When generative AI tools became widely available in late 2022, it wasn’t just technologists who paid attention. Employees across all industries immediately recognized the potential of generative AI to boost productivity, streamline communication and accelerate work. Like so many waves of consumer-first IT innovation before it—file sharing, cloud storage and collaboration platforms—AI landed in

India's Central Bureau of Investigation (CBI) has revealed that it has arrested four individuals and dismantled two illegal call centers that were found to be engaging in a sophisticated transnational tech support scam targeting Japanese citizens. The law enforcement agency said it conducted coordinated searches at 19 locations across Delhi, Haryana, and Uttar Pradesh on May 28, 2025, as part of

The Qilin ransomware operation has recently joined attacks exploiting two Fortinet vulnerabilities that allow bypassing authentication on vulnerable devices and executing malicious code remotely. [...]

Pourquoi la MFA ? Parce que les mots de passe sont déjà compromis ! Des bases d’identifiants provenant d’entreprises piratées sont échangées quotidiennement sur le dark web. La réutilisation de mots de passe est endémique. Les attaques de phishing sont plus sophistiquées que jamais, et les employés restent faillibles — ils l’ont toujours été, et […]

The post Pourquoi l’authentification multi facteur est non négociable first appeared on UnderNews.

Cybersecurity involves both playing the good guy and the bad guy. Diving deep into advanced technologies and yet also going rogue in the Dark Web. Defining technical policies and also profiling attacker behavior. Security teams cannot be focused on just ticking boxes, they need to inhabit the attacker’s mindset. This is where AEV comes in. AEV (Adversarial Exposure Validation) is an advanced

A critical infrastructure entity within Ukraine was targeted by a previously unseen data wiper malware named PathWiper, according to new findings from Cisco Talos. "The attack was instrumented via a legitimate endpoint administration framework, indicating that the attackers likely had access to the administrative console, that was then used to issue malicious commands and deploy PathWiper across

Law enforcement authorities from over a dozen countries have arrested 20 suspects in an international operation targeting the production and distribution of child sexual abuse material. [...]

Selon les chercheurs d’ESET, le groupe de cybermenaces BladedFeline, aligné sur l’Iran, a mené une campagne de cyberespionnage ciblant des représentants des gouvernements kurde et irakien. Cette opération révèle un arsenal d’outils malveillants sophistiqués déployés sur les systèmes compromis, notamment deux outils de tunneling (Laret et Pinar), une porte dérobée personnalisée appelée Whisper et un […]

The post ESET révèle une campagne d’espionnage iranienne contre les autorités kurdes et irakiennes first appeared on UnderNews.

Alors que les cybermenaces ciblant les infrastructures DNS se multiplient, Akamai annonce le lancement de DNS Posture Management : une solution de sécurité sans précédent, conçue pour combler les angles morts du DNS. Visibilité, conformité, protection en temps réel, les entreprises peuvent désormais garder un temps d’avance sur les menaces. Cette solution inédite offre une […]

The post Akamai relève les défis de sécurité et de conformité de DNS grâce à DNS Posture Management first appeared on UnderNews.

Dans un monde où l’efficacité et la réactivité sont devenues des enjeux majeurs, automatiser ses processus métiers n’est plus un luxe, mais une nécessité. Que vous soyez freelance, agence marketing, PME ou développeur, vous avez besoin d’une solution capable de connecter vos outils, de déclencher des actions en chaîne, de synchroniser des données ou de […]

The post LWS lance le VPS n8n clé en main à -75 % : l’automatisation pro dès 4,99 € ! first appeared on UnderNews.

ESET researchers analyzed a cyberespionage campaign conducted by BladedFeline, an Iran-aligned APT group with likely ties to OilRig

Cybersecurity researchers have flagged several popular Google Chrome extensions that have been found to transmit data in HTTP and hard-code secrets in their code, exposing users to privacy and security risks. "Several widely used extensions [...] unintentionally transmit sensitive data over simple HTTP," Yuanjing Guo, a security researcher in the Symantec's Security Technology and Response

The threat actor known as Bitter has been assessed to be a state-backed hacking group that's tasked with gathering intelligence that aligns with the interests of the Indian government. That's according to new findings jointly published by Proofpoint and Threatray in an exhaustive two-part analysis. "Their diverse toolset shows consistent coding patterns across malware families, particularly in

Cyberéco revient pour sa 3ᵉ édition au Campus Cyber pour une journée dédiée à la sécurité économique et numérique : RDV le jeudi 2 octobre 2025, de 8h30 à 18h, au Campus Cyber. Communiqué – Après deux éditions ayant chacune attiré plus de 700 participant·es, Cyberéco revient le jeudi 2 octobre 2025, de 8h30 à 18h, […]

The post Cyberéco 2025 : Cybersécurité, IA et chaînes d’approvisionnement au cœur de la résilience économique first appeared on UnderNews.

Google's AI advancement is not slowing down, and we might be getting yet another powerful model codenamed "Gemini Kingfall." [...]

OpenAI is planning to ship an update to ChatGPT that will turn on the new o3 Pro model, which has more compute to think harder. [...]

The FBI is warning that the BADBOX 2.0 malware campaign has infected over 1 million home Internet-connected devices, converting consumer electronics into residential proxies that are used for malicious activity. [...]

A threat actor has re-released data from a 2021 AT&T breach affecting 70 million customers, this time combining previously separate files to directly link Social Security numbers and birth dates to individual users. [...]

Hackers are actively exploiting CVE-2025-49113, a critical vulnerability in the widely used Roundcube open-source webmail application that allows remote execution. [...]