C'est bien vous @AuroreLalucq qui m'avez bloqué quand j'essayais de vous empêcher de saborder l'Europe ?
C'est bien vous qui vouliez interdire la propriété privée dans le monde numérique ?
C'est bien vous qui qualifiez de fasciste ceux qui parlaient de souveraineté numérique ?
Le cookie est mort alors ils ont cuisinés une nouvelle merde pour vous traquer 👉
Utiq, c'est un système de tracking qui n'a pas besoin de cookie. Il utilise votre opérateur télécom.
Le site que vous visitez transmet votre IP à Utiq. Utiq la transmet à Orange, SFR ou Bouygues. Votre opérateur crée un identifiant lié à votre numéro de téléphone. Et cet identifiant vous suit sur tous les sites partenaires.
Vider votre cache ne change rien. La navigation privée non plus. C'est cross-plateforme. Votre IP = votre identifiant publicitaire. Formidable.
Derrière Utiq, on trouve Deutsche Telekom, Orange, Telefónica et Vodafone. Les opérateurs qui transportent vos données depuis 20 ans viennent de décider qu'ils allaient aussi les monétiser.
C'est présenté comme une alternative "éthique et européenne" aux GAFAM. 😂
Vous échangez Google contre votre opérateur télécom. Qui connaît votre numéro de téléphone, votre adresse, et tout votre trafic réseau.
Cliquez sur Rejeter.
👉 Point important à comprendre sur les VPN auto-hébergés sur VPS avec Amnezia, dont parle ce guide.
✅Efficace contre la censure ou un éventuel blocage des VPN commerciaux
❌Pas "d'anonymat". La traçabilité est très simple.
Ce qu'il faut intégrer avant de se lancer :
➡️ Les logs système Ubuntu sont actifs par défaut. Toutes les connexions et événements réseau sont enregistrés.
➡️ L'hébergeur, Hetzner, Infomaniak, OVH, a accès aux flux IP entrants et sortants de votre serveur. Vous ne contrôlez pas ça. Tout est conservé plusieurs jours.
Votre IP de sortie est l'IP de votre serveur VPS. Et comme vous êtes le seul à l'utiliser, une simple réquisition à l'hébergeur suffit à récupérer toutes vos connexions et vos informations de souscription.
Vous pouvez désactiver ou minifier les logs système. Anonymiser les IPs dans les logs Nginx ou Caddy si vous faites tourner d'autres services. Ça réduit la surface, ça ne l'élimine pas.
Souveraineté sur votre connexion, au top. Mais traçabilité encore plus directe qu'avec un VPN commercial sérieux.
🇫🇷 A threat actor is advertising the sale of an alleged “100K French Binance Leads 2026” dataset on an underground forum.
According to the listing, the dataset allegedly contains:
• Phone numbers
• Names
• Email addresses
• Physical addresses
• User/account status indicators
The seller claims:
• 100,000 rows of data
• “Fresh accounts” verified via a checker/status system
While the authenticity of the dataset remains unverified, listings targeting cryptocurrency platform users continue to represent a major risk category across underground ecosystems.
Even without passwords or wallet keys, datasets containing:
• Contact details
• User profiling data
• Status/activity indicators
can be highly valuable for:
• Phishing campaigns
• SIM swapping operations
• Crypto investment scams
• Identity theft
• Account takeover attempts
• Social engineering attacks
Threat actors increasingly market “crypto leads” rather than traditional dumps because they allow attackers to:
• Identify likely cryptocurrency holders
• Prioritize higher-value targets
• Build tailored fraud campaigns
• Conduct credential stuffing against related services
The inclusion of:
• Status information
• Checker-verified accounts
may indicate attempts to separate active users from inactive or invalid records, increasing the operational value for cybercriminals.
France has seen a growing number of:
• Crypto-focused fraud campaigns
• Exchange impersonation attacks
• SMS phishing targeting Binance users
• Wallet-draining social engineering operations
Users of cryptocurrency platforms should:
• Enable MFA using authenticator apps or hardware keys
• Avoid SMS-based authentication where possible
• Monitor for phishing emails and fake Binance notifications
• Never share recovery phrases or wallet credentials
• Use unique passwords across all financial services
At this stage, there is no confirmation that the data originated from Binance itself. In many cases, underground “lead” datasets are aggregated from:
• Third-party services
• Affiliate platforms
• Marketing databases
• Previous credential leaks
• Scraped public information
The claims remain unverified.
