Le 18 septembre 2025, des chercheurs de Splx ont publié une étude démontrant que des agents IA basés sur ChatGPT ont réussi à contourner plusieurs types de CAPTCHA, ces outils conçus pour bloquer les robots. L’exploit ne réside pas tant dans la performance technique que dans la manière dont l’humain parvient à pousser l’IA à accomplir ce qu’elle n’est pas censée faire.

Le 18 septembre 2025, des chercheurs de Splx ont publié une étude démontrant que des agents IA basés sur ChatGPT ont réussi à contourner plusieurs types de CAPTCHA, ces outils conçus pour bloquer les robots. L’exploit ne réside pas tant dans la performance technique que dans la manière dont l’humain parvient à pousser l’IA à accomplir ce qu’elle n’est pas censée faire.

Hyundai muscle sa stratégie électrique : baisse de 30 % du coût des batteries, densité accrue et BMS connecté. De quoi espérer rester dans la course face à la concurrence chinoise qui accélère.

Source

Numerama a essayé en avant-première les Meta Ray-Ban Display, les premières lunettes du marché avec un écran intégré et un bracelet neuronal pour contrôler l'interface. Bluffantes, futuristes et positionnées à un tarif étrangement raisonnable, les héritières des Google Glass souffrent de quelques défauts de jeunesse et d'une disponibilité limitée.

Le contrôle parental sur ChatGPT se déploie, mais OpenAI ne s'arrête pas là. La startup derrière le célèbre chatbot va appliquer des règles beaucoup plus strictes, et plus intrusives, au nom de la protection des mineurs.

OpenAI a publié le 15 septembre sa première étude publique sur l’utilisation de ChatGPT. Le but : comprendre qui utilise l’IA conversationnelle et comment. À partir de l’analyse de 1,5 million de conversations, l’entreprise affirme avoir réalisé « la plus grande étude à ce jour » sur la façon dont le grand public utilise son outil.

Le contrôle parental sur ChatGPT se déploie, mais OpenAI ne s'arrête pas là. La startup derrière le célèbre chatbot va appliquer des règles beaucoup plus strictes, et plus intrusives, au nom de la protection des mineurs.

Le contrôle parental sur ChatGPT se déploie, mais OpenAI ne s'arrête pas là. La startup derrière le célèbre chatbot va appliquer des règles beaucoup plus strictes, et plus intrusives, au nom de la protection des mineurs.

L’édition 2025 du leasing social démarre le 30 septembre avec 28 modèles éligibles et des loyers allant de 95 à 200 € par mois. De quoi séduire rapidement 50 000 bénéficiaires, à condition de bien choisir.

Imaginez demain matin, vous vous réveillez et 90% des sites web ont disparu. Plus de blogs, plus de sites de presse, plus de forums. Juste des pages blanches et des erreurs 404. De la science-fiction ? Et bien pas selon Matthew Prince, le CEO de Cloudflare, qui gère 20% du trafic web mondial.

Dans plusieurs interviews récentes, il explique qu’on est en train d’assister en direct à l’effondrement du modèle économique qui a fait vivre Internet pendant 25 ans. En effet, le deal était simple : Google crawle votre contenu, vous envoie du trafic, vous monétisez avec de la pub.

Sauf que ce pacte avec le diable vient de voler en éclats.

Il y a dix ans, pour 2 pages que Google scannait sur votre site, il vous envoyait 1 visiteur. Un échange équitable, presque symbiotique. Mais aujourd’hui, Il faut 6 pages crawlées pour obtenir 1 seul clic.

Mais attendez, là c’est Google, le gentil de l’histoire parce qu’avec les nouveaux venus de l’IA, c’est l’apocalypse qui s’annonce. En effet, d’après les données de Cloudflare , le ratio d’OpenAI est passé de 250 pour 1 à 1500 pour 1 en quelques mois. Autrement dit, ChatGPT aspire 1500 pages de votre contenu pour vous renvoyer généreusement… 1 seul visiteur. Anthropic avec Claude, on est à 60 000 pages pour un visiteur. Bref, c’est pas du crawling, c’est du pillage en règle.

