Cybersecurity researchers have disclosed details of two security vulnerabilities impacting Supermicro Baseboard Management Controller (BMC) firmware that could potentially allow attackers to bypass crucial verification steps and update the system with a specially crafted image. The medium-severity vulnerabilities, both of which stem from improper verification of a cryptographic signature, are

Law enforcement authorities in Europe have arrested five suspects in connection with an "elaborate" online investment fraud scheme that stole more than €100 million ($118 million) from over 100 victims in France, Germany, Italy, and Spain. According to Eurojust, the coordinated action saw searches in five places across Spain and Portugal, as well as in Italy, Romania and Bulgaria. Bank accounts

US gaming and casino operator Boyd Gaming Corporation disclosed it suffered a breach after threat actors gained access to its systems and stole data, including employee information and data belonging to a limited number of other individuals. [...]

Libraesva rolled out an emergency update for its Email Security Gateway solution to fix a vulnerability exploited by threat actors believed to be state sponsored. [...]

The U.S. Secret Service on Tuesday said it took down a network of electronic devices located across the New York tri-state area that were used to threaten U.S. government officials and posed an imminent threat to national security. "This protective intelligence investigation led to the discovery of more than 300 co-located SIM servers and 100,000 SIM cards across multiple sites," the Secret

WhatsApp has started rolling out a new translation feature that enables Android and iPhone users to translate messages in chats, groups, and channel updates. [...]

Cloudflare has mitigated a distributed denial-of-service (DDoS) attack that peaked at a record-breaking 22.2 terabits per second (Tbps) and 10.6 billion packets per second (Bpps). [...]

CISA has revealed that attackers breached the network of an unnamed U.S. federal civilian executive branch (FCEB) agency last year after compromising an unpatched GeoServer instance. [...]

Law enforcement authorities in Europe have arrested five suspects linked to a cryptocurrency investment fraud ring that stole over €100 million ($118 million) from more than 100 victims. [...]

Identity Governance doesn't have to be complex or costly. tenfold's free Community Edition helps orgs (up to 150 users) streamline onboarding, access reviews & M365 permissions — all with a no-code IGA platform. [...]

SolarWinds has released a hotfix for a critical a critical vulnerability in Web Help Desk that allows remote code execution (RCE) without authentication. [...]

À partir du 25 septembre, les billets de la CAN seront mis en vente, un moment attendu par des millions de fans. Mais cette popularité est du pain béni pour les cybercriminels, qui profitent des grands événements sportifs pour multiplier les arnaques. Streaming illégal, faux billets, produits dérivés frauduleux : Kaspersky alerte sur les escroqueries […]

The post CAN 2025 : jouer la carte de la sécurité pour ne pas tomber dans le piège des arnaques sportives first appeared on UnderNews.

SolarWinds has released hot fixes to address a critical security flaw impacting its Web Help Desk software that, if successfully exploited, could allow attackers to execute arbitrary commands on susceptible systems. The vulnerability, tracked as CVE-2025-26399 (CVSS score: 9.8), has been described as an instance of deserialization of untrusted data that could result in code execution. It affects

Big companies are getting smaller, and their CEOs want everyone to know it. Wells Fargo has cut its workforce by 23% over five years, Bank of America has shed 88,000 employees since 2010, and Verizon's CEO recently boasted that headcount is "going down all the time." What was once a sign of corporate distress has become a badge of honor, with executives celebrating lean operations and AI-driven

Cybersecurity researchers have disclosed details of a new botnet that customers can rent access to conduct distributed denial-of-service (DDoS) attacks against targets of interest. The ShadowV2 botnet, according to Darktrace, predominantly targets misconfigured Docker containers on Amazon Web Services (AWS) cloud servers to deploy a Go-based malware that turns infected systems into attack nodes

SonicWall has released a firmware update that can help customers remove rootkit malware deployed in attacks targeting SMA 100 series devices. [...]

GitHub is introducing a set of defenses against supply-chain attacks on the platform that led to multiple large-scale incidents recently. [...]

Newly discovered npm package 'fezbox' employs QR codes to hide a second-stage payload to steal cookies from a user's web browser. The package, masquerading as a utility library, leverages this innovative steganographic technique to harvest sensitive data, such as user credentials, from a compromised machine. [...]

Depuis début septembre 2025, le groupe britannique Jaguar Land Rover est empêtré dans une cyberattaque qui met à l’arrêt sa production. Le constructeur vient d’annoncer une nouvelle date cible pour la reprise, alors que la pression économique, politique et médiatique ne cesse de monter.