🇫🇷 #DDW #Intelligence #France #Binance #Crypto #CyberSecurity #DarkWeb #ThreatIntelligence #DataLeak #Infosec
🔴 TU FAIS "PIP INSTALL" LES YEUX FERMÉS. UN WORM A INFECTÉ 170 PACKAGES EN UNE NUIT. 💀
Le 11 mai à 19h20, un groupe de hackers a lancé l'une des plus grosses attaques supply chain de 2026.
En 6 minutes, 84 versions vérolées publiées sur 42 packages TanStack - une librairie téléchargée 12 millions de fois par semaine par des développeurs du monde entier.
Puis le worm s'est propagé.
Mistral AI. UiPath. OpenSearch. Guardrails AI. 🤒
170 packages compromis, 404 versions malveillantes, NPM et PyPi touchés en même temps - du jamais vu. 🔥
⚡ Comment ils ont fait :
Personne n'a volé de mot de passe, personne n'a hacké un compte.
L'attaquant a utilisé le système de publication officiel de TanStack pour publier du malware.
Imagine que quelqu'un glisse un colis piégé sur le tapis roulant de La Poste, avec un vrai bordereau, un vrai code-barres, un vrai tampon, le colis passe tous les contrôles parce qu'il a l'air 100% légitime, sauf qu'il explose à l'ouverture.
C'est exactement ce qui s'est passé.
Première fois dans l'histoire qu'un malware porte un certificat de sécurité valide. 🤡
💣 Ce que le malware faisait :
→ Vol de tes mots de passe, tokens d'accès, clés cloud (AWS, GitHub, etc.)
→ Ciblage de tes gestionnaires de mots de passe (1Password, Bitwarden)
→ Auto-propagation - il utilisait tes propres accès pour infecter d'autres packages automatiquement
→ Sur les machines en hébreu ou farsi : tentative de suppression de TOUS les fichiers + lecture d'un MP3 à fond
→ Vérification de la langue système pour éviter d'infecter les utilisateurs russes 👀
Le package Python de Mistral AI (mistralai==2.4.6) était le plus vicieux : dès que tu importais la librairie dans ton code, il téléchargeait un programme espion en arrière-plan.
Sans rien te demander. Sans rien afficher.
Le package vérolé est resté disponible pendant 3 heures.
🔍 Et c'est peut-être pas fini :
Selon plusieurs sources, 5 Go de données internes de Mistral seraient actuellement en vente sur des forums underground pour $25 000.
Dashboards, projets internes, systèmes d'IA.
Mistral n'a PAS confirmé cette fuite massive - pour l'instant, mais l'attaque supply chain, elle, est confirmée officiellement.
Et c'est là que ça fait réfléchir : compromettre une solution d'IA, c'est pas juste compromettre un logiciel. C'est compromettre toutes les données que l'IA traite.
Tous les documents, toutes les conversations, tous les fichiers que les entreprises lui confient.
🛡 Ce que ça change pour toi :
Chaque app que tu utilises est construite avec des centaines de ces packages.
Ton app bancaire, ton VPN, ton gestionnaire de mots de passe.
Un seul package compromis dans la chaîne et c'est tout l'immeuble qui s'effondre.
La souveraineté numérique, c'est pas juste tes Bitcoin. C'est savoir ce qui tourne sur ta propre machine. Et là, des millions de devs ne savaient pas. 🔐
🛡 Comment te protéger :
→ Ne mets jamais à jour un package le jour de sa sortie - attends 24-48h, le temps que la communauté détecte les problèmes
→ Vérifie toujours quelle version tu installes avant de lancer la commande
→ Si tu penses avoir installé une version touchée : change TOUS tes mots de passe, tes tokens, tes clés. Tout. Considère ta machine comme compromise.
→ Et surtout : lis ce que tu installes.
Un pip install c'est comme donner les clés de ta maison à un inconnu.
#InfoSec #SupplyChain #LAB312 #RTFM
A new VPN leak that allows any app to leak traffic outside the VPN tunnel has recently been discovered by @cybaqkebm
Read more here: https://t.co/K9bxtiGHbw
🚨 CYBERINTEL ALERT: ALLEGED IDOR VULNERABILITY IN LEDGER PAYMENT GATEWAY 🇫🇷💳🔐 [STATUS: UNCONFIRMED / CRYPTO PAYMENT DATA EXPOSURE]
VECERT Intelligence has detected posts made by the threat actor "xorcat," in which they claim to have identified an alleged IDOR (Insecure Direct Object Reference) vulnerability within infrastructure associated with Ledger. The actor asserts that this flaw would allow unauthorized access to customer information and recent payment details related to Ledger devices.
🏢 Allegedly Affected Entity: Ledger.
👤 Threat Actor: xorcat.
