https://privacytoday.ai/fr/index.html Privacy Today — curated daily cybersecurity & privacy. Sat, 04 Apr 2026 11:44:02 GMT https://privacytoday.ai/fr/articles/2026-08-01-black-hat-usa-d9b74f.html d9b74fb2b395253f73429dbe Sat, 01 Aug 2026 11:00:00 GMT Summary unavailable — see source. https://privacytoday.ai/fr/articles/2026-04-04-european-commission-confirms-data-breach-linked-to-trivy-supply-chain-attack-73cbc6.html 73cbc6f7eee89f454994853f Sat, 04 Apr 2026 10:31:00 GMT Hackers stole over 300GB of data from the Commission’s AWS environment, including personal information. The post European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack appeared first on SecurityWeek . https://privacytoday.ai/fr/articles/2026-04-03-friday-squid-blogging-jurassic-fish-chokes-on-squid-0dd042.html 0dd042bc2661ff873224633c Fri, 03 Apr 2026 21:07:06 GMT Here’s a fossil of a 150-million year old fish that choked to death on a belemnite rostrum : the hard, internal shell of an extinct, squid-like animal. Original paper . As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. https://privacytoday.ai/fr/articles/2026-04-03-inconsistent-privacy-labels-dont-tell-users-what-they-are-getting-d24a46.html d24a464584d8582f6623f36b Fri, 03 Apr 2026 21:05:07 GMT Data privacy labels are a great idea for mobile apps, but the current versions just aren't good enough. https://privacytoday.ai/fr/articles/2026-04-03-linkedin-secretely-scans-for-6000-chrome-extensions-collects-data-bada94.html bada94ea9873301d2bfb64e4 Fri, 03 Apr 2026 20:40:22 GMT A new report dubbed "BrowserGate" warns that Microsoft's LinkedIn is using hidden JavaScript scripts on its website to scan visitors' browsers for installed extensions and collect device data. [...] https://privacytoday.ai/fr/articles/2026-04-03-hims-hers-warns-of-data-breach-after-zendesk-support-ticket-breach-2cec08.html 2cec08e234a0b33b48464f34 Fri, 03 Apr 2026 17:41:11 GMT Telehealth giant Hims & Hers Health is warning that it suffered a data breach after support tickets were stolen from a third-party customer service platform. [...] https://privacytoday.ai/fr/articles/2026-04-03-china-linked-ta416-targets-european-governments-with-plugx-and-oauth-based-phis-8e62f2.html 8e62f2ac37b0e8db2607232c Fri, 03 Apr 2026 17:34:00 GMT A China-aligned threat actor has set its sights on European government and diplomatic organizations since mid-2025, following a two-year period of minimal targeting in the region. The campaign has been attributed to TA416, a cluster of activity that overlaps with DarkPeony, RedDelta, Red Lich, SmugX, UNC6384, and Vertigo Panda. "This TA416 activity… https://privacytoday.ai/fr/articles/2026-04-03-apple-breaks-precedent-patches-darksword-for-ios-18-acda18.html acda182261ebcddc6bf0d9d8 Fri, 03 Apr 2026 17:08:57 GMT Even organizations with users unwilling or unable to adopt iOS 26 can now protect themselves from a severe mobile OS-cracking tool. https://privacytoday.ai/fr/articles/2026-04-03-die-linke-german-political-party-confirms-data-stolen-by-qilin-ransomware-68e65f.html 68e65ff8e83e87f0632349ab Fri, 03 Apr 2026 16:36:44 GMT The Qilin ransomware group has claimed responsibility for an attack against Die Linke ('The Left'), forcing an IT systems outage at the political party, and threatening sensitive data leak. [...] https://privacytoday.ai/fr/articles/2026-04-03-microsoft-details-cookie-controlled-php-web-shells-persisting-via-cron-on-linux-d246d7.html d246d70c655b9cbd7239a92a Fri, 03 Apr 2026 15:32:00 GMT Threat actors are increasingly using HTTP cookies as a control channel for PHP-based web shells on Linux servers and to achieve remote code execution, according to findings from the Microsoft Defender Security Research Team. "Instead of exposing command execution through URL parameters or request bodies, these web shells rely on threat actor-supplied cookie values to… https://privacytoday.ai/fr/articles/2026-04-03-blast-radius-of-teampcp-attacks-expands-amid-hacker-infighting-4f7861.html 4f7861073e83c01a172a8f76 Fri, 03 Apr 2026 15:11:16 GMT As