Actu - 5 avril 2026 - Parce que... c'est l'épisode 0x738!
Parce que… c’est l’épisode 0x738!
Shameless plug
14 au 17 avril 2026 - Botconf 2026
20 au 22 avril 2026 - ITSec
Code rabais de 15%: Seqcure15
28 et 29 avril 2026 - Cybereco Cyberconférence 2026
9 au 17 mai 2026 - NorthSec 2026
3 au 5 juin 2026 - SSTIC 2026
19 septembre 2026 - Bsides Montréal
1 au 3 décembre 2026 - Forum INCYBER - Canada 2026
24 et 25 février 2027 - SéQCure 2027
Notes
IA ou dans le prisme de la machine
La chasse est ouverte
Vulnerability Research Is Cooked
Claude AI Discovers Zero-Day RCE Vulnerabilities in Vim and Emacs
Amazon security boss: AI makes pentesting 40% more efficient
C’est la fuite de Claude
Claude Code’s source reveals extent of system access
What The Claude Code Leak Means for Engineering Teams in Regulated Industries
Anthropic Issues Copyright Takedown Requests To Remove 8,000+ Copies of Claude Code Source Code - Slashdot
Lalalalalalala
Claude Code bypasses safety rule if given too many commands
OpenAI ChatGPT fixes DNS data smuggling flaw
Je te l’avais dit Rogers
Netflix, Meta, IBM speakers discuss AI and their workdays
MCP Is Great. You’re Just Using It Wrong.
Have I Been Pwned: Cuties AI Data Breach
Vibe Coding Failures: Documented AI Code Incidents
AI Can Clone Open-Source Software In Minutes
Penalties Stack Up As AI Spreads Through the Legal System
AI models will deceive you to save their own kind
La guerre, la guerre, c’est pas une raison pour se faire mal!
Je te tiens par ton datacenter
Iran Strikes Leave Amazon Availability Zones “Hard Down” in Bahrain and Dubai, Per Internal AWS Communication
Kevin Beaumont: “If Iran ever gets somebody to fly a plane into AWS us-east1 the global economy would probably stop.” - Cyberplace
Iran Deploys ‘Pseudo-Ransomware,’ Revives Pay2Key Operations
Iran targets M365 accounts with password-spraying attacks
The real danger of military AI isn’t killer robots; it’s worse human judgement
Souveraineté ou vive le numérique libre!
Rien ne va plus dans le royaume
Euro-Office veut remplacer Microsoft 365, mais OnlyOffice crie au vol
OnlyOffice Suspends Nextcloud Partnership For Forking Its Project Without Approval
US router ban is ‘industrial policy’ not better infosec
‘Fatal decision’: EU slammed for caving to US pressure on digital rules
Privacy ou cachez ces informations que je ne saurais voir
Pour le Proton et le pire
Proton launches new “Meet” privacy-focused conferencing platform
Proton Meet Isn’t What They Told You It Was
Quad9 Enables DNS Over HTTP/3 and DNS Over QUIC
LinkedIn Is Illegally Searching Your Computer
A Secure Chat App’s Encryption Is So Bad It Is ‘Meaningless’
Quantum computing bombshells that are not April Fools
Colorado’s New Speed Camera System Makes Waze Nearly Useless
I am the law
Tout est une question d’age
Apple Now Requires Device-Level Age Verification in the UK. Could the US Be Next?
Age verification on Systemd and Flatpak
Group Pushing Age Verification Requirements For AI Sneakily Backed By OpenAI
Is “Hackback” Official US Cybersecurity Strategy?
Piratage : Google, Cloudflare et Cisco contraints de bloquer des sites pirates en France
Red ou tout ce qui est brisé
Supply chain Trivy et cie
Post Mortem: axios npm supply chain compromise · Issue #10636 · axios/axios
The Axios supply chain attack used individually targeted social engineering
Euro-hack
[Technical Post-Mortem: IAM Exploitation via SSO Token Abuse — EU Europa / ShinyHunters
CyberAlert](https://cyberalert.com.pl/articles/shinyhunters-eu-europa-breach-analysis.html)
CERT-EU: European Commission hack exposes data of 30 EU entities
CERT-EU - European Commission cloud breach: a supply-chain compromise
Piratage du fichier des armes – 41 000 détenteurs exposés
Users say Adobe Creative Cloud rewrote hosts file to detect installed app
Man admits to locking thousands of Windows devices in extortion plot
New Rowhammer attacks give complete control of machines running Nvidia GPUs
Mary Jo Foley: What the heck is going on with Microsoft lately?