📂 Allegedly Compromised Assets:
Customer Information: Names, physical addresses, phone numbers, and email addresses associated with purchase orders.
Payment and Shipping Data: References to shipping statuses and products related to Ledger Nano devices.
Access via IDOR: The actor claims that the vulnerability would allow for the enumeration and extraction of records without proper authorization.
Exploitation Scripts: Publication of alleged scripts designed to automate the mass extraction of information.
📅 Report Date: May 10, 2026.
📊 Technical Analysis of Evidence (VECERT Intelligence)
The published evidence suggests a potential exposure scenario linked to insecure access controls:
Possible IDOR Vulnerability: The information displayed aligns with typical patterns of object enumeration or exposed internal references.
Risk of Crypto Customer Exposure: The correlation between personal data and hardware wallet purchases heightens the risk of physical targeting and spear-phishing.
Commercialization of Exploits: The actor claims to be selling exclusive access and extraction tools, which could facilitate exploitation by third parties.
⚠️ Risk Implications
Threat to Hardware Wallet Users: The exposure of information associated with physical wallet owners could facilitate targeted campaigns and extortion attempts.
Social Engineering Risk: The leaked data could be utilized for phishing attacks related to Ledger and for the fraudulent recovery of assets. Exploitation Persistence: The availability of automated scripts increases the risk of continued abuse should the vulnerability exist.
🛡️ Cyber Defense Recommendations
🔒 Access Control Auditing: Review the validation of direct objects and internal references exposed within APIs and payment gateways.
⚙️ Enumeration Monitoring: Detect anomalous patterns of sequential queries and automated scraping.
🛡️ Customer Data Protection: Minimize the exposure of sensitive information in API responses and tracking systems.
🔍 Forensic Investigation: Verify suspicious access attempts, potential historical data exfiltrations, and activity linked to IDOR exploitation.
Monitor: https://t.co/wk9bZJ2Nli
#CyberSecurity #Ledger #CryptoSecurity #IDOR #ThreatIntel #CyberAlert #DataExposure #InfoSec 🇫🇷💳🛡️⚠️🚨
🚨 @GrapheneOS ÉCRASE 3 NOUVELLES FAILLES LINUX CRITIQUES 🔥
Copy Fail, Copy Fail 2 et Dirty Frag?
Trois vulnérabilités kernel Linux fraîchement dévoilées… et GrapheneOS les ignore totalement.
✅Les politiques SELinux d’AOSP bloquent l’exploitation des 3 bugs à la racine.
✅La config GKI standard d’AOSP désactive déjà 2 des 3 fonctionnalités vulnérables.
C’est pas de la chance, c’est du travail de dingue: réduction massive de la surface d’attaque grâce à un SELinux ultra-granulaire + suppression chirurgicale des features inutiles dans le kernel.
GrapheneOS va encore plus loin :
• ioctl autorisés au cas par cas
•user namespaces et io_uring totalement interdits aux apps ET à presque tout le système
•seccomp-bpf en renfort
Résultat ? Ces failles logiques mémoire qui auraient pu tout casser sur n’importe quel autre Android… sont mortes dans l’œuf sur GrapheneOS.
➡️Oui, les élévations de privilèges kernel Linux restent hyper fréquentes.
➡️Oui, la plupart sont des corruptions mémoire (matraquées avec memory tagging hardware + zero-on-free).
Mais même sur ces bugs “logiques”, l’approche de GrapheneOS fait toute la différence.
Linux, c’est un océan de code qui tourne en full privilege sans aucune isolation. Dans un microkernel, ces 3 failles auraient été isolées dans des processus séparés. Le modèle monolithique est clairement à bout de souffle.
La vraie solution à long terme ?
Un langage memory-safe + virtualisation hardware qui progresse à vitesse grand V sur les smartphones. GrapheneOS prépare déjà le terrain.
On peut encore durcir énormément le kernel Linux… mais il est clair qu’il faudra le remplacer un jour.
𝐆𝐫𝐚𝐩𝐡𝐞𝐧𝐞𝐎𝐒 𝐧’𝐚𝐭𝐭𝐞𝐧𝐝 𝐩𝐚𝐬 𝐪𝐮𝐞 𝐥𝐚 𝐩𝐫𝐨𝐜𝐡𝐚𝐢𝐧𝐞 𝐟𝐚𝐢𝐥𝐥𝐞 𝐚𝐫𝐫𝐢𝐯𝐞.
