{"id":197,"date":"2025-10-05T07:33:37","date_gmt":"2025-10-05T05:33:37","guid":{"rendered":"https:\/\/synap-sys.fr\/?page_id=197"},"modified":"2025-10-06T18:33:17","modified_gmt":"2025-10-06T16:33:17","slug":"news","status":"publish","type":"page","link":"https:\/\/synap-sys.fr\/en\/news\/","title":{"rendered":"Cyber News"},"content":{"rendered":"\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-constrained wp-block-group-is-layout-constrained\">\n<h6 class=\"wp-block-heading\" style=\"font-size:16px\">\ud83d\udd10 <strong>Failles de s\u00e9curit\u00e9 et vuln\u00e9rabilit\u00e9s<\/strong><\/h6>\n\n\n\n<p class=\"wp-block-paragraph\" style=\"font-size:14px\">CERT-FR (Centre gouvernemental de veille, d\u2019alerte et de r\u00e9ponse aux attaques informatiques)<\/p>\n\n\n<ul class=\"has-dates has-excerpts alignleft rss-texte-perso wp-block-rss\"><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/www.cert.ssi.gouv.fr\/avis\/CERTFR-2026-AVI-0699\/'>Vuln\u00e9rabilit\u00e9 dans Cisco Catalyst SD-WAN (05 juin 2026)<\/a><\/div><time datetime=\"2026-06-05T02:00:00+00:00\" class=\"wp-block-rss__item-publish-date\">5 June 2026<\/time> <div class=\"wp-block-rss__item-excerpt\">Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Cisco Catalyst SD-WAN. Elle permet \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges. Cisco indique que la vuln\u00e9rabilit\u00e9 CVE-2026-20245 est activement exploit\u00e9e.<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/www.cert.ssi.gouv.fr\/avis\/CERTFR-2026-AVI-0693\/'>Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Azure Linux (05 juin 2026)<\/a><\/div><time datetime=\"2026-06-05T02:00:00+00:00\" class=\"wp-block-rss__item-publish-date\">5 June 2026<\/time> <div class=\"wp-block-rss__item-excerpt\">De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Azure Linux. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l&#039;\u00e9diteur.<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/www.cert.ssi.gouv.fr\/avis\/CERTFR-2026-AVI-0697\/'>Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE (05 juin 2026)<\/a><\/div><time datetime=\"2026-06-05T02:00:00+00:00\" class=\"wp-block-rss__item-publish-date\">5 June 2026<\/time> <div class=\"wp-block-rss__item-excerpt\">De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de SUSE. Certaines d&#039;entre elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, une atteinte \u00e0 l&#039;int\u00e9grit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/www.cert.ssi.gouv.fr\/avis\/CERTFR-2026-AVI-0692\/'>Multiples vuln\u00e9rabilit\u00e9s dans Google Chrome (05 juin 2026)<\/a><\/div><time datetime=\"2026-06-05T02:00:00+00:00\" class=\"wp-block-rss__item-publish-date\">5 June 2026<\/time> <div class=\"wp-block-rss__item-excerpt\">De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Google Chrome. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l&#039;\u00e9diteur.<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/www.cert.ssi.gouv.fr\/avis\/CERTFR-2026-AVI-0696\/'>Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Debian LTS (05 juin 2026)<\/a><\/div><time datetime=\"2026-06-05T02:00:00+00:00\" class=\"wp-block-rss__item-publish-date\">5 June 2026<\/time> <div class=\"wp-block-rss__item-excerpt\">De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de Debian LTS. Certaines d&#039;entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un d\u00e9ni de service.<\/div><\/li><\/ul>\n\n\n<p class=\"wp-block-paragraph\">Exploit Database (Offensive Security)<\/p>\n\n\n<ul class=\"has-dates has-excerpts rss-texte-perso wp-block-rss\"><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/www.exploit-db.com\/exploits\/52609'>[webapps] WordPress Contest Gallery 28.1.4 &#8211; Unauthenticated Blind SQL Injection<\/a><\/div><time datetime=\"2026-06-05T02:00:00+00:00\" class=\"wp-block-rss__item-publish-date\">5 June 2026<\/time> <div class=\"wp-block-rss__item-excerpt\">WordPress Contest Gallery 28.1.4 &#8211; Unauthenticated Blind SQL Injection<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/www.exploit-db.com\/exploits\/52608'>[webapps] Drupal Core 10.5.5 &#8211; Error-Based SQL Injection<\/a><\/div><time datetime=\"2026-06-01T02:00:00+00:00\" class=\"wp-block-rss__item-publish-date\">1 June 2026<\/time> <div class=\"wp-block-rss__item-excerpt\">Drupal Core 10.5.5 &#8211; Error-Based SQL Injection<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/www.exploit-db.com\/exploits\/52607'>[webapps] WordPress OrderConvo 14 &#8211; Path Traversal<\/a><\/div><time datetime=\"2026-06-01T02:00:00+00:00\" class=\"wp-block-rss__item-publish-date\">1 