A 39-year-old Australian national who was previously employed at U.S. defense contractor L3Harris has been sentenced to a little over seven years in prison for selling eight zero-day exploits to Russian exploit broker Operation Zero in exchange for millions of dollars. Peter Williams pleaded guilty to two counts of theft of trade secrets in October 2025. In addition to the jail term, Williams

The former head of Trenchant, a specialized U.S. defense contractor unit, was sentenced Tuesday to more than seven years in federal prison for stealing and selling zero-day exploits to a Russian exploit broker whose clients include the Russian government. [...]

SolarWinds has released updates to address four critical security flaws in its Serv-U file transfer software that, if successfully exploited, could result in remote code execution. The vulnerabilities, all rated 9.1 on the CVSS scoring system, are listed below - CVE-2025-40538 - A broken access control vulnerability that allows an attacker to create a system admin user and execute arbitrary

Microsoft has released the KB5077241 optional cumulative update for Windows 11, which comes with 29 changes, including improvements to BitLocker, a new network speed test tool, and native System Monitor (Sysmon) functionality. [...]

A financially motivated threat group dubbed "Diesel Vortex" is stealing credentials from freight and logistics operators in the U.S. and Europe in phishing attacks using 52 domains. [...]

Wynn Resorts has confirmed that a hacker stole employee data from its systems after the company was listed on the ShinyHunters extortion gang's data leak site. [...]

A newly identified cybercrime service known as 1Campaign is enabling threat actors to run malicious Google Ads that remain online for extended periods while evading scrutiny from security researchers. [...]

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a recently disclosed vulnerability in FileZen to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2026-25108 (CVSS v4 score: 8.7), is a case of operating system (OS) command injection that could allow an authenticated user to execute

A vulnerability in GitHub Codespaces could have been exploited by bad actors to seize control of repositories by injecting malicious Copilot instructions in a GitHub issue. The artificial intelligence (AI)-driven vulnerability has been codenamed RoguePilot by Orca Security. It has since been patched by Microsoft following responsible disclosure. "Attackers can craft hidden instructions inside a

A Russia-aligned threat actor has been observed targeting a European financial institution as part of a social engineering attack to likely facilitate intelligence gathering or financial theft, signaling a possible expansion of the threat actor's targeting beyond Ukraine and into entities supporting the war-torn nation. The activity, which targeted an unnamed entity involved in regional

Face à l’extension rapide de la surface d’attaque d’OpenClaw et à la multiplication des risques liés aux supply chains non sécurisées, SentinelOne®, leader de la sécurité native IA, dévoile ClawSec, suite de sécurité open source conçue pour instaurer une protection continue, vérifiable et collaborative des déploiements agentiques. Tribune – À mesure que les agents autonomes […]

The post SentinelOne lance ClawSec, une suite open source pour sécuriser l’essor des agents OpenClaw first appeared on UnderNews.

Dell Technologies annonce la poursuite de son partenariat avec McLaren Racing, la branche de McLaren Group chargée de l’engagement en compétition automobile. Cette dernière s’appuie en effet depuis 2018 sur l’infrastructure IA avancée et les PC Dell afin de renforcer la compétitivité de l’écurie McLaren en Formule 1. Tribune – En tant que Partenaire Officiel […]

The post IA, jumeaux numériques et HPC : McLaren et Dell prolongent leur partenariat pour optimiser la performance en F1 first appeared on UnderNews.

Le Pentagone et la société Anthropic renégocient l’accès au chatbot Claude sur les réseaux classifiés de l’armée, alors que le ministère américain de la Défense presse les acteurs de l'intelligence artificielle d’assouplir leurs garde-fous.

The ShinyHunters extortion group has published personal information in more than 12 million records allegedly stolen from CarGurus, a U.S.-based digital auto platform. [...]

Microsoft is expanding data loss prevention (DLP) controls to block the Microsoft 365 Copilot AI assistant from processing confidential Word, Excel, and PowerPoint documents, regardless of their location. [...]

AI agents now provision infrastructure and approve actions, but many inherit over-scoped privileges without proper governance. Token Security explains why CISOs must treat agents as identities and add intent-based controls so access is granted only when purpose and context align. [...]

The UK Information Commissioner's Office (ICO) has fined Reddit £14.47 million (over $19.5 million) for collecting and using the personal information of children under 13 without adequate safeguards. [...]

SolarWinds has patched four critical Serv-U remote code execution vulnerabilities that could grant attackers root access to unpatched servers. [...]

Conscio Technologies, spécialiste de la sensibilisation à la cybersécurité, présente son livre blanc « Sensibilisation Cybersécurité – plan d’action 2026 », un ouvrage pratique permettant de lancer et mettre en place un plan de sensibilisation efficace. Tribune – Audrey BOUSSICAUD, Responsable pédagogique Conscio Technologies : « Si je devais résumer l’année 2026 en un mot pour les RSSI, […]

The post Conscio Technologies présente son livre blanc « Sensibilisation Cybersécurité – plan d’action 2026 » first appeared on UnderNews.