Depuis des mois, de nombreux internautes espagnols subissent des restrictions d’accès à Internet chaque week-end, phénomène qui coïncide avec la diffusion des matchs de La Liga. Ces blocages sont la conséquence directe de la lutte menée par les dirigeants du football espagnol contre le piratage des diffusions sportives.

Cybersecurity researchers have discovered five vulnerabilities in Fluent Bit, an open-source and lightweight telemetry agent, that could be chained to compromise and take over cloud infrastructures. The security defects "allow attackers to bypass authentication, perform path traversal, achieve remote code execution, cause denial-of-service conditions, and manipulate tags," Oligo Security said in

SitusAMC, a company that provides back-end services for top banks and lenders, disclosed on Saturday a data breach it had discovered earlier this month that impacted customer data. [...]

Hybrid work exposes the limits of SCCM and WSUS, with remote devices often missing updates and WSUS now deprecated. Action1's cloud-native patching keeps devices updated from any location, strengthening compliance and security. [...]

Dans un contexte où les cybermenaces se multiplient et se complexifient, les petites et moyennes entreprises se retrouvent souvent en première ligne, sans toujours disposer des moyens humains ou financiers nécessaires pour se protéger efficacement. Face à cette réalité, ReeVo a développé une approche souveraine, cloud-native et entièrement managée, spécifiquement pensée pour répondre aux besoins […]

The post Les technologies prioritaires pour assurer rapidement la résilience opérationnelle d’une PME face aux cybermenaces first appeared on UnderNews.

Une bibliothèque de cartographie obsolète, encore utilisée dans plusieurs applications majeures de voyage et de météo, expose des millions d’utilisateurs et d’entreprises à des vulnérabilités potentielles. Tribune – Zimperium, leader mondial de la sécurité mobile, publie une étude, menée par son équipe de recherche zLabs, révélant que des milliers d’applications Android parmi les plus populaires, […]

The post Zimperium alerte sur les risques de sécurité cachés dans des applications Android populaires first appeared on UnderNews.

Hundreds of trojanized versions of well-known packages such as Zapier, ENS Domains, PostHog, and Postman have been planted in the npm registry in a new Shai-Hulud supply-chain campaign. [...]

Multiple security vendors are sounding the alarm about a second wave of attacks targeting the npm registry in a manner that's reminiscent of the Shai-Hulud attack. The new supply chain campaign, dubbed Sha1-Hulud, has compromised hundreds of npm packages, according to reports from Aikido, HelixGuard, Koi Security, Socket, Step Security, and Wiz. The trojanized npm packages were uploaded to

This week saw a lot of new cyber trouble. Hackers hit Fortinet and Chrome with new 0-day bugs. They also broke into supply chains and SaaS tools. Many hid inside trusted apps, browser alerts, and software updates. Big firms like Microsoft, Salesforce, and Google had to react fast — stopping DDoS attacks, blocking bad links, and fixing live flaws. Reports also showed how fast fake news, AI

Harvard University disclosed over the weekend that its Alumni Affairs and Development systems were compromised in a voice phishing attack, exposing the personal information of students, alumni, donors, staff, and faculty members. [...]

Microsoft is testing a new optional feature that preloads File Explorer in the background to improve launch times on Windows 11 systems. [...]

New research from CrowdStrike has revealed that DeepSeek's artificial intelligence (AI) reasoning model DeepSeek-R1 produces more security vulnerabilities in response to prompts that contain topics deemed politically sensitive by China. "We found that when DeepSeek-R1 receives prompts containing topics the Chinese Communist Party (CCP) likely considers politically sensitive, the likelihood of it

Microsoft has warned IT administrators to prepare for the removal of Windows Internet Name Service (WINS) from Windows Server releases starting in November 2034. [...]

Le 24 novembre 2024, de nombreux utilisateurs de WhatsApp ont reçu une notification inattendue : un message provenant directement d’Amazon.fr. Présentée comme une invitation à profiter des « meilleures ventes Flash », cette communication a semé la confusion chez les consommateurs, dont beaucoup ont cru à une arnaque.

Microsoft has confirmed a critical Windows 11 24H2 bug that causes the File Explorer, the Start Menu, and other key system components to crash when provisioning systems with cumulative updates released since July 2025. [...]

A recently patched security flaw in Microsoft Windows Server Update Services (WSUS) has been exploited by threat actors to distribute malware known as ShadowPad. "The attacker targeted Windows Servers with WSUS enabled, exploiting CVE-2025-59287 for initial access," AhnLab Security Intelligence Center (ASEC) said in a report published last week. "They then used PowerCat, an open-source

Google has added interoperability support between Android Quick Share and Apple AirDrop, to let users share files between Pixel devices and iPhones. [...]

Passwork 7 unifies enterprise password and secrets management in a self-hosted platform. Organizations can automate credential workflows and test the full system with a free trial and up to 50% Black Friday savings. [...]

Spanish flag carrier Iberia has begun notifying customers of a data security incident stemming from a compromise at one of its suppliers. The disclosure comes days after a threat actor claimed on hacker forums to have access to 77 GB of data allegedly stolen from the airline. [...]