June 2026<\/time> <div class=\"wp-block-rss__item-excerpt\">WordPress OrderConvo 14 &#8211; Path Traversal<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/www.exploit-db.com\/exploits\/52603'>[webapps] YAMCS yamcs-core  5.12.7 &#8211; LDAP Injection<\/a><\/div><time datetime=\"2026-05-30T02:00:00+00:00\" class=\"wp-block-rss__item-publish-date\">30 May 2026<\/time> <div class=\"wp-block-rss__item-excerpt\">YAMCS yamcs-core 5.12.7 &#8211; LDAP Injection<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/www.exploit-db.com\/exploits\/52604'>[webapps] YAMCS yamcs-core  5.12.7 &#8211; User Enumeration<\/a><\/div><time datetime=\"2026-05-30T02:00:00+00:00\" class=\"wp-block-rss__item-publish-date\">30 May 2026<\/time> <div class=\"wp-block-rss__item-excerpt\">YAMCS yamcs-core 5.12.7 &#8211; User Enumeration<\/div><\/li><\/ul><\/div><\/div>\n\n\n\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-constrained wp-block-group-is-layout-constrained\">\n<h2 class=\"wp-block-heading\" style=\"font-size:16px\">\ud83d\udee1\ufe0f <strong>Attaques en cours et campagnes actives<\/strong><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\" style=\"font-size:14px\">The Hacker News<\/p>\n\n\n<ul class=\"has-dates has-excerpts rss-texte-perso wp-block-rss\"><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/thehackernews.com\/2026\/06\/ironworm-and-new-miasma-worm-variant.html'>IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks<\/a><\/div><time datetime=\"2026-06-05T20:05:30+00:00\" class=\"wp-block-rss__item-publish-date\">5 June 2026<\/time> <div class=\"wp-block-rss__item-excerpt\">Multiple software supply chain attacks have hit the npm ecosystem, with threat actors using both malicious and poisoned versions of over 50 legitimate packages to distribute a Rust-based information stealer and a self-spreading worm, respectively. According to JFrog, the information stealer &quot;scrapes every secret it can find on a developer&#039;s machine, hides behind an eBPF [&hellip;]<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/thehackernews.com\/2026\/06\/android-spyware-asin-targets-arabic.html'>Android Spyware Asin Targets Arabic Users via Fake News, PDF and War Map Apps<\/a><\/div><time datetime=\"2026-06-05T16:53:40+00:00\" class=\"wp-block-rss__item-publish-date\">5 June 2026<\/time> <div class=\"wp-block-rss__item-excerpt\">Arabic-speaking users have emerged as the target of a new Android spyware codenamed Asin, according to findings from ESET. The Slovakian cybersecurity company said it first detected the malware spread via multiple campaigns in early 2025, with each attack wave making use of distinct websites mimicking utilities, war-related updates, and a government news source: govlens[.]net, [&hellip;]<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/thehackernews.com\/2026\/06\/new-threat-cluster-op-512-targets.html'>New Threat Cluster OP-512 Targets Microsoft IIS Servers with Custom Web Shell Framework<\/a><\/div><time datetime=\"2026-06-05T14:33:38+00:00\" class=\"wp-block-rss__item-publish-date\">5 June 2026<\/time> <div class=\"wp-block-rss__item-excerpt\">Cybersecurity researchers have discovered a previously unreported threat cluster dubbed OP-512 (where &quot;OP&quot; stands for &quot;opponent&quot;) that has been observed\u00a0targeting Microsoft Internet Information Services (IIS) servers to deploy a bespoke web shell framework. ReliaQuest has assessed with moderate to high confidence that the espionage-focused activity is linked to China. &quot;OP-512 was highly<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/thehackernews.com\/2026\/06\/only-10-of-socs-say-theyre-getting.html'>Only 10% of SOCs Say They\u2019re Getting Excellent Value From AI. Here\u2019s What the Second Wave Has to Deliver<\/a><\/div><time datetime=\"2026-06-05T13:20:00+00:00\" class=\"wp-block-rss__item-publish-date\">5 June 2026<\/time> <div class=\"wp-block-rss__item-excerpt\">Eighteen months ago, the AI SOC was a marketing line. Today it&#039;s a budget item. The category has crossed over from interesting to inevitable, with billions of dollars now flowing into AI-powered security operations platforms, agentic SOC tools, and AI co-pilots built into every layer of the security stack. The data shows SOCs are buying, [&hellip;]<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/thehackernews.com\/2026\/06\/hackers-exploit-critical-everest-forms.html'>Hackers Exploit Critical Everest Forms Pro WordPress Plugin Flaw to Take Over Sites<\/a><\/div><time