Grégory Parrot 🛡️🐧

@DFintelligence C'est exactement ce que j'ai fait l'autre jour, plus orienté explication du fonctionnement mais oui je confirme que c'est une bonne idée de le faire

Petit tips rapide : n’hésitez pas à demander à vos IA qui codent de vous générer des diagrammes Mermaid de vos codes, c’est tellement utile (et ça se push sur des README.md sur GitHub). Miam miam.

@_adriend_ Tu sauvegarde sur du NFS?

Le load average de ma machine est très élevé. Pourtant, la RAM, le CPU, le disque et le réseau ne snt pas saturés. Selon vous pourquoi ? On va voir les bons en Linux :-)

Laravel 13 is here. This update focuses on AI-native workflows, stronger defaults, and more expressive developer APIs. If you're running Laravel 12 or higher you can run /upgrade in Laravel Boost and have your agent upgrade your app for you.

WordPress 6.9.4 is now available. This security release contains additional fixes that were not fully applied in 6.9.3. Update your sites as soon as possible. wp.me/pZhYe-5fy

WordPress 6.9.2 is now available. This security release addresses 10 vulnerabilities, including stored XSS issues, an authorization bypass, and a path traversal fix. Update your sites as soon as possible. wp.me/pZhYe-5eS

Caddy 2.11.2 is now available! Many bug fixes, a few security patches, and the latest & greatest Go 1.26.1 at your fingertips. github.com/caddyserver/ca…

⚠️ FRANKENPHP USERS: Three security vulnerabilities have been published, one at HIGH severity, allowing arbitrary file execution. Upgrade to FrankenPHP v1.11.2 as soon as possible. For serversideup/php users, v4.3.2 includes these fixes github.com/serversideup/d…

Parrot 7.1 is now rolling out 🥁 This release brings: ✔ MCPwn for LLM security tools execution ✔ New Community Spins: MATE, LXQt, Enlightenment ✔ Rocket 1.5.0 with a brand-new UI ✔ Bug fixes + smoother daily experience ✔ GRUB boot issues resolved ✔ Updated pentesting toolset Available now on the download page 🦜 Click the link and read more on our latest article 🔗 parrotsec.org/blog/2026-02-1… #ParrotSec #ParrotOS #linux #linuxdistro #cybersecurity #cybersecuritynews #debian #pentest #pentesting #hacking #hacker

Fake 7-Zip Site 7zip[.]com Serves Malware: Turns Home PCs Into Proxy Nodes The top-level domain 7zip[.]com, registered back in 1999, is now distributing Trojan-infected 7-Zip installers. While the software appears to work normally for file extraction, it silently drops Uphero.exe, hero.exe, and hero.dll into C:\Windows\SysWOW64\hero\ and registers them as a system service for persistence on boot. It remains unclear whether hackers purchased the domain or took control of it via technical exploitation.The malware uses netsh to modify firewall rules, collects host information, and communicates with endpoints including iplogger[.]org. It ultimately enrolls compromised machines into a residential proxy network, opening ports 1000, 1002, and others to route third-party traffic through the victim’s device. malwarebytes.com/blog/threat-in…

CVE-2026-20841 - Windows Notepad App Remote Code Execution Vulnerability For nearly thirty years, notepad.exe was treated as a simple utility. It functioned as a basic Win32 text editor designed solely to display text. A CVSS score of 8.8 for an application intended only for viewing data is a departure from the principle of least privilege. The vulnerability allows an attacker to trick a user into clicking a malicious link embedded in a Markdown file opened in Notepad. Doing so can trigger untrusted protocols, leading to the download and execution of remote content. #dfir #blueteam #pentest #redteam #cve #notepad

Keycloak - CVE-2026-1529 An attacker can exploit this vulnerability by modifying the organization ID and target email within a legitimate invitation token's JSON Web Token (JWT) payload. cvefeed.io/vuln/detail/CV…

⚠️ NGINX USERS: There was a CVE published in NGINX yesterday for an SSL upstream injection vulnerability. You should upgrade to v1.28.2 or v1.29.5 as soon as you can. For serversideup/php users, the patch is available in our latest release 🔐 github.com/serversideup/d…

