{"id":197,"date":"2025-10-05T07:33:37","date_gmt":"2025-10-05T05:33:37","guid":{"rendered":"https:\/\/synap-sys.fr\/?page_id=197"},"modified":"2025-10-06T18:33:17","modified_gmt":"2025-10-06T16:33:17","slug":"news","status":"publish","type":"page","link":"https:\/\/synap-sys.fr\/en\/news\/","title":{"rendered":"Cyber News"},"content":{"rendered":"\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-constrained wp-block-group-is-layout-constrained\">\n<h6 class=\"wp-block-heading\" style=\"font-size:16px\">\ud83d\udd10 <strong>Failles de s\u00e9curit\u00e9 et vuln\u00e9rabilit\u00e9s<\/strong><\/h6>\n\n\n\n<p style=\"font-size:14px\">CERT-FR (Centre gouvernemental de veille, d\u2019alerte et de r\u00e9ponse aux attaques informatiques)<\/p>\n\n\n<ul class=\"has-dates has-excerpts alignleft rss-texte-perso wp-block-rss\"><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/www.cert.ssi.gouv.fr\/avis\/CERTFR-2026-AVI-0452\/'>Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Red Hat (17 avril 2026)<\/a><\/div><time datetime=\"2026-04-17T02:00:00+00:00\" class=\"wp-block-rss__item-publish-date\">17 April 2026<\/time> <div class=\"wp-block-rss__item-excerpt\">De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de Red Hat. Certaines d&#039;entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/www.cert.ssi.gouv.fr\/avis\/CERTFR-2026-AVI-0454\/'>Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE (17 avril 2026)<\/a><\/div><time datetime=\"2026-04-17T02:00:00+00:00\" class=\"wp-block-rss__item-publish-date\">17 April 2026<\/time> <div class=\"wp-block-rss__item-excerpt\">De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de SUSE. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l&#039;\u00e9diteur.<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/www.cert.ssi.gouv.fr\/avis\/CERTFR-2026-AVI-0456\/'>Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft (17 avril 2026)<\/a><\/div><time datetime=\"2026-04-17T02:00:00+00:00\" class=\"wp-block-rss__item-publish-date\">17 April 2026<\/time> <div class=\"wp-block-rss__item-excerpt\">De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Microsoft. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l&#039;\u00e9diteur.<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/www.cert.ssi.gouv.fr\/avis\/CERTFR-2026-AVI-0455\/'>Multiples vuln\u00e9rabilit\u00e9s dans IBM QRadar (17 avril 2026)<\/a><\/div><time datetime=\"2026-04-17T02:00:00+00:00\" class=\"wp-block-rss__item-publish-date\">17 April 2026<\/time> <div class=\"wp-block-rss__item-excerpt\">De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans IBM QRadar. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/www.cert.ssi.gouv.fr\/avis\/CERTFR-2026-AVI-0453\/'>Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d&#039;Ubuntu (17 avril 2026)<\/a><\/div><time datetime=\"2026-04-17T02:00:00+00:00\" class=\"wp-block-rss__item-publish-date\">17 April 2026<\/time> <div class=\"wp-block-rss__item-excerpt\">De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux d&#039;Ubuntu. Certaines d&#039;entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l&#039;int\u00e9grit\u00e9 des donn\u00e9es.<\/div><\/li><\/ul>\n\n\n<p>Exploit Database (Offensive Security)<\/p>\n\n\n<ul class=\"has-dates has-excerpts rss-texte-perso wp-block-rss\"><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/www.exploit-db.com\/exploits\/52508'>[webapps] D-Link DIR-650IN &#8211; Authenticated Command Injection<\/a><\/div><time datetime=\"2026-04-10T02:00:00+00:00\" class=\"wp-block-rss__item-publish-date\">10 April 2026<\/time> <div class=\"wp-block-rss__item-excerpt\">D-Link DIR-650IN &#8211; Authenticated Command Injection<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/www.exploit-db.com\/exploits\/52509'>[local] NetBT e-Fatura &#8211; Privilege Escalation<\/a><\/div><time datetime=\"2026-04-10T02:00:00+00:00\" class=\"wp-block-rss__item-publish-date\">10 April 2026<\/time> <div class=\"wp-block-rss__item-excerpt\">NetBT e-Fatura &#8211; Privilege Escalation<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/www.exploit-db.com\/exploits\/52503'>[local] ZSH 5.9 &#8211; RCE<\/a><\/div><time datetime=\"2026-04-09T02:00:00+00:00\" class=\"wp-block-rss__item-publish-date\">9 April 2026<\/time> <div class=\"wp-block-rss__item-excerpt\">ZSH 5.9 &#8211; RCE<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/www.exploit-db.com\/exploits\/52504'>[webapps] Jumbo Website Manager  &#8211; Remote