after hijacking their accounts in payroll pirate attacks. [...]

10/04/2026 11:56:14

The Hacker News News MEDIUM

Browser Extensions Are the New AI Consumption Channel That No One Is Talking About

While much of the discussion on AI security centers around protecting ‘shadow’ AI and GenAI consumption, there's a wide-open window nobody's guarding: AI browser extensions. A new report from LayerX

10/04/2026 11:00:00

BleepingComputer News MEDIUM

Google rolls out Gmail end-to-end encryption on mobile devices

Google says Gmail end-to-end encryption (E2EE) is now available on all Android and iOS devices, allowing enterprise users to read and compose emails without additional tools. [...]

10/04/2026 10:44:08

Schneier Blog INFO

Sen. Sanders Talks to Claude About AI and Privacy

Claude is actually pretty good on the issues.

10/04/2026 10:41:06

The Hacker News News MEDIUM

Google Rolls Out DBSC in Chrome 146 to Block Session Theft on Windows

Google has made Device Bound Session Credentials (DBSC) generally available to all Windows users of its Chrome web browser, months after it began testing the security feature in open beta. The public

10/04/2026 07:58:00

The Hacker News News CRITICAL

Marimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosure

A critical security vulnerability in Marimo, an open-source Python notebook for data science and analysis, has been exploited within 10 hours of public disclosure, according to findings from Sysdig. T

10/04/2026 07:37:00

The Hacker News News MEDIUM

Backdoored Smart Slider 3 Pro Update Distributed via Compromised Nextend Servers

Unknown threat actors have hijacked the update system for the Smart Slider 3 Pro plugin for WordPress and Joomla to push a poisoned version containing a backdoor. The incident impacts Smart Slider 3 P

10/04/2026 06:28:00

Exploit-DB Exploit CRITICAL

[local] NetBT e-Fatura - Privilege Escalation

NetBT e-Fatura - Privilege Escalation

10/04/2026 00:00:00

Exploit-DB Exploit CRITICAL

[webapps] D-Link DIR-650IN - Authenticated Command Injection

D-Link DIR-650IN - Authenticated Command Injection

10/04/2026 00:00:00

Dark Reading News MEDIUM

Russia's 'Fancy Bear' APT Continues Its Global Onslaught

Victims don't need to match the cyber espionage group's technical sophistication, experts say. But patching and some form of zero trust are now non-negotiable.

09/04/2026 20:50:37

Dark Reading News CRITICAL

'BlueHammer' Windows Zero-Day Exploit Signals Microsoft Bug Disclosure Issues

Under the alias 'Chaotic Eclipse,' a researcher released a PoC exploit for a zero-day flaw that allows for system takeover by a local user, citing an undisclosed beef with Microsoft.

09/04/2026 20:13:34

Schneier Blog HIGH

On Microsoft’s Lousy Cloud Security

ProPublica has a scoop: In late 2024, the federal government’s cybersecurity evaluators rendered a troubling verdict on one of Microsoft’s biggest cloud computing offerings. The tech giant’s “lack of

09/04/2026 10:51:36

Exploit-DB Exploit CRITICAL

[webapps] React Server 19.2.0 - Remote Code Execution

React Server 19.2.0 - Remote Code Execution

09/04/2026 00:00:00

Exploit-DB Exploit CRITICAL

[webapps] RomM 4.4.0 - XSS_CSRF Chain

RomM 4.4.0 - XSS_CSRF Chain

09/04/2026 00:00:00

Exploit-DB Exploit CRITICAL

[webapps] Jumbo Website Manager - Remote Code Execution

Jumbo Website Manager - Remote Code Execution

09/04/2026 00:00:00

Exploit-DB Exploit CRITICAL

[local] ZSH 5.9 - RCE

ZSH 5.9 - RCE

09/04/2026 00:00:00

Schneier Blog CRITICAL

Python Supply-Chain Compromise

This is news: A malicious supply chain compromise has been identified in the Python Package Index package litellm version 1.82.8. The published wheel contains a malicious .pth file (litellm_init.pth,

08/04/2026 10:25:53

Exploit-DB Exploit CRITICAL

[webapps] FortiWeb 8.0.2 - Remote Code Execution

FortiWeb 8.0.2 - Remote Code Execution

08/04/2026 00:00:00

Exploit-DB Exploit CRITICAL

[local] 7-Zip 24.00 - Directory Traversal

7-Zip 24.00 - Directory Traversal

08/04/2026 00:00:00

Schneier Blog CRITICAL

Cybersecurity in the Age of Instant Software

AI is rapidly changing how software is written, deployed, and used. Trends point to a future where AIs can write custom software quickly and easily: “instant software.” Taken to an extreme, it might b

07/04/2026 17:07:52

Krebs Security Blog HIGH

Russia Hacked Routers to Steal Microsoft Office Tokens

Hackers linked to Russia's military intelligence units are using known flaws in older Internet routers to mass harvest authentication tokens from Microsoft Office users, security experts warned today.

