Rene Robichaud

Microsoft Teams phishing targets employees with A0Backdoor malware Hackers contacted employees at financial and healthcare organizations over Microsoft Teams to trick them into granting remote access through Quick Assist and deploy a new piece of malware called A0Bac...

Microsoft Teams phishing targets employees with A0Backdoor malware
www.bleepingcomputer.com/news/securit...

Android fixes 129 security flaws in major phone update - CyberGuy Google patches 129 Android flaws including an active zero day in Qualcomm chips. Here is what it means and how to protect your phone today.

Android fixes 129 security flaws in major phone update
cyberguy.com/security/sec...

Malicious npm Package Posing as OpenClaw Installer Deploys RAT, Steals macOS Credentials Malicious npm package '@openclaw-ai/openclawai' downloaded 178 times installs GhostLoader RAT, stealing credentials and crypto wallets.

Malicious npm Package Posing as OpenClaw Installer Deploys RAT, Steals macOS Credentials
thehackernews.com/2026/03/mali...

OpenAI to acquire AI security platform Promptfoo - Help Net Security OpenAI are acquiring Promptfoo, an AI security platform that helps enterprises identify and remediate vulnerabilities in AI systems.

OpenAI to acquire AI security platform Promptfoo
www.helpnetsecurity.com/2026/03/09/o...

Cowork, M365 E7, Claude... Les annonces majeures de Microsoft Copilot Wave 3 Microsoft a annoncé plusieurs nouveautés autour de l'IA dans Microsoft 365 et ses services, et une nouvelle offre M365 E7. Voici une synthèse des nouveautés.

Microsoft dévoile les nouveautés de Copilot Wave 3 : Cowork, Work IQ, Microsoft 365 E7, Agent 365…
www.it-connect.fr/microsoft-de...

Interview de HexDex, le pirate qui secoue le web francophone Il fait partie d’un triptyque de pirates informatiques qui, depuis plusieurs mois, bousculent la cybersphère hexagonale. Sous le pseudonyme HexDex, ce pirate revendique des dizaines d’intrusions, d…

Interview de HexDex, le pirate qui secoue le web francophone
www.zataz.com/interview-de...

Signal Confirms Targeted Phishing Attacks Resulting in Account Takeovers Signal has officially confirmed an ongoing wave of targeted phishing campaigns resulting in successful account takeovers for high-profile users, including journalists and government officials.

Signal Confirms Targeted Phishing Attacks Resulting in Account Takeovers
cybersecuritynews.com/signal-confi...

CISA Adds Three Known Exploited Vulnerabilities to Catalog
www.cisa.gov/news-events/...

L'IA transforme les DNS fantômes en vecteur d'exfiltration de données - Le Monde Informatique Des experts ont découvert que les cybercriminels utilisent les DNS orphelins avec l'aide de l'IA pour dérober des données.

L'IA transforme les DNS fantômes en vecteur d'exfiltration de données
www.lemondeinformatique.fr/actualites/l...

Why Password Audits Miss the Accounts Attackers Actually Want Password audits often focus on complexity rules but miss the accounts attackers actually target. Specops Software explains how breached passwords, orphaned users, and service accounts can leave organi...

Why Password Audits Miss the Accounts Attackers Actually Want
www.bleepingcomputer.com/news/securit...

M365Pwned - Red Team GUI Toolkit for Microsoft 365 Exploitation via Graph API A red teamer operating under the handle OtterHacker has publicly released M365Pwned, a pair of WinForms GUI tools designed to enumerate, search, and exfiltrate data from Microsoft 365 environments usi...

M365Pwned – Red Team GUI Toolkit for Microsoft 365 Exploitation via Graph API
cybersecuritynews.com/m365pwned-re...

Handala, la cyber-guerre revendiquée contre Israël Le groupe hacktiviste Iranien Handala revendique une série de cyberattaques contre Israël, visant infrastructures critiques et organisations stratégiques.

Handala, la cyber-guerre revendiquée contre Israël
www.zataz.com/handala-la-c...

Fake CleanMyMac Site Spreads SHub Stealer, Targets Crypto Wallets Hackers are abusing a fake CleanMyMac download page to infect macOS users with SHub Stealer. This powerful infostealer drains crypto wallets and hijacks sensitive data.

Fake CleanMyMac Site Spreads SHub Stealer, Targets Crypto Wallets
gbhackers.com/fake-cleanmy...

Chrome Extension Turns Malicious After Ownership Transfer, Enabling Code Injection and Data Theft Malicious Chrome extensions tied to ownership transfers push malware and steal data, exposing thousands to credential theft and system compromise.

Chrome Extension Turns Malicious After Ownership Transfer, Enabling Code Injection and Data Theft
thehackernews.com/2026/03/chro...

BoryptGrab Malware Abuses GitHub to Steal Browser and Crypto Wallet Data A new Windows stealer dubbed BoryptGrab is being distributed through a large, ongoing campaign abusing fake GitHub repositories that pose as free tools, game cheats.

BoryptGrab Malware Abuses GitHub to Steal Browser and Crypto Wallet Data
gbhackers.com/boryptgrab-m...

