La semaine dernière vous avez peut etre loupé :
🛡️ Kubescape : la plateforme de sécurité Kubernetes tout-en-un - 18/05/2026
Kubescape v3 centralise hardening, scan CVE, analyse RBAC, SBOM et monitoring continu dans un seul outil open-source ; découvrez pourquoi il s’impose comme le couteau suisse de la sécurité Kubernetes….
📜 Kyverno en 2026 : Policy-as-Code, CEL et intégration Sigstore - 20/05/2026
L’API v2, le CEL natif et Sigstore v2 transforment Kyverno en moteur de politiques de sécurité de premier plan ; voilà ce que l’état de l’art ressemble aujourd’hui….
🔑 K01 : Contrôles d’accès API non sécurisés - 22/05/2026
L’API Server reste la cible numéro un et en 2026, l’authentification anonyme et les tokens mal gérés continuent de tomber dans les mains des attaquants ; voici comment fermer ces portes….
⚠️ OWASP Top 10 Kubernetes en 2026 : état des risques et nouvelles mitigations - 22/05/2026
CEL, Sigstore, Gateway API, OpenTelemetry ; les menaces sur les clusters Kubernetes évoluent et les mitigations avec elles, faisons le point complet sur l’OWASP Kubernetes Top 10 mis à jour….
#DevSecOps #OWASP #CloudSecurityAlliance
Liste de liens interessants de la semaine
🔗 PyrsistenceSniper – Tool that Detects 117 Persistence Malware Techniques on Windows, Linux, and macOS PyrsistenceSniper is an advanced tool for detecting offline persistence, enabling cybersecurity analysts to identify 117 separate persistence mechanisms across Windows, Linux, and macOS platforms. Originally inspired by Autoruns and PersistenceSniper, this Python-based solution developed by Hexastri….
🔗 L’IA va-t-elle tuer nos métiers ? L’histoire dit non : Elle les transforme Arrêtons-nous une seconde sur le bruit ambiant. and quot;L’IA va remplacer les développeurs. and quot; and quot;Dans cinq ans, coder sera un métier obsolète. and quot; and quot;ChatGPT fait déjà le travail d’une équipe entière. and quot; Ces phrases, vous les avez lues, entendues, peut-être même pro….
🔗 Valid certificates, stolen accounts: how attackers broke npm’s last trust signal On May 19, 633 malicious npm package versions passed Sigstore provenance verification . They were cleared by the system because the attacker had generated valid signing certificates from a compromised maintainer account. Sigstore worked exactly as designed: it verified the package was built in a CI ….
🔗 Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer Cybersecurity researchers have flagged a fresh software supply chain attack campaign that has targeted multiple PHP packages belonging to Laravel-Lang to deliver a comprehensive credential-stealing framework. The affected packages include - laravel-lang/lang laravel-lang/http-statuses laravel-lang/a….
🔗 Nginx-poolslip Vulnerability Enables DoS and Code Execution Attacks — Patch Now! A newly disclosed flaw in one of the world’s most widely deployed web servers is forcing administrators into another emergency patch cycle. Tracked as CVE-2026-9256 and publicly nicknamed nginx-poolslip , the vulnerability affects both NGINX Plus and NGINX Open Source, and can be triggered by a remo….
🔗 Top 10 Best Static Application Security Testing (SAST) Tools for Security Teams in 2026 The complexity of modern software development requires security to be deeply embedded within the engineering pipeline rather than treated as an afterthought. Whether you are managing extensive front-end codebases or back-end API integrations, catching flaws before code is compiled is crucial. This p….
🔗 CVE-2026-9082: Drupal’s Highly Critical SQL Injection Flaw Is Already Under Active Attack Attackers began exploiting Drupal SQL injection flaw CVE-2026-9082 within 48 hours of patch release. Drupal issued a highly critical security patch on May 20 for CVE-2026-9082 , a SQL injection vulnerability that allows unauthenticated attackers to compromise sites running PostgreSQL databases. The ….