07/04/2026 17:02:44

Schneier Blog CRITICAL

Hong Kong Police Can Force You to Reveal Your Encryption Keys

According to a new law, the Hong Kong police can demand that you reveal the encryption keys protecting your computer, phone, hard drives, etc.—even if you are just transiting the airport. In a securit

07/04/2026 09:45:33

Schneier Blog CRITICAL

New Mexico’s Meta Ruling and Encryption

Mike Masnick points out that the recent New Mexico court ruling against Meta has some bad implications for end-to-end encryption, and security in general: If the “design choices create liability” fra

06/04/2026 19:09:58

⭐ Publications prioritaires

Mandiant Blog

Proactive Preparation and Hardening Against Destructive Attacks: 2026 Edition

SOCVOCDLPCTIANSSI

Mandiant Blog

vSphere and BRICKSTORM Malware: A Defender's Guide

SOCVOCDLPCTIANSSI

Mandiant Blog

Ransomware Under Pressure: Tactics, Techniques, and Procedures in a Shifting Threat Landscape

SOCVOCDLPCTIANSSI

Mandiant Blog

Look What You Made Us Patch: 2025 Zero-Days in Review

SOCVOCDLPCTIANSSI

Mandiant Blog

Beyond the Battlefield: Threats to the Defense Industrial Base

SOCVOCDLPCTIANSSI

Filtrer :

Mandiant Blog CTI

SOCVOCDLPCTIANSSI

★37

Proactive Preparation and Hardening Against Destructive Attacks: 2026 Edition

Written by: Matthew McWhirt, Bhavesh Dhake, Emilio Oropeza, Gautam Krishnan, Stuart Carrera, Greg Blaum, Michael Rudden UPDATE (March 13): Added guidance around abuse or misuse of endpoint / MDM platforms. Background Threat actors leverage destruct

06/03/2026 14:00:00

Mandiant Blog CTI

SOCVOCDLPCTIANSSI

★36

vSphere and BRICKSTORM Malware: A Defender's Guide

Written by: Stuart Carrera Introduction Building on recent BRICKSTORM research from Google Threat Intelligence Group (GTIG), this post explores the evolving threats facing virtualized environments. These operations directly target the VMware vSphe

02/04/2026 14:00:00

Mandiant Blog CTI

SOCVOCDLPCTIANSSI

★36

Ransomware Under Pressure: Tactics, Techniques, and Procedures in a Shifting Threat Landscape

Written by: Bavi Sadayappan, Zach Riddle, Ioana Teaca, Kimberly Goody, Genevieve Stark Introduction Since 2018, when many financially motivated threat actors began shifting their monetization strategy to post-compromise ransomware deployments, ran

16/03/2026 14:00:00

Mandiant Blog CTI

SOCVOCDLPCTIANSSI

★35

Look What You Made Us Patch: 2025 Zero-Days in Review

Written by: Casey Charrier, James Sadowski, Zander Work, Clement Lecigne, Benoît Sevens, Fred Plan Executive Summary Google Threat Intelligence Group (GTIG) tracked 90 zero-day vulnerabilities exploited in-the-wild in 2025. Although that volume of

05/03/2026 14:00:00

Mandiant Blog CTI

SOCVOCDLPCTIANSSI

★33

Beyond the Battlefield: Threats to the Defense Industrial Base

Introduction In modern warfare, the front lines are no longer confined to the battlefield; they extend directly into the servers and supply chains of the industry that safeguards the nation. Today, the defense sector faces a relentless barrage of cy

10/02/2026 14:00:00

Mandiant Blog CTI

SOCVOCDLPCTIANSSI

★31

M-Trends 2026: Data, Insights, and Strategies From the Frontlines

Every year, the cyber threat landscape forces defenders to adapt to evolving adversary tactics, techniques, and procedures (TTPs). In 2025, Mandiant observed a clear divergence in adversary pacing that closely aligns with the trends we have been docu

23/03/2026 14:00:00

Mandiant Blog CTI

SOCVOCCTIANSSI

★27

From BRICKSTORM to GRIMBOLT: UNC6201 Exploiting a Dell RecoverPoint for Virtual Machines Zero-Day

Written by: Peter Ukhanov, Daniel Sislo, Nick Harbour, John Scarbrough, Fernando Tomlinson, Jr., Rich Reece Introduction Mandiant and Google Threat Intelligence Group (GTIG) have identified the zero-day exploitation of a high-risk vulnerability in

