Actu - 23 novembre 2025 - Parce que... c'est l'épisode 0x667!
Parce que… c’est l’épisode 0x667!
Shameless plug
25 et 26 février 2026 - SéQCure 2026
CfP
14 au 17 avril 2026 - Botconf 2026
28 et 29 avril 2026 - Cybereco Cyberconférence 2026
9 au 17 mai 2026 - NorthSec 2026
3 au 5 juin 2025 - SSTIC 2026
Notes
IA
MCP
Hackers Use Rogue MCP Server to Inject Malicious Code and Control the Cursor’s Built-in Browser
Obscure MCP API in Comet Browser Breaches User Trust, Enabling Full Device Control via AI Browsers
Microsoft
Microsoft Integrated Azure Firewall With AI-powered Security Copilot
Microsoft’s New Windows AI Feature Comes With Warnings About Malware and Data Theft
Le crime ne paie pas
GenAI Makes it Easier for Cybercriminals to Successfully Lure Victims into Scams
LLM-generated malware improving, but not operational (yet)
anthropic’s paper smells like bullshit – djnn@localhost
AI as Cyberattacker
Ollama Vulnerabilities Let Attackers Execute Arbitrary Code by Parsing of Malicious Model Files
Beyond IAM Silos: Why the Identity Security Fabric is Essential for Securing AI and Non-Human Identities
La poésie est une arme… pour contourner la sécurité des LLMs
AI-Based Obfuscated Malicious Apps Evading AV Detection to Deploy Malicious Payload
Blue
Why bcrypt Can Be Unsafe for Password Hashing ?
Chasse aux hostiles
Authorities Seized Thousands of Servers from Rogue Hosting Company Used to Fuel Cyberattacks
Five Eyes just made life harder for bulletproof hosting providers
NSA Issues Guidance for ISPs and Network Defenders to Combat Malicious Activity
Microsoft Finally Makes Sysmon Native To Windows
Microsoft Threat Intelligence Briefing Agent Now Integrated into the Defender Portal
Security 101: Cyber Training Still Fails Miserably
What Cybersecurity Can Learn From Car Racing
Red
Malicious ‘Free’ VPN Extension with 9 Million Installs Hijacks User Traffic and Steals Browsing Data
Researchers discover security vulnerability in WhatsApp
Browser Fingerprinting And Why VPNs Won’t Make You Anonymous
Kevin Boone: The privacy nightmare of browser fingerprinting
Multi-threat Android malware Sturnus steals Signal, WhatsApp messages
Threat Actors Allegedly Selling Microsoft Office 0-Day RCE Vulnerability on Hacking Forums
Salesforce flags another third-party security incident
Stolen VPN Credentials Most Common Ransomware Attack Vector
Ransomware Actors Primarily Targeting Retailers This Holiday Season to Deploy Malicious Payloads
Dark Web Job Market Evolved - Prioritizes Practical Skills Over Formal Education
Privacy
Google Is Collecting Troves of Data From Downgraded Nest Thermostats
Europe is scaling back its landmark privacy and AI laws
Europe’s cookie nightmare is crumbling
Canadian privacy regulators say schools share blame for PowerSchool hack
The FBI spied on a Signal group chat of immigration activists, records reveal
Random
Cloud Sovereignty: How Berlin and Paris Are Trying to Draw a European Line
Cloudflare broke the internet with a bad DB query
The Cloudflare Outage May Be a Security Roadmap
Legal Restrictions on Vulnerability Disclosure
Can Chinese-Made Buses Be Hacked? Norway Drove One Down a Mine to Find Out
Rogue techie pleads guilty in $862K employer attack
La Quadrature du Net: “Deux articles du Parisien hier…” - Mamot - Le Mastodon de La Quadrature du Net
GrapheneOS: “@Fritange France is taking sta…” - GrapheneOS Mastodon
BrianKrebs: “Social engineering – the art …” - Infosec Exchange
Canonical expands total coverage for Ubuntu LTS releases to 15 years with Legacy add-on
Collaborateurs
Nicolas-Loïc Fortin
Crédits
