A new sophisticated phishing-as-a-service (PhaaS) platform called Lucid has targeted 169 entities in 88 countries using smishing messages propagated via Apple iMessage and Rich Communication Services (RCS) for Android. Lucid's unique selling point lies in its weaponizing of legitimate communication platforms to sidestep traditional SMS-based detection mechanisms. "Its scalable,

​Google has started rolling out a new end-to-end encryption (E2EE) model for Gmail enterprise users, making it easier to send encrypted emails to any recipient. [...]

A significant spike in scanning activity targeting Palo Alto Network GlobalProtect login portals has been observed, with researchers concerned it may be a prelude to an upcoming attack or flaw being exploited. [...]

A l’occasion du 21ème anniversaire de Gmail, et alors que le Forum Incyber ouvre ses portes, Google Cloud annonce avoir développé une nouvelle technologie de chiffrement qui se soustrait des contraintes administratives et techniques des solutions actuelles. Grâce à cette fonctionnalité, les entreprises peuvent envoyer des mails chiffrés de bout en bout (E2EE) à n’importe […]

The post Gmail : Google Cloud annonce une nouvelle technologie de chiffrement first appeared on UnderNews.

Le cloud est devenu l’épine dorsale des opérations d’une majorité d’entreprises. Il offre une flexibilité, une évolutivité et une agilité sans précédent. Cependant, ces grandes opportunités s’accompagnent de grandes responsabilités : protéger ces environnements cloud contre les menaces toujours plus sophistiquées. Tribune – La Journée mondiale de la sécurité du cloud, le 3 avril prochain, […]

The post Journée mondiale de la sécurité du cloud : Témoignage de SentinelOne first appeared on UnderNews.

Le  groupe Google Threat Intelligence Group (GTIG) vient de publier un nouveau rapport sur l’intensification des activités de travailleurs informatiques nord-coréens en Europe. Tribune – Depuis le dernier rapport du GTIG en septembre 2024 sur cette menace, les récentes mesures répressives aux États-Unis ont conduit à une intensification des activités en Europe ces derniers mois. […]

The post Rapport GTIG : La Corée du Nord intensifie ses opérations cyber en Europe, via de faux travailleurs informatiques first appeared on UnderNews.

Apple has released security updates that backport fixes for actively exploited vulnerabilities that were exploited as zero-days to older versions of its operating systems. [...]

Attackers are now targeting a critical authentication bypass vulnerability in the CrushFTP file transfer software using exploits based on publicly available proof-of-concept code. [...]

La souveraineté numérique est devenue un enjeu stratégique majeur pour les entreprises européennes. À l’heure où la protection des données, l’encadrement des usages par les géants de la tech et l’autonomie stratégique sont des priorités, maîtriser son patrimoine de données est essentiel pour garantir l’indépendance numérique et la conformité réglementaire. Cet article explore les objectifs […]

The post Souveraineté numérique : les entreprises européennes face à la maîtrise de leur patrimoine de données first appeared on UnderNews.

Apple on Monday backported fixes for three vulnerabilities that have come under active exploitation in the wild to older models and previous versions of the operating systems. The vulnerabilities in question are listed below - CVE-2025-24085 (CVSS score: 7.3) - A use-after-free bug in the Core Media component that could permit a malicious application already installed on a device to elevate

Cybersecurity researchers are warning of a spike in suspicious login scanning activity targeting Palo Alto Networks PAN-OS GlobalProtect gateways, with nearly 24,000 unique IP addresses attempting to access these portals. "This pattern suggests a coordinated effort to probe network defenses and identify exposed or vulnerable systems, potentially as a precursor to targeted exploitation," threat

Cybersecurity researchers have shed light on a new China-linked threat actor called Earth Alux that has targeted various key sectors such as government, technology, logistics, manufacturing, telecommunications, IT services, and retail in the Asia-Pacific (APAC) and Latin American (LATAM) regions. "The first sighting of its activity was in the second quarter of 2023; back then, it was

Are your security tokens truly secure? Explore how Reflectiz helped a giant retailer to expose a Facebook pixel that was covertly tracking sensitive CSRF tokens due to human error misconfigurations. Learn about the detection process, response strategies, and steps taken to mitigate this critical issue. Download the full case study here.  By implementing Reflectiz's recommendations, the

Les cybermenaces gagnent chaque jour du terrain, 5 629 violations de données ont été signalées en 2024, soit +20 % en un an, et il devient impératif de protéger l’ensemble de l’économie. C’est l’ambition de la directive européenne NIS2 (Network and Information Security), qui vise à muscler la cybersécurité au niveau européen. Dans cette dynamique, la […]

The post NIS2 : un tournant décisif pour la cybersécurité en Europe first appeared on UnderNews.

VMware Workstation users report that the software's automatic update functionality is broken after Broadcom redirected the download URL to its generic support page, triggering certificate errors. [...]

OpenAI has confirmed that its powerful AI agent "Deep Research" will begin rolling out to free users "very soon." At the moment, Deep Research is available only for Plus and Enterprise customers. [...]

Microsoft used its AI-powered Security Copilot to discover 20 previously unknown vulnerabilities in the GRUB2, U-Boot, and Barebox open-source bootloaders. [...]

A phishing-as-a-service (PhaaS) platform named 'Lucid' has been targeting 169 entities in 88 countries using well-crafted messages sent on iMessage (iOS) and RCS (Android). [...]

Hackers are utilizing the WordPress mu-plugins ("Must-Use Plugins") directory to stealthily run malicious code on every page while evading detection. [...]