17/02/2026 14:00:00

Mandiant Blog CTI

SOCVOCDLPCTIANSSI

★27

GTIG AI Threat Tracker: Distillation, Experimentation, and (Continued) Integration of AI for Adversarial Use

Introduction In the final quarter of 2025, Google Threat Intelligence Group (GTIG) observed threat actors increasingly integrating artificial intelligence (AI) to accelerate the attack lifecycle, achieving productivity gains in reconnaissance, social

12/02/2026 14:00:00

Mandiant Blog CTI

SOCVOCCTIANSSI

★23

North Korea-Nexus Threat Actor Compromises Widely Used Axios NPM Package in Supply Chain Attack

Written by: Austin Larsen, Dima Lenz, Adrian Hernandez, Tyler McLellan, Christopher Gardner, Ashley Zaya, Michael Rudden, Mon Liclican Introduction Google Threat Intelligence Group (GTIG) is tracking an active software supply chain attack targetin

31/03/2026 14:00:00

Mandiant Blog CTI

SOCVOCDLPCTI

★23

Exposing the Undercurrent: Disrupting the GRIDTIDE Global Cyber Espionage Campaign

Introduction Last week, Google Threat Intelligence Group (GTIG), Mandiant, and partners took action to disrupt a global espionage campaign targeting telecommunications and government organizations in dozens of nations across four continents. The thre

25/02/2026 14:00:00

Mandiant Blog CTI

SOCVOCDLPCTIANSSI

★23

Guidance from the Frontlines: Proactive Defense Against ShinyHunters-Branded Data Theft Targeting SaaS

Introduction Mandiant is tracking a significant expansion and escalation in the operations of threat clusters associated with ShinyHunters-branded extortion. As detailed in our companion report, 'Vishing for Access: Tracking the Expansion of ShinyHun

30/01/2026 14:00:00

Mandiant Blog CTI

SOCVOCDLPCTIANSSI

★21

The Proliferation of DarkSword: iOS Exploit Chain Adopted by Multiple Threat Actors

Introduction Google Threat Intelligence Group (GTIG) has identified a new iOS full-chain exploit that leveraged multiple zero-day vulnerabilities to fully compromise devices. Based on toolmarks in recovered payloads, we believe the exploit chain to

18/03/2026 14:00:00

Mandiant Blog CTI

SOCVOCCTIANSSI

★20

Coruna: The Mysterious Journey of a Powerful iOS Exploit Kit

Introduction Google Threat Intelligence Group (GTIG) has identified a new and powerful exploit kit targeting Apple iPhone models running iOS version 13.0 (released in September 2019) up to version 17.2.1 (released in December 2023). The exploit kit,

03/03/2026 14:00:00

Mandiant Blog CTI

SOCVOCDLPCTIANSSI

★20

Vishing for Access: Tracking the Expansion of ShinyHunters-Branded SaaS Data Theft

Introduction Mandiant has identified an expansion in threat activity that uses tactics, techniques, and procedures (TTPs) consistent with prior ShinyHunters-branded extortion operations. These operations primarily leverage sophisticated voice phishi

30/01/2026 14:00:00

Mandiant Blog CTI

SOCCTIANSSI

★18

UNC1069 Targets Cryptocurrency Sector with New Tooling and AI-Enabled Social Engineering

Written by: Ross Inman, Adrian Hernandez Introduction North Korean threat actors continue to evolve their tradecraft to target the cryptocurrency and decentralized finance (DeFi) verticals. Mandiant recently investigated an intrusion targeting a Fi

09/02/2026 14:00:00

ENISA EU

SOCVOCCTIANSSI

★17

Hands-on Interactive Exercise- ECSF Workshop 2025

Hands-on Interactive Exercise- ECSF Workshop 2025 ifrafabi Fri, 30/01/2026 - 13:49 https://www.enisa.europa.eu/events/european-cybersecurity-skills-workshop/ECSF2… The purpose of this exercise was to showcase and discuss how EU-cofunde

30/01/2026 12:49:43

ENISA EU

SOCVOCCTI

★11

ECSF Workshop 2025

ECSF Workshop 2025 ifrafabi Mon, 24/11/2025 - 10:28 https://www.enisa.europa.eu/events/european-cybersecurity-skills-workshop/ECSF2… The full agenda and the interactive exercise are available here The ECSF main webpage with all the rel

24/11/2025 09:28:06

CERT-FR Bulletins ANSSI

VOCCTIANSSI

★10

Principales vulnérabilités de l'été et bonnes pratiques (12 septembre 2025)

A l'occasion de cette rentrée, le CERT-FR revient sur les vulnérabilités notables de cet été, illustrant l’importance des bonnes pratiques. De l'application des correctifs Au cours de l'été, le CERT-FR a constaté l'exploitation de vulnérabilités avec

12/09/2025 00:00:00

CNIL Actualités DLP

CTIANSSI

★9

Gestion des ressources humaines : la CNIL publie un référentiel de durées de conservation

La CNIL publie un référentiel pour aider les responsables de traitement à identifier les durées de conservation pour leurs activités de gestion du personnel.

