Actu - 26 avril 2026 - Parce que... c'est l'épisode 0x2EF!
Parce que… c’est l’épisode 0x2EF!
Shameless plug
28 et 29 avril 2026 - Cybereco Cyberconférence 2026
9 au 17 mai 2026 - NorthSec 2026
3 au 5 juin 2026 - SSTIC 2026
24 et 25 juin 2026 - Troopers
26 et 27 juin 2026 - leHACK
19 septembre 2026 - Bsides Montréal
1 au 3 décembre 2026 - Forum INCYBER - Canada 2026
24 et 25 février 2027 - SéQCure 2027
Notes
IA ou Ghost in the shell
Mythos
NSA Reportedly Using Anthropic’s Mythos Despite Pentagon Blacklist
US security agency is using Anthropic’s Mythos despite blacklist, Axios reports
Unauthorized Group Gains Access to Anthropic’s Exclusive Cyber Tool Mythos
Anthropic Mythos shaping up as nothingburger
The Boy That Cried Mythos: Verification is Collapsing Trust in Anthropic
The Guardian view on Anthropic’s Claude Mythos: when AI finds every flaw, who controls the internet?
Mozilla: Anthropic’s Mythos found 271 security vulnerabilities in Firefox 150
The AI era demands a different kind of CISO
Paradigme
AI-Powered Exploitation May Collapse the Patch Window for Defenders
AI Model Claude Opus turns bugs into exploits for just $2,283
Why the Axios attack proves AI is mandatory for supply chain security
Un agent IA chinois a trouvé près de 1 000 failles inédites, dont certaines dans Microsoft Office
MCP
MCP Servers Are the New APIs — And We’re Making the Same Security Mistakes
How Anthropic’s Model Context Protocol Allows For Easy Remote Execution
Prove You Are a Robot: CAPTCHAs for Agents
Anthropic secretly installs spyware when you install Claude Desktop
AI Agents Think. They Just Don’t Know They’re Being Watched.
Vuln in Google’s Antigravity AI agent manager could escape sandbox, give attackers remote code execution
Lovable denies data leak, cites ‘intentional behavior’
Kernel code removals driven by LLM-created security reports
Introducing OpenAI Privacy Filter
La guerre, la guerre, c’est pas une raison pour se faire mal!
Iran claims US used backdoors in networking equipment
Souveraineté ou vive le numérique libre!
[Matrix in Europe
Digital sovereignty](https://element.io/en/matrix-in-europe)
FCC adds mobile hotspots to router ban
Privacy ou cachez ces informations que je ne saurais voir
Une faille IndexedDB permettait de relier toutes vos identités Tor
Nullroom - Un chat P2P qui s’efface en 15 minutes
Proton CEO: Age checks turn internet into ID checkpoint
Apple stops weirdly storing data that let cops spy on Signal chats
Why you should refuse to let your doctor record you
Privacy Advocate Accuses US Government of Investing in AI-Powered Mass Surveillance
I am the law
Elon Musk fails to appear for questioning by French police over sexualized AI images on X
Loi séparatisme - Le blocage sans juge gagne du terrain
Most Australian teens admit the social media ban isn’t working as they try to sidestep age verification blocks with face masks and their parents’ IDs
Colorado Adds Open-Source Exemption to Age-Attestation Bill
Red ou tout ce qui est brisé
You Don’t Need to Hack the System. You Just Need to Make People Think You Did.
Apple Knows. Visa Knows. Nobody Has Fixed It. Here’s Why.
Cyberattack at French identity document agency may have exposed personal data
France’s ‘Secure’ ID agency probes claimed 19M record breach
Another npm supply chain worm hits dev environments
Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain …
Why Phishing Still Works (Even If You Know About It)
Blue ou tout ce qui améliore notre posture
DDoS
Kevin Beaumont: “If anybody is wondering, masto…” - Cyberplace
DDoS wave continues as Mastodon hit after Bluesky incident
Network ‘background noise’ may predict the next big edge-device vulnerability
NCSC: Passkeys now good enough to be the default standard
Kevin Beaumont: “I just want to give the analysts at Dragos credit here for how they framed this - it’s really responsible.” - Cyberplace
You don’t want long-lived keys
Divers ou parce que j’ai aucune idée où les placer
Quadratic
Contrary to popular superstition, AES 128 is just fine in a post-quantum world
In a first, a ransomware family is confirmed to be quantum-safe
Original GrapheneOS responses to WIRED fact checker
Palantir Employees Are Starting to Wonder if They’re the Bad Guys
Les cartes bancaires biométriques sont-elles une vraie avancée ou du bullshit marketing ?
