sysadminmood

📲 Saviez-vous que dans iOS 27, Apple a prévu une liste de pays où le chiffrement des messages RCS (SMS) est interdit ? Chine 🇨🇳. Corée du Sud 🇰🇷. France 🇫🇷. Le reste du monde déploie l'E2EE, le chiffrement de bout en bout entre iPhone et Android. Une avancée majeure pour la confidentialité de vos SMS. En France, c'est bloqué. Les opérateurs sont prêts techniquement. Ce n'est pas un problème d'infrastructure. C'est un choix politique. Les raisons sont multiples, la France ayant toujours une longueur d'avance pour affaiblir votre sécurité et s'assurer de pouvoir garder un oeil sur vous. Mais l'une des pistes probables : La PNIJ - la Plateforme Nationale des Interceptions Judiciaires. Un outil qui permet à l'État d'accéder à vos communications. Le chiffrement de bout en bout sur ces millions d'échanges quotidiens lui couperait l'accès. Définitivement. Alors notre gouvernement fait tout pour que vous restiez exposés.

🚨 Ivanti, Fortinet, and SAP releases patches for critical flaws that could enable code execution, admin takeover, or data exposure. The worst one hits Ivanti Sentry, a CVSS 10.0 remote root-level RCE with no login needed. FortiSandbox got a 9.1 command injection fix, and SAP patched four critical bugs, including SAML identity tampering. Read: https://t.co/nAbhKKRAoP

A French engineer who lives quietly in Paris has spent 30 years writing software that the entire internet now runs on without knowing his name. He wrote the code that streams every YouTube video, every Netflix show, every TikTok clip. He wrote the code that runs the virtual servers underneath AWS, Google Cloud, and Microsoft Azure. He calculated more digits of pi than anyone in history. He has no Twitter. He has no marketing. He just keeps shipping. His name is Fabrice Bellard. Here is the story, because almost nobody outside the systems programming world knows what one man has built. Fabrice was born in 1972 in Grenoble, France. He studied at École Polytechnique, the top French engineering school. He never went to Silicon Valley. He never built a startup empire. He just wrote code. In 2000 he started a project called FFmpeg, an open-source multimedia framework for encoding, decoding, and streaming video. He was 28. The project did one thing nobody else had done well. It handled every video and audio format that existed, in one library, on every operating system. He led it himself for years. Today FFmpeg is the invisible engine of the internet. YouTube uses it. Netflix uses it. VLC uses it. Chrome and Firefox use parts of it. Every Android phone, every iPhone, every smart TV, every video editing tool you have ever touched runs FFmpeg somewhere underneath. If you have watched a video on a screen in the last 20 years, Fabrice's code processed it. He was not done. In 2003 he started QEMU, a machine emulator and virtualizer. He wrote it solo until version 0.7.1 in 2005. QEMU lets you run any operating system on any other operating system. It became the foundation of modern virtualization. KVM, the Linux kernel hypervisor, runs on top of QEMU. Every major cloud provider, AWS, Google Cloud, Microsoft Azure, IBM Cloud, runs virtual machines on infrastructure built around it. The Quick Emulator is the most cited piece of cloud infrastructure code on Earth. He kept going. In 2001 he won the International Obfuscated C Code Contest with a small C compiler that grew into TCC, the Tiny C Compiler. TCC can compile and boot a Linux kernel from source in under 15 seconds. In 2004 he calculated the most digits of pi ever computed at the time, using a personal desktop computer and an algorithm he derived himself called Bellard's formula. In 2011 he wrote a complete PC emulator in pure JavaScript that runs Linux in your browser, a project called JSLinux that engineers still cannot believe is real. In 2019 he released QuickJS, a small but complete JavaScript engine that fits where V8 cannot. In 2021 he released NNCP, a neural network based lossless data compressor that immediately took the lead on the Large Text Compression Benchmark. Then he turned his attention to large language models. He built TextSynth Server, a web server with a REST API for running LLMs locally. He released ts_zip and ts_sms, compression utilities that use language models to compress text and short messages at ratios traditional algorithms cannot reach. He released TSAC, a very low bitrate audio compression system. In December 2025 he released Micro QuickJS, a new JavaScript engine for microcontrollers, separate from QuickJS, designed for environments with almost no memory. Fabrice co-founded a telecom company called Amarisoft in 2012, where he serves as CTO. Amarisoft builds 4G and 5G base station software used by carriers and labs around the world. He has been running it for over a decade while continuing to ship personal projects from his own home page at bellard dot org He has no Twitter. He has no Instagram. He gives almost no interviews. His personal website is a flat list of projects with no styling, no fonts, no marketing copy. Just titles and links. A quiet French engineer who never moved to Silicon Valley wrote the code that quietly runs the internet. He is still shipping.

