Cybersecurity researchers have discovered a new variant of a macOS information stealer called MacSync that's delivered by means of a digitally signed, notarized Swift application masquerading as a messaging app installer to bypass Apple's Gatekeeper checks. "Unlike earlier MacSync Stealer variants that primarily rely on drag-to-terminal or ClickFix-style techniques, this sample adopts a more

The fraudulent investment scheme known as Nomani has witnessed an increase by 62%, according to data from ESET, as campaigns distributing the threat have also expanded beyond Facebook to include other social media platforms, such as YouTube. The Slovak cybersecurity company said it blocked over 64,000 unique URLs associated with the threat this year. A majority of the detections originated from

MongoDB has warned IT admins to immediately patch a high-severity vulnerability that can be exploited in remote code execution (RCE) attacks targeting vulnerable servers. [...]

The U.S. government has seized the 'web3adspanels.org' domain and the associated database used by cybercriminals to host bank login credentials stolen in account takeover attacks. [...]

Microsoft is rolling out hardware-accelerated BitLocker in Windows 11 to address growing performance and security concerns by leveraging the capabilities of system-on-a-chip and CPU. [...]

Every year, cybercriminals find new ways to steal money and data from businesses. Breaching a business network, extracting sensitive data, and selling it on the dark web has become a reliable payday.  But in 2025, the data breaches that affected small and medium-sized businesses (SMBs) challenged our perceived wisdom about exactly which types of businesses cybercriminals are targeting.&nbsp

Le 23 décembre 2025, Washington a prononcé une interdiction de séjour contre l'ancien commissaire européen Thierry Breton et quatre autres personnalités européennes. Les raisons de cette sanction ? Leur implication dans une plus stricte régulation des géants américains de la tech.

The U.S. Securities and Exchange Commission (SEC) has filed charges against multiple companies for their alleged involvement in an elaborate cryptocurrency scam that swindled more than $14 million from retail investors. The complaint charged crypto asset trading platforms Morocoin Tech Corp., Berge Blockchain Technology Co., Ltd., and Cirkor Inc., as well as investment clubs AI Wealth Inc., Lane

Have you ever received a package you never ordered? It could be a warning sign that your data has been compromised, with more fraud to follow.

Apple has been fined €98.6 million ($116 million) by Italy's antitrust authority after finding that the company's App Tracking Transparency (ATT) privacy framework restricted App Store competition. The Italian Competition Authority (Autorità Garante della Concorrenza e del Mercato, or AGCM) said the company's "absolute dominant position" in app distribution allowed it to "unilaterally impose"

Cybersecurity researchers have discovered two malicious Google Chrome extensions with the same name and published by the same developer that come with capabilities to intercept traffic and capture user credentials. The extensions are advertised as a "multi-location network speed test plug-in" for developers and foreign trade personnel. Both the browser add-ons are available for download as of

The WebRAT malware is now being distributed through GitHub repositories that claim to host proof-of-concept exploits for recently disclosed vulnerabilities. [...]

Voilà plus de 24 heures qu'une grande partie des services en ligne de La Poste sont indisponibles. La faute à une cyberattaque d'une ampleur inédite qui frappe le groupe français juste avant Noël. On fait le point sur la situation.

En 2025, les services de sécurité ont fait face à des défis majeurs : recrudescence du ransomware, phishing assisté par l’IA, campagnes parrainées par des États, et un manque de préparation face à la rapidité d’évolution des cybermenaces. Cette accélération s’inscrit dans un contexte de transformation profonde des usages numériques au sein des entreprises. L’IA […]

The post Cybersécurité : l’intégration des plateformes redéfinira la protection face aux menaces IA en 2026 first appeared on UnderNews.

Malgré une clé d'accès (passkey) et une double authentification avec un gestionnaire de mots de passe, un hacker a réussi à me dérober mon compte PlayStation Network à deux reprises en seulement quelques heures. J'ai réussi à le contacter : il m'explique que Sony est beaucoup trop laxiste et attribue la paternité d'un compte sans vérifier le mot de passe ou l'identité.

Two Chrome extensions in the Web Store named 'Phantom Shuttle' are posing as plugins for a proxy service to hijack user traffic and steal sensitive data. [...]

Microsoft Teams will automatically enable messaging safety features by default in January to strengthen defenses against content tagged as malicious. [...]

Les États-Unis viennent d’inscrire les drones étrangers sur une liste noire de sécurité nationale, empêchant toute nouvelle homologation de modèles fabriqués hors du pays. Une décision qui cible en particulier les géants chinois du secteur et pourrait rebattre les cartes d’un marché largement dominé par DJI.

The French national postal service's online services were knocked offline by "a major network incident" on Monday, disrupting digital banking and other services for millions. [...]