Parce que… c’est l’épisode 0x623!
Préambule
Bon… je saute à l’eau et je repars un podcast sur l’actualité en mode seul. Ce que je n’avais pas fait depuis vraiment longtemps. J’ai été excessif sur le volume de nouvelles, ne m’étant pas bien organisé. Je m’améliorerai avec la pratique… car, paraît-il, ça ne se perd pas, comme le “bécicle”. Aussi, et probablement le plus audible, j’ai eu un glitch à l’enregistrement. Comme quoi j’ai vraiment perdu la main. Pour l’aspect technique, j’ai oublié de retirer un filtre lors de l’enregistrement, ce qui fait que la bande originale est “instable”.
Shameless plug
10 et 11 septembre 2025 - GoSec 2025Code rabais de 15% - GSPOL2513 septembre 2025 - BSides Montreal 202512 au 17 octobre 2025 - Objective by the sea v814 et 15 octobre 2025 - ATT&CKcon 6.014 et 15 octobre 2025 - Forum inCyber CanadaCode rabais de 30% - CA25KDUX9210 au 12 novembre 2025 - IAQ - Le Rendez-vous IA Québec17 au 20 novembre 2025 - European Cyber Week25 et 26 février 2026 - SéQCure 2026Description
Notes
BreachSalesforce Releases Forensic Investigation Guide Following Chain of AttacksSalesloft breached to steal OAuth tokens for Salesforce data-theft attacksHackers Lay in Wait, Then Knocked Out Iran Ship CommsLégaliseMastodon says it doesn’t ‘have the means’ to comply with age verification lawsFrance and Germany reject Trump’s threats on EU tech legislationAICVE-2025-58062 - OpenMCP Client OS Command Injection VulnerabilityAI Agents in Browsers Light on Cybersecurity, Bypass ControlsAnthropic AI Used to Automate Data Extortion CampaignCrims laud Claude to plant ransomware and fake IT expertiseAnthropic Disrupts AI-Powered Cyberattacks Automating Theft and Extortion Across Critical SectorsAnthropic teases Claude for Chrome: Don’t try this at homeResearchers flag code that uses AI systems to carry out ransomware attacksSecuring the AI Revolution: Introducing Cloudflare MCP Server PortalsAgentic Browser Security: Indirect Prompt Injection in Perplexity CometHelping people when they need it mostExclusive: Meta created flirty chatbots of Taylor Swift, other celebrities without permissionPromptLock - Le premier ransomware à utiliser une IA 100% localeAnthropic will start training its AI models on chat transcriptsThe Default Trap: Why Anthropic’s Data Policy Change MattersThreat Actors Weaponizes AI Generated Summaries With Malicious Payload to Execute RansomwareNew AI attack hides data-theft prompts in downscaled imagesWill Smith’s concert crowds are real, but AI is blurring the linesBest Practices for Securing Generative AI with SASEChatGPT, Claude, & Gemini security scanning with Cloudflare CASBHackers Can Exploit Image Scaling in Gemini CLI, Google Assistant to Exfiltrate Sensitive DataNew Prompt Insertion Attack – OpenAI Account Name Used to Trigger ChatGPT JailbreaksVulnérabilitésU.S. CISA adds Citrix Netscaler flaw to its known exploited vulnerabilities catalogDocker Desktop bug let containers hop the fence with barely a nudgeCISA Adds Three Exploited Vulnerabilities to KEV Catalog Affecting Citrix and GitThe Hidden Risk of Consumer Devices in the Hybrid WorkforceShadow IT Is Expanding Your Attack Surface. Here’s ProofPutin on the code: DoD reportedly relies on utility written by Russia-based Yandex devMicrosoft details Storm-0501’s focus on ransomware in the cloudSurge in coordinated scans targets Microsoft RDP auth serversCVE-2025-7776 - Citrix NetScaler Memory Overflow Denial of ServiceCVE-2025-55526 - n8n-workflows Directory Traversal VulnerabilityWhatsApp patches vulnerability exploited in zero-day attacksCloudAzure apparatchik shows custom silicon keeping everything locked downMicrosoft Azure Hardware Security to Help Thwart the World’s 3rd Largest GDPMicrosoft to enforce MFA for Azure resource management in OctoberPentagon ends Microsoft’s use of China-based support staff for DoD cloudRisqueMansplaining your threat model, as a serviceThreat Modeling ToolsPrivacySmart glasses record people in public. The most online generation is pushing backYour Word documents will be saved to the cloud automatically on Windows going forwardPrepare for the unexpected with emergency access for your Proton AccountFTC Chair Tells Tech Giants to Hold the Line on EncryptionThe UK May Be Dropping Its Backdoor MandateDefensifGoogle to Verify All Android Developers in 4 Countries to Block Malicious AppsBGP’s security problems are notorious. Attempts to fix that are a work in progressWho are you again? Infosec experiencing ‘Identity crisis’ amid rising login attacksCISA Publish Hunting and Mitigation Guide to Defend Networks from Chinese State-Sponsored ActorsOffensifThreat Actors Abuse Velociraptor Incident Response Tool to Gain Remote AccessHackers Weaponize PDF Along With a Malicious LNK File to Compromise Windows SystemsArch Linux Confirms Week-Long DDoS Attack Disrupted its Website, Repository, and ForumsHackers Abuse Microsoft Teams to Gain Remote Access on Windows With PowerShell-based MalwareWinRAR 0-Day Vulnerabilities Exploited in Wild by Hackers – Detailed Case StudyBreaking the Passkey Promise: SquareX Discloses Major Passkey Vulnerability at DEF CON 33Beware of Website Mimicking Google Play Store Pages to Deliver Android MalwareMalicious Android apps with 19M installs removed from Google PlayWeaponized PuTTY Via Bing Ads Exploit Kerberos and Attack Active Directory ServicesShadowCaptcha Exploits WordPress Sites to Spread Ransomware, Info Stealers, and Crypto MinersPoC Exploit Released for Chrome 0-Day Vulnerability Exploited in the WildTAG-144 Actors Attacking Government Entities With New Tactics, Techniques, and ProceduresCollaborateurs
Nicolas-Loïc FortinCrédits
Montage par Intrasecure incLocaux réels par Intrasecure inc
View all episodes