❗️ UPDATE on today's npm supply-chain attack: • Per Socket Security: 121 more compromised package artifacts found across 84 additional package names. 64 of them are UiPath artifacts. • Combined with the earlier TanStack hits, the current known total is 205 affected npm package artifacts. • Reach now spans enterprise automation, AI/MCP, auth, workflow, and dev tooling. The worm is still propagating.

Lecornu parle de "casse du siècle" sur le piratage de l'ANTS. Sauf que c'est un casse de TP étudiant. Une faille de 2007. Avec 200 millions d'euros d'effet d'annonce par-dessus. Le 15 avril 2026, deux choses se sont passées. À Bruxelles, Ursula von der Leyen présente l'app européenne de vérification d'âge. "Techniquement prête". "Normes les plus élevées au monde" pour la vie privée. À Paris, le même jour, l'ANTS détecte une intrusion massive. 11,7 millions de Français. 24h plus tard, le consultant Paul Moore poste la démo du hack de l'app d'Ursula. Moins de 2 minutes. Sur Android. Sans outil spécialisé. Une édition de fichier de configuration. Petit disclaimer. Je m'exprime peu sur l'actualité cyber sur twitter. J'ai 6 mandats en cours. Pas de chaîne YouTube à nourrir. Pas de newsletter à promouvoir. Et zéro CVE recyclée en thread alarmiste cette semaine. Donc oui, j'arrive après les 800 premiers "ENFIN UN EXPERT OSE PARLER". Sans emoji feu. Sans hot take. Mais le dossier est trop bien aligné pour le laisser aux threads-alerte. L'ANTS, c'est quoi ? Le portail unique pour ta carte d'identité, ton passeport, ton permis, ta carte grise. Le socle de ton identité administrative. Date de naissance, lieu de naissance, nom de naissance. Une fois dehors, c'est dehors pour toujours. La cause technique tient en quatre lettres. IDOR. Insecure Direct Object Reference. Sans jargon : tu modifies un chiffre dans une URL, le serveur te renvoie le dossier d'un autre citoyen. Pas de zero-day. Pas de génie criminel. Le pirate (15 ans, interpellé) a qualifié la faille de "vraiment stupide". Il a raison. Cette faille IDOR figure dans le top 10 OWASP depuis 2007. L'iPhone venait de sortir. Dix-neuf ans dans tous les manuels. Analogie pompiers. Tu n'attends pas que ta maison brûle pour appeler les pompiers. Tu installes les détecteurs AVANT. L'État français a fait l'inverse. Il a payé sa caserne (l'ANSSI). Il a financé son portail (315M€ de budget ANTS). Il découvre, le jour où ça brûle, que les détecteurs n'avaient jamais été branchés. Réponse politique : 200 millions d'euros pour acheter de nouveaux détecteurs. Sauf que les anciens étaient déjà budgétés. Le moment où ça devient gênant. Si tu es une PME qui laisse fuiter des données ? Jusqu'à 4% du CA mondial d'amende CNIL. 500M€ d'amendes prononcées en 2025. L'ANTS, agence d'État qui gère tes papiers ? Pas de MFA côté dev. Pas de détection des aspirations massives. DMARC en mode "p=none" depuis juillet 2019. Sept ans sans politique anti-spoofing sur un domaine .gouv.fr. L'État sanctionne les autres. Et laisse une faille de première année sur son propre portail. La paille dans l'œil du voisin. La poutre dans le tien. Maintenant, l'alignement du 15 avril. Pendant que l'ANTS s'effondre sur une faille de 2007, on annonce à 450 millions d'Européens qu'ils vont devoir scanner leur carte d'identité pour accéder à Twitch. Promesse : "normes les plus élevées au monde". 24h plus tard : app piratée en 2 minutes. Le pattern qu'il faut nommer. → Back doors dans les messageries chiffrées → Chatcontrol et scan automatisé des messages privés → Carte d'identité pour les sites adultes (déjà en vigueur) → Carte d'identité pour les réseaux sociaux (l'app hackée) Le motif est toujours le même. "Donne-nous tes données pour ta sécurité." Confiées à des acteurs publics qui n'arrivent pas à fermer un IDOR. Le problème, ce n'est pas l'enveloppe. L'État met déjà 700M€ à 1Md€ par an dans le cyber. L'ANTS avait 315M€ de budget propre en 2026. Le problème, c'est la discipline d'exécution. Et ça, personne ne l'achète avec un chèque annoncé en pleine crise. La cybersécurité n'est pas une arrière-pensée. Ça se planifie EN AMONT. Avant le code. Avant la mise en prod. Avant qu'on demande à 450 millions d'Européens de scanner leur identité pour aller sur Twitch. Tant qu'on traite la cyber comme une réaction à l'incident, on signera tous les chèques de 200 millions du monde sans corriger l'écart. Et on aura, tous les six mois, un nouveau "casse du siècle". La faille de l'ANTS est de 2007. La discipline d'exécution qui aurait dû la corriger, on l'attend depuis aussi longtemps.

