Security news rarely moves in a straight line. This week, it feels more like a series of sharp turns, some happening quietly in the background, others playing out in public view. The details are different, but the pressure points are familiar.
Across devices, cloud services, research labs, and even everyday apps, the line between normal behavior and hidden risk keeps getting thinner. Tools
CISA flagged two Roundcube Webmail vulnerabilities as actively exploited in attacks and ordered U.S. federal agencies to patch them within three weeks. [...]
As more organizations run their own Large Language Models (LLMs), they are also deploying more internal services and Application Programming Interfaces (APIs) to support those models. Modern security risks are being introduced less from the models themselves and more from the infrastructure that serves, connects and automates the model. Each new LLM endpoint expands the attack surface, often in
Tribune par Jérôme Beaufils, CEO de SASETY. Une adoption rapide, un risque souvent sous-estimé L’intelligence artificielle s’est diffusée dans les organisations à une vitesse inédite. En quelques mois, les outils de génération de contenu, d’assistance au développement ou d’automatisation métier sont devenus des réflexes quotidiens. Les directions métiers expérimentent. Les équipes IT tentent d’encadrer. Les […]
Pendant des années, la cryptographie fonctionnait en arrière-plan. Les équipes déployaient certificats et clés, en s’appuyant sur des algorithmes fiables, pour sécuriser les échanges et signer les applications, sans véritable pilotage stratégique. Beaucoup d’entreprises l’ont considéré comme une infrastructure figée, plutôt que comme un système dynamique exigeant visibilité, gouvernance et renouvellement continu. Tribune Keyfactor – […]
Le 20 février 2026, la société américaine Anthropic annonçait le lancement de Claude Code Security, une nouvelle brique de cybersécurité automatisée intégrée directement à son outil de génération de code. L’annonce a provoqué un vent de panique sur les marchés : les valeurs des grandes sociétés de cybersécurité ont vacillé, certains y voyant une rupture brutale du modèle existant. Pourtant, la réalité technique se révèle beaucoup plus nuancée.
Cybersecurity researchers have disclosed what they say is an active "Shai-Hulud-like" supply chain worm campaign that has leveraged a cluster of at least 19 malicious npm packages to enable credential harvesting and cryptocurrency key theft.
The campaign has been codenamed SANDWORM_MODE by supply chain security company Socket. As with prior Shai-Hulud attack waves, the malicious code embedded
The Iranian hacking group known as MuddyWater (aka Earth Vetala, Mango Sandstorm, and MUDDYCOAST) has targeted several organizations and individuals mainly located across the Middle East and North Africa (MENA) region as part of a new campaign codenamed Operation Olalampo.
The activity, first observed on January 26, 2026, has resulted in the deployment of new malware families that share
A Russian-speaking, financially motivated threat actor has been observed taking advantage of commercial generative artificial intelligence (AI) services to compromise over 600 FortiGate devices located in 55 countries.
That's according to new findings from Amazon Threat Intelligence, which said it observed the activity between January 11 and February 18, 2026.
"No exploitation of FortiGate
With $5.5 trillion in global AI risk exposure and 700,000 U.S. workers needing reskilling, four new AI certifications and Certified CISO v4 help close the gap between AI adoption and workforce readiness.
EC-Council, creator of the world-renowned Certified Ethical Hacker (CEH) credential and a global leader in applied cybersecurity education, today launched its Enterprise AI Credential Suite,
Alors que le contexte géopolitique place la souveraineté numérique au cœur des débats et que la récente doctrine française en matière d'achats numériques, priorise clairement les acteurs français et européens face aux solutions étrangères. Numerama a décidé de rencontrer les dirigeants qui composent l'écosystème tech souverain français pour retracer leurs aventures et analyser les défis actuels.
An information-stealing malware operation named Arkanix Stealer, promoted on multiple dark web forums towards the end of 2025, was likely developed as an AI-assisted experiment. [...]
Amazon is warning that a Russian-speaking hacker used multiple generative AI services as part of a campaign that breached more than 600 FortiGate firewalls across 55 countries in five weeks. [...]
Advantest Corporation disclosed that its corporate network has been targeted in a ransomware attack that may have affected customer or employee data. [...]
Hackers are actively exploiting the CVE-2026-1731 vulnerability in the BeyondTrust Remote Support product, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns. [...]
Artificial intelligence (AI) company Anthropic has begun to roll out a new security feature for Claude Code that can scan a user's software codebase for vulnerabilities and suggest patches.
The capability, called Claude Code Security, is currently available in a limited research preview to Enterprise and Team customers.
"It scans codebases for security vulnerabilities and suggests targeted
Connexion
