ThreatsDay Bulletin: Mn t-tsri' dyal PQC l-sayd dyal l-tghrat b-l-AI l-mkhbi - صفحة 1

ThreatsDay Bulletin: Mn t-tsri' dyal PQC l-sayd dyal l-tghrat b-l-AI l-mkhbi - صفحة 2

ThreatsDay Bulletin: Mn t-tsri' dyal PQC l-sayd dyal l-tghrat b-l-AI l-mkhbi

27 مارس 2026

Cybersecurity / Hacking News

حمّل المانغا PDF اقرا الأصل

ThreatsDay Bulletin: Mn t-tsri' dyal PQC l-sayd dyal l-tghrat b-l-AI l-mkhbi

TL;DR: L-mochahada d-had l-simana f-l-amn l-ma'loumati (cybersecurity) m'roufa b-tatawwor l-"mkhbi" kter mn l-infijarat l-kbira. Aham l-akhbar fihom: Google li srr'at l-program d-2029 dyal l-tashfir ma b'ad l-quantum (PQC), GitHub li dar khidma jdida l-ktichaf l-tghrat b-l-AI, w rjou' khidmat l-phishing "Tycoon2FA" dghya mn b'ad ma drbat'ha l-solotat.

Google t-tsrre' l-'asr dyal ma b'ad l-quantum (Post-Quantum)

Google 'lnat rmiyan 'la t-tikh 2029 k-akhir ajal bach t-howwel l-infra dyalha l-l-tashfir ma b'ad l-quantum (PQC). Had l-khotwa jat bach t-wajeh l-khatar dyal "khzen dba w hll l-kod mn b'ad" (store-now-decrypt-later), fin l-kickers kay-jem'ou l-data l-mshfra l-youm bach i-fkkouha mlli i-welliou l-ordina-touret l-quantum jahzin.

K-jo' mn had t-howwol, Android 17 ghad i-zid l-himaya b-l-basma l-raqmiya PQC b-ista'mal l-algo (ML-DSA). Had l-mizaniya kat-stahdef l-Android Verified Boot (AVB) w l-Android Keystore bach t-dmen l-telifounat i-ebqaw mahmiyin mn t-tfelya dyal l-mustaqbal b-l-quantum.

L-AI w l-atomasyon: L-jebha l-jdida

L-musabaqa f-l-amn l-atoma-tiki ghadya w kat-skhon f-ga' l-jihat:

Ktichaf l-tghrat b-l-AI f-GitHub: GitHub ghad i-zid khidma jdida kat-kchf t-tghrat b-l-AI bach t-kmml l-khidma d-CodeQL. Had l-model l-mkhlat ghad i-ebda b-t-tijriba f-l-bidaya dyal Q2 2026, w l-hadaf dyalou howa i-lqa t-tghrat f-l-kod l-m'qd li l-analys l-'adi (static analysis) ma-kay-choufhomch.
Malware m-saweb b-l-AI: L-bahtin f-AhnLab lqaw wahd l-outils dyal l-brute-force smitou ICE Cloud Client, khddam bih l-groupe "Larva-26002". Kayn dalil belli l-li saweb had l-malware khdem b-l-AI l-tawlidi (GenAI) bach i-kteb l-kod w l-khyout dyalou.

l-Istimrariya dyal Phishing-as-a-Service

F-wahd l-dikra qasha 'la l-qodra d-l-mdajrimin l-iliktroni-yin 'la s-sber, l-khidma d-l-phishing Tycoon2FA rje'at l-l-khidma f-blast'ha mn b'ad ma t-drbat f- wahd l-'amaliya dawliya kbira.

L-drba: F-bidaya d-mars, Europol w Microsoft hbsou kter mn 330 domain.
R-roujou': F-wq t ma-fayetch 48 sa'a, n-nachat rje' l-qrib 100% kif kan qbel. CrowdStrike galt belli bla i'tiqalat f-l-waqi', l-khidma d-l-phishing (Phaas) dba kat-welli gha "drba khfifa" mlli kay-hbsou lihom gha l-infrastructure.

Ahdaf kbira w "Cracks" d-dowal

L-groupe l-Roussi Sandworm (APT-C-13) dba m-stahdef l-Oukraniyin b-wahd l-hiyla qdima walakin khddama: l-logicielat l-mqrtna (pirated software). Kay-khdmou b-Telegram bach i-ferr'ou nuskhat "cracked" dyal Microsoft Office 2025, w had l-groupe kay-zre' backdoor-at (Tambur, Sumbur, Kalambur, w DemiMur). L-module DemiMur kay-bezzzez wahd l-chahada d-root (root certificate) mzwwra f-l-système, bach i-khlli Windows i-tiq f-les scripts l-khaybin li ghadi i-jiw mn b'ad.

