Actu - 26 octobre 2025 - Parce que... c'est l'épisode 0x651!
Parce que… c’est l’épisode 0x651!
Shameless plug
4 et 5 novembre 2025 - FAIRCON 2025
8 et 9 novembre 2025 - DEATHcon
17 au 20 novembre 2025 - European Cyber Week
25 et 26 février 2026 - SéQCure 2026
14 au 17 avril 2026 - Botconf 2026
28 et 29 avril 2026 - Cybereco Cyberconférence 2026
9 au 17 mai 2026 - NorthSec 2026
3 au 5 juin 2025 - SSTIC 2026
Notes
Incidents
What the Huge AWS Outage Reveals About the Internet
A single DNS race condition brought AWS to its knees
Amazon brain drain finally caught up with AWS
Louvre heist raises decades-old questions about museum security
IA
Critical Vulnerability in MCP Server Platform Exposes 3,000 Servers and Thousands of API Keys
The security paradox of local LLMs
OpenAI ChatGPT Atlas Browser Jailbroken to Disguise Malicious Prompt as URLs
OpenAI’s New Browser Raises ‘Insurmountably High’ Security Concerns
Perplexity’s Comet Browser Screenshot Feature Vulnerability Let Attackers Inject Malicious Prompts
MCP attack uses predictable session IDs to hijack AI agents
Zero Trust Has a Blind Spot—Your AI Agents
Sneaky Mermaid attack in Microsoft 365 Copilot steals data
AI-Powered Ransomware Is the Emerging Threat That Could Bring Down Your Organization
One in five security breaches now thought to be caused by AI-written code
Privacy
Microsoft Teams to Auto-Set Work Location by Detecting the Wi-Fi Network
Polish PM: former government used Pegasus spyware to surveil my wife and daughter
The Internet’s Biggest Annoyance: Why Cookie Laws Should Target Browsers, Not Websites
Blue
5 Deception Solutions that are Changing the Cybersecurity Game
You Still Shouldn’t Use a Browser Password Manager
Microsoft admits File Explorer Preview pane won’t work in Windows 11 25H2 for internet files by default
Myanmar military detains 2,000 people in raid at cybercrime center
Shifting from reactive to proactive: Cyber resilience amid nation-state espionage
Proofpoint releases innovative detections for threat hunting: PDF Object Hashing
OpenBSD 7.8 out now and 9front’s ‘Release’ released
OpenBSD 7.8
ChkTag: x86 Memory Safety
Réserve européenne de cybersécurité : l’Union se dote d’un bouclier commun
Red
GlassWorm: First Self-Propagating Worm Using Invisible Code Hits OpenVSX Marketplace
Self-Propagating GlassWorm Poisons VS Code Extensions
Network security devices endanger orgs with ’90s era flaws
706,000+ BIND 9 Resolver Instances Vulnerable to Cache Poisoning Exposed Online - PoC Released
Google Warns of Threat Actors Using Fake Job Posting to Deliver Malware and Steal Credentials
The YouTube Ghost Network: How Check Point Research Helped Take Down 3,000 Malicious Videos Spreading Malware
Threat Actors Attacking Azure Blob Storage to Compromise Organizational Repositories
Inside the attack chain: Threat activity targeting Azure Blob Storage
Hackers Can Access Microsoft Teams Chat and Emails by Retrieving Access Tokens
Critical WSUS Flaw (CVE-2025-59287, CVSS 9.8) Allows Unauthenticated RCE via Unsafe Cookie Deserialization, PoC Available
Hackers Weaponizing OAuth Applications for Persistent Cloud Access Even After Password Reset
‘PassiveNeuron’ Cyber Spies Attack With Custom Malware
Airport PA System Hack: How Attackers Hijacked Announcements in the US and Canada - Cyberwarzone
China finds “irrefutable evidence” of US NSA cyberattacks on time Authority
Collaborateurs
Nicolas-Loïc Fortin
Crédits
