Cybersecurity researchers have discovered five new malicious Google Chrome web browser extensions that masquerade as human resources (HR) and enterprise resource planning (ERP) platforms like Workday, NetSuite, and SuccessFactors to take control of victim accounts.
"The extensions work in concert to steal authentication tokens, block incident response capabilities, and enable complete account
Microsoft confirmed that the KB5074109 January Windows 11 security update causes the classic Outlook desktop client to freeze and hang for users with POP email accounts. [...]
You lock your doors at night. You avoid sketchy phone calls. You’re careful about what you post on social media.
But what about the information about you that’s already out there—without your permission?
Your name. Home address. Phone number. Past jobs. Family members. Old usernames.
It’s all still online, and it’s a lot easier to find than you think.
The hidden safety threat lurking online
Most
Security experts have disclosed details of a new campaign that has targeted U.S. government and policy entities using politically themed lures to deliver a backdoor known as LOTUSLITE.
The targeted malware campaign leverages decoys related to the recent geopolitical developments between the U.S. and Venezuela to distribute a ZIP archive ("US now deciding what's next for Venezuela.zip")
A threat actor likely aligned with China has been observed targeting critical infrastructure sectors in North America since at least last year.
Cisco Talos, which is tracking the activity under the name UAT-8837, assessed it to be a China-nexus advanced persistent threat (APT) actor with medium confidence based on tactical overlaps with other campaigns mounted by threat actors from the region.
De nombreux outils de cybersécurité gratuits, tels que Wireshark et Nmap, peuvent renforcer la sécurité des utilisateurs sur Internet. Cependant, les experts en cybersécurité mettent en garde contre les signaux d’alerte, comme des déclarations vagues dans les politiques de confidentialité, des mises à jour peu fréquentes et de mauvais avis. Tribune Planet VPN – […]
L'unité de recherche sur les menaces d’Acronis révèle une nouvelle campagne de cyberespionnage menée par un groupe lié à la Chine. L’une de leurs techniques pour piéger des diplomates américains ? Promettre des informations exclusives sur les plans de la Maison Blanche après la capture de Nicolás Maduro.
Des chercheurs en cybersécurité de Varonis ont mis en lumière un moyen de contourner les contrôles de sécurité de Copilot. Le procédé est extrêmement furtif : il suffit d'un seul clic pour que l'outil IA de Microsoft exfiltre les données de la victime vers les serveurs de l'attaquant.
Cisco finally patched a maximum-severity AsyncOS zero-day exploited in attacks targeting Secure Email Gateway (SEG) appliances since November 2025. [...]
Cisco on Thursday released security updates for a maximum-severity security flaw impacting Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager, nearly a month after the company disclosed that it had been exploited as a zero-day by a China-nexus advanced persistent threat (APT) actor codenamed UAT-9686.
The vulnerability, tracked as CVE-2025-20393 (CVSS
A critical misconfiguration in Amazon Web Services (AWS) CodeBuild could have allowed complete takeover of the cloud service provider's own GitHub repositories, including its AWS JavaScript SDK, putting every AWS environment at risk.
The vulnerability has been codenamed CodeBreach by cloud security company Wiz. The issue was fixed by AWS in September 2025 following responsible disclosure on
Google has confirmed that it's now possible to change your @gmail.com address. This means that if your current email is [email protected], you can now change it to [email protected]. [...]
OpenAI is rolling out a big upgrade for ChatGPT with support for advanced chat history search, but the feature is rolling out to Plus and Pro subscribers only. [...]
The Gootloader malware, typically used for initial access, is now using a malformed ZIP archive designed to evade detection by concatenating up to 1,000 archives. [...]
Food delivery platform Grubhub has confirmed a recent data breach after hackers accessed its systems, with sources telling BleepingComputer the company is now facing extortion demands. [...]
Connexion
The Hacker News
Cyberguerre
UnderNews