Code Execution<\/a><\/div><time datetime=\"2026-04-09T02:00:00+00:00\" class=\"wp-block-rss__item-publish-date\">9 April 2026<\/time> <div class=\"wp-block-rss__item-excerpt\">Jumbo Website Manager &#8211; Remote Code Execution<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/www.exploit-db.com\/exploits\/52505'>[webapps] RomM  4.4.0 &#8211;  XSS_CSRF Chain<\/a><\/div><time datetime=\"2026-04-09T02:00:00+00:00\" class=\"wp-block-rss__item-publish-date\">9 April 2026<\/time> <div class=\"wp-block-rss__item-excerpt\">RomM 4.4.0 &#8211; XSS_CSRF Chain<\/div><\/li><\/ul><\/div><\/div>\n\n\n\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-constrained wp-block-group-is-layout-constrained\">\n<h2 class=\"wp-block-heading\" style=\"font-size:16px\">\ud83d\udee1\ufe0f <strong>Attaques en cours et campagnes actives<\/strong><\/h2>\n\n\n\n<p style=\"font-size:14px\">The Hacker News<\/p>\n\n\n<ul class=\"has-dates has-excerpts rss-texte-perso wp-block-rss\"><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/thehackernews.com\/2026\/04\/three-microsoft-defender-zero-days.html'>Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched<\/a><\/div><time datetime=\"2026-04-17T15:21:00+00:00\" class=\"wp-block-rss__item-publish-date\">17 April 2026<\/time> <div class=\"wp-block-rss__item-excerpt\">Huntress is warning that threat actors are exploiting three recently disclosed security flaws in Microsoft Defender to gain elevated privileges in compromised systems. The activity involves\u00a0the exploitation of three vulnerabilities that are codenamed BlueHammer (requires GitHub sign-in), RedSun, and UnDefend, all of which were released as zero-days by a researcher known as Chaotic Eclipse (<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/thehackernews.com\/2026\/04\/google-blocks-83b-policy-violating-ads.html'>Google Blocks 8.3B Policy-Violating Ads in 2025, Launches Android 17 Privacy Overhaul<\/a><\/div><time datetime=\"2026-04-17T12:47:00+00:00\" class=\"wp-block-rss__item-publish-date\">17 April 2026<\/time> <div class=\"wp-block-rss__item-excerpt\">Google this week announced a new set of Play policy updates to strengthen user privacy and protect businesses against fraud, even as it revealed it blocked or removed over 8.3 billion ads globally and suspended 24.9 million accounts in 2025. The new policy updates relate to contact and location permissions in Android, allowing third-party apps [&hellip;]<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/thehackernews.com\/2026\/04\/nist-limits-cve-enrichment-after-263.html'>NIST Limits CVE Enrichment After 263% Surge in Vulnerability Submissions<\/a><\/div><time datetime=\"2026-04-17T09:14:00+00:00\" class=\"wp-block-rss__item-publish-date\">17 April 2026<\/time> <div class=\"wp-block-rss__item-excerpt\">The National Institute of Standards and Technology (NIST) has announced changes to the way it handles cybersecurity vulnerabilities and exposures (CVEs) listed in its National Vulnerability Database (NVD), stating it will only enrich those that fulfil certain conditions owing to an explosion in CVE submissions. &quot;CVEs that do not meet those criteria will still be [&hellip;]<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/thehackernews.com\/2026\/04\/operation-poweroff-seizes-53-ddos.html'>Operation PowerOFF Seizes 53 DDoS Domains, Exposes 3 Million Criminal Accounts<\/a><\/div><time datetime=\"2026-04-17T07:46:00+00:00\" class=\"wp-block-rss__item-publish-date\">17 April 2026<\/time> <div class=\"wp-block-rss__item-excerpt\">An international law enforcement operation has taken down 53 domains and arrested four people in connection with commercial distributed denial-of-service (DDoS) operations that were used by more than 75,000 cybercriminals. The ongoing effort, dubbed Operation PowerOFF, disrupted access to the DDoS-for-hire services, took down the technical infrastructure supporting them, and obtained access to<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/thehackernews.com\/2026\/04\/apache-activemq-cve-2026-34197-added-to.html'>Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation<\/a><\/div><time datetime=\"2026-04-17T05:22:00+00:00\" class=\"wp-block-rss__item-publish-date\">17 April 2026<\/time> <div class=\"wp-block-rss__item-excerpt\">A recently disclosed high-severity security flaw in Apache ActiveMQ\u00a0Classic has come under active exploitation in the wild, per the U.S. Cybersecurity and Infrastructure