Montage par Intrasecure inc
Locaux réels par Intrasecure inc
Shameless plug
4 et 5 novembre 2025 - FAIRCON 2025
8 et 9 novembre 2025 - DEATHcon
17 au 20 novembre 2025 - European Cyber Week
25 et 26 février 2026 - SéQCure 2026
14 au 17 avril 2026 - Botconf 2026
28 et 29 avril 2026 - Cybereco Cyberconférence 2026
9 au 17 mai 2026 - NorthSec 2026
3 au 5 juin 2025 - SSTIC 2026
Notes
Incidents
What the Huge AWS Outage Reveals About the Internet
A single DNS race condition brought AWS to its knees
Amazon brain drain finally caught up with AWS
Louvre heist raises decades-old questions about museum security
IA
Critical Vulnerability in MCP Server Platform Exposes 3,000 Servers and Thousands of API Keys
The security paradox of local LLMs
OpenAI ChatGPT Atlas Browser Jailbroken to Disguise Malicious Prompt as URLs
OpenAI’s New Browser Raises ‘Insurmountably High’ Security Concerns
Perplexity’s Comet Browser Screenshot Feature Vulnerability Let Attackers Inject Malicious Prompts
MCP attack uses predictable session IDs to hijack AI agents
Zero Trust Has a Blind Spot—Your AI Agents
Sneaky Mermaid attack in Microsoft 365 Copilot steals data
AI-Powered Ransomware Is the Emerging Threat That Could Bring Down Your Organization
One in five security breaches now thought to be caused by AI-written code
Privacy
Microsoft Teams to Auto-Set Work Location by Detecting the Wi-Fi Network
Polish PM: former government used Pegasus spyware to surveil my wife and daughter
The Internet’s Biggest Annoyance: Why Cookie Laws Should Target Browsers, Not Websites
Blue
5 Deception Solutions that are Changing the Cybersecurity Game
You Still Shouldn’t Use a Browser Password Manager
Microsoft admits File Explorer Preview pane won’t work in Windows 11 25H2 for internet files by default
Myanmar military detains 2,000 people in raid at cybercrime center
Shifting from reactive to proactive: Cyber resilience amid nation-state espionage
Proofpoint releases innovative detections for threat hunting: PDF Object Hashing
OpenBSD 7.8 out now and 9front’s ‘Release’ released
OpenBSD 7.8
ChkTag: x86 Memory Safety
Réserve européenne de cybersécurité : l’Union se dote d’un bouclier commun
Red
GlassWorm: First Self-Propagating Worm Using Invisible Code Hits OpenVSX Marketplace
Self-Propagating GlassWorm Poisons VS Code Extensions
Network security devices endanger orgs with ’90s era flaws
706,000+ BIND 9 Resolver Instances Vulnerable to Cache Poisoning Exposed Online - PoC Released
Google Warns of Threat Actors Using Fake Job Posting to Deliver Malware and Steal Credentials
The YouTube Ghost Network: How Check Point Research Helped Take Down 3,000 Malicious Videos Spreading Malware
Threat Actors Attacking Azure Blob Storage to Compromise Organizational Repositories
Inside the attack chain: Threat activity targeting Azure Blob Storage
Hackers Can Access Microsoft Teams Chat and Emails by Retrieving Access Tokens
Critical WSUS Flaw (CVE-2025-59287, CVSS 9.8) Allows Unauthenticated RCE via Unsafe Cookie Deserialization, PoC Available
Hackers Weaponizing OAuth Applications for Persistent Cloud Access Even After Password Reset
‘PassiveNeuron’ Cyber Spies Attack With Custom Malware
Airport PA System Hack: How Attackers Hijacked Announcements in the US and Canada - Cyberwarzone
China finds “irrefutable evidence” of US NSA cyberattacks on time Authority
Collaborateurs
Nicolas-Loïc Fortin
Crédits
Montage par Intrasecure inc
Locaux réels par Intrasecure inc