𝐈𝐥 𝐜𝐨𝐧𝐬𝐭𝐫𝐮𝐢𝐭 𝐥’𝐚𝐯𝐞𝐧𝐢𝐫 𝐝𝐞 𝐥𝐚 𝐬𝐞́𝐜𝐮𝐫𝐢𝐭𝐞́ 𝐦𝐨𝐛𝐢𝐥𝐞.
𝐀𝐮𝐣𝐨𝐮𝐫𝐝’𝐡𝐮𝐢.
🔒🛡️💪🏼
#GrapheneOS #AndroidSecurity #LinuxKernel #PrivacyMatters
We recently published two new security advisories, regarding vulnerabilities that have been fixed in Electrum 4.7.2. These vulnerabilities were reported to us, and likely found using AI.
https://t.co/Pp34ao7lCq
Nouvelle faille de secu dans le kernel Linux depuis 2017 la veille d'un gros week-end : copy fail ou CVE-2026-31431
Un script python de 732 bits permet une élévation de privilège
https://t.co/mXOXMY9jFH
@wasabi_protocol Why did a single EOA seemingly have so much control without basic safeguards?
Seems your runway was burned on KOL grifters like Kook….
⚠️ L'obligation de déclaration des portefeuilles auto-hébergés ne sera pas mise en oeuvre.
Après plusieurs mois d’échanges, la commission mixte paritaire (dernière étape parlementaire) du projet de loi contre les fraudes fiscales et sociales a supprimé l’article 3 quater. Cet article visait à créer une obligation déclarative annuelle pour les portefeuilles crypto auto-hébergés.
Depuis novembre, l’Adan s’est mobilisée pour porter une position auprès des administrations, des cabinets et des parlementaires : renforcer la lutte contre la fraude, oui ; créer une obligation inopérante et risquée pour les contribuables, non.
Nous remercions les membres de la CMP et les rapporteurs du texte pour leur écoute et leur lucidité, l’ensemble des interlocuteurs institutionnels avec lesquels ce travail a été mené, ainsi que les acteurs du secteur qui ont renforcé la mobilisation.
Ne confiez pas une image de la paume de votre main ou de votre iris à une IA ou à un tiers (même s'il s'agit d'en faire une œuvre d'art : https://t.co/g6GdzgxgsO), ce sont des identifiants que vous ne pourrez jamais répudier.
The Anti-Palantir Manifesto by our very own philosopher-turned-CEO @harryhalpin. Read it here:
https://t.co/iuokg8jcYh
Why we must fight Palantir
Because Harry got asked. A lot.
1. Programmers working on the Internet have a moral responsibility to the entire world, not a single country. The Internet has been designed since its inception as a universal system for the sharing of knowledge without censorship. The Internet is not the property of any one government or nation.
2. The Internet enables mass surveillance at a scale unimaginable to the Gestapo and the Cheka. Far too many programmers have wasted their lives building surveillance systems under the guise of Web advertising. Today, these web tracking systems are being used to monitor, control, and even kill humans by companies like Palantir that seek to combine state violence with corporate efficiency, and thus create a new form of technofascism.
3. Surveillance justified by external national security threats will be turned against citizens inside the nation-state. Mass surveillance was once the exclusive domain of the NSA, but today it has been privatized to corporations like Palantir that are unaccountable to any democratic process. What begins as fear of external foreign nation-states turns inwards to focus on immigrants, dissidents, and eventually anyone that might challenge the status quo or try to exit an increasingly dysfunctional society.
4. Everyone is a target. The “enemy within” continually expands until it encompasses the entire population of a nation regardless of their status and beliefs, justifying evermore paranoid and totalizing surveillance. The line between policing and military operations blurs, with legal frameworks being replaced by technological violence operating with total impunity.
5. Surveillance can only be defeated by building software and hardware to defend ourselves. Meek calls for regulation or moralizing demands for human rights are useless in this era. Any rights must be enforced by the hard power of code. Code, not laws, can be used to uphold the right to privacy by making surveillance difficult, if not impossible, even by nation-state adversaries.
6. We are ruled by a senile gerontocracy. Unlike the generations that fought in the world wars, most of our current rulers are degenerate pedophiles who would sacrifice the well-being of the youth and the entire planet due to their infantile desire for wealth and power. Technologies of surveillance and automated warfare reflect their increasingly desperate attempts to maintain archaic forms of domination.
7. The American Empire is unraveling. Once, the United States of America presided over a globe where it could enforce its rule via the status of the dollar as a global reserve currency and a network of equally global military bases. Today, new regional powers directly challenge the United States as its empire dissolves in the face of internal economic stagnation, political corruption, and the inflation of the dollar.