organizations disclose breaches tied to TeamPCP's supply chain attacks, ShinyHunters and Lapsus$ are getting involved, taking credit, and creating a murky situation for enterprises. https://privacytoday.ai/fr/articles/2026-04-03-evolution-of-ransomware-multi-extortion-ransomware-attacks-6ae826.html 6ae826ba8dd88f3ead155020 Fri, 03 Apr 2026 14:05:15 GMT Multi-extortion ransomware relies on stolen data to pressure victims with public leaks. Penta Security explains how its D.AMO platform keeps exfiltrated files encrypted and useless to attackers. [...] https://privacytoday.ai/fr/articles/2026-04-03-picking-up-skull-vibrations-could-be-xr-headset-authentication-7f9d43.html 7f9d43721e648a826f2b7f96 Fri, 03 Apr 2026 13:30:00 GMT "Skull vibration harmonics generated by vital signs" can be used to sign in to VR, AR, and MR headsets, according to emerging research. https://privacytoday.ai/fr/articles/2026-04-03-claude-source-code-leak-highlights-big-supply-chain-missteps-237e5a.html 237e5a8e0c59c093b56eec20 Fri, 03 Apr 2026 13:00:00 GMT Or, why the software supply chain should be treated as critical infrastructure with guardrails built in at every layer. https://privacytoday.ai/fr/articles/2026-04-03-chainguard-unveils-factory-20-to-automate-hardening-the-software-supply-chain-ffe942.html ffe942bdf8230aa962786f2b Fri, 03 Apr 2026 12:57:28 GMT The rebuilt Chainguard platform adds deeper security designed to continuously reconcile open source artifacts across containers, libraries, agent skills, and GitHub Actions. https://privacytoday.ai/fr/articles/2026-04-03-trueconf-zero-day-exploited-in-asian-government-attacks-f35c56.html f35c568f291b6b47e1bef1c2 Fri, 03 Apr 2026 12:47:16 GMT A Chinese threat actor exploited the video conferencing platform to perform reconnaissance, escalate privileges, and execute additional payloads. The post TrueConf Zero-Day Exploited in Asian Government Attacks appeared first on SecurityWeek . https://privacytoday.ai/fr/articles/2026-04-03-in-other-news-chatgpt-data-leak-android-rootkit-water-facility-hit-by-ransomwar-41ae38.html 41ae387d7795646b39d6f95b Fri, 03 Apr 2026 12:30:53 GMT Other noteworthy stories that might have slipped under the radar: Symantec vulnerability, anti-ClickFix mechanism added to macOS, FBI hack classified as major incident. The post In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware appeared first on SecurityWeek . https://privacytoday.ai/fr/articles/2026-04-03-critical-sharefile-flaws-lead-to-unauthenticated-rce-9c472a.html 9c472aa73257eaf8e551f4e5 Fri, 03 Apr 2026 12:12:22 GMT The vulnerabilities can be chained together to bypass authentication and upload arbitrary files to the server. The post Critical ShareFile Flaws Lead to Unauthenticated RCE appeared first on SecurityWeek . https://privacytoday.ai/fr/articles/2026-04-03-crowdstrike-next-gen-siem-can-now-ingest-microsoft-defender-telemetry-f17160.html f171601824f89a35ee505145 Fri, 03 Apr 2026 11:53:15 GMT Once CrowdStrike's nemesis, Microsoft is now a collaborator. A shared interest in Formula 1 helped thaw the years-long fierce rivalry. https://privacytoday.ai/fr/articles/2026-04-03-microsoft-still-working-to-fix-exchange-online-mailbox-access-issues-0c9650.html 0c9650ac18d8efb6b321687c Fri, 03 Apr 2026 11:25:20 GMT Microsoft is investigating and working to resolve Exchange Online mailbox access issues that have intermittently affected Outlook mobile and macOS users for weeks. [...] https://privacytoday.ai/fr/articles/2026-04-03-company-that-secretly-records-and-publishes-zoom-meetings-f6a83b.html f6a83b6d6bafdac44f76eef2 Fri, 03 Apr 2026 11:08:17 GMT WebinarTV searches the internet for public Zoom invites, joins the meetings, secretly records them, and publishes (alternate link ) the recordings. It doesn’t use the Zoom record feature, so Zoom can’t do anything about it. https://privacytoday.ai/fr/articles/2026-04-03-unc1069-social-engineering-of-axios-maintainer-led-to-npm-supply-chain-attack-e3ffa6.html e3ffa6207758f01cb4cf4917 Fri, 03 Apr 2026 11:04:00 GMT The maintainer of the Axios