Dans son dernier bulletin d'actualité, le CERT-FR revient sur certaines vulnérabilités significatives de la semaine dernière.
www.cert.ssi.gouv.fr/actualite/CERTFR-2026-AC...

La Cantine numérique Brest et le TyFab vous proposent une nouvelle séance de l'atelier d'initiation réseaux maillés sur #LoRa (#meshtastic, #Gaulix, #meshcore, #reticulum...)
Ouvert à tous - pendant l'openlab 23 avril à 20h30 wiki.tyfab.fr
renseignements tyfab@mdl29.net

More Vintage Computing museums should rent out cloud access to their rare hardware.



SDF (Super Dimension Fortress) does it, and it’s freaking awesome.



I’m literally logged into a Sun SPARCstation…anyone can do this for free, right now. Just SSH in.

A Cryptography Engineer’s Perspective on Quantum Computing Timelines The risk that cryptographically-relevant quantum computers materialize within the next few years is now high enough to be dispositive, unfortunately.

Two papers came out last week that suggest classical asymmetric cryptography might indeed be broken by quantum computers in just a few years.

That means we need to ship post-quantum crypto now, with the tools we have: ML-KEM and ML-DSA. I didn't think PQ auth was so urgent until recently.

Hours after Microsoft reveals that Russian hackers have been breaking into poorly secured routers & hijacking DNS requests (sometimes to collect Outlook data) www.microsoft.com/en-us/securi... DOJ says it has kicked those Russians out of the US routers they hacked: www.justice.gov/opa/pr/justi...

Russian espionage group APT28 compromised MikroTik and TP-Link routers to redirect traffic for certain authentication operations to AitM phishing kits

This botnet was taken down today by the FBI, DOJ, Lumen, and Microsoft

www.lumen.com/blog-and-new...

Espionnage et recherches de compromission sur les environnements mobiles - NoLimitSecu Episode #537 Avec Davy Douhine et Guillaume Lopes De l’espionnage étatique au « stalkerware » : Une analyse du spectre des menaces, allant des menaces sophistiqués (type Pegasus) ciblant des profils s...

#Podcast #Cybersécurité

Épisode #537 consacré à la recherche de compromission avancée sur mobile, avec Davy Douhine et Guillaume Lopes, de la société @randorisec.bsky.social (éditrice de la solution @shindan-io.bsky.social)

www.nolimitsecu.fr/espionnage-e...

Dans son dernier bulletin d'actualité, le CERT-FR revient sur l'expiration des premiers certificats Secure Boot en juin 2026.

www.cert.ssi.gouv.fr/actualite/CE...

In Nara, Japan, sika deer roam freely among cherry blossoms, creating a breathtaking scene each spring. These sacred creatures enjoy the beauty of hanami season too.

LLMs writing exploits, engineers losing skills, and a case for the generative OS - Security Conversations (Presented by TLPBLACK: High-fidelity threat intelligence and research tools for modern security teams. From curated Passive DNS and real-time C2 monitoring to actionable IOC feeds […]

"I remind you that this present you're so concerned about losing, you hated it in the first place." <- JAGS on why security practitioners should stop clinging to the broken thing and start imagining what the fixed thing looks like.

New episode is live 👇
securityconversations.com/episode/llms...

Release 147.0.7727.49.0 · GrapheneOS/Vanadium Changes in version 147.0.7727.49.0: update to Chromium 147.0.7727.49 A full list of changes from the previous release (version 147.0.7727.24.0) is available through the Git commit log between the...

Vanadium version 147.0.7727.49.0 released:

github.com/GrapheneOS/V...

See the linked release notes for a summary of the improvements over the previous release and a link to the full changelog.

Forum discussion thread:

discuss.grapheneos.org/d/33728-vana...

#GrapheneOS #privacy #security

⚠️ Alerte CERT-FR ⚠️
La vulnérabilité CVE-2025-53521 est activement exploitée et permet de provoquer une exécution de code arbitraire à distance dans F5 Big-IP APM.

www.cert.ssi.gouv.fr/alerte/CERTF...

CERTFR-2026-AVI-0382: Multiples vulnérabilités dans les produits FoxIT
https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0382/

C++26 is done! — Trip report: March 2026 ISO C++ standards meeting (London Croydon, UK) News flash: C++26 is done! 🎉 On Saturday, the ISO C++ committee completed technical work on C++26 in (partly) sunny London Croydon, UK. We resolved the remaining international comments on the C++26…

The ISO C++ committee has completed work on the C++26 specification of the C++ programming language.