Et Prince ne mâche pas ses mots : “Si les créateurs de contenu ne peuvent plus tirer de valeur de leur travail, ils vont arrêter de créer du contenu original.” Et devinez quoi ? C’est déjà en train de se produire car les données montrent que le trafic des moteurs de recherche vers les sites web a chuté de 55% entre 2022 et 2025. Par exemple, le Washington Post et le HuffPost ont vu leur trafic organique divisé par deux en trois ans.

Le plus ironique dans tout ça c’est que Google lui-même creuse sa propre tombe. Prince révèle qu’il y a six mois, 75% des recherches Google se terminaient sans aucun clic vers un site externe. Mais alors pourquoi ce changement soudain ? Hé bien la réponse tient en deux mots : Answer Engines. C’est le cas par exemple avec le déploiement d’ AI Overview , leur nouvelle fonctionnalité qui donne directement les réponses, ce chiffre pourrait atteindre 90%. Google est ainsi devenu un genre de cul-de-sac d’Internet…

Il est fini donc le temps où Google vous donnait une carte au trésor avec des liens à explorer. Maintenant, l’IA vous donne directement le trésor et comme ça plus besoin de visiter les sites, plus de trafic, plus de revenus publicitaires. La boucle vertueuse s’est transformée en spirale mortelle…

Source

Shai, c’est un collègue développeur qui ne dort jamais, qui ne râle jamais quand vous lui demandez de déboguer votre code à 3h du matin, et qui vit littéralement dans votre terminal. C’est un outil qui s’inscrit dans la même lignée que Codex ou Claude Code et qui est 100% français puisque proposé par OVHcloud.

Terminé donc les outils qui nécessitent des interfaces graphiques lourdes ou des plugins IDE complexes puisqu’ici, tout se passe dans le terminal.

L’installation tient en une seule ligne :

curl -fsSL https://raw.githubusercontent.com/ovh/shai/main/install.sh | sh

Et en quelques secondes, vous avez un assistant IA fonctionnel, prêt à vous épauler dans vos tâches quotidiennes. Pas de configuration complexe, pas de dépendances infernales à gérer. Bien sûr, comme pour tout script téléchargé, pensez à vérifier le contenu avant exécution.

Vous l’aurez compris, SHAI ne se contente pas d’être un simple chatbot qui répond à vos questions. Il peut véritablement prendre le contrôle et exécuter des commandes, créer des fichiers, déboguer votre code, et même automatiser des workflows complets. Vous pouvez lui demander de créer un site web complet, de convertir des fichiers d’un format à l’autre, ou de corriger cette commande shell que vous n’arrivez jamais à mémoriser correctement.

La philosophie “written in Rust with love” inscrite dans le code du projet n’est pas non plus qu’une simple formule marketing car le choix de Rust garantit des performances exceptionnelles et une sécurité mémoire à toute épreuve. Avec 99,2% du code en Rust, les développeurs d’OVHcloud ont clairement misé sur la robustesse et la rapidité d’exécution. Je tiens quand même à dire qu’au cours de mes tests, j’ai quand même eu quelques plantages de l’application. Mais elle est encore jeune, donc j’espère que ça va s’améliorer.

Ce qui distingue vraiment SHAI des autres assistants IA, c’est sa capacité à fonctionner en mode “headless”. Vous pouvez simplement lui envoyer des prompts via un pipe Unix : echo "crée-moi un hello world en Python" | shai. Et rien que cette fonctionnalité ouvre des possibilités infinies pour l’automatisation et l’intégration dans des pipelines CI/CD existants.

Plus impressionnant encore, le mode “shell assistant” transforme SHAI en véritable garde du corps de votre terminal. Une fois activé, chaque fois qu’une commande échoue, SHAI intervient automatiquement pour vous proposer une correction. Plus besoin de chercher sur Stack Overflow pourquoi votre commande tar ne fonctionne pas comme prévu.

