Micro-pilules d'information pour prévenir les fraudes ou agir après les avoir subies
Dernières alertes d'organismes officiels et de sources vérifiées sur les fraudes, la cybersécurité et les risques émergents.
Recevez toutes les fiches de fraude et nouveautés dans votre lecteur RSS, sans algorithme ni publicité.
https://scam-alert.org/fr/rss.xml Compatible avec Feedly, Inoreader, NetNewsWire, Reeder et tout lecteur RSS.
Qu'est-ce que RSS ?
Standard ouvert pour recevoir les mises à jour de sites dans une application, sans créer de compte ni voir de publicité.
Web infrastructure provider Vercel has disclosed a security breach that allows bad actors to gain unauthorized access to "certain" internal Vercel systems. The incident stemmed from the compromise of Context.ai, a third-party artificial intelligence (AI) tool, that was used by an employee at the company. "The attacker
Lire la suite →(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Lire la suite →Los mediadores francoalemanes no han logrado acuerdo entre Dassault y Airbus, según ‘Handelsblatt’. El canciller alemán se reunirá con Macron el jueves en Chipre y antes de esa cita debe resolver si mantiene a Berlín dentro del mayor programa militar europeo del siglo.
Lire la suite →Cloud development platform Vercel has disclosed a security incident after threat actors claimed to have breached its systems and are attempting to sell stolen data. [...]
Lire la suite →Apple account change notifications are being abused to send fake iPhone purchase phishing scams within legitimate emails sent from Apple's servers, increasing legitimacy and potentially allowing them to bypass spam filters. [...]
Lire la suite →The National Institute of Standards and Technology will stop assigning severity scores to lower-priority vulnerabilities due to the growing workload from rising submission volumes. [...]
Lire la suite →El liderazgo implica control y responsabilidad. En el caso de Sánchez, su perfil autocrático hace axiomático que conociera lo que ocurría bajo su mando.
Lire la suite →Las notificaciones fantasma son señales de una vida conectada en exceso.
Lire la suite →El Instituto Nacional de Estándares y Tecnología (NIST) seguirá añadiendo CVE, pero ha comunicado que únicamente actualizará los detalles de aquellas fallas que cumplan ciertos criterios.
Lire la suite →En un mensaje difundido en redes sociales, Zelenski ha expresado que, "tenemos mucha cooperación con Suecia y estamos listos para expandir nuestra fuerza aérea gracias al Gripen".
Lire la suite →Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used JavaScript implementation of Google's Protocol Buffers. [...]
Lire la suite →Microsoft is warning that a recent Microsoft Edge browser update introduced a bug that breaks right-click paste in chats in the Microsoft Teams desktop client. [...]
Lire la suite →In 2024, compromised service accounts and forgotten API keys were behind 68% of cloud breaches. Not phishing. Not weak passwords. Unmanaged non-human identities that nobody was watching. For every employee in your org, there are 40 to 50 automated credentials: service accounts, API tokens, AI agent connections, and OAu
Lire la suite →Grinex, a Kyrgyzstan-incorporated cryptocurrency exchange sanctioned by the U.K. and the U.S. last year, said it's suspending operations after it blamed Western intelligence agencies for a $13.74 million hack. The exchange said it fell victim to what it described as a large-scale cyber attack that bore hallmarks of for
Lire la suite →Threat actors are exploiting security flaws in TBK DVR and end‑of‑life (EoL) TP-Link Wi-Fi routers to deploy Mirai-botnet variants on compromised devices, according to findings from Fortinet FortiGuard Labs and Palo Alto Networks Unit 42. The attack targeting TBK DVR devices has been found to exploit CVE-2024-3721 (CVS
Lire la suite →Industry and ad hoc coalitions appear poised to help fill the gap created by NIST's decision to cut back on CVE data enrichment.
Lire la suite →In embracing device code phishing, attackers trick victims into handing over account access by using a service's legitimate new-device login flow.
Lire la suite →More than 18 months after a ransomware attack disrupted care at hospitals in South East London, documents show at least one NHS trust is still working without fully restored systems and managing large backlogs of delayed test results.
Lire la suite →More than 20 countries participated in a coordinated takedown of platforms selling cheap access to distributed denial-of-service (DDoS) attacks.
Lire la suite →AI's danger isn't that it's creating new bugs, it's that it's amplifying old ones.