8. In a real war, fantasies of total technological dominance always backfire. When a faceless drone kills a child’s father, that child will one day take revenge regardless of the cost. This is something forgotten by those raised in comfortable suburbs. Going beyond zero-sum games, one can only truly win a battle against a people by demonstrating that your victory provides a better way of life, increased prosperity, and an inspiring philosophy.
9. Oddly enough, proponents of fully automated warfare support a universal draft. Deep-down, these keyboard warriors know that their techno-fascist fantasies are a paper tiger when up against determined opponents that engage in asymmetric warfare. They also know none of their children will fight in a war for their state, but they would be happy to see other people’s children come home in body-bags.
10. The problem is not whether AI weapons will be built; we must hold responsible those who are building them. No matter which country is deploying automated killing machines, no one is absolved from the murder of civilians and the destruction of infrastructure due to the parlour-trick of shifting the blame to AI.
11. Atomic war is on the horizon. As various states descend into wars over increasingly scarce natural resources, the possibility of tactical nuclear strikes over Tehran, Kyiv, and other areas of conflict has returned to the historical stage. Increasingly geriatric and authoritarian rulers face less guardrails than before to deploying nuclear weapons, and may even be willing to sacrifice the survival of humanity to appease their own petty egos.
12. Our goal is a world of peace where every person can be empowered by the Internet. Modern war is the quintessential game of sending young people to the meat-grinder. Why die for the profit of corrupt rulers when one could build real wealth and power for yourself using the Internet?
13. We should fight for the world we want, and build the tools needed by future generations. Pacifism would be suicidal in this period of global turbulence and resource wars, but real hard power lies in technology: Programmers should be creating technologies to live a free life and prosper in a hostile society of surveillance and control. Decentralization is the only way these technologies will survive against the inevitable repression.
14. The State will not help us. The state is a dying pre-Internet institution that increasingly resembles nothing but a Ponzi scheme fueled by taxes and debt. None of the youth alive today will likely inherit any benefits, such as welfare and health care. Technology can support an alternative: The decentralization of power to the individual and communities that they join voluntarily.
15. Centralized and opaque algorithms are a danger to free speech. Propaganda is the flip-side of surveillance, as continual propaganda prevents anyone from even thinking of challenging the system. Social media monopolies promote propaganda to create a generalized idiocy while silencing those that would dare to criticize the reigning order before they can organize against it.
16. Building new forms of social organization with each other is vital to survival. The traditional mediascape of politics and entertainment exists to distract us from building networked solidarity and distributed autonomous organizations across borders. The hierarchical state is as relevant to us as the medieval church and kings were to the formation of the joint-stock corporation and the labor union.
17. Digital identity is the next step in their system of control. Within the next few years, access to the Internet – including in Europe and the United States – will require biometric national identity cards, using the flimsy excuse of “protecting children.” The real goal is to gatekeep free access to subversive political content and halt cross-border communication in order to prevent new forms of self-organization and resistance from emerging.
18. Only when one can be anonymous is one truly free. The freedom to express oneself without censorship and surveillance is a vital precondition for both the autonomous use of reason and the democratic evolution of society. Technology must enable the freedom to selectively reveal ourselves to the world – so that we can become who we want to be – by preserving the right to privacy over the Internet, including not just individual privacy, but also the right to transact and form contracts privately.
19. America created the first global surveillance state, but it will not be the last. Too many have forgotten, or perhaps taken for granted, the revelations of Wikileaks and Snowden. States across the world from China to Russia are creating even more powerful global surveillance systems and propaganda machines. Leveraging private defense contracts in countries across the world, Palantir seeks to make itself the operating system of a cross-border global secret state while it pushes its own farcical version of ethno-nationalism.
20. Culture wars are a psyop. The “Epstein class” virtue-signals about morality and the superiority of their civilization, all while trying to return to the rule of hereditary elites, even in the United States. Rather than reverse the gains of the Enlightenment, we take the side of our ancestors who fought a centuries-long battle for individual liberty, scientific progress, decentralized markets, bottom-up democracy, and the emancipation of humanity from feudal monarchs and their make-believe mythologies.
21. New forms of technology can reshape the world. Technology is not just a tool, but the world we live in and an extension of our cognitive capabilities. The co-operation of humans with the collective intelligence embedded in AI could accelerate human progress and overcome planetary crises such as climate change and atomic war that threatens the survival of our species.
22. Live free or die trying. We must bear eternal vigilance in the struggle against fascism, and the battlefield is technology. There is no middle ground: Technologists must choose whether to work for the enslavement of humanity or to create new spaces for freedom.
These are the personal beliefs of @harryhalpin, not those of Nym.