Here is Gemini CLI’s February 2nd weekly update for v0.27.0 - 🎨 Clean UI Transition: Removed the input prompt box border to provide a more modern, seamless terminal experience. - 📝 Large Paste Handling: Improved the readability of chat history by replacing massive text pastes with a clean, toggleable [Pasted Text: X lines] placeholder. - 🎉Gemini CLI Extensions: - Crowdstrike - Connect Gemini CLI to CrowdStrike Falcon to enable intelligent, automated security analysis and operations. - gemini extensions install https://github​.​​com/CrowdStrike/falcon-mcp - Replit - Create apps and automations from natural language with Replit directly from Gemini CLI - gemini extensions install https://github.​com/replit/replit-gemini-extension - 🔌 MCP Server Management: Use /mcp enable and /mcp disable commands to enable or disable servers during a session or permanently. - ⌨️ Expanded Approval View (Ctrl-O): Support for Ctrl-O to expand and scroll through tool approvals. Note: This functionality is implemented for non-alternate buffer mode. - 🏗️ Dynamic Variable Substitution: Use variables like${AgentSkills} and ${AvailableTools} in system prompts, which can be dynamically substituted allowing for more flexible and context-aware agent behavior. - ⚡ Vim Mode Shortcuts: Added new quick-clear input shortcuts for power users operating in Vim mode. - 🧹 Clear context for Hooks: AfterAgent hooks can use clearContext to clear the sessions context when triggered. - 📊 JSON Extension Listing: You can now use output formats to, make it easier to parse extension data programmatically--output-format=json to the gemini extensions list command. Post : github.com/google-gemini/… 🧵

Cloudflare has released new WAF rules to improve customer protection against the following vulnerability: React DoS (CVE-2026-23864)

Another vulnerability in React Server Components (CVE-2026-23864) that I reported was disclosed today. This is separate from the one disclosed in December, so you'll need to update again. vercel.com/changelog/summ…

⚠️ Abonnés à Le Chat Pro (Mistral AI) via Free Mobile Comme le rappelle @BusyspiderFr, la période d’essai gratuite d’un an arrive bientôt à son terme. Ensuite, c’est 17,99 € par mois ! Article pour résilier : busyspider.fr/Actu/news_2666…

🚨 Relais Colis a confirmé le piratage de sa base de données en envoyant une communication où l’ensemble des adresses e-mail clients ont été rendues publiques, suite à une erreur de mise en CC au lieu de CCI.

🚨 ALERTE LEAK - @hellowork 🇫🇷 Une base de données de 2,8 millions d'utilisateurs venant de la plateforme de recrutement Hello Work vient d'être publiée sur BreachForums ce 24 décembre. Pas de trêve pour les pirates informatiques.... ↘️Cette fuite daterait de juin 2025 (date d'extraction), et les données de profils sont très récentes, incluant des expériences professionnelles mises à jour. ↘️Bien que l'annonce mentionne du "scraping", l'analyse des échantillons révèle la forte probabilité d’une intrusion système. ❌ Ce qui serait compromis : Noms, emails, identifiants internes (profileId), mais surtout des extraits de CV (cvExtract) contenant des parcours détaillés, des dates de contrats et parfois des adresses postales précises. 🔓 Présence de hashs : La base contiendrait des signatures techniques (hashs) qui pourraient correspondre à des empreintes de mots de passe, rendant le risque de "Credential Stuffing" bien réel. ⚠️ Risques: Le phishing ("Hameçonnage") va être redoutable. Les pirates disposent de votre historique de carrière exact pour rendre leurs futurs messages de recrutement frauduleux extrêmement crédibles. Conseils de sécurité : 1️⃣ Si vous avez un compte HelloWork, changez votre mot de passe immédiatement. 2️⃣ Si vous utilisez le même mot de passe sur d'autres sites, modifiez-les également. 3️⃣ Activez la double authentification (2FA) partout où c'est possible. 4️⃣ Soyez vigilant face aux emails de "recrutement" trop beaux pour être vrais. Note importante : Bien que l'échantillon partagé présente des signes d'authenticité, ces informations reposent sur une revendication unilatérale d'un acteur malveillant. En l'attente d'un audit complet de la base de données et d'une confirmation officielle de la part de HelloWork, l'étendue exacte et l'origine de l'incident restent à confirmer.

PSN accounts can reportedly be hacked even with 2FA and Passkey enabled. They only need an transaction number, so don't post them online. playstationlifestyle.net/2025/12/23/psa…

@TopAchat S'il te plaît #PetitPapaTopAchat 🙏

Concours 🎁 Petit Papa TopAchat 🎄 🔥 + 34 000 € de matos à gagner ! C'est reparti avec le Setup 8 de 3139€ ! Pour participer : 🔁 RT ce tweet ➡ Follow @TopAchat 💬 Commente avec #PetitPapaTopAchat Participe aussi ici ⬇ topachat.com/p/content/conc… 🍀 TAS le 22/12 à 12h @TurtleBeachFR