🇺🇬 Des SMS pro-Museveni envoyés aux clients de MTN en plein blackout numérique

La nouvelle édition de Courts-circuits (2-8 février 2026), c'est par-ici : https://coupecircuit.substack.com/p/des-sms-pro-museveni-envoyes-aux

𝐇𝐚𝐜𝐤𝐢𝐧𝐠 𝐂𝐚𝐦𝐩𝐚𝐢𝐠𝐧 𝐄𝐱𝐩𝐥𝐨𝐢𝐭𝐬 𝐌𝐢𝐜𝐫𝐨𝐬𝐨𝐟𝐭 𝐖𝐢𝐧𝐝𝐨𝐰𝐬 𝐖𝐢𝐧𝐑𝐀𝐑 𝐕𝐮𝐥𝐧𝐞𝐫𝐚𝐛𝐢𝐥𝐢𝐭𝐲

A hacking campaign took just days to exploit a newly disclosed security vulnerability in Microsoft Windows version of WinRAR, researchers at Check Point Software have said.

🐞 The attackers leveraged CVE-2025-8088, a path traversal vulnerability in the widely used file archive and compression software WinRAR, which was first disclosed by ESET in August 2025.

⏱️ Check Point’s analysis of the campaign suggested that attackers were actively exploiting the vulnerability within days of its disclosure.

🔎 CVE-2025-8088 enables the creation of arbitrary code by crafting malicious archive files. This lets attackers execute code and maintain persistence on targeted machines, allowing them to secretly monitor users and collect sensitive data.

🌏 Check Point researchers noted that the attacks had a focus on government institutions and law enforcement agencies in Southeast Asia, pointing to a cyber-espionage campaign with the goal of collecting intelligence for geopolitical goals.

🇨🇳 Researchers concluded that the campaign was being conducted by a group dubbed Amarath-Dragon. The tools, techniques and procedures by Amarath-Dragon closely resemble APT 41, the prolific Chinese state-linked cyber-espionage and hacking group.

🗨️ “The campaigns by Amaranth-Dragon exploiting the CVE-2025-8088 vulnerability highlight the recent trend of sophisticated threat actors rapidly weaponizing newly disclosed vulnerabilities,” Check Point Research said in a blog post.

📰 https://www.infosecurity-magazine.com/news/hacking-exploits-windows-winrar/

Comment l’Iran a coupé internet pour près de 90 millions de personnes

🇮🇷 On explore ce qu'il s'est passé, exactement, pour l'internet iranien en janvier. Chiffres, graphiques et chronologie à l'appui 📊

Iran : analyse d’une coupure internet sans précédent 1/3

📰 https://coupecircuit.substack.com/p/comment-liran-a-coupe-linternet-pour

𝐎𝐩𝐞𝐧𝐂𝐥𝐚𝐰 𝐚𝐧𝐝 𝐌𝐨𝐥𝐭𝐛𝐨𝐨𝐤 𝐖𝐞𝐧𝐭 𝐕𝐢𝐫𝐚𝐥 – 𝐒𝐨 𝐃𝐢𝐝 𝐓𝐡𝐞𝐢𝐫 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐒𝐡𝐨𝐫𝐭𝐜𝐨𝐦𝐢𝐧𝐠𝐬

New findings by Paul McCarty reveal 386 fake crypto trading 'skills' in the project behind the viral OpenClaw AI assistant tool (aka Moltbot/Clawdbot) can lead users to install information-stealing malware.

These malicious skills masquerade as cryptocurrency trading automation tools and target ByBit, Polymarket, Axiom, Reddit and LinkedIn.

The researcher said he contacted the OpenClaw team multiple times and that Peter Steinberger, the creator of OpenClaw, said he had too much to do to address this issue.

McCarthy also noted that the vast majority of the malicious skills are still available on the official ClawHub/MoltHub GitHub repository and the command-and-control infrastructure appears to still be operational.

📰 https://www.infosecurity-magazine.com/news/malicious-crypto-trading-skills/

---
Meanwhile, Moltbook, the Reddit-like social networking platform built for AI agents contained a misconfigured database which allowed full read and write access to all data, security researchers have revealed.

In a new report, Wiz's Gal Nagli showed that a simple non-intrusive security review revealed a Supabase API key exposed in client-side JavaScript. This single point of failure granted unauthenticated access to the entire production database, claimed Nagli.