‼️🚨 BREAKING: An AI found a Linux kernel zero-day that roots every distribution since 2017. The exploit fits in 732 bytes of Python. Patch your kernel ASAP. The vulnerability is CVE-2026-31431, nicknamed "Copy Fail," disclosed today by Theori. It has been sitting quietly in the Linux kernel for nine years. Most Linux privilege-escalation bugs are picky. They need a precise timing window (a "race"), or specific kernel addresses leaked from somewhere, or careful tuning per distribution. Copy Fail needs none of that. It is a straight-line logic mistake that works on the first try, every time, on every mainstream Linux box. The attacker just needs a normal user account on the machine. From there, the script asks the kernel to do some encryption work, abuses how that work is wired up, and ends up writing 4 bytes into a memory area called the "page cache" (Linux's high-speed copy of files in RAM). Those 4 bytes can be aimed at any program the system trusts, like /usr/bin/su, the shortcut to becoming root. Result: the next time anyone runs that program, it lets the attacker in as root. What should worry most: the corruption never touches the file on disk. It only exists in Linux's in-memory copy of that file. If you imaged the hard drive afterwards, the on-disk file would match the official package hash exactly. Reboot the machine, or just put it under memory pressure (any normal system load that needs the RAM), and the cached copy reloads fresh from disk. Containers do not help either. The page cache is shared across the whole host, so a process inside a container can use this bug to compromise the underlying server and reach into other tenants. The original sin was a 2017 "in-place optimization" in a kernel crypto module called algif_aead. It was meant to make encryption slightly faster. The change broke a critical safety assumption, and nobody noticed for nine years. That bug then rode every kernel update from 2017 to today. This vulnerability affects the following: 🔴 Shared servers (dev boxes, jump hosts, build servers): any user becomes root 🔴 Kubernetes and container clusters: one compromised pod escapes to the host 🔴 CI runners (GitHub Actions, GitLab, Jenkins): a malicious pull request becomes root on the runner 🔴 Cloud platforms running user code (notebooks, agent sandboxes, serverless functions): a tenant becomes host root Timeline: 🔴 March 23, 2026: reported to the Linux kernel security team 🔴 April 1: patch committed to mainline (commit a664bf3d603d) 🔴 April 22: CVE assigned 🔴 April 29: public disclosure Mitigation: update your kernel to a build that includes mainline commit a664bf3d603d. If you cannot patch immediately, turn off the vulnerable module: echo "install algif_aead /bin/false" > /etc/modprobe.d/disable-algif.conf rmmod algif_aead 2>/dev/null || true For environments that run untrusted code (containers, sandboxes, CI runners), block access to the kernel's AF_ALG crypto interface entirely, even after patching. Almost nothing legitimate needs it, and blocking it shuts the door on this whole class of bug...