02/04/2026 12:00:00

CERT-FR Bulletins ANSSI

SOCANSSI

★9

Bulletin d'actualité CERTFR-2025-ACT-047 (03 novembre 2025)

Ce bulletin d'actualité du CERT-FR revient sur les vulnérabilités significatives de la semaine passée pour souligner leurs criticités. Il ne remplace pas l'analyse de l'ensemble des avis et alertes publiés par le CERT-FR dans le cadre d'une analyse d

03/11/2025 00:00:00

CERT-FR Bulletins ANSSI

SOCANSSI

★9

Bulletin d'actualité CERTFR-2025-ACT-046 (27 octobre 2025)

27/10/2025 00:00:00

CERT-FR Bulletins ANSSI

SOCANSSI

★9

Bulletin d'actualité CERTFR-2025-ACT-045 (20 octobre 2025)

20/10/2025 00:00:00

CERT-FR Bulletins ANSSI

SOCANSSI

★9

Bulletin d'actualité CERTFR-2025-ACT-043 (13 octobre 2025)

13/10/2025 00:00:00

CERT-FR Bulletins ANSSI

SOCANSSI

★9

Bulletin d'actualité CERTFR-2025-ACT-042 (06 octobre 2025)

06/10/2025 00:00:00

CERT-FR Bulletins ANSSI

SOCANSSI

★9

Bulletin d'actualité CERTFR-2025-ACT-041 (29 septembre 2025)

29/09/2025 00:00:00

CERT-FR Bulletins ANSSI

SOCANSSI

★9

Bulletin d'actualité CERTFR-2025-ACT-040 (22 septembre 2025)

22/09/2025 00:00:00

CERT-FR Bulletins ANSSI

SOCANSSI

★9

Bulletin d'actualité CERTFR-2025-ACT-039 (15 septembre 2025)

15/09/2025 00:00:00

CERT-FR Bulletins ANSSI

SOCANSSI

★9

Bulletin d'actualité CERTFR-2025-ACT-037 (08 septembre 2025)

08/09/2025 00:00:00

CERT-FR Bulletins ANSSI

SOCANSSI

★9

Bulletin d'actualité CERTFR-2025-ACT-036 (01 septembre 2025)

01/09/2025 00:00:00

CERT-FR Bulletins ANSSI

SOCANSSI

★9

Bulletin d'actualité CERTFR-2025-ACT-035 (25 août 2025)

25/08/2025 00:00:00

CERT-FR Bulletins ANSSI

SOCANSSI

★9

Bulletin d'actualité CERTFR-2025-ACT-034 (18 août 2025)

18/08/2025 00:00:00

CERT-FR Bulletins ANSSI

SOCANSSI

★9

Bulletin d'actualité CERTFR-2025-ACT-033 (11 août 2025)

11/08/2025 00:00:00

Recorded Future CTI

VOCCTIANSSI

★8

January 2026 CVE Landscape: 23 Critical Vulnerabilities Mark 5% Increase, APT28 Exploits Microsoft Office Zero-Day

January 2026 saw 23 actively exploited CVEs, including APT28’s Microsoft Office zero-day and critical auth bypass flaws impacting enterprise systems.

24/02/2026 00:00:00

ENISA EU

SOCCTI

★8

Does the EU Cybersecurity Reserve only provide incident reponse and initial recovery actions?

Does the EU Cybersecurity Reserve only provide incident reponse and initial recovery actions? ikampoio Thu, 20/11/2025 - 17:44 In order to ensure the effective use of Union funding, pre-committed services under the EU Cybersecurity Re

20/11/2025 16:44:28

CERT-FR Bulletins ANSSI

ANSSI

★8

Incident de sécurité F5 (16 octobre 2025)

Le 15 octobre 2025, F5 a publié un communiqué [1] dans lequel l'éditeur déclare avoir été affecté par un incident de sécurité qu'il attribue à un mode opératoire sophistiqué. L'éditeur a pris connaissance de l'intrusion début août 2025. L'attaquant a

16/10/2025 00:00:00

CNIL Actualités DLP

DLPCTI

★7

Outil PIA : téléchargez et installez le logiciel de la CNIL

Le logiciel open source PIA facilite la conduite et la formalisation d’analyses d’impact relatives à la protection des données (AIPD) telles que prévues par le RGPD.