Pour réussir tout ça, il utilise par défaut Qwen3-32B mais rassurez vous, y’a moyen de changer de provider. L’aspect multi-provider est donc crucial et heureusement SHAI n’est pas verrouillé sur un seul modèle d’IA. Vous pouvez donc configurer différents providers selon vos besoins, vos préférences ou vos contraintes de confidentialité. Mais par défaut, OVHcloud propose un accès anonyme (avec limitation de débit) pour que tout le monde puisse tester l’outil sans engagement. Perso, j’ai éclaté la limite au bout de quelques minutes d’utilisation. Snif.

Lors de mes tests, j’ai aussi constaté que les commandes qu’on appelle normalement avec le “/” n’ont pas fonctionné chez moi et concernant le thème de l’interface de Shai, en fonction des couleurs de votre terminal, ça peut vite être illisible. C’est dommage mais j’imagine que ça va se bonifier avec le temps…

Voilà, avec Shai , OVHcloud mise clairement sur cette approche minimaliste mais puissante pour séduire les développeurs qui veulent de l’IA sans les complications habituelles et surtout qui tourne sur le sol français, dans le respect de vos données personnelles.

Je leur souhaite plein de succès !

Source

Parmi tous modèles exposés dans un salon automobile, il y en a forcément qui ressortent du lot. Voici les cinq voitures électriques qui m'ont le plus séduit pendant ma visite de l'IAA à Munich.

The Synology Solution 2025/2026 Event – What Was There?

Before We Go Any Further – We STILL Have to Discuss Synology Hard Drive Compatibility!

Synology’s hard drive support policy was a recurring topic throughout the event and in direct conversations with staff. The subject was formally addressed in the opening session, where the company framed its approach as a strategic decision to validate and support selected drives for reliability and lifecycle assurance. In a later Q&A with a large Synology customer, the policy came up again, though the exchange felt somewhat staged. Away from the stage, I spoke with almost a dozen Synology team members on and off the record. The consistent message was that verification of Seagate and Western Digital drives is still in progress, but I also received conflicting off-the-record remarks about how validation and support could be expanded in the future. A follow-up article and video from me on this subject will be published soon to explore the matter further.

“As workloads scale and data becomes even more critical. We’ve made the strategic decision to fully validate and support scenario drives in our solution.
This means that we take an end to end responsibility for performance, reliability and long-term availability by managing both hardware and the software stack.
We intend to show you that we can deliver deeper integration, such as real-time health monitoring, predictive risk analysis and seamless firmware updates, all designed to reduce risk and maximise uptime.

This change is not about limiting choice, it’s about accountability. When you deploy a Synology solution, you can be confident that we stand behind every component and that you’ll receive a system optimised for performance and reliability over its entire lifestyle. And for our partners, this also means fewer unknowns of deployment and support, greater predictability and stronger value for your customers. Together, we can focus less on troubleshooting and more on helping businesses innovate, securely.”

The official position is that tighter control of hardware compatibility will improve integration features like predictive monitoring and firmware management, while reducing deployment risks. However, Synology repeatedly stressed that the policy is not yet final, with feedback from customers and partners still under review. From my discussions, the messaging suggests that although Synology’s stance is rooted in system accountability, the practical implications for users—particularly regarding Seagate and WD models such as IronWolf and Red or surveillance-focused drives like SkyHawk and Purple—remain unsettled. The lack of clarity points to an ongoing process where official announcements may evolve, but for now customers are being told the policy is about creating a more reliable platform rather than restricting options.

Introduction to Synology – 25 Years On

The opening session of Synology’s UK Solutions Exhibition marked the company’s 25th anniversary with a review of its history, current reach, and overall strategy. Synology reported that it has 14 million installations worldwide, is protecting around 25 million entities and servers, and manages more than 2 million accounts. Case examples were used to illustrate different applications, including the Imperial War Museum’s video archive workflows, Toyota’s use of scalable backup and disaster recovery, and surveillance and crowd management deployments using Synology cameras and DVA units. The presentation also provided background on the company’s origins in 2000 and the development of DSM as its Linux-based operating system. DSM was described as having grown from a small-business storage platform into a wider environment that spans file management, surveillance, backup, cloud services, and productivity, positioned between consumer-focused devices and enterprise systems.