datetime=\"2026-06-05T10:38:59+00:00\" class=\"wp-block-rss__item-publish-date\">5 June 2026<\/time> <div class=\"wp-block-rss__item-excerpt\">Threat actors are actively exploiting a critical security flaw in Everest Forms Pro, a WordPress plugin with about 4,000 active installations, to execute arbitrary code, leading to a complete site compromise. The vulnerability in question is CVE-2026-3300 (CVSS score: 9.8), a remote code execution bug impacting all versions of the plugin up to, and including, [&hellip;]<\/div><\/li><\/ul><\/div><\/div>\n\n\n\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-constrained wp-block-group-is-layout-constrained\">\n<h6 class=\"wp-block-heading\" style=\"font-size:16px\">\ud83d\udee0\ufe0f <strong>Microsoft Security Update Guide (Patch Tuesday &amp; autres mises \u00e0 jour)<\/strong><\/h6>\n\n\n\n<p class=\"wp-block-paragraph\" style=\"font-size:14px\">Ce flux liste les bulletins de s\u00e9curit\u00e9 (CVE, correctifs mensuels) publi\u00e9s par Microsoft. C\u2019est <em>la source officielle<\/em> pour les mises \u00e0 jour de s\u00e9curit\u00e9 Windows, Office, Azure, etc.<\/p>\n\n\n<ul class=\"has-dates has-excerpts rss-texte-perso wp-block-rss\"><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2026-33841'>CVE-2026-33841 Windows Kernel Elevation of Privilege Vulnerability<\/a><\/div><time datetime=\"2026-06-05T16:00:00+00:00\" class=\"wp-block-rss__item-publish-date\">5 June 2026<\/time> <div class=\"wp-block-rss__item-excerpt\">Updated an acknowledgement. This is an informational change only.<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2026-35433'>CVE-2026-35433 .NET Elevation of Privilege Vulnerability<\/a><\/div><time datetime=\"2026-06-05T16:00:00+00:00\" class=\"wp-block-rss__item-publish-date\">5 June 2026<\/time> <div class=\"wp-block-rss__item-excerpt\">This CVE was updated to fix the download link for .NET Framework 3.8 &amp; 4.81 for Windows 2025<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2026-32177'>CVE-2026-32177 .NET Elevation of Privilege Vulnerability<\/a><\/div><time datetime=\"2026-06-05T16:00:00+00:00\" class=\"wp-block-rss__item-publish-date\">5 June 2026<\/time> <div class=\"wp-block-rss__item-excerpt\">This CVE was updated to fix the download link for .NET Framework 3.8 &amp; 4.81 for Windows 2025<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2026-25680'>CVE-2026-25680 Invoking denial of service when parsing arbitrary HTML in golang.org\/x\/net\/html<\/a><\/div><time datetime=\"2026-06-05T10:41:37+00:00\" class=\"wp-block-rss__item-publish-date\">5 June 2026<\/time> <div class=\"wp-block-rss__item-excerpt\">Information published.<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2026-46598'>CVE-2026-46598 Invoking  pathological inputs can lead to client panic in golang.org\/x\/crypto\/ssh\/agent<\/a><\/div><time datetime=\"2026-06-05T10:41:29+00:00\" class=\"wp-block-rss__item-publish-date\">5 June 2026<\/time> <div class=\"wp-block-rss__item-excerpt\">Information published.<\/div><\/li><\/ul><\/div><\/div>\n","protected":false},"excerpt":{"rendered":"<p>\ud83d\udd10 Failles de s\u00e9curit\u00e9 et vuln\u00e9rabilit\u00e9s CERT-FR (Centre gouvernemental de veille, d\u2019alerte et de r\u00e9ponse aux attaques informatiques) Exploit Database (Offensive Security) \ud83d\udee1\ufe0f Attaques en cours et campagnes actives The Hacker News \ud83d\udee0\ufe0f Microsoft Security Update Guide (Patch Tuesday &amp; autres mises \u00e0 jour) Ce flux liste les bulletins de s\u00e9curit\u00e9 (CVE, correctifs mensuels) publi\u00e9s &#8230; <a title=\"Cyber News\" class=\"read-more\" href=\"https:\/\/synap-sys.fr\/en\/news\/\" aria-label=\"Read more about Cyber News\">Read more<\/a><\/p>","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-197","page","type-page","status-publish"],"_links":{"self":[{"href":"https:\/\/synap-sys.fr\/en\/wp-json\/wp\/v2\/pages\/197","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/synap-sys.fr\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/synap-sys.fr\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/synap-sys.fr\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/synap-sys.fr\/en\/wp-json\/wp\/v2\/comments?post=197"}],"version-history":[{"count":16,"href":"https:\/\/synap-sys.fr\/en\/wp-json\/wp\/v2\/pages\/197\/revisions"}],"predecessor-version":[{"id":355,"href":"https:\/\/synap-sys.fr\/en\/wp-json\/wp\/v2\/pages\/197\/revisions\/355"}],"wp:attachment":[{"href":"https:\/\/synap-sys.fr\/en\/wp-json\/wp\/v2\/media?parent=197"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}