🔗 Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware A new “coordinated” supply chain attack campaign has impacted eight packages on Packagist including malicious code designed to run a Linux binary retrieved from a GitHub Releases URL. “Although the affected packages were all Composer packages, the malicious code was not added to composer.json,” Sock….
🔗 Week in review: GitHub breached via poisoned VS Code extension, critical NGINX flaw exploited Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: GitHub, Grafana Labs breaches traced back to TanStack supply chain compromise GitHub CISO Alexis Wales has named the malicious VS Code extension behind the breach they suffered at the hands of the threa….
🔗 Verizon DBIR: Healthcare Fends Off Increased Social Engineering Attacks Ransomware and vendor breaches persist. The “2026 Data Breach Investigations Report” (DBIR) highlights how evolving social engineering tactics make the sector more vulnerable….
🔗 Gemini allegedly broke production, then wrote itself the hero A developer claims Gemini broke a live portal, then generated recovery notes that overstated its role. The incident shows why AI coding agents need tighter permissions, review, and rollback controls….
🔗 We hardened zizmor’s GitHub Actions static analyzer In March 2026, attackers exploited a pull_request_target misconfiguration in the aquasecurity/trivy-action GitHub Action to exfiltrate organization and repository secrets, then used those credentials to backdoor LiteLLM on PyPI (see Trivy’s post-mortem for the full timeline). zizmor is a static anal….
🔗 Even Claude agrees: hole in its sandbox was real and dangerous Two now-patched bypass bugs in Claude Code’s network sandbox put users at risk, and one of these allows baddies to send anything inside the sandbox - credentials, source code, other private data - to any server on the internet, according to a researcher who found and reported both flaws to Anthropic….
🔗 Combatting the Top Three Sources of Risk in the Cloud With cloud computing, organizations are storing data like intellectual property, trade secrets, Personally Identifiable Information (PII), proprietary code and statistics, and other sensitive information in the cloud. If this data were to be accessed by malicious actors, it could incur financial los….
🔗 GitHub victime d’une cyberattaque : 3 800 répertoires internes compromis via une extension VS Code malveillante La plateforme de développement a confirmé avoir été la cible d’une exfiltration de donnée. L’origine de l’incident met en lumière l’installation d’une extension empoisonnée sur la place de marché officielle de Visual Studio Code….
🔗 Typosquatting Is No Longer a User Problem. It’s a Supply Chain Problem AI-generated lookalike domains are now embedded inside the third-party scripts running on your web properties. Here’s why your current stack can’t see them, and what detection actually requires. Download the CISO Expert Guide to Typosquatting in the AI Era → TL;DR Typosquatting is no longer a user p….
🔗 Mini Shai-Hulud Attack Hits npm Ecosystem, Compromising Over 600 Packages A large-scale supply chain attack targeting the npm ecosystem has resurfaced with a new variant of the Mini Shai-Hulud malware, compromising more than 600 packages and introducing advanced evasion techniques, including forged Sigstore provenance. The attack primarily targeted the widely used @antv e….
🔗 Single-Letter Go Module Typosquat Drops DNS-Based Backdoor A newly uncovered software supply chain attack targeting Go developers demonstrates how a single-character typo can silently introduce a persistent backdoor. A malicious Go module, github.com/shopsprint/decimal, designed to impersonate the widely trusted github.com/shopspring/decimal library used fo….
🔗 Hackers Exploit MSHTA to Deploy LummaStealer and Amatera Malware Hackers are increasingly abusing the legacy Microsoft HTML Application Host (MSHTA) utility to deliver commodity malware such as LummaStealer and Amatera. Despite being tied to Internet Explorer, which was retired in 2022, MSHTA remains default in Windows, making it an attractive Living-off-the-Land….
🔗 Projet Glasswing : ce que Mythos nous a révélé Ces derniers mois, nous avons testé toute une gamme de LLM (Large Language Models, grands modèles linguistiques) orientés sécurité sur notre propre infrastructure. Ces LLMs nous aident à identifier les vulnérabilités potentiellement présentes au sein de nos propres systèmes afin que nous puissions l….