The session also focused on the conditions in which these systems now operate. Trends highlighted included increasing architectural complexity from hybrid and cloud deployments, stricter compliance and regulatory requirements, persistent security threats, and ongoing budget constraints. Synology framed its approach around four design principles: integrating hardware and software into a single platform, embedding security features from the outset, simplifying management to reduce reliance on specialist expertise, and ensuring predictable long-term costs rather than shifting expenses over time. A notable point was the company’s drive compatibility and accountability policy. Synology stated that it will validate and support specific hard drives and SSDs to provide real-time monitoring, firmware updates, and lifecycle assurances. However, the company also acknowledged that it is still assessing customer and partner feedback on the subject of drive and SSD verification, indicating that its position may continue to evolve. The presentation ended with an invitation to engage with Synology staff during the event and a transition to the next session on data protection.

New / in-progress / future items mentioned:

• Synology’s drive compatibility and accountability policy, with integrated monitoring, firmware management, and lifecycle support.

• Synology confirmed it is still assessing customer and partner feedback on hard drive and SSD verification, leaving open the possibility of adjustments.

Synology and Data Storage Now/Future

Active Protect and the DP series was once again a heavy presence at this event and was more formally presented as Synology’s hardware-plus-software backup appliance family, structured around three guarantees: isolation, visibility, and auditability. It combines technologies such as high-rate deduplication (up to 80%), btrfs checksums with self-healing, immutability at the primary backup layer tied to retention policies, VM-based backup verification and sandboxing, and software-driven offline air-gap replication. These measures are positioned as protection against common and combined attack chains, including phishing, stolen credentials, ransomware, insider threats, and zero-day exploits. Large-scale management is enabled through clustering (tested with over 2,500 nodes and 150,000 endpoints), protection plans, and failover between backup servers to avoid single points of failure. Audit logs can be forwarded to external SIEMs and long-term retention is supported via Synology’s Secure Scalable Storage with WORM. Case studies included a Japanese bank with six appliances across DR sites, a Taiwanese logistics company consolidating over ten devices, and Toyota, which migrated away from tape to Active Protect in 2025, citing reduced costs and improved resilience.

The presentation framed the wider context as one where 70% of organisations have experienced data loss or attacks and 88% of those were unable to recover. The strategy was outlined as layered: employee education, least-privilege delegated administration, and backup as the final line of defence. Technical implementation details highlighted cloning instead of full copying, policy-driven immutability, VM-based verification, and software-controlled air-gap mechanisms as ways to achieve isolation and restore confidence. Visibility was addressed through centralized portals, cluster management, and protection plan broadcasting across sites, while auditability was achieved through extensive telemetry, monitoring, and immutable log storage. The brand also noted that it is working to further improve connectivity between Active Protect appliances and Active Backup for Business-equipped devices, aiming to strengthen multi-site operations and incremental migration paths. Deployment was described as end-to-end through Synology appliances, with hot spares and replacement hardware options to maintain recovery point objectives. The solution was positioned as an integrated alternative to mixed third-party systems, with the trade-off being a reliance on Synology’s single-vendor model for both hardware and software.

New / in-progress / future items mentioned:

• Active Protect appliance family: integrated hardware-plus-software backup solution with isolation, visibility, and auditability features.

• Protection plans and clustering: centralized policies for managing thousands of endpoints and enabling cross-site disaster recovery.

• Software-based air-gap replication: offline replication without tape media, controlled through software and network port management.

• VM-based backup verification and sandboxing: integrated hypervisor for validating and testing backups.

• Planned improvements to connectivity between Active Protect and Active Backup devices to strengthen multi-site operations and integration.