Histoire
Un malware qui pourrait être la toute première cyberarme de l’histoire
Discret 11, the French TV encryption of the 80’s
Collaborateurs
Nicolas-Loïc Fortin
Crédits
Montage par Intrasecure inc
Locaux réels par Moxy Montreal Downtown
Shameless plug
28 et 29 avril 2026 - Cybereco Cyberconférence 2026
9 au 17 mai 2026 - NorthSec 2026
3 au 5 juin 2026 - SSTIC 2026
24 et 25 juin 2026 - Troopers
26 et 27 juin 2026 - leHACK
19 septembre 2026 - Bsides Montréal
1 au 3 décembre 2026 - Forum INCYBER - Canada 2026
24 et 25 février 2027 - SéQCure 2027
Notes
IA ou Ghost in the shell
Mythos
NSA Reportedly Using Anthropic’s Mythos Despite Pentagon Blacklist
US security agency is using Anthropic’s Mythos despite blacklist, Axios reports
Unauthorized Group Gains Access to Anthropic’s Exclusive Cyber Tool Mythos
Anthropic Mythos shaping up as nothingburger
The Boy That Cried Mythos: Verification is Collapsing Trust in Anthropic
The Guardian view on Anthropic’s Claude Mythos: when AI finds every flaw, who controls the internet?
Mozilla: Anthropic’s Mythos found 271 security vulnerabilities in Firefox 150
The AI era demands a different kind of CISO
Paradigme
AI-Powered Exploitation May Collapse the Patch Window for Defenders
AI Model Claude Opus turns bugs into exploits for just $2,283
Why the Axios attack proves AI is mandatory for supply chain security
Un agent IA chinois a trouvé près de 1 000 failles inédites, dont certaines dans Microsoft Office
MCP
MCP Servers Are the New APIs — And We’re Making the Same Security Mistakes
How Anthropic’s Model Context Protocol Allows For Easy Remote Execution
Prove You Are a Robot: CAPTCHAs for Agents
Anthropic secretly installs spyware when you install Claude Desktop
AI Agents Think. They Just Don’t Know They’re Being Watched.
Vuln in Google’s Antigravity AI agent manager could escape sandbox, give attackers remote code execution
Lovable denies data leak, cites ‘intentional behavior’
Kernel code removals driven by LLM-created security reports
Introducing OpenAI Privacy Filter
La guerre, la guerre, c’est pas une raison pour se faire mal!
Iran claims US used backdoors in networking equipment
Souveraineté ou vive le numérique libre!
[Matrix in Europe
Digital sovereignty](https://element.io/en/matrix-in-europe)
FCC adds mobile hotspots to router ban
Privacy ou cachez ces informations que je ne saurais voir
Une faille IndexedDB permettait de relier toutes vos identités Tor
Nullroom - Un chat P2P qui s’efface en 15 minutes
Proton CEO: Age checks turn internet into ID checkpoint
Apple stops weirdly storing data that let cops spy on Signal chats
Why you should refuse to let your doctor record you
Privacy Advocate Accuses US Government of Investing in AI-Powered Mass Surveillance
I am the law
Elon Musk fails to appear for questioning by French police over sexualized AI images on X
Loi séparatisme - Le blocage sans juge gagne du terrain
Most Australian teens admit the social media ban isn’t working as they try to sidestep age verification blocks with face masks and their parents’ IDs
Colorado Adds Open-Source Exemption to Age-Attestation Bill
Red ou tout ce qui est brisé
You Don’t Need to Hack the System. You Just Need to Make People Think You Did.
Apple Knows. Visa Knows. Nobody Has Fixed It. Here’s Why.
Cyberattack at French identity document agency may have exposed personal data
France’s ‘Secure’ ID agency probes claimed 19M record breach
Another npm supply chain worm hits dev environments
Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain …
Why Phishing Still Works (Even If You Know About It)
Blue ou tout ce qui améliore notre posture
DDoS
Kevin Beaumont: “If anybody is wondering, masto…” - Cyberplace
DDoS wave continues as Mastodon hit after Bluesky incident
Network ‘background noise’ may predict the next big edge-device vulnerability
NCSC: Passkeys now good enough to be the default standard
Kevin Beaumont: “I just want to give the analysts at Dragos credit here for how they framed this - it’s really responsible.” - Cyberplace
You don’t want long-lived keys
Divers ou parce que j’ai aucune idée où les placer
Quadratic
Contrary to popular superstition, AES 128 is just fine in a post-quantum world
In a first, a ransomware family is confirmed to be quantum-safe
Original GrapheneOS responses to WIRED fact checker
Palantir Employees Are Starting to Wonder if They’re the Bad Guys
Les cartes bancaires biométriques sont-elles une vraie avancée ou du bullshit marketing ?
Histoire
Un malware qui pourrait être la toute première cyberarme de l’histoire
Discret 11, the French TV encryption of the 80’s
Collaborateurs
Nicolas-Loïc Fortin
Crédits
Montage par Intrasecure inc
Locaux réels par Moxy Montreal Downtown