07/04/2026 12:00:00

ENISA EU

SOCCTI

★7

International Cooperation

International Cooperation ikampoio Mon, 09/02/2026 - 11:34 In an increasingly interconnected and globalised digital landscape, cybersecurity challenges are becoming more complex and creating more cross-border

09/02/2026 10:34:09

ENISA EU

DLPCTI

★7

How does ENISA cooperate with users of the EU Cybersecurity Reserve? Who decides which entity should benefit from services provided by the Reserve?

How does ENISA cooperate with users of the EU Cybersecurity Reserve? Who decides which entity should benefit from services provided by the Reserve? ikampoio Thu, 20/11/2025 - 17:43 ENISA is in regular contact with NIS2 national Single

20/11/2025 16:43:32

CNIL Actualités DLP

CTI

★6

Municipales 2026 : le bilan de l’observatoire des élections de la CNIL

À l’occasion des élections municipales des 15 et 22 mars 2026, la CNIL a reçu 739 signalements, majoritairement pour des opérations de prospection par SMS (63 %), et a instruit 81 plaintes. À ce stade, quatre contrôles ont été eng

08/04/2026 12:00:00

CNIL Actualités DLP

DLP

★6

Accompagnement des professionnels : le programme de travail de la CNIL pour 2026

En 2026, la CNIL poursuit son accompagnement des acteurs publics et privés dans leur mise en conformité avec le RGPD et de certaines dispositions du RIA. S’appuyant sur un dialogue régulier avec les représentants des différents secteurs, elle présent

07/04/2026 12:00:00

CNIL Actualités DLP

CTI

★6

Désigner un délégué à la protection des données (DPO) ou modifier une désignation

Avant de désigner en ligne votre délégué à la protection des données, vérifiez qu'il dispose du statut, des compétences et des moyens nécessaires à l’exercice de ses missions.

03/04/2026 12:00:00

CNIL Actualités DLP

CTI

★6

Revoir le webinaire - Développement d’un système IA, webscraping : comment mobiliser la base légale de l’intérêt légitime ?

La CNIL vous propose de décrypter un sujet ou une actualité en lien avec la protection des données à travers une série de webinaires. Retrouvez ce nouvel épisode consacré au développement de systèmes d'intelligence artificielle.

02/04/2026 12:00:00

ENISA EU

CTI

★6

What are the specific conditions for contractors to join the Reserve?

What are the specific conditions for contractors to join the Reserve? ikampoio Thu, 20/11/2025 - 17:47 Each call for tenders contains a list of technical and professional capacity criteria. Evidence of the technical and professional

20/11/2025 16:47:05

ENISA EU

SOC

★6

Is any non-EU country eligible to receive support from the EU Cybersecurity Reserve?

Is any non-EU country eligible to receive support from the EU Cybersecurity Reserve? ikampoio Thu, 20/11/2025 - 17:44 Given that cyberspace has no borders and significant cyber incidents pose high risk of spillover effect, boosting of

20/11/2025 16:44:04

ENISA EU

CTI

★6

What is the role of ENISA?

What is the role of ENISA? ikampoio Thu, 20/11/2025 - 17:42 Given the extensive experience gained by ENISA with cybersecurity Support Action, law-makers decided that ENISA is the most suitable agency to implement the EU Cybersecurity

20/11/2025 16:42:49

SecurityWeek SOC

VOC

★5

Adobe Patches Reader Zero-Day Exploited for Months

The vulnerability is tracked as CVE-2026-34621 and Adobe has confirmed that it can be exploited for arbitrary code execution. The post Adobe Patches Reader Zero-Day Exploited for Months appeared first on SecurityWeek.

12/04/2026 07:45:26

CNIL Actualités DLP

★5

Les webinaires de la CNIL

La CNIL propose régulièrement des webinaires à destination des professionnels. Ces webinaires sont gratuits et ouverts à tous.

03/04/2026 12:00:00

CNIL Actualités DLP

★5

Les contrôles en 2026 : recrutement, répertoire électoral unique et fédérations sportives

Chaque année, la CNIL définit des thématiques prioritaires de contrôle. Parmi celles choisies pour 2026 figurent le recrutement, le répertoire électoral unique et les fédérations sportives. D’autres annonces relatives à la cybersécurité interviendron

03/04/2026 12:00:00

CNIL Actualités DLP

★5

Ordre du jour de la séance plénière du 2 avril 2026

La Commission nationale de l'informatique et des libertés s’est réunie le jeudi 2 avril 2026 à 9 h 30 avec l’ordre du jour suivant :

02/04/2026 12:00:00

CNIL Actualités DLP

★5

Données post mortem : publication du cahier air2025 sur l’éthique des traces numériques

Dans le cadre de sa mission éthique, la CNIL publie son cahier air2025 à la suite du colloque du 15 octobre 2025 sur le thème des données post mortem, organisé en partenariat avec la Bibliothèque nationale de France.

