Microsoft is warning that an ongoing phishing campaign impersonating Booking.com is using ClickFix social engineering attacks to infect hospitality workers with various malware, including infostealers and RATs. [...]

Nouvelle étude CyberArk : la croissance rapide des identités machines, l’adoption de l’IA et les innovations cloud natives rendent les organisations plus vulnérables aux attaque. 77 % des responsables de sécurité français perçoivent la sécurisation des machines comme vitale pour protéger l’IA à l’avenir Tribune – CyberArk, le leader mondial de la sécurité des identités, […]

The post La sécurisation des identités machines, une priorité pour 77% des responsables de sécurité français first appeared on UnderNews.

J-2 avant le Digital Cleanup Day – Cette initiative mondiale dédiée au nettoyage numérique. Chaque année, cette journée met en lumière l’impact environnemental croissant du stockage des données. E-mails inutilisés, fichiers obsolètes sur le cloud, applications oubliées… Tous ces éléments contribuent à une consommation énergétique excessive. Tribune – Cet événement vise à sensibiliser à l’impact […]

The post Les bonnes pratiques de Kingston pour une gestion durable et sécurisé des données first appeared on UnderNews.

Credential theft surged 3× in a year—but AI-powered malware? More hype than reality. The Red Report 2025 by Picus Labs reveals attackers still rely on proven tactics like stealth & automation to execute the "perfect heist." [...]

The North Korea-linked threat actor known as ScarCruft is said to have been behind a never-before-seen Android surveillance tool named KoSpy targeting Korean and English-speaking users. Lookout, which shared details of the malware campaign, said the earliest versions date back to March 2022. The most recent samples were flagged in March 2024. It's not clear how successful these efforts were. "

Des sénateurs ont pris position contre l'avis du gouvernement en faisant voter un amendement anti-backdoor (porte dérobée) pour protéger le chiffrement. La mesure a été prise alors qu'un débat a eu lieu à l'Assemblée nationale. Il a concerné une proposition de loi, dont les contours ont fait craindre à un affaiblissement de la sécurité des messageries chiffrées.

Two high-severity security flaws have been disclosed in the open-source ruby-saml library that could allow malicious actors to bypass Security Assertion Markup Language (SAML) authentication protections. SAML is an XML-based markup language and open-standard used for exchanging authentication and authorization data between parties, enabling features like single sign-on (SSO), which allows

As IT environments grow more complex, IT professionals are facing unprecedented pressure to secure business-critical data. With hybrid work the new standard and cloud adoption on the rise, data is increasingly distributed across different environments, providers and locations, expanding the attack surface for emerging cyberthreats. While the need for a strong data protection strategy has become

Ce lundi, le réseau social X a été victime d’une attaque de type DDoS qui a provoqué un ralentissement conséquent du fonctionnement de la plateforme. Elon Musk, propriétaire de X, a affirmé que l’attaque émanait « d’un groupe de taille importante et / ou d’un Etat-Nation ». En parallèle, plusieurs groupes d’hacktivistes ont revendiqué celle-ci. Tribune – […]

The post X victime d’une attaque DDoS, Elon Musk engage la responsabilité d’un Etat-Nation first appeared on UnderNews.

L'ANSSI, la sentinelle de la cybersécurité en France, fait le bilan d'une année marquée par une recrudescence des cyberattaques, notamment dans le contexte des Jeux olympiques. L'agence souligne le rôle de la Russie dans de nombreuses opérations de déstabilisation.

Meta has warned that a security vulnerability impacting the FreeType open-source font rendering library may have been exploited in the wild. The vulnerability has been assigned the CVE identifier CVE-2025-27363, and carries a CVSS score of 8.1, indicating high severity. Described as an out-of-bounds write flaw, it could be exploited to achieve remote code execution when parsing certain font

Browser maker Mozilla is urging users to update their Firefox instances to the latest version to avoid facing issues with using add-ons due to the impending expiration of a root certificate. "On March 14, 2025, a root certificate used to verify signed content and add-ons for various Mozilla projects, including Firefox, will expire," Mozilla said. "Without updating to Firefox

Une cyberattaque a récemment touché la mairie de la ville de Lorient. Des données personnelles d'agents municipaux ont été mises en vente sur un célèbre forum de pirates.

Facebook is warning that a FreeType vulnerability in all versions up to 2.13 can lead to arbitrary code execution, with reports that the flaw has been exploited in attacks. [...]

CISA says the Medusa ransomware operation has impacted over 300 organizations in critical infrastructure sectors in the United States until last month. [...]

A new Android spyware named 'KoSpy' is linked to North Korean threat actors who have infiltrated Google Play and third-party app store APKPure through at least five malicious apps. [...]

Indian authorities arrested Aleksej Besciokov, the co-founder and one of the administrators of the Russian Garantex crypto-exchange while vacationing with his family in Varkala, India. [...]

Mozilla is warning Firefox users to update their browsers to the latest version to avoid facing disruption and security risks caused by the upcoming expiration of one of the company's root certificates. [...]

Slovak cybersecurity company ESET says a newly patched zero-day vulnerability in the Windows Win32 Kernel Subsystem has been exploited in attacks since March 2023. [...]