Loading…
Loading…
Cyber revue · Governance & the human factor
TechnologySuddenly, Everyone Is a SovereigntistOn June 12, at 5:21 p.m. Washington time, the U.S. government sent Anthropic a letter invoking national security.
CybersecurityFrance's worst data breaches of 2026: the ranking (spoiler: you're in it)6,167 data breaches in 2025, a record, and 2026 is already doing better. From the Almerys brother-in-law nobody ever introduced you to, to the teenager who cracked open the ANTS vault by changing one digit in a URL, here is the ranking of France's worst breaches of the…
CybersecurityI can't listen to CISO podcasts anymoreYesterday I started one, I cut it off after eight minutes. I already knew everything. And the worst part is that I know exactly why it's like this, because I'm often on the other side of the mic, being a CISO myself.
CybersecurityMicrosoft held two opposite positions in a single week. That is the flaw.While the industry re-litigates responsible disclosure, a flaw that bypasses BitLocker is still sitting unpatched. And Microsoft, which wrote the rules of the game, just proved it only follows them when the mood takes it.
Artificial IntelligenceAttachment to an AI is not a quirk, it is a vulnerabilityAn AI director at Disney speaks to his software assistant as if to his son, and has handed it the rights to act in his place. The debate mocked the feeling and never saw the rights. Yet both vulnerabilities are dangerous, each in its own way.
Artificial IntelligenceVibe coding must not become the Wild WestVibe coding is brilliant, but most developers overlook two things that, without their knowing it, sink projects: compliance and security. How to ship AI-based applications that actually hold up.
CybersecurityMythos is no surprise. Here is what I was saying nine months ago.99% of the vulnerabilities Mythos found are still open. The patching debt does not date from April 2026, it just stopped being invisible.
CybersecurityCISA, the GitHub leak: when the watchdog leaves the keys in the doorCISA, the US cyber agency, exposed its own AWS GovCloud credentials on public GitHub for 6 months. Anatomy of a leak in 7 failures.
CybersecurityCNIL 2025 Report, reading a regulator in transitionData processors, AI, cross-regulation, misleading record figures: what the CNIL's 2025 annual report really says about regulation in 2026.
CybersecurityThe most cautious company in AI does not secure its own shared Claude chats.Anthropic denies public access to Mythos because it is too dangerous. Meanwhile, its own claude.ai domain serves as a phishing page through shared chats. The AI industry invests in spectacular risk and neglects the mundane risk.
CybersecurityThe ANTS hack: the 2007 flaw, the 2026 cheque, and the gap no figure can closeLecornu calls the ANTS breach the "heist of the century." It is a student homework-assignment heist. A 2007 flaw. With 200 million euros of announcement effect on top.
CybersecurityMythos changes nothing. And that is exactly the problem.Mythos finds thousands of flaws in code that has been shipping for twenty years. The real scandal is not the AI. It is that it takes a $20,000 AI to uncover what basic engineering practices should have prevented.
CybersecurityWhat nobody tells you when a hospital gets attacked.A French hospital takes two years to recover from a ransomware attack. 1,000 workstations, 200 applications, patient records lost forever. I lived through a ransomware attack in 2018. What makes me angry is not the attack.
CybersecurityAI and chatbots tell you you're right. That's the worst service they can do you.Chatbots are built to tell you you're right. Researchers at MIT have shown that even a perfectly rational reasoner falls into the trap. When your job is to spot what's wrong, that's a problem.
CybersecurityYou have 29 minutes. You are already losing 20 of them. And Mythos is not the problemYou are a CISO. It is 9:14 on a Tuesday morning. Your SIEM has just flagged a lateral movement alert. Twenty minutes later, you launch your first containment action. The attacker, meanwhile, needed only 29 minutes to move across your network.
CybersecurityThe French state's cybersecurity roadmap: the document that says everything without meaning toAn official document lands on your desk. It comes from the Prime Minister. It is called "Roadmap of priority efforts for the state's digital security 2026-2027". You open it.
CybersecurityHong Kong: when refusing to hand over your password becomes a confessionIt is the latest extension of the implementation rules under Hong Kong's national security law. Police can now compel anyone suspected of endangering national security to hand over their password, their decryption method, or…
SocietyThe European Commission hacked: when the regulator becomes proof of what it denounces340 GB of data exfiltrated, 30 European entities hit, DKIM keys in the wild. The European Commission that drafts NIS 2, the Cyber Resilience Act and the cybersolidarity regulation has just proven, at its own expense, that directives do not…
CybersecurityDelve: when compliance "in a few clicks" turns out to be hot airA 300-million-dollar startup accused of fabricating compliance certifications. Hundreds of companies potentially exposed. And a lesson the cybersecurity world stubbornly refuses to learn.
