Les chercheurs de Proofpoint viennent de révéler une vulnérabilité inquiétante dans Cursor IDE, l’éditeur de code dopé à l’IA qui compte des millions d’utilisateurs. Recherche Proofpoint – L’attaque repose sur de l’ingénierie sociale combinée à une faiblesse du système de deeplinks de Cursor. Un développeur reçoit un lien piégé (par email, Slack, GitHub, etc.), qui déclenche une […]

The post Cursor IDE expose les développeurs à des cyberattaques sophistiquées first appeared on UnderNews.

En mars 2026, l’équipe Threat Research de Kaspersky a identifié une nouvelle campagne malveillante ciblant les développeurs qui cherchent à installer Claude Code, l’agent d’IA créé par Anthropic. Lorsqu’un internaute tape «Claude Code download» dans un moteur de recherche, des annonces sponsorisées trompeuses apparaissent en tête des résultats. L’une de ces publicités redirige les utilisateurs […]

The post Kaspersky découvre des infostealers imitant Claude Code, OpenClaw et autres outils de développement d’IA first appeared on UnderNews.

Le Google Threat Intelligence Group (GTIG) vient de publier un rapport complet sur le paysage des ransomwares en 2025, analysant les tactiques, techniques et procédures observées lors des incidents survenus cette année, ainsi que les principales évolutions. Tribune – Le rapport met en évidence une baisse globale de la rentabilité des opérations de ransomware. Il […]

The post Rapport GTIG / Evolution du paysage des ransomwares en 2025 first appeared on UnderNews.

Une étude internationale révèle un fossé entre sensibilisation et action face à la montée des cyberattaques liées à l’IA et à l’expansion des outils collaboratifs. Le rapport Mimecast State of Human Risk 2026 révèle un basculement historique : la malveillance interne (42 %) égale désormais la négligence comme menace prioritaire. L’impact financier est colossal, avec un […]

The post Étude Mimecast : 42 % des organisations observent une augmentation des comportements internes malveillants first appeared on UnderNews.

Security teams today are not short on tools or data. They are overwhelmed by both.  Yet within the terabytes of alerts, exposures, and misconfigurations – security teams still struggle to understand context:  Q: Which exposures, misconfigurations, and vulnerabilities chain together to create viable attack paths to crown jewels? Even the most mature security teams can’t answer that

A high-severity security flaw affecting default installations of Ubuntu Desktop versions 24.04 and later could be exploited to escalate privileges to the root level. Tracked as CVE-2026-3888 (CVSS score: 7.8), the issue could allow an attacker to seize control of a susceptible system. "This flaw (CVE-2026-3888) allows an unprivileged local attacker to escalate privileges to full root access

Apple has released its first Background Security Improvements update to fix a WebKit flaw tracked as CVE-2026-20643 on iPhones, iPads, and Macs without requiring a full operating system upgrade. [...]

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, repositories, and extensions on GitHub, npm, and VSCode/OpenVSX extensions. [...]

The European Union Council has announced sanctions against three entities and two individuals for their involvement in cyberattacks targeting critical infrastructure in the region. [...]

Apple on Tuesday released its first round of Background Security Improvements to address a security flaw in WebKit that affects iOS, iPadOS, and macOS. The vulnerability, tracked as CVE-2026-20643 (CVSS score: N/A), has been described as a cross-origin issue in WebKit's Navigation API that could be exploited to bypass the same-origin policy when processing maliciously crafted web content. The

Cybersecurity researchers have disclosed a critical security flaw impacting the GNU InetUtils telnet daemon (telnetd) that could be exploited by an unauthenticated remote attacker to execute arbitrary code with elevated privileges. The vulnerability, tracked as CVE-2026-32746, carries a CVSS score of 9.8 out of 10.0. It has been described as a case of out-of-bounds write in the LINEMODE Set

Cybersecurity researchers have disclosed details of a new method for exfiltrating sensitive data from artificial intelligence (AI) code execution environments using domain name system (DNS) queries. In a report published Monday, BeyondTrust revealed that Amazon Bedrock AgentCore Code Interpreter's sandbox mode permits outbound DNS queries that an attacker can exploit to enable interactive shells

The ransomware operation known as LeakNet has adopted the ClickFix social engineering tactic delivered through compromised websites as an initial access method. The use of ClickFix, where users are tricked into manually running malicious commands to address non-existent errors, is a departure from relying on traditional methods for obtaining initial access, such as through stolen credentials

AI agents are autonomous actors with real access to data and systems, not just copilots. Token Security explains why identity-based access control is critical to prevent misuse and data exposure. [...]

A new font-rendering attack causes AI assistants to miss malicious commands shown on webpages by hiding them in seemingly harmless HTML. [...]

Microsoft has stopped automatically installing the Microsoft 365 Copilot app on Windows devices that have the Microsoft 365 desktop client apps. [...]

The LeakNet ransomware gang is now using the ClickFix technique for initial access into corporate environments and deploys a malware loader based on the open-source Deno runtime for JavaScript and TypeScript. [...]

A majority of security leaders are struggling to defend AI systems with tools and skills that are not fit for the challenge, according to the AI and Adversarial Testing Benchmark Report 2026 from Pentera. The report, based on a survey of 300 US CISOs and senior security leaders, examines how organizations are securing AI infrastructure and highlights critical gaps tied to skills shortages and

Microsoft has shared guidance to fix C:\ drive access issues and app failures on some Samsung laptops running Windows 11, versions 25H2 and 24H2. [...]