31/03/2026 12:00:00

Sekoia.io CTI

SOCVOCDLPCTI

★5

UEBA in the Real World: Catching Intrusions That Don’t Look Like Intrusions

Most SOC detections are built for the attacker who trips a wire: a suspicious hash, a known IP, a noisy exploit chain, a payload that spawns the “wrong” process. But a lot of modern intrusions don’t look like that. They look like normal users doing n

13/03/2026 09:00:38

Sekoia.io CTI

SOCVOC

★5

Shadow IT: The Initial Access You Didn’t Log

In multiple incident response engagements over the past few years, one detail keeps repeating: the first compromised system wasn’t the one the SOC was watching. It wasn’t visible in the EDR console, it wasn’t tracked in the CMDB, and it wasn’t in sco

06/03/2026 10:42:34

Sekoia.io CTI

SOCCTI

★5

Meet IClickFix: a widespread WordPress-targeting framework using the ClickFix tactic

This post was originally distributed as a private FLINT report to our customers on 6 January 2026. Introduction In November 2025, during our threat hunting routine for unveiling emerging adversary clusters, TDR analysts identified a widespread malwar

29/01/2026 07:30:00

ENISA EU

★5

How could a cybersecurity company join the EU Cybersecurity Reserve?

How could a cybersecurity company join the EU Cybersecurity Reserve? ikampoio Thu, 20/11/2025 - 17:46 Trusted cybersecurity services providers are selected on the basis of open procurement procedure. The list of trusted cybersecurit

20/11/2025 16:46:29

ENISA EU

★5

How will the EU Cybersecurity Reserve be funded?

How will the EU Cybersecurity Reserve be funded? ikampoio Thu, 20/11/2025 - 17:45

20/11/2025 16:45:58

Talos Intel CTI

VOCCTI

★4

[Video] The TTP Ep. 22: The Collapse of the Patch Window

In this episode of The Talos Threat Perspective, we discuss how vulnerability exploitation is accelerating, and why attacker speed, AI, and exposed systems are affecting the patch window.

10/04/2026 15:29:39

SANS ISC SOC

VOCCTI

★4

TeamPCP Supply Chain Campaign: Update 007 - Cisco Source Code Stolen via Trivy-Linked Breach, Google GTIG Tracks TeamPCP as UNC6780, and CISA KEV Deadline Arrives with No Standalone Advisory, (Wed, Apr 8th)

This is the seventh update to the TeamPCP supply chain campaign threat intelligence report,&#;x26;#;xc2;&#;x26;#;xa0;"When the Security Scanner Became the Weapon"&#;x26;#;xc2;&#;x26;#;xa0;(v3.0, March 25, 2026).&#;x26;#;xc2;&#;x26;#;xa0;Update 006&#;

08/04/2026 17:15:05

Recorded Future CTI

SOCVOCCTI

★4

ClickFix Campaigns Targeting Windows and macOS

Insikt Group reveals five ClickFix social engineering clusters (QuickBooks, Booking.com, Birdeye) targeting Windows and macOS. Learn how threat actors exploit native system tools with malicious, obfuscated commands to gain initial access, and get key

25/03/2026 00:00:00

NIST Cybersec. VOC

CTIANSSI

★4

Celebrating Data Privacy Week with NIST’s Privacy Engineering Program

Grab your party hats – it’s Data Privacy Week! Data Privacy Week is a global initiative led by the National Cybersecurity Alliance to spread awareness about online privacy and empower individuals and businesses to respect privacy, safeguard data, and

27/01/2026 12:00:00

NIST Cybersec. VOC

CTIANSSI

★4

Five Years Later: Evolving IoT Cybersecurity Guidelines

The Background…and NIST’s Plan for Improving IoT Cybersecurity The passage of the Internet of Things (IoT) Cybersecurity Improvement Act in 2020 marked a pivotal step in enhancing the cybersecurity of IoT products. Recognizing the increasing internet

13/05/2025 12:00:00

CVE CVSS ≥ 9 — NVD NIST (refresh 15 min)