📢🚨 15 ans à créer de l'emploi, à payer des CHARGES monstrueuses, à nourrir l'URSSAF, la CIPAV, la CFE, et toutes les caisses que l'État a inventées pour te ponctionner. Et quand ton entreprise ferme ? ZÉRO. Rien. Nada. France Travail te regarde avec des yeux vides et te dit que t'as pas droit au chômage. Toi, le mec qui a payé des centaines de milliers d'euros de cotisations en 15 ans. Le système français c'est simple : tu es salarié, on te PROTÈGE. Tu es entrepreneur, on te SAIGNE et quand tu tombes, on t'enjambe.

Ça se passe en Allemagne dans une école privée Steiner mais il ne faudra pas longtemps avant que ce type de dinguerie soit la norme dans cette immonde saloperie d'Union européenne dont c'est l'idéologie dominante. Et on pourra compter sur les enseignants français, un ramassis de lâches (avec quelques rares exceptions) et de tarés gôchistes pour approuver ces délires.

Someone just poisoned the Python package that manages AI API keys for NASA, Netflix, Stripe, and NVIDIA.. 97 million downloads a month.. and a simple pip install was enough to steal everything on your machine. The attacker picked the one package whose entire job is holding every AI credential in the organization in one place. OpenAI keys, Anthropic keys, Google keys, Amazon keys… all routed through one proxy. All compromised at once. The poisoned version was published straight to PyPI.. no code on GitHub.. no release tag.. no review. Just a file that Python runs automatically on startup. You didn’t need to import it. You didn’t need to call it. The malware fired the second the package existed on your machine. The attacker vibe coded it… the malware was so sloppy it crashed computers.. used so much RAM a developer noticed their machine dying and investigated. They found LiteLLM had been pulled in through a Cursor MCP plugin they didn’t even know they had. That crash is the only reason thousands of companies aren’t fully exfiltrated right now. If the code had been cleaner nobody notices for weeks. Maybe months. The attack chain is the part that gets worse every sentence. TeamPCP compromised Trivy first. A security scanning tool. On March 19. LiteLLM used Trivy in its own CI pipeline… so the credentials stolen from the SECURITY product were used to hijack the AI product that holds all your other credentials. Then they hit GitHub Actions. Then Docker Hub. Then npm. Then Open VSX. Five package ecosystems in two weeks. Each breach giving them the credentials to unlock the next one. The payload was three stages.. harvest every SSH key, cloud token, Kubernetes secret, crypto wallet, and .env file on the machine.. deploy privileged containers across every node in the cluster.. install a persistent backdoor waiting for new instructions. TeamPCP posted on Telegram after: “Many of your favourite security tools and open-source projects will be targeted in the months to come.. stay tuned.” Every AI agent, copilot, and internal tool your company shipped this year runs on hundreds of packages exactly like this one… nobody chose to install LiteLLM on that developer’s machine. It came in as a dependency of a dependency of a plugin. One compromised maintainer account turned the entire trust chain into a credential harvesting operation across thousands of production environments in hours. The companies deploying AI the fastest right now have the least visibility into what’s underneath it.

🚨 New phishing kits are beating MFA Researchers found 4 new phishing tools stealing logins at scale. What’s different: • Fake sites look real • One steals MFA codes live • One hides attacks in the page • One uses AI to write phishing emails ⚠️ Victims log in, pass MFA, and never know they were hacked. 🔗 Read: https://t.co/bUkmalDT2Q

⚠️ Hackers are hiding malware in normal websites. A new attack called JS#SMUGGLER plants code that quietly runs PowerShell through mshta.exe to install NetSupport RAT — giving attackers full control of your computer. It even checks your device type to avoid being caught. 🔗 Read ↓ https://t.co/Ztk0OwDM51