‘Q-Day’ and the cybersecurity problems it brings could come as early as 2029 as Google accelerates its post-quantum cryptography migration
La Commission Européenne, organe exécutif principal de l'UE, enquête sur une brèche de sécurité où un acteur malveillant a accédé à son environnement cloud Amazon (AWS). Cela concerne un prestataire cloud majeur utilisé en Europe, avec potentiel impact sur des données sensibles. Lien possible avec d'autres attaques sur des institutions européennes via Ivanti EPMM.
The UK government has sanctioned Xinbi, described as “the second-largest illicit online marketplace ever”
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-53521 F5 BIG-IP Remote Code Execution Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
The security defects could be used to bypass authentication, execute arbitrary commands, and decrypt configuration files. The post TP-Link Patches High-Severity Router Vulnerabilities appeared first on SecurityWeek.
A summary of the announcements made by vendors on the third and fourth days of the RSAC 2026 Conference. The post RSAC 2026 Conference Announcements Summary (Days 3-4) appeared first on SecurityWeek.
The Alliance for Creativity and Entertainment (ACE) announced the shutdown of AnimePlay, a major anime streaming platform with over 5 million users. [...]
Coruna contains the updated version of a kernel exploit used in Operation Triangulation three years ago. The post Coruna iOS Exploit Kit Likely an Update to Operation Triangulation appeared first on SecurityWeek.
Police in Germany physically warned organizations about the critical PTC Windchill vulnerability tracked as CVE-2026-4681. The post CISA Flags Critical PTC Vulnerability That Had German Police Mobilized appeared first on SecurityWeek.
Microsoft has released the KB5079391 preview cumulative update for Windows 11 24H2 and 25H2, which includes 29 changes, such as Smart App Control and Display improvements. [...]
La Police nationale néerlandaise révèle une brèche suite à une attaque phishing réussie, avec impact limité et sans exposition de données citoyennes. L'incident, détecté rapidement, mène à une enquête criminelle et à des mesures renforcées comme la 2FA. Pertinent pour les prestataires IT et la vigilance phishing dans le secteur financier EU.
Le club néerlandais AFC Ajax a divulgué qu'un hacker a exploité des vulnérabilités IT pour accéder aux données de quelques centaines de personnes, permettant le vol de billets. Bien que non financier direct, impacte la grande région et services numériques en Europe. Notification potentielle RGPD.
The Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are actively exploiting a critical vulnerability identified as CVE-2026-33017, which affects the Langflow framework for building AI agents. [...]
Security researchers from Georgia Tech have observed a surge in reported CVEs for which the flaw was introduced by AI-generated code
Attackers rapidly exploited a critical Oracle WebLogic RCE flaw the same day exploit code was released, according to a CloudSEK honeypot study
The United Kingdom's Foreign, Commonwealth and Development Office (FCDO) has sanctioned Xinbi, a Chinese-language cryptocurrency-based online marketplace that sells stolen data and satellite internet equipment to scam networks in Southeast Asia. [...]
EtherRAT hides C2 in Ethereum smart contracts via EtherHiding, steals wallets and credentials
La CSSF a publié le 26 mars 2026 la circulaire CSSF-CPDI 26/50 exigeant une enquête sur les dépôts couverts détenus au 31 mars 2026. Les institutions financières doivent soumettre ces données dans les délais impartis. Cela renforce la supervision des garanties de dépôts au Luxembourg.
Threat actors are targeting TikTok for Business accounts in a phishing campaign that prevents security bots from analyzing malicious pages. [...]