Vue lecture

Il y a de nouveaux articles disponibles, cliquez pour rafraîchir la page.

Génération Z : FOMO, Fast fashion… toutes ces armes qui en font des cibles de choix pour les cybercriminels

Née avec internet, la génération Z est naturellement la plus à l’aise avec Internet. Avec leur maîtrise du numérique, les 15 – 30 ans sont bien souvent à l’origine des tendances, et influencent les usages et les espaces du numérique depuis leur plus jeune âge, sans forcément mesurer les risques auxquels ils s’exposent. A l’ère […]

The post Génération Z : FOMO, Fast fashion… toutes ces armes qui en font des cibles de choix pour les cybercriminels first appeared on UnderNews.

The Hidden Threat in Your Stack: Why Non-Human Identity Management is the Next Cybersecurity Frontier

Modern enterprise networks are highly complex environments that rely on hundreds of apps and infrastructure services. These systems need to interact securely and efficiently without constant human oversight, which is where non-human identities (NHIs) come in. NHIs — including application secrets, API keys, service accounts, and OAuth tokens — have exploded in recent years, thanks to an

Cybersécurité des collectivités locales : enjeux croissants et réponses nécessaires

La cybersécurité s’impose désormais comme une préoccupation majeure pour les collectivités locales françaises qui, ces dernières années, sont devenues une cible privilégiée des cybercriminels. Selon la dernière étude sur la maturité des collectivités en matière de cybersécurité du gouvernement, « Une collectivité sur dix déclare avoir été victime d’une ou de plusieurs cyberattaques au cours des […]

The post Cybersécurité des collectivités locales : enjeux croissants et réponses nécessaires first appeared on UnderNews.

Researcher Found Flaw to Discover Phone Numbers Linked to Any Google Account

Google has stepped in to address a security flaw that could have made it possible to brute-force an account's recovery phone number, potentially exposing them to privacy and security risks. The issue, according to Singaporean security researcher "brutecat," leverages an issue in the company's account recovery feature. That said, exploiting the vulnerability hinges on several moving parts,

Rare Werewolf APT Uses Legitimate Software in Attacks on Hundreds of Russian Enterprises

The threat actor known as Rare Werewolf (formerly Rare Wolf) has been linked to a series of cyber attacks targeting Russia and the Commonwealth of Independent States (CIS) countries. "A distinctive feature of this threat is that the attackers favor using legitimate third-party software over developing their own malicious binaries," Kaspersky said. "The malicious functionality of the campaign

CISA Adds Erlang SSH and Roundcube Flaws to Known Exploited Vulnerabilities Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added two critical security flaws impacting Erlang/Open Telecom Platform (OTP) SSH and Roundcube to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities in question are listed below - CVE-2025-32433 (CVSS score: 10.0) - A missing authentication for a critical

Over 70 Organizations Across Multiple Sectors Targeted by China-Linked Cyber Espionage Group

The reconnaissance activity targeting American cybersecurity company SentinelOne was part of a broader set of partially-related intrusions into several targets between July 2024 and March 2025. "The victimology includes a South Asian government entity, a European media organization, and more than 70 organizations across a wide range of sectors," SentinelOne security researchers Aleksandar

Two Distinct Botnets Exploit Wazuh Server Vulnerability to Launch Mirai-Based Attacks

A now-patched critical security flaw in the Wazur Server is being exploited by threat actors to drop two different Mirai botnet variants and use them to conduct distributed denial-of-service (DDoS) attacks. Akamai, which first discovered the exploitation efforts in late March 2025, said the malicious campaign targets CVE-2025-24016 (CVSS score: 9.9), an unsafe deserialization vulnerability that

❌