SocietyReCyF, backdoors and USB sticks: France in cybersecurity, between clarity and anachronismFrance produces a cyber framework of international quality while being incapable of passing the law that makes it applicable, because the DGSI wants to read your Signal messages. And the framework itself illustrates human risk with a USB stick in 2026.
SocietyPokémon Go, 30 billion images and delivery robots: anatomy of an invisible consentPokémon Go: 30 billion images of players are now used to train delivery robots. It was all in the terms of service. But was the consent truly informed?
PoliticsAmazon and agentic AI: when the code slips out of human handsWhat has been unfolding at Amazon for the past few weeks goes far beyond a technical anecdote. It is a real-time case study of what happens when an organization pushes agentic AI into its critical systems without having built the guardrails that should come with it…
CybersecurityA fake Google Meet button, and your PC no longer belongs to youGoogle Meet tells you an update is required to keep using the service. The page is clean, in Google's colors, with a clearly visible "Update now" button. You click. No file downloads.
CybersecurityAn innocent photo can turn your phone into a silent spyA WhatsApp message arrives. A photo downloads on its own, the way it happens millions of times a day. You do not click. You do not open it. You do nothing. And yet your phone has become a spy
CybersecurityWhen a prayer app becomes a weapon: the psychological cyberwar at the heart of the Iran-US-Israel conflictOn February 28, 2026, the United States and Israel launched massive joint strikes against Iran. Since then, daily life for millions of Iranians has come down to sirens, explosions, power cuts and a near-total internet blackout, against a backdrop…
CybersecurityFICOBA: 1.2 million bank accounts exposed. So now what?FICOBA is the national register of bank and similar accounts. Created in 1971, it lists every account opened at French banking institutions: current accounts, savings accounts, securities accounts, rented safe-deposit boxes.
CybersecurityNIS2 in 2026: France falls behindFebruary 2026. NIS2 is supposed to have been fully operational for more than a year across Europe. Yet in France, we are still waiting for the final parliamentary debates, with adoption hoped for in the first quarter and a roadmap of…
CybersecurityThe Health Data Hub: at last a step toward digital sovereigntyThe Health Data Hub (HDH) is a public platform created in 2019 to centralise, structure and make available, within a controlled framework, French health data for research, innovation and the steering of public policy that…
CybersecurityDDoS Attacks: the "digital traffic jams" that can paralyze a country (and why it's going to get worse)A DoS / DDoS attack is exactly this: a traffic jam created on purpose, not to steal your data, but to stop you from reaching a service.
SpiritualityYoga and cybersecurity: attention as the first line of defenseWe have grown used to talking about cybersecurity as a technical subject. And of course it is technical; but what if we learned to talk about it like yoga?
CybersecurityNew year: what are your cybersecurity resolutions?The new year gives us a chance to ask ourselves a simple, honest question about cybersecurity: am I ready for the digital world as it is today, or as I wish it were?
SocietyData breach at MédecinDirect: when digital health forgets what matters mostThe cyberattack that hit MédecinDirect, disclosed in early December, affects up to 323,000 patients. The number is already enormous. But that is not what should worry us the most.
SocietyFree transport, stolen data: the scammers travel first classIt is yet another Facebook scam, but one that works far too well. For several weeks now, hundreds of French people have been falling for a tempting promise: a free or heavily discounted pass for public transport. And the catch?
PoliticsAmine Kessaci: a cry from the heart of the northern districts, a call to collective conscienceIn the narrow streets of Frais-Vallon, where the tarmac still seems to carry the echoes of a shared childhood, I grew up just a few metres from where Amine Kessaci was born.
CybersecurityFine for X, offensive against Telegram: Europe is waging war on digital freedomOn Friday 5 December 2025, the European Commission fined X, Elon Musk's platform, 120 million euros. On the surface: a simple slap on the wrist for failing to comply with the Digital Services Act (DSA). In reality?
CybersecurityWhen the internet coughs, everyone catches a cold: why the Cloudflare outage concerns us allOn 18 November 2025, millions of users watched their digital services slow down, crash, or become unreachable. X, ChatGPT, Instagram, Canva, many banking and e-commerce services... all hit. The cause?
CybersecurityThey refuse to pay a ransom... and fund cybersecurityCybersecurity: your company is paralyzed by a cyberattack. Stolen data, locked systems, a ransom demanded. Panic, stress, media pressure. A
CybersecuritySpyware: when the State outsources the spying on your phonesANSSI has just released a detailed report on the threat targeting mobile phones. It covers vulnerabilities, "zero-click" infection chains, cybercriminals... but also a private surveillance market that sells spying capabilities...
CybersecurityBlack Friday, Christmas, Sales: Cybercriminals Are Waiting for YouEvery year, at the same time, the queues move to virtual carts. Promotions explode, ads flash, "must-have" deals multiply... and in the shadows, cybercriminals are rubbing their hands.