npm package has confirmed that the supply chain compromise was the result of a highly-targeted social engineering campaign orchestrated by North Korean threat actors tracked as UNC1069. Maintainer Jason Saayman said the attackers tailored their social engineering efforts "specifically to me" by first approaching him under the guise of the… https://privacytoday.ai/fr/articles/2026-04-03-mobile-attack-surface-expands-as-enterprises-lose-control-e89ebb.html e89ebb216feb93c49174407a Fri, 03 Apr 2026 11:00:00 GMT Shadow AI embedded in everyday apps, combined with outdated mobile devices and zero-click exploits, is creating a new and largely unseen mobile risk. The post Mobile Attack Surface Expands as Enterprises Lose Control appeared first on SecurityWeek . https://privacytoday.ai/fr/articles/2026-04-03-why-third-party-risk-is-the-biggest-gap-in-your-clients-security-posture-e40d3e.html e40d3ec6550eabeea6a67667 Fri, 03 Apr 2026 11:00:00 GMT The next major breach hitting your clients probably won't come from inside their walls. It'll come through a vendor they trust, a SaaS tool their finance team signed up for, or a subcontractor nobody in IT knows about. That's the new attack surface, and most organizations are underprepared for it. https://privacytoday.ai/fr/articles/2026-04-03-react2shell-exploited-in-large-scale-credential-harvesting-campaign-8f581e.html 8f581e28928e070d08fdf75b Fri, 03 Apr 2026 10:55:13 GMT Using automated scanning and the Nexus Listener collection framework, the hackers compromised over 750 systems. The post React2Shell Exploited in Large-Scale Credential Harvesting Campaign appeared first on SecurityWeek . https://privacytoday.ai/fr/articles/2026-04-03-new-sparkcat-variant-in-ios-android-apps-steals-crypto-wallet-recovery-phrase-i-e22064.html e2206496f523944d0310869a Fri, 03 Apr 2026 09:10:00 GMT Cybersecurity researchers have discovered a new version of the SparkCat malware on the Apple App Store and Google Play Store, more than a year after the trojan was discovered targeting both the mobile operating systems. The malware has been found to conceal itself within seemingly benign apps, such as enterprise messengers and food delivery… https://privacytoday.ai/fr/articles/2026-04-03-man-admits-to-locking-thousands-of-windows-devices-in-extortion-plot-234d1e.html 234d1e3a629382d989701e97 Fri, 03 Apr 2026 09:04:54 GMT A former core infrastructure engineer has pleaded guilty to locking Windows admins out of 254 servers as part of a failed extortion plot targeting his employer, an industrial company headquartered in Somerset County, New Jersey. [...] https://privacytoday.ai/fr/articles/2026-04-03-drift-loses-285-million-in-durable-nonce-social-engineering-attack-linked-to-dp-eb831c.html eb831c9bb1746374a44f712c Fri, 03 Apr 2026 08:35:00 GMT Solana-based decentralized exchange Drift has confirmed that attackers drained about $285 million from the platform during a security incident that took place on April 1, 2026. "Earlier today, a malicious actor gained unauthorized access to Drift Protocol through a novel attack involving durable nonces, resulting in a rapid takeover of Drift’s Security Council… https://privacytoday.ai/fr/articles/2026-04-03-microsoft-now-force-upgrades-unmanaged-windows-11-24h2-pcs-a9393f.html a9393f4fc566ffd2fd2605d2 Fri, 03 Apr 2026 07:55:40 GMT Starting this week, Microsoft has begun force-upgrading unmanaged devices running Windows 11 24H2 Home and Pro editions to Windows 11 25H2. [...] https://privacytoday.ai/fr/articles/2026-04-03-cert-eu-european-commission-hack-exposes-data-of-30-eu-entities-366e27.html 366e27e36e53b3e4ff8e97ef Fri, 03 Apr 2026 06:33:34 GMT The European Union's Cybersecurity Service (CERT-EU) has attributed the European Commission cloud hack to the TeamPCP threat group, saying the resulting breach exposed the data of at least 29 other Union entities. [...] https://privacytoday.ai/fr/articles/2026-04-02-geopolitics-ai-and-cybersecurity-insights-from-rsac-2026-84f57b.html 84f57b1f8f511ffcff28e83b Thu, 02 Apr 2026 21:14:27 GMT AI-driven