CVE	Score	Description	Publié
CVE-1999-0426	9.8	The default permissions of /dev/kmem in Linux versions before 2.0.36 allows IP spoofing.	01/03/1999
CVE-1999-1324	9.8	VAXstations running Open VMS 5.3 through 5.5-2 with VMS DECwindows or MOTIF do not properly disable access to user accounts that exceed the break-in limit threshold for failed login attempts, which ma	31/12/1999
CVE-2000-1218	9.8	The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to 0, which causes Windows to accept DNS updates from hosts tha	14/04/2000
CVE-2000-0944	9.8	CGI Script Center News Update 1.1 does not properly validate the original news administration password during a password change operation, which allows remote attackers to modify the password without	19/12/2000
CVE-2001-1339	9.8	Beck IPC GmbH IPC@CHIP telnet service does not delay or disconnect users from the service when bad passwords are entered, which makes it easier for remote attackers to conduct brute force password gue	24/05/2001
CVE-2001-0248	9.8	Buffer overflow in FTP server in HPUX 11 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the STAT command, which uses glob to generate long strings.	18/06/2001
CVE-2001-0249	9.8	Heap overflow in FTP daemon in Solaris 8 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the LIST command, which uses glob to generate long strings.	18/06/2001
CVE-2001-0395	9.8	Lightwave ConsoleServer 3200 does not disconnect users after unsuccessful login attempts, which could allow remote attackers to conduct brute force password guessing.	02/07/2001
CVE-2001-1291	9.8	The telnet server for 3Com hardware such as PS40 SuperStack II does not delay or disconnect remote attackers who provide an incorrect username or password, which makes it easier to break into the serv	12/07/2001
CVE-2001-0609	9.8	Format string vulnerability in Infodrom cfingerd 1.4.3 and earlier allows a remote attacker to gain additional privileges via a malformed ident reply that is passed to the syslog function.	02/08/2001
CVE-2001-1155	9.8	TCP Wrappers (tcp_wrappers) in FreeBSD 4.1.1 through 4.3 with the PARANOID ACL option enabled does not properly check the result of a reverse DNS lookup, which could allow remote attackers to bypass i	23/08/2001
CVE-2001-0967	9.8	Knox Arkeia server 4.2, and possibly other versions, uses a constant salt when encrypting passwords using the crypt() function, which makes it easier for an attacker to conduct brute force password gu	31/08/2001
CVE-2001-1125	9.8	Symantec LiveUpdate before 1.6 does not use cryptography to ensure the integrity of download files, which allows remote attackers to execute arbitrary code via DNS spoofing of the update.symantec.com	05/10/2001
CVE-2001-0766	9.8	Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.	18/10/2001
CVE-2001-1481	9.8	Xitami 2.4 through 2.5 b4 stores the Administrator password in plaintext in the default.aut file, whose default permissions are world-readable, which allows remote attackers to gain privileges.	31/12/2001
CVE-2001-1496	9.8	Off-by-one buffer overflow in Basic Authentication in Acme Labs thttpd 1.95 through 2.20 allows remote attackers to cause a denial of service and possibly execute arbitrary code.	31/12/2001
CVE-2002-0059	9.8	The decompression algorithm in zlib 1.1.3 and earlier, as used in many different utilities and packages, causes inflateEnd to release certain memory more than once (a "double free"), which may allow l	15/03/2002
CVE-2002-0083	9.8	Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges.	15/03/2002
CVE-2002-0639	9.8	Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remote attackers to execute arbitrary code during challenge response authentication (ChallengeResponseAuthentication) when OpenSSH is using	03/07/2002
CVE-2002-0671	9.8	Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 downloads phone applications from a web site but can not verify the integrity of the applications, which could allow remote attacker	23/07/2002

Vulnérabilités activement exploitées — CISA KEV (refresh 1h)

