Microsoft is investigating a known issue that triggers Secure Boot errors and prevents Surface Hub v1 devices from starting up. [...]

Microsoft is investigating an ongoing incident that is causing users to experience errors with some Microsoft 365 authentication features. [...]

Pendant près de trois ans, des chercheurs ont pu collecter des milliers de données confidentielles sur Danabot, un des réseaux cybercriminels les plus recherchés au monde. La faute à une faille dans leur infrastructure, baptisée DanaBleed.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday disclosed that ransomware actors are targeting unpatched SimpleHelp Remote Monitoring and Management (RMM) instances to compromise customers of an unnamed utility billing software provider. "This incident reflects a broader pattern of ransomware actors targeting organizations through unpatched versions of SimpleHelp

Introduction: Security at a Tipping Point Security Operations Centers (SOCs) were built for a different era, one defined by perimeter-based thinking, known threats, and manageable alert volumes. But today’s threat landscape doesn’t play by those rules. The sheer volume of telemetry, overlapping tools, and automated alerts has pushed traditional SOCs to the edge. Security teams are overwhelmed,

Victoria's Secret has restored all critical systems impacted by a May 24 security incident that forced it to shut down corporate systems and the e-commerce website. [...]

Cloudflare has confirmed that the massive service outage yesterday was not caused by a security incident and no data has been lost. [...]

A l’occasion de l’évènement annuel, Predictive Cyber Day, le 12 juin à la Sorbonne, Thierry Happe (fondateur et ex-président de l’Observatoire Netexplo) annonce le lancement du Predictive Cyberlab, un laboratoire dédié à la lutte contre les cybermenaces reposant sur l’ingénierie sociale et au développement de la cyber maturité des collaborateurs des entreprises. Communiqué – La […]

The post Lancement du Predictive Cyberlab – projet de formation innovant visant à développer la cyber maturité des organisations first appeared on UnderNews.

Dans une étude, Check Point Research (CPR) a découvert une faille dans le système d’invitation de Discord permettant à des attaquants de détourner des liens d’invitation expirés ou supprimés et de rediriger subrepticement des utilisateurs vers des serveurs malveillants. Des liens d’invitation partagés des mois auparavant par des communautés de confiance sur des forums, réseaux […]

The post Des acteurs malveillants ont exploité le système d’invitation de Discord pour lancer des attaques globales en plusieurs étapes first appeared on UnderNews.

Apple has disclosed that a now-patched security flaw present in its Messages app was actively exploited in the wild to target civil society members in sophisticated cyber attacks. The vulnerability, tracked as CVE-2025-43200, was addressed on February 10, 2025, as part of iOS 18.3.1, iPadOS 18.3.1, iPadOS 17.7.5, macOS Sequoia 15.3.1, macOS Sonoma 14.7.4, macOS Ventura 13.7.4, watchOS 11.3.1,

Trend Micro has released security updates to address multiple critical-severity remote code execution and authentication bypass vulnerabilities that impact its Apex Central and Endpoint Encryption (TMEE) PolicyServer products. [...]

Google Cloud and Cloudflare are investigating ongoing outages impacting access to sites and various services across multiple regions. [...]

Forensic investigation has confirmed the use of Paragon's Graphite spyware platform in zero-click attacks that targeted Apple iOS devices of at least two journalists in Europe. [...]

Hackers have been using the TeamFiltration pentesting framework to target more than 80,000 Microsoft Entra ID accounts at hundreds of organizations worldwide. [...]

The threat actors behind the VexTrio Viper Traffic Distribution Service (TDS) have been linked to other TDS services like Help TDS and Disposable TDS, indicating that the sophisticated cybercriminal operation is a sprawling enterprise of its own that's designed to distribute malicious content. "VexTrio is a group of malicious adtech companies that distribute scams and harmful software via

Cybersecurity researchers have discovered a novel attack technique called TokenBreak that can be used to bypass a large language model's (LLM) safety and content moderation guardrails with just a single character change. "The TokenBreak attack targets a text classification model's tokenization strategy to induce false negatives, leaving end targets vulnerable to attacks that the implemented

AI is changing everything — from how we code, to how we sell, to how we secure. But while most conversations focus on what AI can do, this one focuses on what AI can break — if you’re not paying attention. Behind every AI agent, chatbot, or automation script lies a growing number of non-human identities — API keys, service accounts, OAuth tokens — silently operating in the background. And here’s

Microsoft announced that a new Edge feature allowing employees to share passwords more securely in enterprise environments has reached general availability. [...]

GitLab has released security updates to address multiple vulnerabilities in the company's DevSecOps platform, including ones enabling attackers to take over accounts and inject malicious jobs in future pipelines. [...]