Microsoft is rolling out new artificial intelligence features with the latest updates to the Notepad and Paint apps for Windows 11 Insiders. [...]

Il y a quelques années, on parlait beaucoup de Shadow IT. Des outils installés en douce, des solutions “pratiques”, parfois brillantes, souvent hors radar… et qui finissaient par créer de vrais risques. Aujourd’hui, le sujet revient. Mais avec un cran au-dessus. Parce que l’outil n’est plus seulement un logiciel : c’est un assistant qui écrit, […]

The post Shadow IA : le nouveau « Shadow IT »… first appeared on UnderNews.

À l’heure où les organisations traitent un volume toujours plus important de données personnelles et sensibles, la protection de la vie privée devient un enjeu permanent. À l’occasion de la Journée européenne de la protection des données, CyberArk, leader mondial de la sécurité des identités, rappelle que cette protection repose avant tout sur la maîtrise […]

The post Identités numériques et vie privée : le rôle croissant du Zero Trust first appeared on UnderNews.

Derrière le buzz autour des montures d’Emmanuel Macron se cache un cas d’école de l'effet « Slashdot ». Voici sa définition.

Hackers collect $439,250 after exploiting 29 zero-day vulnerabilities on the second day of Pwn2Own Automotive 2026. [...]

Fortinet FortiGate devices are being targeted in automated attacks that create rogue accounts and steal firewall configuration data, according to cybersecurity company Arctic Wolf. [...]

Security teams at agile, fast-growing companies often have the same mandate: secure the business without slowing it down. Most teams inherit a tech stack optimized for breakneck growth, not resilience. In these environments, the security team is the helpdesk, the compliance expert, and the incident response team all rolled into one. Securing the cloud office in this scenario is all about

A new malicious package discovered in the Python Package Index (PyPI) has been found to impersonate a popular library for symbolic mathematics to deploy malicious payloads, including a cryptocurrency miner, on Linux hosts. The package, named sympy-dev, mimics SymPy, replicating the latter's project description verbatim in an attempt to deceive unsuspecting users into thinking that they are

A new security flaw in SmarterTools SmarterMail email software has come under active exploitation in the wild, two days after the release of a patch. The vulnerability, which currently does not have a CVE identifier, is tracked by watchTowr Labs as WT-2026-0001. It was patched by SmarterTools on January 15, 2026, with Build 9511, following responsible disclosure by the exposure management

Dans un papier de recherche publié le 20 janvier 2026, les équipes de Jamf Threat Labs montrent comment des hackers liés à la Corée du Nord ont fait de Visual Studio Code leur nouvelle porte d’entrée privilégiée, pour installer un backdoor sur les machines de développeurs du monde entier.

Cybersecurity company Arctic Wolf has warned of a "new cluster of automated malicious activity" that involves unauthorized firewall configuration changes on Fortinet FortiGate devices. The activity, it said, commenced on January 15, 2026, adding it shares similarities with a December 2025 campaign in which malicious SSO logins on FortiGate appliances were recorded against the admin account from

Cisco has released fresh patches to address what it described as a "critical" security vulnerability impacting multiple Unified Communications (CM) products and Webex Calling Dedicated Instance that it has been actively exploited as a zero-day in the wild. The vulnerability, CVE-2026-20045 (CVSS score: 8.2), could permit an unauthenticated remote attacker to execute arbitrary commands on the

As many as 3,136 individual IP addresses linked to likely targets of the Contagious Interview activity have been identified, with the campaign claiming 20 potential victim organizations spanning artificial intelligence (AI), cryptocurrency, financial services, IT services, marketing, and software development sectors in Europe, South Asia, the Middle East, and Central America. The new findings

Zoom and GitLab have released security updates to resolve a number of security vulnerabilities that could result in denial-of-service (DoS) and remote code execution. The most severe of the lot is a critical security flaw impacting Zoom Node Multimedia Routers (MMRs) that could permit a meeting participant to conduct remote code execution attacks. The vulnerability, tracked as CVE-2026-22844

À l’approche de la nouvelle réglementation qui réduira drastiquement la durée de vie des certificats TLS à partir de mars 2026 (de 398 jours actuellement à 200 jours le 15 mars 2026), une étude mondiale menée par le Ponemon Institute pour CyberArk, Trends in PKI Security: A Global Study of Trends, Challenges & Business Impact, […]

The post Règlementation sur les certificats TLS : test de maturité pour les stratégies PKI first appeared on UnderNews.

À l’approche de la Semaine de la protection des données 2026, qui aura lieu du 26 au 30 janvier prochains, voici les commentaires de Melissa Bischoping, Senior Director, Security and Product Design Research chez Tanium. Tribune. « Alors que les agents IA et les flux de travail deviennent une composante incontournable des entreprises modernes, la confidentialité […]

The post Semaine de la protection des données (26-30 janvier 2026) first appeared on UnderNews.

Les autorités danoises mettent désormais en garde contre toute utilisation du Bluetooth en raison du risque d’écoute illicite. Les experts en cybersécurité savent depuis de nombreuses années que la technologie Bluetooth, utilisée par de nombreux danois pour leurs écouteurs et divers appareils électroniques, présente des failles. Mais en cette période de tension autour des revendications […]

The post Les autorités danoises déconseillent l’usage du Bluetooth pour des raisons de sécurité first appeared on UnderNews.

People worldwide are being targeted by a massive spam wave originating from unsecured Zendesk support systems, with victims reporting receiving hundreds of emails with strange and sometimes alarming subject lines. [...]

Two high-severity vulnerabilities in Chainlit, a popular open-source framework for building conversational AI applications, allow reading any file on the server and leak sensitive information. [...]