CVE	Produit	Vulnérabilité	Dates
CVE-2026-1340	Ivanti — Endpoint Manager Mobile (EPMM)	Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability	Ajout : 2026-04-08 Deadline : 2026-04-11
CVE-2026-35616	Fortinet — FortiClient EMS	Fortinet FortiClient EMS Improper Access Control Vulnerability	Ajout : 2026-04-06 Deadline : 2026-04-09
CVE-2026-3502	TrueConf — Client	TrueConf Client Download of Code Without Integrity Check Vulnerability	Ajout : 2026-04-02 Deadline : 2026-04-16
CVE-2026-5281	Google — Dawn	Google Dawn Use-After-Free Vulnerability	Ajout : 2026-04-01 Deadline : 2026-04-15
CVE-2026-3055	Citrix — NetScaler	Citrix NetScaler Out-of-Bounds Read Vulnerability	Ajout : 2026-03-30 Deadline : 2026-04-02
CVE-2025-53521	F5 — BIG-IP	F5 BIG-IP Stack-Based Buffer Overflow Vulnerability	Ajout : 2026-03-27 Deadline : 2026-03-30
CVE-2026-33634	Aquasecurity — Trivy	Aquasecurity Trivy Embedded Malicious Code Vulnerability	Ajout : 2026-03-26 Deadline : 2026-04-09
CVE-2026-33017	Langflow — Langflow	Langflow Code Injection Vulnerability	Ajout : 2026-03-25 Deadline : 2026-04-08
CVE-2025-32432	Craft CMS — Craft CMS	Craft CMS Code Injection Vulnerability	Ajout : 2026-03-20 Deadline : 2026-04-03
CVE-2025-54068	Laravel — Livewire	Laravel Livewire Code Injection Vulnerability	Ajout : 2026-03-20 Deadline : 2026-04-03
CVE-2025-43510	Apple — Multiple Products	Apple Multiple Products Improper Locking Vulnerability	Ajout : 2026-03-20 Deadline : 2026-04-03
CVE-2025-43520	Apple — Multiple Products	Apple Multiple Products Classic Buffer Overflow Vulnerability	Ajout : 2026-03-20 Deadline : 2026-04-03
CVE-2025-31277	Apple — Multiple Products	Apple Multiple Products Buffer Overflow Vulnerability	Ajout : 2026-03-20 Deadline : 2026-04-03
CVE-2026-20131	Cisco — Secure Firewall Management Center (FMC)	Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management Deserialization of Untrusted Data Vulnerability	Ajout : 2026-03-19 Deadline : 2026-03-22
CVE-2025-66376	Synacor — Zimbra Collaboration Suite (ZCS)	Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting Vulnerability	Ajout : 2026-03-18 Deadline : 2026-04-01

Refresh dans 5:00

MàJ : 16:48:56 ⚠ 2 KO

🔴 CISA KEV — Derniers ajouts

CVE-2026-1340

Ivanti — Endpoint Manager Mobile (EPMM)

Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability

⏰ Deadline : 2026-04-11

CVE-2026-35616

Fortinet — FortiClient EMS

Fortinet FortiClient EMS Improper Access Control Vulnerability

⏰ Deadline : 2026-04-09

CVE-2026-3502

TrueConf — Client

TrueConf Client Download of Code Without Integrity Check Vulnerability

⏰ Deadline : 2026-04-16

CVE-2026-5281

Google — Dawn

Google Dawn Use-After-Free Vulnerability

⏰ Deadline : 2026-04-15

CVE-2026-3055

Citrix — NetScaler

Citrix NetScaler Out-of-Bounds Read Vulnerability

⏰ Deadline : 2026-04-02

CVE-2025-53521

F5 — BIG-IP

F5 BIG-IP Stack-Based Buffer Overflow Vulnerability

⏰ Deadline : 2026-03-30

CVE-2026-33634

Aquasecurity — Trivy

Aquasecurity Trivy Embedded Malicious Code Vulnerability

⏰ Deadline : 2026-04-09

CVE-2026-33017

Langflow — Langflow

Langflow Code Injection Vulnerability

⏰ Deadline : 2026-04-08

CVE-2025-32432

Craft CMS — Craft CMS

Craft CMS Code Injection Vulnerability

⏰ Deadline : 2026-04-03

CVE-2025-54068

Laravel — Livewire

Laravel Livewire Code Injection Vulnerability

⏰ Deadline : 2026-04-03

CVE-2025-43510

Apple — Multiple Products

Apple Multiple Products Improper Locking Vulnerability

⏰ Deadline : 2026-04-03

CVE-2025-43520

Apple — Multiple Products

Apple Multiple Products Classic Buffer Overflow Vulnerability

⏰ Deadline : 2026-04-03

CVE-2025-31277

Apple — Multiple Products

Apple Multiple Products Buffer Overflow Vulnerability

⏰ Deadline : 2026-04-03

CVE-2026-20131

Cisco — Secure Firewall Management Center (FMC)

Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management Deserialization of Untrusted Data Vulnerability

⏰ Deadline : 2026-03-22

CVE-2025-66376

Synacor — Zimbra Collaboration Suite (ZCS)

Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting Vulnerability

⏰ Deadline : 2026-04-01

CVE-2026-20963

Microsoft — SharePoint

Microsoft SharePoint Deserialization of Untrusted Data Vulnerability

⏰ Deadline : 2026-03-21

CVE-2025-47813

Wing FTP Server — Wing FTP Server

Wing FTP Server Information Disclosure Vulnerability

⏰ Deadline : 2026-03-30

CVE-2026-3910

Google — Chromium V8

Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer Vulnerability

⏰ Deadline : 2026-03-27

CVE-2026-3909

Google — Skia

Google Skia Out-of-Bounds Write Vulnerability

⏰ Deadline : 2026-03-27

CVE-2025-68613

n8n — n8n

n8n Improper Control of Dynamically-Managed Code Resources Vulnerability

⏰ Deadline : 2026-03-25