Parce que… c’est l’épisode 0x651!
Shameless plug
4 et 5 novembre 2025 - FAIRCON 20258 et 9 novembre 2025 - DEATHcon17 au 20 novembre 2025 - European Cyber Week25 et 26 février 2026 - SéQCure 2026CfP31 mars au 2 avril 2026 - Forum INCYBER - Europe 202614 au 17 avril 2026 - Botconf 202628 et 29 avril 2026 - Cybereco Cyberconférence 20269 au 17 mai 2026 - NorthSec 20263 au 5 juin 2026 - SSTIC 202619 septembre 2026 - Bsides MontréalNotes
IncidentsWhat the Huge AWS Outage Reveals About the InternetA single DNS race condition brought AWS to its kneesAmazon brain drain finally caught up with AWSLouvre heist raises decades-old questions about museum securityIACritical Vulnerability in MCP Server Platform Exposes 3,000 Servers and Thousands of API KeysThe security paradox of local LLMsOpenAI ChatGPT Atlas Browser Jailbroken to Disguise Malicious Prompt as URLsOpenAI’s New Browser Raises ‘Insurmountably High’ Security ConcernsPerplexity’s Comet Browser Screenshot Feature Vulnerability Let Attackers Inject Malicious PromptsMCP attack uses predictable session IDs to hijack AI agentsZero Trust Has a Blind Spot—Your AI AgentsSneaky Mermaid attack in Microsoft 365 Copilot steals dataAI-Powered Ransomware Is the Emerging Threat That Could Bring Down Your OrganizationOne in five security breaches now thought to be caused by AI-written codePrivacyMicrosoft Teams to Auto-Set Work Location by Detecting the Wi-Fi NetworkPolish PM: former government used Pegasus spyware to surveil my wife and daughterThe Internet’s Biggest Annoyance: Why Cookie Laws Should Target Browsers, Not WebsitesBlue5 Deception Solutions that are Changing the Cybersecurity Game You Still Shouldn’t Use a Browser Password ManagerMicrosoft admits File Explorer Preview pane won’t work in Windows 11 25H2 for internet files by defaultMyanmar military detains 2,000 people in raid at cybercrime centerShifting from reactive to proactive: Cyber resilience amid nation-state espionageProofpoint releases innovative detections for threat hunting: PDF Object HashingOpenBSD 7.8 out now and 9front’s ‘Release’ releasedOpenBSD 7.8ChkTag: x86 Memory SafetyRéserve européenne de cybersécurité : l’Union se dote d’un bouclier communRedGlassWorm: First Self-Propagating Worm Using Invisible Code Hits OpenVSX MarketplaceSelf-Propagating GlassWorm Poisons VS Code ExtensionsNetwork security devices endanger orgs with ’90s era flaws706,000+ BIND 9 Resolver Instances Vulnerable to Cache Poisoning Exposed Online - PoC ReleasedGoogle Warns of Threat Actors Using Fake Job Posting to Deliver Malware and Steal CredentialsThe YouTube Ghost Network: How Check Point Research Helped Take Down 3,000 Malicious Videos Spreading MalwareThreat Actors Attacking Azure Blob Storage to Compromise Organizational RepositoriesInside the attack chain: Threat activity targeting Azure Blob StorageHackers Can Access Microsoft Teams Chat and Emails by Retrieving Access TokensCritical WSUS Flaw (CVE-2025-59287, CVSS 9.8) Allows Unauthenticated RCE via Unsafe Cookie Deserialization, PoC AvailableHackers Weaponizing OAuth Applications for Persistent Cloud Access Even After Password Reset‘PassiveNeuron’ Cyber Spies Attack With Custom MalwareAirport PA System Hack: How Attackers Hijacked Announcements in the US and Canada - CyberwarzoneChina finds “irrefutable evidence” of US NSA cyberattacks on time AuthorityCollaborateurs
Nicolas-Loïc FortinCrédits
Montage par Intrasecure incLocaux réels par Intrasecure inc
View all episodes
