Présenté par Le Parisien comme « la botte secrète des narcotrafiquants pour protéger leurs données de la police », le système d'exploitation alternatif GrapheneOS, basé sur Android, est au cœur d'une vaste polémique. Ses développeurs ont publié un message incendiaire à l'encontre des autorités françaises.

Vanté il y a encore quelques années pour son caractère prétendument inarrêtable, le missile hypersonique russe Kinzhal a essuyé plusieurs revers depuis son déploiement sur le champ de bataille ukrainien. Des échecs dus en partie aux innovations dans les systèmes de brouillage ukrainiens, qui utilisent également ces technologies pour envoyer un message mélodieux à l’adversaire.

American cybersecurity firm CrowdStrike has confirmed that an insider shared screenshots taken on internal systems with hackers after they were leaked on Telegram by the Scattered Lapsus$ Hunters threat actors. [...]

The Federal Communications Commission (FCC) has rolled back a previous ruling that required U.S. telecom carriers to implement stricter cybersecurity measures following the massive hack from the Chinese threat group known as Salt Typhoon. [...]

Two British teenagers have denied charges related to an investigation into the breach of Transport for London (TfL) in August 2024, which caused millions of pounds in damage and exposed customer data. [...]

Avast is rolling out Scam Guardian, a free AI-powered protection layer that analyzes websites, messages, and links to detect rising scam threats. Powered by Gen Threat Labs data, it reveals hidden dangers in code and adds 24/7 scam guidance through the Avast Assistant. [...]

Grafana has released security updates to address a maximum severity security flaw that could allow privilege escalation or user impersonation under certain configurations. The vulnerability, tracked as CVE-2025-41115, carries a CVSS score of 10.0. It resides in the System for Cross-domain Identity Management (SCIM) component that allows automated user provisioning and management. First

Les chercheurs du Threat Labs de Netskope ont publié une analyse d’une nouvelle recherche sur la capacité de créer un malware autonome composé uniquement de prompts des grands modèles de langage (Large Language Models ou LLM) et de code minimal, éliminant ainsi le besoin de coder en dur des instructions détectables. Les LLM ont rapidement […]

The post Le futur des malwares sera alimenté par les LLMs first appeared on UnderNews.

Google has started rolling out ads in AI mode, which is the company's "answer engine," not a search engine. [...]

In a surprise move, Google on Thursday announced that it has updated Quick Share, its peer-to-peer file transfer service, to work with Apple's equipment AirDrop, allowing users to more easily share files and photos between Android and iPhone devices. The cross-platform sharing feature is currently limited to the Pixel 10 lineup and works with iPhone, iPad, and macOS devices, with plans to expand

Ever wonder how some IT teams keep corporate data safe without slowing down employees? Of course you have. Mobile devices are essential for modern work—but with mobility comes risk. IT admins, like you, juggle protecting sensitive data while keeping teams productive. That’s why more enterprises are turning to Samsung for mobile security. Hey—you're busy, so here's a quick-read article on what

A China-nexus threat actor known as APT24 has been observed using a previously undocumented malware dubbed BADAUDIO to establish persistent remote access to compromised networks as part of a nearly three-year campaign. "While earlier operations relied on broad strategic web compromises to compromise legitimate websites, APT24 has recently pivoted to using more sophisticated vectors targeting

Here’s how open-source intelligence helps trace your digital footprint and uncover your weak points, plus a few essential tools to connect the dots

Le 20 novembre 2025, Salesforce a alerté ses utilisateurs à propos d’une « activité inhabituelle » détectée via des applications connectées à sa plateforme, ce qui a pu permettre un accès non autorisé à certaines données clients.

The U.S. Securities and Exchange Commission (SEC) has abandoned its lawsuit against SolarWinds and its chief information security officer, alleging that the company had misled investors about the security practices that led to the 2020 supply chain attack. In a joint motion filed November 20, 2025, the SEC, along with SolarWinds and its CISO Timothy G. Brown, asked the court to voluntarily

Salesforce has warned of detected "unusual activity" related to Gainsight-published applications connected to the platform. "Our investigation indicates this activity may have enabled unauthorized access to certain customers’ Salesforce data through the app's connection," the company said in an advisory. The cloud services firm said it has taken the step of revoking all active access and refresh

China-linked APT24 hackers have been using a previously undocumented malware called BadAudio in a three-year espionage campaign that recently switched to more sophisticated attack methods. [...]

Data from Italy's national railway operator, the FS Italiane Group, has been exposed after a threat actor breached the organization's IT services provider, Almaviva. [...]

Dans le cadre de la Semaine Internationale de Sensibilisation à la Fraude, voici le commentaire de Gal Diskin, VP, Identity Threat & Research chez Delinea.   «  Cette Semaine Internationale de Sensibilisation à la Fraude intervient à un moment où l’intelligence artificielle s’intègre pleinement aux opérations de cybercriminalité, et où les attaques générées par l’IA […]

The post Semaine Internationale de Sensibilisation à la Fraude first appeared on UnderNews.