Khatar l-Mobile w l-Firmware

Keenadu Backdoor: T-lqa f-kter mn 500 jihaz Android f-40 dawla, had l-virus d-l-firmware kay-khba f-l-mektaba libandroid_runtime.so. B-t-tsllul l-l-'amaliya "Zygote"—li hiya l-asl d-ga' les apps d-Android—l-hackers kay-welliou m-thkmin f-l-jihaz kamel.
Oblivion RAT: Wahd l-plateforme jdida dyal "Malware-as-a-Service" (MaaS) l-Android kat-ba' b-taman kay-ousel l- $2,200 l-licence dyal l-hayat. Kat-khdem b-nuskhat m-copy-in tbaq l-asl dyal l-ecran d-l-mise à jour dyal Google Play bach t-qdleb l-users w i-atouha s-sala-hiyat dyal l-Accessibility Services.
Sira d-Cloud Phone: L-nssaba dba wllaw kay-khdmou b- "cloud phones" (jihaz Android virtuae) bach i-dirou fihom hssabat d-l-banka m-vérifi-yin w des e-wallets, li mn b'ad kay-tba'ou f-l-darknet bach i-t-est'mlow f- l-crab d-l-flous.

Supply Chain w t-tsribat l-mkhbiya

Polyfill w Koriya l-Chamaliyya: Baht jdid rbat l-houjoum d-supply chain dyal Polyfill[.]io f-2024 b-nas khddamin m'a Koriya l-Chamaliyya. L-khit t-lqa mlli wahd l-agent rchech rrassou b-ghalat b-l-virus "Luma Stealer" mlli kan kay-qlleb 'la "cheats" d-l-geam GTA V, w hadchi k-chef l-credentials dyal Cloudflare d-Polyfill.
npm Packages masmouma: 5 d-l-packages (f-ihom ethersproject-wallet) t-lqaw f-ihom "typosquatting" (smiya qriba) l-mektabat d-l-crypto hqi-qiyin bach i-khfrou les clés privées (private keys) b-les bots dyal Telegram.

Tahdi-tat qanouniya

Hong Kong: Qawanin jdida d-l-amn l-qawmi dba kat-khlli l-bolis i-t-lbou les mots de passe d-l-telifounat w les PCs. Li rfed i-qder i-ched l-habs l-mouddat 'am.
Moraqabat CCTV f-l-Hand: Mn b'ad ma t-kchefat chabaka d-l-jawssoussa m-rbouta b-Bakistan, l-Hand merat b-revisyon kamla l-ga' l-infra d-l-moraqaba bach i-mne'ou chi hd i-dkhel lihom mn b'id (remote access) bach i-t-jasses.

Khoulassa

Had l-simana kat-fkkerna belli l-akhtar lli s'iba hiya li ma-kat-ban-ch. Swat kan Google Form "pixel-perfect", aw chi caméra CCTV m-h-hack-ya, aw nuskha d-ISO mqrtna "m-tiq fiha", l-hackers dba kay-sta-ghlou l-tiqa bach i-douzou mn l-an-tima d-l-himmaya l-m'qda. Kif ma chfna m'a Tycoon2FA, had l-domaine khassou i-fout l-harb d-l-infrastructure w i-mchi l-amn li m-bni 'la l-hawiya (identity-based security).

L-masdar: https://thehackernews.com/2026/03/threatsday-bulletin-pqc-push-ai-vuln.html

ThreatsDay Bulletin: Mn t-tsri' dyal PQC l-sayd dyal l-tghrat b-l-AI l-mkhbi

27 مارس 2026

Cybersecurity / Hacking News

حمّل المانغا PDF اقرا الأصل

ThreatsDay Bulletin: Mn t-tsri' dyal PQC l-sayd dyal l-tghrat b-l-AI l-mkhbi

Google t-tsrre' l-'asr dyal ma b'ad l-quantum (Post-Quantum)

L-AI w l-atomasyon: L-jebha l-jdida

L-musabaqa f-l-amn l-atoma-tiki ghadya w kat-skhon f-ga' l-jihat:

Ktichaf l-tghrat b-l-AI f-GitHub: GitHub ghad i-zid khidma jdida kat-kchf t-tghrat b-l-AI bach t-kmml l-khidma d-CodeQL. Had l-model l-mkhlat ghad i-ebda b-t-tijriba f-l-bidaya dyal Q2 2026, w l-hadaf dyalou howa i-lqa t-tghrat f-l-kod l-m'qd li l-analys l-'adi (static analysis) ma-kay-choufhomch.
Malware m-saweb b-l-AI: L-bahtin f-AhnLab lqaw wahd l-outils dyal l-brute-force smitou ICE Cloud Client, khddam bih l-groupe "Larva-26002". Kayn dalil belli l-li saweb had l-malware khdem b-l-AI l-tawlidi (GenAI) bach i-kteb l-kod w l-khyout dyalou.

l-Istimrariya dyal Phishing-as-a-Service

F-wahd l-dikra qasha 'la l-qodra d-l-mdajrimin l-iliktroni-yin 'la s-sber, l-khidma d-l-phishing Tycoon2FA rje'at l-l-khidma f-blast'ha mn b'ad ma t-drbat f- wahd l-'amaliya dawliya kbira.

L-drba: F-bidaya d-mars, Europol w Microsoft hbsou kter mn 330 domain.
R-roujou': F-wq t ma-fayetch 48 sa'a, n-nachat rje' l-qrib 100% kif kan qbel. CrowdStrike galt belli bla i'tiqalat f-l-waqi', l-khidma d-l-phishing (Phaas) dba kat-welli gha "drba khfifa" mlli kay-hbsou lihom gha l-infrastructure.

Ahdaf kbira w "Cracks" d-dowal

Khatar l-Mobile w l-Firmware

Keenadu Backdoor: T-lqa f-kter mn 500 jihaz Android f-40 dawla, had l-virus d-l-firmware kay-khba f-l-mektaba libandroid_runtime.so. B-t-tsllul l-l-'amaliya "Zygote"—li hiya l-asl d-ga' les apps d-Android—l-hackers kay-welliou m-thkmin f-l-jihaz kamel.
Oblivion RAT: Wahd l-plateforme jdida dyal "Malware-as-a-Service" (MaaS) l-Android kat-ba' b-taman kay-ousel l- $2,200 l-licence dyal l-hayat. Kat-khdem b-nuskhat m-copy-in tbaq l-asl dyal l-ecran d-l-mise à jour dyal Google Play bach t-qdleb l-users w i-atouha s-sala-hiyat dyal l-Accessibility Services.
Sira d-Cloud Phone: L-nssaba dba wllaw kay-khdmou b- "cloud phones" (jihaz Android virtuae) bach i-dirou fihom hssabat d-l-banka m-vérifi-yin w des e-wallets, li mn b'ad kay-tba'ou f-l-darknet bach i-t-est'mlow f- l-crab d-l-flous.

Supply Chain w t-tsribat l-mkhbiya

Polyfill w Koriya l-Chamaliyya: Baht jdid rbat l-houjoum d-supply chain dyal Polyfill[.]io f-2024 b-nas khddamin m'a Koriya l-Chamaliyya. L-khit t-lqa mlli wahd l-agent rchech rrassou b-ghalat b-l-virus "Luma Stealer" mlli kan kay-qlleb 'la "cheats" d-l-geam GTA V, w hadchi k-chef l-credentials dyal Cloudflare d-Polyfill.
npm Packages masmouma: 5 d-l-packages (f-ihom ethersproject-wallet) t-lqaw f-ihom "typosquatting" (smiya qriba) l-mektabat d-l-crypto hqi-qiyin bach i-khfrou les clés privées (private keys) b-les bots dyal Telegram.

Tahdi-tat qanouniya

Hong Kong: Qawanin jdida d-l-amn l-qawmi dba kat-khlli l-bolis i-t-lbou les mots de passe d-l-telifounat w les PCs. Li rfed i-qder i-ched l-habs l-mouddat 'am.
Moraqabat CCTV f-l-Hand: Mn b'ad ma t-kchefat chabaka d-l-jawssoussa m-rbouta b-Bakistan, l-Hand merat b-revisyon kamla l-ga' l-infra d-l-moraqaba bach i-mne'ou chi hd i-dkhel lihom mn b'id (remote access) bach i-t-jasses.

Khoulassa

L-masdar: https://thehackernews.com/2026/03/threatsday-bulletin-pqc-push-ai-vuln.html