threats, global leadership shifts, and the future of cybersecurity in a rapidly evolving landscape were among the discussions at RSAC 2026 Conference. https://privacytoday.ai/fr/articles/2026-04-02-claude-code-leak-used-to-push-infostealer-malware-on-github-2b6ceb.html 2b6ceb869f7171b1fa67f27f Thu, 02 Apr 2026 20:30:55 GMT Threat actors are exploiting the recent Claude Code source code leak by using fake GitHub repositories to deliver Vidar information-stealing malware. [...] https://privacytoday.ai/fr/articles/2026-04-02-not-toying-around-hasbro-attack-may-take-weeks-to-remediate-7fb31a.html 7fb31a14be3b6ad5d7572730 Thu, 02 Apr 2026 20:28:36 GMT The company's 8-K filing notes "unauthorized access" and that it's activated business continuity plans and taken some systems offline. https://privacytoday.ai/fr/articles/2026-04-02-hackers-exploit-cve-2025-55182-to-breach-766-nextjs-hosts-steal-credentials-7e67d1.html 7e67d1968833c34d322bcdb2 Thu, 02 Apr 2026 19:30:00 GMT A large-scale credential harvesting operation has been observed exploiting the React2Shell vulnerability as an initial infection vector to steal database credentials, SSH private keys, Amazon Web Services (AWS) secrets, shell command history, Stripe API keys, and GitHub tokens at scale. Cisco Talos has attributed the operation to a threat cluster it… https://privacytoday.ai/fr/articles/2026-04-02-security-bosses-are-all-in-on-ai-heres-why-43ec2f.html 43ec2f21867f71e901aefc91 Thu, 02 Apr 2026 19:12:45 GMT CISOs are bullish on AI and have big plans to roll out future tools. We talk to Reddit CISO Frederick Lee and leading analyst Dave Gruber about how AI is working out in the real world, as well as its future promise. https://privacytoday.ai/fr/articles/2026-04-02-drift-loses-280-million-as-north-korean-hackers-seize-security-council-powers-3b14e7.html 3b14e7c3f6b1bb4b90edf3c8 Thu, 02 Apr 2026 19:03:39 GMT The Drift Protocol lost at least $280 million after a threat actor took control of its Security Council administrative powers in a planned, sophisticated operation. [...] https://privacytoday.ai/fr/articles/2026-04-02-drift-loses-280-million-north-korean-hackers-seize-security-council-powers-3c19d5.html 3c19d58ed3b26211b2837811 Thu, 02 Apr 2026 19:03:39 GMT The Drift Protocol lost at least $280 million after a threat actor took control of its Security Council administrative powers in a planned, sophisticated operation. [...] https://privacytoday.ai/fr/articles/2026-04-02-us-bans-all-foreign-made-consumer-routers-4f558a.html 4f558afa8a5dad92ead3ff19 Thu, 02 Apr 2026 17:28:27 GMT This is for new routers ; you don’t have to throw away your existing ones: The Executive Branch determination noted that foreign-produced routers (1) introduce “a supply chain vulnerability that could disrupt the U.S. economy, critical infrastructure, and national defense” and (2) pose “a severe cybersecurity risk that could be leveraged to immediately… https://privacytoday.ai/fr/articles/2026-04-02-rsac-2026-ai-dominates-but-community-remains-key-to-security-94c874.html 94c8747b60ce9811de804c38 Thu, 02 Apr 2026 15:56:32 GMT As AI took center stage at this year's conference, experts debated automation, oversight and the evolving role of human intelligence in cybersecurity — despite the US government's notable absence. https://privacytoday.ai/fr/articles/2026-04-02-residential-proxies-evaded-ip-reputation-checks-in-78-of-4b-sessions-f342d3.html f342d3ab158f4a7bc6e9d449 Thu, 02 Apr 2026 15:21:02 GMT Researchers warn that residential proxies used to route malicious traffic are a big problem for IP reputation systems, as there is no clear distinction between attackers and legitimate users. [...] https://privacytoday.ai/fr/articles/2026-04-02-cisco-patches-98-cvss-imc-and-ssm-flaws-allowing-remote-system-compromise-505262.html 505262f81db824a41391b874 Thu, 02 Apr 2026 15:21:00 GMT Cisco has released updates to address a critical security flaw in the Integrated Management Controller (IMC) that, if successfully exploited, could allow an unauthenticated, remote attacker