Montage par Intrasecure inc
Locaux réels par Intrasecure inc
Shameless plug
25 et 26 février 2026 - SéQCure 2026
CfP
14 au 17 avril 2026 - Botconf 2026
28 et 29 avril 2026 - Cybereco Cyberconférence 2026
9 au 17 mai 2026 - NorthSec 2026
3 au 5 juin 2025 - SSTIC 2026
Notes
IA
MCP
Hackers Use Rogue MCP Server to Inject Malicious Code and Control the Cursor’s Built-in Browser
Obscure MCP API in Comet Browser Breaches User Trust, Enabling Full Device Control via AI Browsers
Microsoft
Microsoft Integrated Azure Firewall With AI-powered Security Copilot
Microsoft’s New Windows AI Feature Comes With Warnings About Malware and Data Theft
Le crime ne paie pas
GenAI Makes it Easier for Cybercriminals to Successfully Lure Victims into Scams
LLM-generated malware improving, but not operational (yet)
anthropic’s paper smells like bullshit – djnn@localhost
AI as Cyberattacker
Ollama Vulnerabilities Let Attackers Execute Arbitrary Code by Parsing of Malicious Model Files
Beyond IAM Silos: Why the Identity Security Fabric is Essential for Securing AI and Non-Human Identities
La poésie est une arme… pour contourner la sécurité des LLMs
AI-Based Obfuscated Malicious Apps Evading AV Detection to Deploy Malicious Payload
Blue
Why bcrypt Can Be Unsafe for Password Hashing ?
Chasse aux hostiles
Authorities Seized Thousands of Servers from Rogue Hosting Company Used to Fuel Cyberattacks
Five Eyes just made life harder for bulletproof hosting providers
NSA Issues Guidance for ISPs and Network Defenders to Combat Malicious Activity
Microsoft Finally Makes Sysmon Native To Windows
Microsoft Threat Intelligence Briefing Agent Now Integrated into the Defender Portal
Security 101: Cyber Training Still Fails Miserably
What Cybersecurity Can Learn From Car Racing
Red
Malicious ‘Free’ VPN Extension with 9 Million Installs Hijacks User Traffic and Steals Browsing Data
Researchers discover security vulnerability in WhatsApp
Browser Fingerprinting And Why VPNs Won’t Make You Anonymous
Kevin Boone: The privacy nightmare of browser fingerprinting
Multi-threat Android malware Sturnus steals Signal, WhatsApp messages
Threat Actors Allegedly Selling Microsoft Office 0-Day RCE Vulnerability on Hacking Forums
Salesforce flags another third-party security incident
Stolen VPN Credentials Most Common Ransomware Attack Vector
Ransomware Actors Primarily Targeting Retailers This Holiday Season to Deploy Malicious Payloads
Dark Web Job Market Evolved - Prioritizes Practical Skills Over Formal Education
Privacy
Google Is Collecting Troves of Data From Downgraded Nest Thermostats
Europe is scaling back its landmark privacy and AI laws
Europe’s cookie nightmare is crumbling
Canadian privacy regulators say schools share blame for PowerSchool hack
The FBI spied on a Signal group chat of immigration activists, records reveal
Random
Cloud Sovereignty: How Berlin and Paris Are Trying to Draw a European Line
Cloudflare broke the internet with a bad DB query
The Cloudflare Outage May Be a Security Roadmap
Legal Restrictions on Vulnerability Disclosure
Can Chinese-Made Buses Be Hacked? Norway Drove One Down a Mine to Find Out
Rogue techie pleads guilty in $862K employer attack
La Quadrature du Net: “Deux articles du Parisien hier…” - Mamot - Le Mastodon de La Quadrature du Net
GrapheneOS: “@Fritange France is taking sta…” - GrapheneOS Mastodon
BrianKrebs: “Social engineering – the art …” - Infosec Exchange
Canonical expands total coverage for Ubuntu LTS releases to 15 years with Legacy add-on
Collaborateurs
Nicolas-Loïc Fortin
Crédits
Montage par Intrasecure inc
Locaux réels par Intrasecure inc