Lire la suite →The intrusions exploited vulnerabilities in the open-source Roundcube webmail platform that allow attackers to execute malicious code when a victim simply opens an email in their inbox.
Lire la suite →Huntress is warning that threat actors are exploiting three recently disclosed security flaws in Microsoft Defender to gain elevated privileges in compromised systems. The activity involves the exploitation of three vulnerabilities that are codenamed BlueHammer (requires GitHub sign-in), RedSun, and UnDefend, all of wh
Lire la suite →The House passed stopgap legislation to extend a warrantless government surveillance power for 10 days, following a failed lobbying campaign by the Trump administration.
Lire la suite →The Maritime Transportation Security Act (MTSA) requires plans to protect OT systems, audits by independent third parties, and a hybrid OT-security role.
Lire la suite →(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Lire la suite →Introduction
Lire la suite →The National Institute of Standards and Technology carved a new path for vulnerability remediation by changing the way it prioritizes software flaws.
Lire la suite →[This is a Guest Diary by Alec Jaffe, an ISC intern as part of the SANS.edu Bachelor&#;39;s Degree in Applied Cybersecurity (BACS) program [1].
Lire la suite →The DOJ said Kejia Wang, 42, was sentenced to nine years in prison and Zhenxing Wang, 39, was given a nearly eight-year sentence for an operation that generated more than $5 million for the government of North Korea.
Lire la suite →Crosss-Site Scripting en la integración de jQuery de Drupal Jue, 16/04/2026 - 14:05 Aviso Recursos Afectados Drupal core en las versiones comprendidas entre : 8.0.0 y 10.5.9, esta última sin incluir; 10.6.0 y 10.6.7, esta última sin incluir; 11.0.0 y 11.2.11, esta última sin incluir; 11.3.0 y 11.3.7, esta última sin in
Lire la suite →Múltiples vulnerabilidades en varios productos de Cisco Jue, 16/04/2026 - 10:05 Aviso Recursos Afectados Cisco Webex Services, basados en la nube y que hayan sido configurados para emplear integración SSO con Control Hub. Cisco Identity Services Engine (ISE) y Cisco ISE Passive Identity Connector (ISE-PIC), independien
Lire la suite →A Michigan resident has been sentenced for defrauding a public pension system by unlawfully collecting retirement benefits after the death of a family member, prosecutors announced. According to the Michigan Attorney General’s Office, the defendant concealed the pension recipient’s death for years, allowing monthly ben
Lire la suite →(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Lire la suite →Actualizaciones de seguridad de Microsoft de abril de 2026 Mié, 15/04/2026 - 23:00 Aviso Recursos Afectados .NET .NET Framework .NET and Visual Studio .NET, .NET Framework, Visual Studio Applocker Filter Driver (applockerfltr.sys) Azure Logic Apps Azure Monitor Agent Desktop Window Manager Function Discovery Service (f
Lire la suite →The report contains industrial threat statistics for Q4 2025. It covers various infection vectors and malware types, as well as regional statistics and statistics by industry.
Lire la suite →Múltiples vulnerabilidades en Identity Exposure de Tenable Mié, 15/04/2026 - 10:02 Aviso Recursos Afectados Tenable Identity Exposure, versión 3.77.16 y anteriores. Descripción Tenable ha publicado un aviso donde informa de 19 vulnerabilidades, 1 de severidad crítica, 10 altas, 6 medias y 3 bajas. En caso de ser explot
Lire la suite →Múltiples vulnerabilidades en FortiSandbox Mié, 15/04/2026 - 09:43 Aviso Recursos Afectados FortiSandbox 4.4, desde la versión 4.4.0 hasta la 4.4.8. Solo para la vulnerabilidad CVE-2026-39813 también se ve afectado: FortiSandbox 5.0, desde la versión 5.0.0 hasta la 5.0.5. Descripción Samuel de Lucas Maroto de KPMG Spai
Lire la suite →Microsoft today pushed software updates to fix a staggering 167 security vulnerabilities in its Windows operating systems and related software, including a SharePoint Server zero-day and a publicly disclosed weakness in Windows Defender dubbed "BlueHammer." Separately, Google Chrome fixed its fourth zero-day of 2026, a
Lire la suite →An Oklahoma-based medical clinic owner has been charged for allegedly orchestrating a Medicare fraud scheme that prosecutors say generated millions of dollars in improper reimbursements by exploiting billing codes rather than providing legitimate care. According to the U.S. Attorney’s Office for the Northern District o
Lire la suite →Kaspersky GReAT experts describe the latest JanelaRAT campaign detailing infection chain and malware functionality updates.