to bypass authentication and gain access to the system with elevated privileges. The vulnerability, tracked as CVE-2026-20093, carries a CVSS score of 9.8 out of a maximum… https://privacytoday.ai/fr/articles/2026-04-02-adversaries-exploit-vacant-homes-to-intercept-mail-in-hybrid-cybercrime-846ed4.html 846ed4e38f6cacd3adc97ee8 Thu, 02 Apr 2026 14:01:11 GMT Threat actors are exploiting vacant homes as "drop addresses" to intercept mail and enable fraud. Flare shows how postal services and fake identities are abused to turn mail into a fraud vector. [...] https://privacytoday.ai/fr/articles/2026-04-02-new-progress-sharefile-flaws-can-be-chained-in-pre-auth-rce-attacks-1a542d.html 1a542d59306ab00d9c486515 Thu, 02 Apr 2026 13:33:11 GMT Two vulnerabilities in Progress ShareFile, an enterprise-grade secure file transfer solution, can be chained to enable unauthenticated file exfiltration from affected environments. [...] https://privacytoday.ai/fr/articles/2026-04-02-medtech-giant-stryker-fully-operational-after-data-wiping-attack-b85e5e.html b85e5ec4211afcd9cb36b519 Thu, 02 Apr 2026 13:28:39 GMT Stryker Corporation, one of the world's leading medical technology companies, says it's fully operational three weeks after many of its systems were wiped out in a cyberattack claimed by the Iranian-linked Handala hacktivist group. [...] https://privacytoday.ai/fr/articles/2026-04-02-bank-trojan-casbaneiro-worms-through-latin-america-152be0.html 152be0f1eb732330fd08101c Thu, 02 Apr 2026 13:00:00 GMT Augmented Marauder's multipronged banking-Trojan cyber campaigns are targeting Spanish speakers, evading detection, and replicating rapidly. https://privacytoday.ai/fr/articles/2026-04-02-threatsday-bulletin-pre-auth-chains-android-rootkits-cloudtrail-evasion-10-more-5ab5a0.html 5ab5a04cdc052df0234d7cec Thu, 02 Apr 2026 12:45:00 GMT The latest ThreatsDay Bulletin is basically a cheat sheet for everything breaking on the internet right now. No corporate fluff or boring lectures here, just a quick and honest look at the messy reality of keeping systems safe this week. Things are moving fast. https://privacytoday.ai/fr/articles/2026-04-02-researchers-uncover-mining-operation-using-iso-lures-to-spread-rats-and-crypto--85838c.html 85838c642739bc5dffec39b1 Thu, 02 Apr 2026 11:42:00 GMT A financially motivated operation codenamed REF1695 has been observed leveraging fake installers to deploy remote access trojans (RATs) and cryptocurrency miners since November 2023. "Beyond cryptomining, the threat actor monetizes infections through CPA (Cost Per Action) fraud, directing victims to content locker pages under the guise of software… https://privacytoday.ai/fr/articles/2026-04-02-the-state-of-trusted-open-source-report-38a5f6.html 38a5f6faa763f061db0246c1 Thu, 02 Apr 2026 11:30:00 GMT In December 2025, we shared the first-ever The State of Trusted Open Source report, featuring insights from our product data and customer base on open source consumption across our catalog of container image projects, versions, images, language libraries, and builds. These insights shed light on what teams pull, deploy, and maintain day to day, alongside the… https://privacytoday.ai/fr/articles/2026-04-02-critical-cisco-imc-auth-bypass-gives-attackers-admin-access-5026c5.html 5026c5395e2259e4d71da353 Thu, 02 Apr 2026 11:01:14 GMT Cisco has patched several critical and high-severity vulnerabilities, including an Integrated Management Controller (IMC) authentication bypass that enables attackers to gain Admin access. [...] https://privacytoday.ai/fr/articles/2026-04-02-possible-us-government-iphone-hacking-tool-leaked-59bbdb.html 59bbdb7ec50b8dc098a49a81 Thu, 02 Apr 2026 10:05:43 GMT Wired writes (alternate source ): Security researchers at Google on Tuesday released a report describing what they’re calling “Coruna,” a highly sophisticated iPhone hacking toolkit that includes five complete hacking techniques capable of bypassing all the defenses of an iPhone to silently install malware on a device when it visits a website containing the…