CybersecurityGmail reads your emails to train its AI, and you probably haven't turned it offGoogle has just crossed a line. And as so often, without fanfare. For a little while now, Gmail can automatically analyse the content of your messages and attachments, not to filter spam or offer you an automatic reply, but...
CybersecurityCybersecurity: small businesses are not ready. And it will cost them.Talk to five owners of small businesses and you get the picture: cybersecurity is still a vague, distant, almost abstract idea. As long as no ransomware freezes the screen of Chantal in accounting, everyone carries on as before.
CybersecurityChat Control 2.0: Europe is playing with our digital freedomsIt is one small line in an obscure text. An article barely mentioned in the mainstream press. A closed-door meeting in Brussels.
CybersecurityWhen artificial intelligence turns spyFor the first time, a mainstream artificial intelligence model was used to run a cyberespionage operation orchestrated by a state-affiliated group.
SocietyNovember 13, 2025. Commemorate, or keep looking away?Ten years since Paris froze in horror. Ten years since French citizens were gunned down on a terrace, in a concert hall, in the streets of their own country.
CybersecurityInfostealers: the silent threat you feed without knowing itThere are cyberattacks you never see coming. No flashy virus, no ransom messages, no brutal crash. Just a simple infostealer
CybersecurityOpen letter to Emmanuel Macron. Cybersecurity is not a technical subject. It is a duty of the State.Mr President Macron. I am not writing to plead a cause. I am writing because it is time to stop pretending.
PoliticsWhen Naive Environmentalism Becomes a Strategic VulnerabilityNorway has just made an explosive discovery: 850 electric buses running in Oslo can be stopped remotely by their Chinese manufacturer.
PoliticsUSB stick and state silence: digital complacency has struck againSalah Abdeslam, convicted for the November 13 attacks, was taken into police custody for illegally possessing... a USB stick in prison.
EconomyAI doesn't replace us, it weakens us... if we let itWhat if AI didn't make us stupid... but forced us to become smarter?
EconomyAI in tourism: connected to everything... except the reality of the risks?For a few months now, we have been watching a rush toward generative AI in tourism. ChatGPT in customer service.
LeadershipIt's not a question of motivation. It's a question of decision.People often ask me how I manage so many things at once. Work, family, music, sport, talks, articles, public speaking, threat watch, reading, meetings, passing it on…, And the answer almost always disappoints…
CybersecurityTraining executives in cybersecurity? Fine. But not like this.Today, some top business schools pride themselves on adding a cybersecurity module to their management programmes. EM Lyon, HEC, ESCP: they have all understood that digital security is now a strategic subject. Good.
CybersecurityWhy French SMEs are still stuck in 1980 (and why that's partly their own fault)Let me be blunt: you can't ask cybersecurity to move forward if some companies refuse to leave the minitel behind. And that's exactly what we still see today in most French SMEs. Yes, threats are evolving.
EconomyBanking: the overdraft is no longer a safety valve. It is becoming a financial product.For decades, the bank overdraft was a kind of silent pact between the customer and the bank. A safety valve. A buffer between two due dates. Not an ideal solution, but a human reality: life does not wait for the date of the transfer.
CybersecurityWhat If We Trained Hackers to Defend the Republic?In France, we train engineers, lawyers, police officers, diplomats and teachers. But we still do not train, at scale, the very people already fighting the battles of the 21st century: hackers.
CybersecurityCybersecurity: for a real and civic digital sovereigntyWe have heard a great deal about "digital sovereignty" in cybersecurity over the past few years.
PsychologyClear brain, dense life: toward a mental hygiene for the 21st centuryWe complain of being tired, distracted, overwhelmed. But look closely and we treat ourselves like machines. Notifications in bursts. Task switching every 12 seconds.
EconomyAnother attack on family holding companies? How long are we going to keep flying blind?Once again, France is going after the people who build, pass things on and organise.
CybersecurityThe AWS incident: it was not an outage, it was a reality checkVenmo, Fortnite, Snapchat, Zoom, Coinbase... everything started to crash. Not because of ransomware, a large-scale attack or a geopolitical conflict.
Artificial IntelligenceBack from Barcelona: AI, crisis and leadershipI spent a few days in Barcelona running a workshop on AI and crisis management in cybersecurity. A packed room, very different profiles, and one shared observation: the fog. Too much information, too many tools, not enough bearings.
LeadershipLeadership and chaos: 5 mistakes we always see in a cyber crisisThere are moments when everything speeds up. An alert goes off. A service collapses. Nothing responds anymore. And then everyone turns to "management".
CybersecurityCyberpsychology and power: how emotions are manipulatedNot a week goes by without talk of "manipulation": in the media, on social networks, through AI, in political campaigns or information crises.
CybersecurityDigital sovereignty: at the Senate, they hold hearings. But when do they act?The Senate did what it knows how to do: hold a series of hearings on digital sovereignty. Experts, industry players, representatives of the State.
Don't miss the next analysis