Nvidia dope ses partenariats pour sécuriser les systèmes industriels - Le Monde Informatique Les accords conclus par Nvidia avec Akamai, Forescout, Palo Alto Networks, Siemens et Xage Security, doivent permettre à Nvidia d'améliorer la...

Nvidia dope ses partenariats pour sécuriser les systèmes industriels
www.lemondeinformatique.fr/actualites/l...

Sysadmins : pourquoi vous allez adorer le nouvel Event 4117 de Windows Pour faciliter le dépannage des GPO avec des paramètres de préférences (GPP), Microsoft a introduit un nouveau type d'événements avec l'ID 4117.

Sysadmins : pourquoi vous allez adorer le nouvel Event 4117 de Windows
www.it-connect.fr/sysadmins-po...

Cyber Espionage Group CL-UNK-1068 Linked to China Targets Asian Infrastructure A highly sophisticated cyber espionage group, designated as CL-UNK-1068, has been actively targeting critical infrastructure across Asia.

Cyber Espionage Group CL-UNK-1068 Linked to China Targets Asian Infrastructure
gbhackers.com/cyber-espion...

ClickFix Attack Uses Windows Terminal to Evade Detection A new ClickFix attack variant uses fake CAPTCHA pages instructing victims to paste and execute malicious commands in Windows Terminal.

ClickFix Attack Uses Windows Terminal to Evade Detection
www.securityweek.com/clickfix-att...

Vaultwarden Vulnerabilities Enable Privilege Escalation and Data Exposure Two high-severity vulnerabilities have been discovered in Vaultwarden, a widely used alternative Bitwarden server implementation written in Rust.

Vaultwarden Vulnerabilities Enable Privilege Escalation and Data Exposure
gbhackers.com/vaultwarden-...

Apache ZooKeeper Flaw Exposes Sensitive Data to Attackers Apache ZooKeeper has received critical security updates, addressed two "Important" severity vulnerabilities that could expose sensitive data.

Apache ZooKeeper Flaw Exposes Sensitive Data to Attackers
gbhackers.com/apache-zooke...

MaaS VIP Keylogger Campaign Uses Steganography to Steal Credentials at Scale A large-scale spear-phishing campaign distributing a VIP Keylogger variant sold as Malware-as-a-Service (MaaS).

MaaS VIP Keylogger Campaign Uses Steganography to Steal Credentials at Scale
gbhackers.com/maas-vip-key...

Firefox 148 : 22 failles corrigées grâce à l'IA Claude Opus 4.6 Anthropic a utilisé son modèle Claude Opus 4.6 pour tester la sécurité du navigateur Firefox : l'IA est parvenue à identifier 22 failles de sécurité.

Firefox 148 : 22 failles de sécurité corrigées grâce à l’IA Claude Opus 4.6
www.it-connect.fr/firefox-148-...

Critical ExifTool Flaw Lets Malicious Images Trigger Code Execution on macOS ExifTool flaw allows attackers to run malicious code on macOS via a tampered image file, undermining the belief that Macs are malware-proof.

Critical ExifTool Flaw Lets Malicious Images Trigger Code Execution on macOS
cybersecuritynews.com/exiftool-fla...

Les raisons de l'échec précoce des migrations S/4 Hana - Le Monde Informatique Selon une étude, en raison de plannings serrés, les entreprises privilégient trop souvent une migration vers S/4 Hana sans refonte de leurs processus...

Les raisons de l'échec précoce des migrations S/4 Hana
www.lemondeinformatique.fr/actualites/l...

Microsoft Warns Fake AI Browser Extensions Compromised Chat Histories Across 20,000+ Enterprise Tenants Fake AI browser extensions breached 20,000+ firms, harvesting ChatGPT chats, URLs, and sensitive data from nearly 900,000 installs.

Microsoft Warns Fake AI Browser Extensions Compromised Chat Histories Across 20,000+ Enterprise Tenants
cybersecuritynews.com/microsoft-wa...

Cognizant TriZetto breach exposes health data of 3.4 million patients TriZetto Provider Solutions, a healthcare IT company that develops software and services used by health insurers and healthcare providers, has suffered a data breach that exposed the sensitive informa...

Cognizant TriZetto breach exposes health data of 3.4 million patients
www.bleepingcomputer.com/news/securit...

Exploit Coruna : pourquoi les utilisateurs d'iPhone devraient s'inquiéter - Le Monde Informatique Le mode verrouillage semble de plus en plus nécessaire, même si Apple a sécurisé ses systèmes contre cet exploit de piratage d'iPhone dans iOS 26.

Exploit Coruna : pourquoi les utilisateurs d'iPhone devraient s'inquiéter
www.lemondeinformatique.fr/actualites/l...

Linux Rootkits Using Advanced eBPF and io_uring Techniques Modern Linux rootkits exploit advanced kernel features to stay hidden in cloud, IoT, and server environments.

Linux Rootkits Using Advanced eBPF and io_uring Techniques
cybersecuritynews.com/linux-rootki...

CISA warns feds to patch iOS flaws exploited in crypto-theft attacks CISA ordered U.S. federal agencies to patch three iOS security flaws targeted in cyberespionage and crypto-theft attacks using the Coruna exploit kit.

CISA warns feds to patch iOS flaws exploited in crypto-theft attacks
www.bleepingcomputer.com/news/securit...