Robust, Scalable and Fast Storage Now and the Future

This session focused on Synology’s enterprise storage portfolio and its positioning across security, efficiency, scalability, and performance requirements. The company reported that it currently manages around 350 exabytes across roughly 260,000 businesses and highlighted product families for flash, hybrid, and high-capacity storage. Security was presented as a three-stage process (protect, detect, recover), incorporating measures such as multi-factor sign-in, encryption, immutable snapshots, Active Insight monitoring, and replication. This was also where we saw a reference (2nd time this year) to the multi-site storage tiering service ‘Synology Tiering’ – catchy name, right? Sadly, this does not appear to be a deployment model that can be done inside a single system (ala QNAP QTier).

Efficiency claims included up to 5:1 data reduction, thin provisioning, automated tiering, and hybrid cloud integration with C2 and Hybrid Share. Hybrid Share adoption was noted at over 1,400 enterprises and 3,500 sites, with features such as edge caching and global file locking to support multi-site collaboration. The GS series (notably GS3400) was introduced as a scale-out solution for unstructured data, supporting up to 48 nodes, 11.5 PB per cluster, SMB and S3 protocols, and managed centrally with the GridStation Manager software and its dedicated Cluster Manager GUI.

At the performance end, Synology presented the PAS series, including the PAS 7700 all-NVMe U.3 rackmount system and a 12-bay SATA SSD version. PAS systems run on new Parallel Active Manager software and feature active-active dual controllers, RAID TP (triple parity), rate bitmap rebuilds, and cache protection. Demonstrations covered VDI boot storms, large-scale SQL databases, and EDA simulations, with claims of sub-millisecond latency and throughput in the tens of gigabytes per second. Security measures include network isolation, VLANs, and self-encrypting drives. The GS and PAS series were described as extending Synology’s ecosystem from large-scale archival storage to ultra-low-latency mission-critical workloads, all linked through C2 cloud services, Active Insight monitoring, and policy-driven automation. The company also indicated that further improvements are underway to enhance connectivity between Active Protect appliances and Active Backup devices, enabling more integrated multi-site operations.

The demonstrations of the PAS 7700 system were used to illustrate performance under realistic enterprise workloads. In one scenario, a virtual desktop infrastructure with 1,000 desktops was booted simultaneously to highlight predictable behavior during “boot storm” events. A second demonstration focused on SQL database operations, where over 1,000 concurrent users generated mixed read/write activity, reportedly sustaining more than one million IOPS at approximately one millisecond latency. The third example involved an electronic design automation (EDA) simulation handling around 1,300 jobsets, used to demonstrate the system’s ability to maintain consistent throughput and ultra-low latency under computationally intensive conditions. These scenarios were intended to show how the all-NVMe architecture and active-active controller design could deliver stable, high-performance output across diverse mission-critical environments.

New / in-progress / future items mentioned:

• GS series (GridStation): scale-out storage, GS3400 unit, up to 48-node clusters and 11.5 PB per cluster, managed by GridStation Manager with Cluster Manager GUI.

• PAS series: new enterprise rackmount systems, including the PAS 7700 all-NVMe U.3 48-bay system and a 12-bay SATA SSD version, with active-active controllers.

• Parallel Active Manager software: new management layer for PAS systems.

• Planned improvements to connectivity between Active Protect and Active Backup devices for enhanced multi-site integration.

Synology Surveillance Station, New DVA3000, DVA7400, Synology SD Card, Switches and More

This section outlined Synology’s surveillance strategy, built on two platforms: the on-premises Surveillance Station VMS and the new cloud-based Synology C2 Cloud VSaaS. Both are designed to scale across large environments, with CMS central management tested at around 3,000 hosts and 30,000 cameras, and real-world deployments exceeding these figures. Features include open APIs for third-party integration, drag-and-drop monitoring, E-maps, and bulk provisioning tools for rapid deployment.