This will be the biggest overhaul to C++ since the 2011 specification.

herbsutter.com/2026/03/29/c...

It feels like this public exposure of campaign infrastructure is becoming more common. This is the second time this week that I've found the web console for a live threat campaign. This is happening more frequently for a few reasons: first, DPRK threat actors are managing a lot of infrastructure assets, and sometimes they probably just forget. Iterating through all the GitHub, Vercel, Npoint and other infrastructure is a lot of stuff to manage. But what's even worse, I think, is that these threat actors just don't care. A few years ago, they would never have left one of these consoles exposed,but now, they don't care about cleaning up after themselves. They have so many more, that even if this gets taken down, they have other services to replace it.

A group of North Korean hackers engaged in Contagious Interview campaigns left one of their web consoles exposed on the internet

opensourcemalware.com/blog/contagi...

Dans son dernier bulletin d'actualité, le CERT-FR revient sur certaines vulnérabilités significatives de la semaine dernière.
www.cert.ssi.gouv.fr/actualite/CERTFR-2026-AC...

Understanding Memory Management, Part 1: C

A really good primer on memory allocation
educatedguesswork.org/posts/memory...

how diffie hellman key exchange works

(with as little math as possible)

Dans son dernier bulletin d'actualité, le CERT-FR revient sur certaines vulnérabilités significatives de la semaine dernière.
www.cert.ssi.gouv.fr/actualite/CERTFR-2026-AC...

⚠️ Alerte CERT-FR ⚠️

Les travaux conjoints des services membres du Centre de Coordination des Crises Cyber (C4) ont permis d’identifier une recrudescence de campagnes d’attaques ciblant les comptes de messagerie instantanées.

www.cert.ssi.gouv.fr/alerte/CERTF...

Automatisation des investigations du SOC - NoLimitSecu Episode #536 consacré à l’automatisation des investigations du SOC Avec Ahmed Achchak de la société  Qevlar AI

#Podcast #Cybersécurité

Épisode #536 consacré à l'automatisation des investigations du SOC, avec Ahmed Achchak de la société Qevlar AI

www.nolimitsecu.fr/automatisati...

Revert "userdb: add birthDate field to JSON user records (#40954)" by paramazo · Pull Request #41179 · systemd/systemd This reverts commit acb6624, reversing changes made to ba1caf0. Revert &quot;userdb: add birthDate field to JSON user records (#40954)&quot; After extensive community discussion, legal review and c...

github.com/systemd/syst...
it was quick: the change was reversed

This has to be an anticipated April first joke !

Watch on YouTube
www.youtube.com/watch?v=s-oB...

Welcome to Velociraptor 101!

Download Rapid7's Velociraptor DFIR - github.com/Velocidex/ve...

Velociraptor 101:
Rapid Windows Endpoint Investigations with Velociraptor & KAPE - www.youtube.com/watch?v=rqEj...

AASLR: Playing with Velociraptor! - www.youtube.com/watch?v=sLSa...

FancyBear Exposed: Major OPSEC Blunder Inside Russian Espionage Ops FancyBear’s OPSEC failure gives Ctrl-Alt-Intel rare visibility inside Russian espionage operations

After Hunt found an open directory hosting APT28's Roundcube exploit kit, Ctrl-Alt-Intel also found a 2nd open directory on the same server, this one with the "C2 source code, additional payloads, telemetry logs, exfiltrated data and evidence of further campaigns."

ctrlaltintel.com/threat%20res...

LotusNotes

from PLATO to Lotus Notes
computer.rip/2026-03-14-l...

CERTFR-2026-AVI-0253: Multiples vulnérabilités dans Microsoft Edge
https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0253/

En 2025, dans un contexte d’aggravation des tensions géopolitiques mondiales, la menace cyber se stabilise à un niveau particulièrement élevé, posant une pression constante sur l’Etat et le tissu économique et social français.

cert.ssi.gouv.fr/cti/CERTFR-2...

Shai-Hulud - NoLimitSecu Episode #534 consacré à « Shai-Hulud » Avec Christophe Tafani-Dereeper Références : Shai-Hulud:  https://securitylabs.datadoghq.com/articles/shai-hulud-2.0-npm-worm/ https://github.com/DataDog/indicat...

#Podcast #Cybersécurité

Épisode #534 consacré au ver "Shai-Hulud", avec @christophetd.fr

www.nolimitsecu.fr/shai-hulud/