📰 https://www.infosecurity-magazine.com/news/moltbook-exposes-user-data-api/

𝗖𝘆𝗯𝗲𝗿𝗰𝗿𝗶𝗺𝗲 𝗨𝗻𝗶𝘁 𝗼𝗳 𝗣𝗮𝗿𝗶𝘀 𝗣𝗿𝗼𝘀𝗲𝗰𝘂𝘁𝗼𝗿𝘀 𝗥𝗮𝗶𝗱 𝗘𝗹𝗼𝗻 𝗠𝘂𝘀𝗸’𝘀 𝗫 𝗢𝗳𝗳𝗶𝗰𝗲𝘀 𝗶𝗻 𝗙𝗿𝗮𝗻𝗰𝗲

🇫🇷 The cybercrime unit of the Paris Prosecutor’s Office raided X offices in Paris.

Musk and Linda Yaccarino were summoned for voluntary interviews in Paris on April 20.

📰 https://www.infosecurity-magazine.com/news/paris-prosecutors-raid-elon-musk-x/

🔓 𝗩𝘂𝗹𝗻𝗪𝗮𝘁𝗰𝗵 𝗙𝗿𝗶𝗱𝗮𝘆: 𝗖𝗩𝗘-𝟮𝟬𝟮𝟲-𝟭𝟮𝟴𝟭

Ivanti announced emergency patches for two critical vulnerabilities, tracked as CVE-2026-1281 and CVE-2026-1340, in EPMM that have been exploited in the wild as zero-days.

🚨Ivanti advisory: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-CVE-2026-1281-CVE-2026-1340?language=en_US
🔎 watchTowr analysis: https://labs.watchtowr.com/someone-knows-bash-far-too-well-and-we-love-it-ivanti-epmm-pre-auth-rces-cve-2026-1281-cve-2026-1340/
🐞 CISA KEV: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
💾 View JSON: https://cveawg.mitre.org/api/cve/CVE-2026-1281

𝗡𝗲𝘄 𝗔𝗜-𝗗𝗲𝘃𝗲𝗹𝗼𝗽𝗲𝗱 𝗠𝗮𝗹𝘄𝗮𝗿𝗲 𝗖𝗮𝗺𝗽𝗮𝗶𝗴𝗻 𝗧𝗮𝗿𝗴𝗲𝘁𝘀 𝗜𝗿𝗮𝗻𝗶𝗮𝗻 𝗣𝗿𝗼𝘁𝗲𝘀𝘁𝘀

🇮🇷 HarfangLab has reported that a new malicious campaign is spreading malware against people in Iran, likely including NGOs and individuals involved in documenting recent human rights abuses.

📰 https://www.infosecurity-magazine.com/news/ai-malware-redkitten-iranian/

𝗡𝗘𝗪 - 𝗙𝗿𝗮𝗻𝗰𝗲 𝗙𝗶𝗻𝗲𝘀 𝗡𝗮𝘁𝗶𝗼𝗻𝗮𝗹 𝗘𝗺𝗽𝗹𝗼𝘆𝗺𝗲𝗻𝘁 𝗔𝗴𝗲𝗻𝗰𝘆 𝗮 €𝟱𝗺 𝗢𝘃𝗲𝗿 𝟮𝟬𝟮𝟰 𝗗𝗮𝘁𝗮 𝗕𝗿𝗲𝗮𝗰𝗵

France Travail has received a €5m fine from France's data protection regulator for security failures that led to the compromise of an estimated 43 million jobseekers.

📰 https://www.infosecurity-magazine.com/news/france-finesemployment-agency-5m/

𝗡𝗘𝗪 - 𝗙𝗕𝗜 𝗧𝗮𝗸𝗲𝘀 𝗗𝗼𝘄𝗻 𝗥𝗔𝗠𝗣 𝗥𝗮𝗻𝘀𝗼𝗺𝘄𝗮𝗿𝗲 𝗙𝗼𝗿𝘂𝗺

RAMP's clear and dark web sites are down and replaced by a law enforcement banner showing the message: “This site has been seized.”

While thew FBI has made no official statements, the domains linked to RAMP now redirect to seizure notices with FBI and DoJ seals and the nameservers have been updated to ns1.fbi.seized.gov and ns2.fbi.seized.gov, confirming the seizure by US law enforcement.

In a message shared on XSS, 'Stallman,' the RAMP administrator, confirmed the takedown and said he has no plans to build a replacement. He wrote: “I regret to inform you that law enforcement has seized control of the Ramp forum… This event has destroyed years of my work building the freest forum in the world… It’s a risk we all take.”