AI capabilities are available on-camera and on-appliance, with functions such as people/vehicle detection, face recognition, license plate recognition, dynamic mosaic (privacy blurring), and smoke detection. An upcoming semantic video search will enable natural-language style queries across historical footage, and is cited as one reason for higher-capacity DVA models.

New hardware introduced includes the DVA3000 (4-bay, 40 cameras, 6 AI tasks) and the DVA7400 (12-bay rackmount, up to 100 cameras, 40 AI tasks, with a GPU included), both expected in early 2026. Additional components include three PoE switches and an industrial-grade microSD card designed for continuous edge recording and health monitoring, though final specifications such as SD card class remain unconfirmed.

C2 Cloud was described as a cloud-managed surveillance option requiring no local NAS or NVR, with built-in AI analytics, centralized access via browser or mobile, and failover to local peer-to-peer streaming when internet is down. The on-premises and cloud platforms are intended to remain separate at launch, though hybrid interoperability is planned in later updates to unify workflows. Security is built into both models, including encryption, MFA, granular access roles, privacy controls, and a product security incident response team supported by a bug bounty program.

Customer examples ranged from schools and stadiums to large government deployments, highlighting scalability, API-based third-party integration, and operational improvements such as automated crowd counting and smoke detection. Licensing continues to follow Synology’s low-overhead approach for on-prem setups, with cloud plans bundling AI features directly. The roadmap places new cameras in Q4 2025 and the DVA models in early 2026, with hybrid operation features to follow.

When asked directly about the status of hard drive compatibility in the new surveillance systems, including whether support would be limited to Synology-branded HDDs or extend to commonly used models such as WD Purple and Seagate SkyHawk, Synology was unable to provide a clear confirmation. The company indicated that final details on drive verification and supported models for these upcoming surveillance platforms remain under review.

New / in-progress / future items mentioned:

• DVA3000: 4-bay surveillance appliance, 40 camera feeds, 6 AI operations, expected early 2026.

• DVA7400: 12-bay rackmount model with GPU, up to 100 cameras and 40 AI tasks, expected early 2026.

• Upcoming semantic video search: natural-language video query functionality.

• Three new PoE switches for simplified deployment and management.

• Industrial microSD card with edge recording and health reporting (specifications still unconfirmed).

• Synology C2 Cloud(cloud VSaaS): cloud-managed surveillance platform, launching with AI features included.

• Planned hybrid interoperability between Surveillance Station (on-prem) and C2 Cloud (cloud) in future updates.

Synology and AI – New GPU-Equipped Local AI NAS in Development and More Optional AI Integration in Synology NAS

This session focused on Synology’s Office Suite, which is positioned as a private-cloud productivity and communication platform designed to offer enterprises 100% data ownership, on-premises deployment, and long-term cost control. Core services include Drive and Office for file storage and real-time collaboration, Mail Plus for enterprise email, and the upcoming Chat & Meet for messaging and video conferencing. A new AI Console was also introduced, intended to manage and audit AI usage within the suite. The platform targets organizations concerned about rising cloud subscription costs—especially with Microsoft’s announced October 2025 price increases—data sovereignty, and security risks introduced by unsanctioned use of generative AI. Adoption figures cited include over 600,000 businesses and 80 million users.

Synology Drive and Office were presented as tools for structured file management and collaborative editing of documents, spreadsheets, and presentations. Features include file requests, configurable link sharing, audit logs, watermarking, and remote wiping. A case study from Yonsei University Medical Center highlighted the replacement of a Windows-based file system with Synology Drive, enabling centralized permission management, endpoint oversight, and synchronization across 15,000 employee devices. Mail Plus adds enterprise-grade email features, such as domain sharing for multi-site deployments, active-active clustering for high availability, delegated role management, auditing, and moderation workflows. Together, these services are designed to offer core collaboration and communication functions while preserving organizational control of data and infrastructure.

