Threat actors are embracing ClickFix, ransomware gangs are turning on each other – toppling even the leaders – and law enforcement is disrupting one infostealer after another

Le service de messagerie instantanée Whatsapp a annoncé, le 5 août 2025, la mise en service de nouvelles mesures de sécurité pour lutter contre les arnaques en ligne. L'application affichera notamment des messages de prévention avant que vous n'entamiez une discussion avec un groupe ou un interlocuteur inconnu.

Le vol d’identifiants mobiles devient une menace toujours plus importante pour les entreprises : Zimperium tire la sonnette d’alarme. Zimperium a identifié plus de 2 400 variantes de malwares ciblant les connexions et l’authentification multifactorielle (MFA). Tribune — Zimperium, leader mondial de la sécurité mobile, met en gardeles entreprises du monde entiercontre une tendance alarmantequi […]

The post Zimperium alerte sur l’explosion de vols d’identifiants une menace toujours plus importante pour les entreprises first appeared on UnderNews.

MFA blocks 99% of attacks—but weak passwords still let attackers in. Specops helps you enforce strong password policies and MFA everywhere, so one layer doesn't undo the other. Book your free trial today. [...]

Google is the latest company to suffer a data breach in an ongoing wave of Salesforce CRM data theft attacks conducted by the ShinyHunters extortion group. [...]

National Bank of Canada (Banque Nationale du Canada), the sixth largest commercial bank of Canada is currently experiencing a widespread service outage affecting its online banking and mobile app platforms. [...]

ControlVault3 firmware vulnerabilities impacting over 100 Dell laptop models can allow attackers to bypass Windows login and install malware that persists across system reinstalls. [...]

As the volume and sophistication of cyber threats and risks grow, cybersecurity has become mission-critical for businesses of all sizes. To address this shift, SMBs have been urgently turning to vCISO services to keep up with escalating threats and compliance demands. A recent report by Cynomi has found that a full 79% of MSPs and MSSPs see high demand for vCISO services among SMBs. How are

Microsoft on Tuesday announced an autonomous artificial intelligence (AI) agent that can analyze and classify software without assistance in an effort to advance malware detection efforts. The large language model (LLM)-powered autonomous malware classification system, currently a prototype, has been codenamed Project Ire by the tech giant. The system "automates what is considered the gold

Trend Micro has released mitigations to address critical security flaws in on-premise versions of Apex One Management Console that it said have been exploited in the wild. The vulnerabilities (CVE-2025-54948 and CVE-2025-54987), both rated 9.4 on the CVSS scoring system, have been described as management console command injection and remote code execution flaws. "A vulnerability in Trend Micro

Les autorités taïwanaises ont annoncé le 5 août avoir arrêté plusieurs employés et ex-salariés du constructeur de semi-conducteurs TSMC. Ils sont soupçonnés d’avoir dérobé des secrets technologiques et industriels liés à la fabrication des puces d'une finesse de gravure de 2 nanomètres, fleuron absolu du géant taïwanais.

C'est la fin de l'aventure pour Dashlane Free. Le gestionnaire de mots de passe annonce l'arrêt prochain de sa formule gratuite, qui était devenue vraiment très contrariante à l'emploi depuis deux ans. Il est temps de passer à la formule payante, ou d'aller voir ailleurs.

WhatsApp is introducing a new security feature that will help users spot potential scams when they are being added to a group chat by someone not in their contact list. [...]

The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of cyber attacks carried out by a threat actor called UAC-0099 targeting government agencies, the defense forces, and enterprises of the defense-industrial complex in the country. The attacks, which leverage phishing emails as an initial compromise vector, are used to deliver malware families like MATCHBOIL, MATCHWOK, and

Trend Micro has warned customers to immediately secure their systems against an actively exploited remote code execution vulnerability in its Apex One endpoint security platform. [...]

​Microsoft paid a record $17 million this year to 344 security researchers across 59 countries through its bug bounty program. [...]

C'est la fin de l'aventure pour Dashlane Free. Le gestionnaire de mots de passe annonce l'arrêt prochain de sa formule gratuite, qui était devenue vraiment très contrariante à l'emploi depuis deux ans. Il est temps de passer à la formule payante, ou d'aller voir ailleurs.

When Technology Resets the Playing Field In 2015 I founded a cybersecurity testing software company with the belief that automated penetration testing was not only possible, but necessary. At the time, the idea was often met with skepticism, but today, with 1200+ of enterprise customers and thousands of users, that vision has proven itself. But I also know that what we’ve built so far is only

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three old security flaws impacting D-Link Wi-Fi cameras and video recorders to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation in the wild. The high-severity vulnerabilities, which are from 2020 and 2022, are listed below - CVE-2020-25078 (CVSS score: 7.5) - An