📰 https://www.infosecurity-magazine.com/news/fbi-takes-down-ramp-ransomware/

Des signes montrent un fragile retour d'une certaine forme de connectivté depuis l'Iran 🇮🇷

Mais la réalité pourrait être plus complexe...

📰 https://coupecircuit.substack.com/p/retour-de-linternet-en-iran-pas-si

🔓 𝐕𝐮𝐥𝐧𝐖𝐚𝐭𝐜𝐡 𝐌𝐨𝐧𝐝𝐚𝐲: 𝐂𝐕𝐄-2024-37079

CISA added a critical vulnerability affecting VMware vCenter Server to its known exploited vulnerabilities (KEV) list despite the flaw being patched in June 2024.

🚨 Broadcom/VMware advisory: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453
📢 CISA KEV entry: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
📋 View JSON: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

🔓 𝗩𝘂𝗹𝗻𝗪𝗮𝘁𝗰𝗵 𝗙𝗿𝗶𝗱𝗮𝘆: 𝗖𝗩𝗘-𝟮𝟬𝟮𝟱-𝟯𝟰𝟬𝟮𝟲

An authentication bypass in the Versa Networks Concerto SD-WAN orchestration platform that could allow an attacker to access administrative endpoints has been added to CISA's KEV catalog, confirming of active exploitation in the wild.

🚨ProjectDiscovery alert: https://projectdiscovery.io/blog/versa-concerto-authentication-bypass-rce
🔎 Versa advisory: https://security-portal.versa-networks.com/emailbulletins/6830f94328defa375486ff2e
📢 CISA KEV: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
💾 View JSON: https://cveawg.mitre.org/api/cve/CVE-2025-34026

🔓 VulnWatch Monday: CVE-2026-0629

TP-Link has released fixes for a major security vulnerability affecting 32 of its VIGI C and VIGI InSight professional surveillance cameras, which could allow attackers to seize full control of vulnerable devices.

🚨 TP-Link advisory: https://www.tp-link.com/us/support/faq/4899/
💾 View JSON: https://cveawg.mitre.org/api/cve/CVE-2026-0629

🔎 VulnWatch Friday: CVE-2025-53690 🔓

China-linked hacking group UAT-8837 is exploiting CVE-2025-53690 (Sitecore vulnerability) to breach North American critical infrastructure, deploying the WeepSteel backdoor, according to @TalosSecurity.

🚨 Sitecore advisory: https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1003865
🔎 Mandiant report: https://cloud.google.com/blog/topics/threat-intelligence/viewstate-deserialization-zero-day-vulnerability/?hl=en
🆕 Talos report: https://blog.talosintelligence.com/uat-8837/
💾 View JSON: https://cveawg.mitre.org/api/cve/CVE-2025-53690

Ouganda : l'internet coupé deux jours avant le scrutin

Le gouvernement avait pourtant promis de maintenir l’accès à internet avant l'élection présidentielle...

https://coupe-circuit.ghost.io/ouganda-coupure-internet-election-presidentielle-2026/

Cette information a (malheureusement) été confirmée par @netblocks@mastodon.social et
@cloudflareradar

@netblocks@bird.makeup @cloudflare@noc.social @cloudflare@cloudflare.social

RE: https://infosec.exchange/@coupecircuit/115888302026012023

🚨 URGENT 🇺🇬 Possible suspension de l'internet en Ouganda à venir

Une source vient de me partager un document en provenance de la Uganda Communications Commission, prévoyant une suspension de l’accès à internet dans le pays à 18 heures ce 13 janvier. A croiser avec d'autres sources.

🇮🇷 L'Iran vit la plus grande coupure internet de son histoire

Pour comprendre ce qu'il se passe dans le pays, c'est par ici : https://coupecircuit.substack.com/p/liran-vit-la-plus-grande-coupure?utm_source=post-email-title&publication_id=3791850&post_id=184434820&utm_campaign=email-post-title&isFreemail=false&r=zesd&triedRedirect=true&utm_medium=email

👀 VulnWatch Monday: CVE-2026-21858 🔓
aka "Ni8mare"

A security researcher reported a critical vulnerability in popular AI workflow automation platform n8n that could enable adversaries to compromise enterprise secrets.

📰 https://www.infosecurity-magazine.com/news/maximum-severity-ni8mare-bug/

Pourquoi Taïwan bloque RedNote (mais pas TikTok)

Cette semaine, dans Coupe-circuit: https://open.substack.com/pub/coupecircuit/p/pourquoi-taiwan-bloque-rednote-mais?utm_campaign=post-expanded-share&utm_medium=web