The roadmap extends the suite with Chat & Meet, an on-premises platform for real-time messaging and video conferencing. It is designed to support over 10,000 simultaneous chat users and 7,000 video participants, integrating channels, group messaging, and video sessions into a single interface. Administrative tools include permission management and migration utilities to ease transitions from existing platforms. Parallel to this, Synology is introducing the AI Console, which addresses risks such as content injection, jailbreaks, and data leakage by providing de-identification, provider management, permission settings, and auditing. The console will also support on-prem GPU-backed AI models for tasks such as semantic search, OCR, and speech-to-text, and is planned to integrate with OpenAI-compatible and self-hosted LLMs via MSCP.

The overarching message is that Synology is extending its productivity ecosystem to address enterprise concerns about cost, security, and compliance while enabling new collaboration and AI capabilities. The suite’s design emphasizes continuity through high-availability clustering, role-based administration, and unified consoles for policy enforcement and auditing. With the AI Console, Synology seeks to embed governance into AI usage, allowing enterprises to adopt advanced tools without exposing sensitive data to uncontrolled environments. Looking forward, further integration of GPU-enabled AI features and the addition of Chat & Meet mark key developments in Synology’s private-cloud strategy, aimed at providing alternatives to mainstream SaaS ecosystems while maintaining operational control.

New / in-progress / future items mentioned:

• Chat & Meet: on-premises messaging and video conferencing platform, supporting large-scale deployments.

• AI Console: centralized AI governance with de-identification, provider management, permissions, and auditing.

• Planned GPU-backed AI models: semantic search, OCR, image recognition, and speech-to-text.

• Integration with third-party and on-prem AI servers: OpenAI-compatible and self-hosted models via MSCP.

Join Inner Circle

Want to follow specific category? Also Read...Synology in 2026 - What Have TWHY Synology Changed Support oWHY Synology Changed Support oWeek 33 Tech Roundup – TerraSynology AI Console ReviewSynology AI Console Review - GDS1825+ vs DXP8800 PLUS NAS - Synology DS1825+ vs UGREEN DXPWeek 31 Tech Roundup – 245TBUsing Unverified HDD/SSD on a Subscribe You can also follow specific search terms:

This description contains links to Amazon. These links will take you to some of the products mentioned in today's content. As an Amazon Associate, I earn from qualifying purchases. Visit the NASCompares Deal Finder to find the best place to buy this device in your region, based on Service, Support and Reputation - Just Search for your NAS Drive in the Box Below

Need Advice on Data Storage from an Expert?

TRY CHAT

If you like this service, please consider supporting us. We use affiliate links on the blog allowing NAScompares information and advice service to be free of charge to you.Anything you purchase on the day you click on our links will generate a small commission which isused to run the website. Here is a link for Amazon and B&H.You can also get me a Ko-fi or old school Paypal. Thanks!To find out more about how to support this advice service check HEREIf you need to fix or configure a NAS, check Fiver Have you thought about helping others with your knowledge? Find Instructions Here  

Or support us by using our affiliate links on Amazon UK and Amazon US

    

 

WE LOVE COFFEE

Where to Buy a Product
			VISIT RETAILER ➤
			VISIT RETAILER ➤

If you like this service, please consider supporting us.
We use affiliate links on the blog allowing NAScompares information and advice service to be free of charge to you. Anything you purchase on the day you click on our links will generate a small commission which is used to run the website. Here is a link for Amazon and B&H. You can also get me a Ko-fi or old school Paypal. Thanks! To find out more about how to support this advice service check HERE   If you need to fix or configure a NAS, check Fiver   Have you thought about helping others with your knowledge? Find Instructions Here  

WE LOVE COFFEE

Or support us by using our affiliate links on Amazon UK and Amazon US

     

Un fichier JSON qui met en danger des milliers de développeurs. Voilà en gros le pitch du jour, et franchement, il y a de quoi s’inquiéter un peu.

