Blockchain investigation firm TRM Labs says ongoing cryptocurrency thefts have been traced to the 2022 LastPass breach, with attackers draining wallets years after encrypted vaults were stolen and laundering the crypto through Russian exchanges. [...]
Over 10,000 Internet-exposed Fortinet firewalls are still vulnerable to attacks exploiting a five-year-old two-factor authentication (2FA) bypass vulnerability. [...]
L'Iran court-circuite le système bancaire international en proposant son arsenal militaire contre des cryptoactifs, révèle le Financial Times. Via son agence Mindex, le régime réinvente le marché de l'armement sous sanctions, malgré une surveillance accrue de Washington.
The threat actor known as Transparent Tribe has been attributed to a fresh set of attacks targeting Indian governmental, academic, and strategic entities with a remote access trojan (RAT) that grants them persistent control over compromised hosts.
"The campaign employs deceptive delivery techniques, including a weaponized Windows shortcut (LNK) file masquerading as a legitimate PDF document
Attack Surface Management (ASM) tools promise reduced risk. What they usually deliver is more information.
Security teams deploy ASM, asset inventories grow, alerts start flowing, and dashboards fill up. There is visible activity and measurable output. But when leadership asks a simple question, “Is this reducing incidents?” the answer is often unclear.
This gap between effort and
Cybersecurity researchers have disclosed details of a phishing campaign that involves the attackers impersonating legitimate Google-generated messages by abusing Google Cloud's Application Integration service to distribute emails.
The activity, Check Point said, takes advantage of the trust associated with Google Cloud infrastructure to send the messages from a legitimate email address ("
The first ThreatsDay Bulletin of 2026 lands on a day that already feels symbolic — new year, new breaches, new tricks. If the past twelve months taught defenders anything, it’s that threat actors don’t pause for holidays or resolutions. They just evolve faster. This week’s round-up shows how subtle shifts in behavior, from code tweaks to job scams, are rewriting what “cybercrime” looks like in
As web browsers evolve into all-purpose platforms, performance and productivity often suffer.
Feature overload, excessive background processes, and fragmented workflows can slow down browsing sessions and introduce unnecessary friction, especially for users who rely on the browser as a primary work environment.
This article explores how adopting a lightweight, task-focused browser, like
Depuis quelques jours, les détenteurs d'une PlayStation 5 voient défiler les promesses d’un jailbreak complet de la console. La source de ces rumeurs ? La publication, sur un forum spécialisé, d’un document contenant supposément les clés ROM de la machine. Si la fuite se révélait authentique, elle ne signifierait toutefois pas que la console serait de facto piratée, mais marquerait une étape majeure pour les bidouilleurs de consoles.
Le soir de Noël, les utilisateurs du portefeuille de crypto-monnaies Trust Wallet ont connu un sérieux coup de chaud. Une mise à jour piégée de l’extension pour navigateur, publiée par des hackers, leur a permis de détourner les fonds de plusieurs portefeuilles. L’entreprise a depuis expliqué comment une telle compromission a pu se produire.
En Allemagne, le collectif Chaos Computer Club (CCC) a appelé au lancement de « journées d’indépendance numérique » mensuelles. L'objectif affiché ? Inciter des utilisateurs et des institutions à se détacher pas à pas des plateformes dominantes et à migrer vers des alternatives plus libres. Une initiative qui passera par des ateliers de formation organisés dans plusieurs villes du pays.
Google is testing a new image AI model called "Nano Banana 2 Flash," and it's going to be as good as the Gemini 3 Pro Nano Banana, but it'll be cheaper. [...]
Trust Wallet believes the compromise of its web browser to steal roughly $8.5 million from over 2,500 crypto wallets is likely related to an "industry-wide" Sha1-Hulud attack in November. [...]
If you're already subscribed to ChatGPT Plus, which costs $20, you can request OpenAI to cancel your subscription, and it may offer one month of free usage. [...]
2025 was a big year for cybersecurity, with cyberattacks, data breaches, threat groups reaching new notoriety levels, and, of course, zero-day flaws exploited in breaches. Some stories, though, were more impactful or popular with our readers than others. This article explores 15 of the biggest cybersecurity stories of 2025. [...]
A fourth wave of the "GlassWorm" campaign is targeting macOS developers with malicious VSCode/OpenVSX extensions that deliver trojanized versions of crypto wallet applications. [...]
Cybersecurity researchers have disclosed details of a persistent nine-month-long campaign that has targeted Internet of Things (IoT) devices and web applications to enroll them into a botnet known as RondoDox.
As of December 2025, the activity has been observed leveraging the recently disclosed React2Shell (CVE-2025-55182, CVSS score: 10.0) flaw as an initial access vector, CloudSEK said in an
Dans la nuit du 1er janvier 2026, les sites de La Poste et de La Banque Postale sont soudainement devenus inaccessibles. La faute à une cyberattaque qui frappe le groupe, à peine une semaine après un précédent incident ayant déjà sérieusement perturbé ses services.
Connexion
The Hacker News
Cyberguerre