The White House App Is Riddled With Cybersecurity Vulnerabilities
The Hack That Exposed Syria’s Sweeping Security Failures
CBP facility codes sure seem to have leaked via online flashcards
Someone at BrowserStack is Leaking Users’ Email Address
Blue ou tout ce qui améliore notre posture
Apple’s Camera Indicator Lights
Apple expands iOS 18 updates to more iPhones to block DarkSword attacks
Microsoft now force upgrades unmanaged Windows 11 24H2 PCs
Collaborateurs
Nicolas-Loïc Fortin
Crédits
Montage par Intrasecure inc
Locaux réels par Cardo Brussels
Shameless plug
14 au 17 avril 2026 - Botconf 2026
20 au 22 avril 2026 - ITSec
Code rabais de 15%: Seqcure15
28 et 29 avril 2026 - Cybereco Cyberconférence 2026
9 au 17 mai 2026 - NorthSec 2026
3 au 5 juin 2026 - SSTIC 2026
19 septembre 2026 - Bsides Montréal
1 au 3 décembre 2026 - Forum INCYBER - Canada 2026
24 et 25 février 2027 - SéQCure 2027
Notes
IA ou dans le prisme de la machine
La chasse est ouverte
Vulnerability Research Is Cooked
Claude AI Discovers Zero-Day RCE Vulnerabilities in Vim and Emacs
Amazon security boss: AI makes pentesting 40% more efficient
C’est la fuite de Claude
Claude Code’s source reveals extent of system access
What The Claude Code Leak Means for Engineering Teams in Regulated Industries
Anthropic Issues Copyright Takedown Requests To Remove 8,000+ Copies of Claude Code Source Code - Slashdot
Lalalalalalala
Claude Code bypasses safety rule if given too many commands
OpenAI ChatGPT fixes DNS data smuggling flaw
Je te l’avais dit Rogers
Netflix, Meta, IBM speakers discuss AI and their workdays
MCP Is Great. You’re Just Using It Wrong.
Have I Been Pwned: Cuties AI Data Breach
Vibe Coding Failures: Documented AI Code Incidents
AI Can Clone Open-Source Software In Minutes
Penalties Stack Up As AI Spreads Through the Legal System
AI models will deceive you to save their own kind
La guerre, la guerre, c’est pas une raison pour se faire mal!
Je te tiens par ton datacenter
Iran Strikes Leave Amazon Availability Zones “Hard Down” in Bahrain and Dubai, Per Internal AWS Communication
Kevin Beaumont: “If Iran ever gets somebody to fly a plane into AWS us-east1 the global economy would probably stop.” - Cyberplace
Iran Deploys ‘Pseudo-Ransomware,’ Revives Pay2Key Operations
Iran targets M365 accounts with password-spraying attacks
The real danger of military AI isn’t killer robots; it’s worse human judgement
Souveraineté ou vive le numérique libre!
Rien ne va plus dans le royaume
Euro-Office veut remplacer Microsoft 365, mais OnlyOffice crie au vol
OnlyOffice Suspends Nextcloud Partnership For Forking Its Project Without Approval
US router ban is ‘industrial policy’ not better infosec
‘Fatal decision’: EU slammed for caving to US pressure on digital rules
Privacy ou cachez ces informations que je ne saurais voir
Pour le Proton et le pire
Proton launches new “Meet” privacy-focused conferencing platform
Proton Meet Isn’t What They Told You It Was
Quad9 Enables DNS Over HTTP/3 and DNS Over QUIC
LinkedIn Is Illegally Searching Your Computer
A Secure Chat App’s Encryption Is So Bad It Is ‘Meaningless’
Quantum computing bombshells that are not April Fools
Colorado’s New Speed Camera System Makes Waze Nearly Useless
I am the law
Tout est une question d’age
Apple Now Requires Device-Level Age Verification in the UK. Could the US Be Next?
Age verification on Systemd and Flatpak
Group Pushing Age Verification Requirements For AI Sneakily Backed By OpenAI
Is “Hackback” Official US Cybersecurity Strategy?
Piratage : Google, Cloudflare et Cisco contraints de bloquer des sites pirates en France
Red ou tout ce qui est brisé
Supply chain Trivy et cie
Post Mortem: axios npm supply chain compromise · Issue #10636 · axios/axios
The Axios supply chain attack used individually targeted social engineering
Euro-hack
[Technical Post-Mortem: IAM Exploitation via SSO Token Abuse — EU Europa / ShinyHunters
CyberAlert](https://cyberalert.com.pl/articles/shinyhunters-eu-europa-breach-analysis.html)
CERT-EU: European Commission hack exposes data of 30 EU entities
CERT-EU - European Commission cloud breach: a supply-chain compromise
Piratage du fichier des armes – 41 000 détenteurs exposés
Users say Adobe Creative Cloud rewrote hosts file to detect installed app
Man admits to locking thousands of Windows devices in extortion plot
New Rowhammer attacks give complete control of machines running Nvidia GPUs
Mary Jo Foley: What the heck is going on with Microsoft lately?
The White House App Is Riddled With Cybersecurity Vulnerabilities
The Hack That Exposed Syria’s Sweeping Security Failures
CBP facility codes sure seem to have leaked via online flashcards
Someone at BrowserStack is Leaking Users’ Email Address
Blue ou tout ce qui améliore notre posture
Apple’s Camera Indicator Lights
Apple expands iOS 18 updates to more iPhones to block DarkSword attacks
Microsoft now force upgrades unmanaged Windows 11 24H2 PCs
Collaborateurs
Nicolas-Loïc Fortin
Crédits
Montage par Intrasecure inc
Locaux réels par Cardo Brussels