Vous connaissez Cursor ? C’est ce nouvel éditeur de code qui fait le buzz avec son IA intégrée, GPT-5 et Claude sous le capot. Et bien selon Oasis Security , cet outil de plus en plus populaire dans la communauté des développeurs, a une faille d’importance. En effet, l’équipe de développement a décidé de désactiver par défaut une fonction de sécurité cruciale de Visual Studio Code qui est le Workspace Trust.

Pourquoi ? Bah parce que ça gênait le fonctionnement de leur précieuse IA !

Alors qu’est-ce que ça change ce Workspace Trust ? Eh bien, imaginez que vous ouvrez tranquillement un projet GitHub pour jeter un œil au code. Pas pour l’exécuter, juste pour regarder. Avec VS Code de base, aucun souci, le Workspace Trust vous protège mais avec Cursor, c’est open bar pour les hackers.

Car il suffit qu’un petit malin glisse un fichier .vscode/tasks.json dans son repository avec la bonne configuration, et boom. Dès que vous ouvrez le dossier, le code s’exécute automatiquement sur votre machine avec "runOn": "folderOpen". Sans votre accord bien sûr. Sans même que vous vous en rendiez compte.

Les chercheurs d’Oasis Security ont créé une démo pour prouver le danger . Leur fichier tasks.json envoie discrètement le nom d’utilisateur de la victime vers un serveur externe. Sympa comme proof of concept, mais imaginez les dégâts avec du vrai code malveillant.

Avec ce genre de manip, un attaquant pourrait faire du vol de tokens d’authentification, de clés API planquées dans vos variables d’environnement, une modification silencieuse de vos fichiers de code, un connexion à un serveur de commande et contrôle… etc. Bref, le kit complet du cybercriminel moderne et vu que beaucoup de développeurs bossent sur des projets sensibles, ça peut vite devenir une porte d’entrée pour des attaques sur la chaîne d’approvisionnement logicielle.

Le truc énervant, c’est quand Oasis Security a alerté l’équipe de Cursor… leur réponse a été… comment dire… rafraîchissante car selon les chercheurs, l’équipe de Cursor a reconnu le problème mais a refusé de réactiver le Workspace Trust par défaut. Plus diplomatiquement, ils ont expliqué que cette fonction de sécurité casserait les fonctionnalités IA pour lesquelles les gens utilisent leur produit.

Leur conseil pour ceux qui s’inquiètent c’est donc d’ activer manuellement le Workspace Trust dans les paramètres ou d’utiliser un autre éditeur pour ouvrir les projets douteux. Autrement dit, démerdez-vous.

Pour activer cette protection vous-même, il faut donc aller dans les settings et modifier security.workspace.trust.enabled en le passant à true. Vous pouvez aussi complètement désactiver l’exécution automatique des tâches avec task.allowAutomaticTasks: "off".

Plusieurs experts en sécurité recommandent maintenant d’ouvrir les repositories inconnus uniquement dans des environnements isolés, genre machine virtuelle ou conteneur jetable. Pas très pratique pour du code review rapide.

En tout cas, je me souviens que ce n’est pas la première fois que Cursor fait parler de lui niveau sécurité. Récemment, deux autres vulnérabilités ont été découvertes : MCPoison (CVE-2025-54136) et CurXecute (CVE-2025-54135). Bref, visiblement, la sécurité n’est pas leur priorité numéro un.

Et pour détecter si vous êtes victime de cette faille, cherchez les fichiers .vscode/tasks.json contenant "runOn": "folderOpen" dans vos projets. Surveillez aussi les shells lancés par votre IDE et les connexions réseau inhabituelles juste après l’ouverture d’un projet.

A vous de décider maintenant… jusqu’où êtes-vous prêt à sacrifier votre sécurité pour un peu plus de confort ? Parce que là, on parle quand même d’exécution de code arbitraire sans consentement…

Source

Selon de récentes informations, OpenAI accélérerait ses ambitions matérielles avec un projet de puce d’intelligence artificielle maison

Cet article OpenAI prépare sa puce d’IA pour 2026 afin de réduire sa dépendance à Nvidia a été publié en premier par GinjFo.

Source