Lire la suite →Threat actors are distributing a Trojan disguised as Proxifier software; through a multi-stage infection chain, it delivers ClipBanker – malware that replaces cryptocurrency wallet addresses in the clipboard.
Lire la suite →Pennsylvania authorities have charged multiple individuals in a Supplemental Nutrition Assistance Program (SNAP) fraud scheme that used falsified household information and identity manipulation to obtain benefits for ineligible recipients. According to the Pennsylvania Attorney General’s Office and the U.S. Department
Lire la suite →In this report, Kaspersky experts share their insights into the 2025 financial threat landscape, including regional statistics and trends in phishing, PC malware, and infostealers.
Lire la suite →Hackers linked to Russia's military intelligence units are using known flaws in older Internet routers to mass harvest authentication tokens from Microsoft Office users, security experts warned today. The spying campaign allowed state-backed Russian hackers to quietly siphon authentication tokens from users on more tha
Lire la suite →Arizona officials have uncovered a large‑scale income tax fraud scheme that leveraged stolen identities, falsified employment records, and sophisticated digital filing tactics to divert millions in fraudulent refunds. According to the Arizona Department of Revenue (ADOR) and the IRS Criminal Investigation Division (IRS
Lire la suite →An elusive hacker who went by the handle "UNKN" and ran the early Russian ransomware groups GandCrab and REvil now has a name and a face. Authorities in Germany say 31-year-old Russian Daniil Maksimovich Shchukin headed both cybercrime gangs and helped carry out at least 130 acts of computer sabotage and extortion agai
Lire la suite →A Texas healthcare provider has agreed to a multimillion‑dollar settlement following allegations that it submitted fraudulent claims to Medicaid for services that were never rendered. According to the Texas Office of the Attorney General and the U.S. Department of Health and Human Services Office of Inspector General (
Lire la suite →Kaspersky researchers analyze a new CrystalX RAT distributed as MaaS and featuring extensive spyware, stealer, and prankware capabilities.
Lire la suite →A financially motivated data theft and extortion group is attempting to inject itself into the Iran war, unleashing a worm that spreads through poorly secured cloud services and wipes data on infected systems that use Iran's time zone or have Farsi set as the default language.
Lire la suite →The U.S. Justice Department joined authorities in Canada and Germany in dismantling the online infrastructure behind four highly disruptive botnets that compromised more than three million hacked Internet of Things (IoT) devices, such as routers and web cameras. The feds say the four botnets -- named Aisuru, Kimwolf, J
Lire la suite →Sources RSS externes dont le portail agrège les informations :
Avisos y alertas tempranas de INCIBE-CERT sobre vulnerabilidades, incidentes y riesgos relevantes.
Repositorio de vulnerabilidades y publicaciones coordinadas por INCIBE-CERT.
Organismo supranacional relevante para operaciones y comunicados sobre fraude y cibercrimen en Europa.
Publicación especializada en esquemas de fraude, investigación y respuesta institucional.
Análisis de fraude corporativo, compliance y prevención.
Comentarios y análisis especializados sobre fraude, escándalos y casos judiciales.
Blog de investigación sobre cibercrimen y seguridad, muy útil para contexto de fraude, brechas y amenazas.
Medio especializado en malware, incidentes, fraude tecnológico y noticias urgentes de ciberseguridad.
Medio global muy activo en ciberseguridad, incidentes, explotación y phishing.
Medio editorial de ESET con contenidos de estafas, campañas y seguridad en español.
Medio de referencia en ciberseguridad y threat intelligence.
Cobertura periodística de ciberseguridad, ciberdelito y operaciones estatales.
Fuente técnica de amenazas, indicadores, campañas y actividad maliciosa observada.
Investigación de amenazas de Kaspersky, útil para campañas, APT, fraude y malware.
Noticias y análisis de operaciones de seguridad, campañas y técnicas de ataque.
Medio en español sobre seguridad, ciberseguridad y tecnología, útil para noticias locales y regionales.
Une fois par mois : les arnaques les plus actives, nouveaux guides et ressources. Sans spam.
Sans spam. Désinscription à tout moment.