Security Agency\u00a0(CISA). To that end, the agency\u00a0has added the vulnerability, tracked\u00a0as CVE-2026-34197 (CVSS score: 8.8), to its Known Exploited Vulnerabilities\u00a0(KEV) catalog, requiring Federal Civilian<\/div><\/li><\/ul><\/div><\/div>\n\n\n\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-constrained wp-block-group-is-layout-constrained\">\n<h6 class=\"wp-block-heading\" style=\"font-size:16px\">\ud83d\udee0\ufe0f <strong>Microsoft Security Update Guide (Patch Tuesday &amp; autres mises \u00e0 jour)<\/strong><\/h6>\n\n\n\n<p style=\"font-size:14px\">Ce flux liste les bulletins de s\u00e9curit\u00e9 (CVE, correctifs mensuels) publi\u00e9s par Microsoft. C\u2019est <em>la source officielle<\/em> pour les mises \u00e0 jour de s\u00e9curit\u00e9 Windows, Office, Azure, etc.<\/p>\n\n\n<ul class=\"has-dates has-excerpts rss-texte-perso wp-block-rss\"><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2026-6307'>Chromium: CVE-2026-6307 Type Confusion in Turbofan<\/a><\/div><time datetime=\"2026-04-17T16:00:59+00:00\" class=\"wp-block-rss__item-publish-date\">17 April 2026<\/time> <div class=\"wp-block-rss__item-excerpt\">This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https:\/\/chromereleases.googleblog.com\/2026) for more information.<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2026-6306'>Chromium: CVE-2026-6306 Heap buffer overflow in PDFium<\/a><\/div><time datetime=\"2026-04-17T16:00:58+00:00\" class=\"wp-block-rss__item-publish-date\">17 April 2026<\/time> <div class=\"wp-block-rss__item-excerpt\">This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https:\/\/chromereleases.googleblog.com\/2026) for more information.<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2026-6305'>Chromium: CVE-2026-6305 Heap buffer overflow in PDFium<\/a><\/div><time datetime=\"2026-04-17T16:00:57+00:00\" class=\"wp-block-rss__item-publish-date\">17 April 2026<\/time> <div class=\"wp-block-rss__item-excerpt\">This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https:\/\/chromereleases.googleblog.com\/2026) for more information.<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2026-6304'>Chromium: CVE-2026-6304 Use after free in Graphite<\/a><\/div><time datetime=\"2026-04-17T16:00:56+00:00\" class=\"wp-block-rss__item-publish-date\">17 April 2026<\/time> <div class=\"wp-block-rss__item-excerpt\">This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https:\/\/chromereleases.googleblog.com\/2026) for more information.<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2026-6303'>Chromium: CVE-2026-6303 Use after free in Codecs<\/a><\/div><time datetime=\"2026-04-17T16:00:55+00:00\" class=\"wp-block-rss__item-publish-date\">17 April 2026<\/time> <div class=\"wp-block-rss__item-excerpt\">This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https:\/\/chromereleases.googleblog.com\/2026) for more information.<\/div><\/li><\/ul><\/div><\/div>\n","protected":false},"excerpt":{"rendered":"<p>\ud83d\udd10 Failles de s\u00e9curit\u00e9 et vuln\u00e9rabilit\u00e9s CERT-FR (Centre gouvernemental de veille, d\u2019alerte et de r\u00e9ponse aux attaques informatiques) Exploit Database (Offensive Security) \ud83d\udee1\ufe0f Attaques en cours et campagnes actives The Hacker News \ud83d\udee0\ufe0f Microsoft Security Update Guide (Patch Tuesday &amp; autres mises \u00e0 jour) Ce flux liste les bulletins de s\u00e9curit\u00e9 (CVE, correctifs mensuels) publi\u00e9s &#8230; <a title=\"Cyber News\" class=\"read-more\" href=\"https:\/\/synap-sys.fr\/en\/news\/\" aria-label=\"Read more about Cyber News\">Read more<\/a><\/p>","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-197","page","type-page","status-publish"],"_links":{"self":[{"href":"https:\/\/synap-sys.fr\/en\/wp-json\/wp\/v2\/pages\/197","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/synap-sys.fr\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/synap-sys.fr\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/synap-sys.fr\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/synap-sys.fr\/en\/wp-json\/wp\/v2\/comments?post=197"}],"version-history":[{"count":16,"href":"https:\/\/synap-sys.fr\/en\/wp-json\/wp\/v2\/pages\/197\/revisions"}],"predecessor-version":[{"id":355,"href":"https:\/\/synap-sys.fr\/en\/wp-json\/wp\/v2\/pages\/197\/revisions\/355"}],"wp:attachment":[{"href":"https:\/\/synap-sys.fr\/en\/wp-json\/wp\/v2\/media?parent=197"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}