Hausse des menaces par e-mail, multiplication des attaques furtives sur les endpoints et baisse du ransomware : un paysage façonné par l’essor de l’IA. Tribune – WatchGuard® Technologies, leader mondial de la cybersécurité unifiée à destination des fournisseurs de services managés (MSP), dévoile les résultats de son dernier rapport trimestriel sur la sécurité Internet. Ce […]

The post Rapport Threat Lab WatchGuard : une augmentation de 171 % des malwares inédits détectés. Un nouveau record ! first appeared on UnderNews.

For the first time in 2025, Microsoft's Patch Tuesday updates did not bundle fixes for exploited security vulnerabilities, but acknowledged one of the addressed flaws had been publicly known. The patches resolve a whopping 130 vulnerabilities, along with 10 other non-Microsoft CVEs that affect Visual Studio, AMD, and its Chromium-based Edge browser. Of these 10 are rated Critical and the

Samsung has announced multiple data security and privacy enhancements for its upcoming Galaxy smartphones running One UI 8, its custom user interface on top of Android. [...]

M&S confirmed today that the retail outlet's network was initially breached in a "sophisticated impersonation attack" that ultimately led to a DragonForce ransomware attack. [...]

A novel tapjacking technique can exploit user interface animations to bypass Android's permission system and allow access to sensitive data or trick users into performing destructive actions, such as wiping the device. [...]

Microsoft has released the KB5062554 cumulative update for Windows 10 22H2 and Windows 10 21H2, with thirteen new fixes or changes. [...]

Microsoft has released Windows 11 KB5062553 and KB5062552 cumulative updates for versions 24H2 and 23H2 to fix security vulnerabilities and issues. [...]

Today is Microsoft's July 2025 Patch Tuesday, which includes security updates for 137 flaws, including one publicly disclosed zero-day vulnerability in Microsoft SQL Server. [...]

The Anatsa banking trojan has sneaked into Google Play once more via an app posing as a PDF viewer that counted more than 50,000 downloads. [...]

Exposed RDP ports are an open door for attackers. TruGrid SecureRDP enforces Zero Trust and MFA, blocks lateral movement, and secures remote access—no open firewall ports required. Learn more and get a free trial. [...]

Almost a dozen malicious extensions with 1.7 million downloads in Google's Chrome Web Store could track users, steal browser activity, and redirect to potentially unsafe web addresses. [...]

In yet another instance of threat actors repurposing legitimate tools for malicious purposes, it has been discovered that hackers are exploiting a popular red teaming tool called Shellter to distribute stealer malware. The company behind the software said a company that had recently purchased Shellter Elite licenses leaked their copy, prompting malicious actors to weaponize the tool for

Cybersecurity researchers have discovered an Android banking malware campaign that has leveraged a trojan named Anatsa to target users in North America using malicious apps published on Google's official app marketplace. The malware, disguised as a "PDF Update" to a document viewer app, has been caught serving a deceptive overlay when users attempt to access their banking application, claiming

Cybersecurity researchers have flagged a supply chain attack targeting a Microsoft Visual Studio Code (VS Code) extension called Ethcode that has been installed a little over 6,000 times. The compromise, per ReversingLabs, occurred via a GitHub pull request that was opened by a user named Airez299 on June 17, 2025. First released by 7finney in 2022, Ethcode is a VS Code extension that's used to

« La cybersécurité ? Ce n’est pas mon rôle ». Une nouvelle étude Cohesity met en lumière le rejet de responsabilité des employés français en matière de cybersécurité, augmentant le risque dans les entreprises. Plus de la moitié des employés français interrogés admettent ne pas se sentir capables d’identifier une tentative de cyberattaque 71,7% d’entre eux estiment […]

The post Cybersécurité : seuls 10% des employés français endossent leur part de responsabilité first appeared on UnderNews.

Le 4 juillet 2025, un informaticien de la société C&M Software est arrêté par la police de Sao Paulo. L'homme est suspecté d'avoir aidé des cybercriminels à infiltrer les systèmes de l'entreprise pour 15 000 réais, environ 2 300 euros. Le piratage de la société, qui assure l’interconnexion entre les banques et un système de paiement, aurait permis aux hackers de détourner près de 90 millions d’euros. Rentable.

From overprivileged admin roles to long-forgotten vendor tokens, these attackers are slipping through the cracks of trust and access. Here’s how five retail breaches unfolded, and what they reveal about... In recent months, major retailers like Adidas, The North Face, Dior, Victoria's Secret, Cartier, Marks & Spencer, and Co‑op have all been breached. These attacks weren’t sophisticated

Cybersecurity researchers are calling attention to a malware campaign that's targeting security flaws in TBK digital video recorders (DVRs) and Four-Faith routers to rope the devices into a new botnet called RondoDox. The vulnerabilities in question include CVE-2024-3721, a medium-severity command injection vulnerability affecting TBK DVR-4104 and DVR-4216 DVRs, and CVE-2024-12856, an operating

A newly released report by cybersecurity firm CTM360 reveals a large-scale scam operation utilizing fake news websites—known as Baiting News Sites (BNS)—to deceive users into online investment fraud across 50 countries. These BNS pages are made to look like real news outlets: CNN, BBC, CNBC, or regional media. They publish fake stories that feature public figures, central banks, or financial