Cybersecurity researchers are calling attention to a new jailbreaking method called Echo Chamber that could be leveraged to trick popular large language models (LLMs) into generating undesirable responses, irrespective of the safeguards put in place. "Unlike traditional jailbreaks that rely on adversarial phrasing or character obfuscation, Echo Chamber weaponizes indirect references, semantic

The United States government has warned of cyber attacks mounted by pro-Iranian groups after it launched airstrikes on Iranian nuclear sites as part of the Iran–Israel war that commenced on June 13, 2025. Stating that the ongoing conflict has created a "heightened threat environment" in the country, the Department of Homeland Security (DHS) said in a bulletin that cyber actors are likely to

BioCatch, leader de la détection de la fraude bancaire et de la prévention de la criminalité financière grâce à l’intelligence comportementale, publie une nouvelle étude mondiale, menée en France auprès de plus de soixante responsables de haut niveau issus des départements fraude, lutte contre le blanchiment d’argent (LCBFT et criminalité financière). Les résultats révèlent une […]

The post Blanchiment, IA, dark web : les banques françaises s’avouent impuissantes first appeared on UnderNews.

Un ancien sergent du renseignement militaire américain a tenté de vendre des secrets à la Chine. Joseph Daniel Schmidt a plaidé coupable, le 18 juin 2025, devant la justice fédérale de son pays. Mais ce qui frappe dans cette affaire d'espionnage, c’est la maladresse presque naïve de son exécution.

The Russian state-sponsored threat group APT28 is using Signal chats to target government targets in Ukraine with two previously undocumented malware families named BeardShell and SlimAgent. [...]

A new mobile crypto-stealing malware called SparkKitty was found in apps on Google Play and the Apple App Store, targeting Android and iOS devices. [...]

The U.S. Department of Homeland Security (DHS) warned over the weekend of escalating cyberattack risks by Iran-backed hacking groups and pro-Iranian hacktivists. [...]

The Canadian Centre for Cyber Security and the FBI confirm that the Chinese state-sponsored 'Salt Typhoon' hacking group is also targeting Canadian telecommunication firms, breaching a telecom provider in February. [...]

Four REvil ransomware members arrested in January 2022 were released by Russia on time served after they pleaded guilty to carding and malware distribution charges. [...]

Cybersecurity researchers have uncovered a Go-based malware called XDigo that has been used in attacks targeting Eastern European governmental entities in March 2025. The attack chains are said to have leveraged a collection of Windows shortcut (LNK) files as part of a multi-stage procedure to deploy the malware, French cybersecurity company HarfangLab said. XDSpy is the name assigned to a cyber

Les chercheurs de Kaspersky ont découvert un nouveau cheval de Troie espion appelé SparkKitty qui cible les smartphones sous iOS et Android. Il permet d’envoyer des images et des informations enregistrées sur l’appareil infecté aux acteurs de la menace. Ce logiciel malveillant est intégré à des applications liées aux cryptomonnaies et à des jeux d’argent, […]

The post Kaspersky découvre SparkKitty, un nouveau cheval de Troie espion sur l’App Store et Google Play first appeared on UnderNews.

À l’heure où les entreprises accélèrent leur transformation numérique pour rester compétitives, la cybersécurité s’impose comme un pilier stratégique, bien au-delà de la simple protection des systèmes. Colt Technology Services revient en trois points sur comment intégrée dès les premières phases des projets, la cybersécurité devient un véritable levier d’innovation et d’agilité. Tribune Colt.   […]

The post Pourquoi une approche axée sur la sécurité facilite la transformation et stimule l’agilité des entreprises first appeared on UnderNews.

McLaren Health Care is warning 743,000 patients that the health system suffered a data breach caused by a July 2024 attack by the INC ransomware gang. [...]

It sure is a hard time to be a SOC analyst. Every day, they are expected to solve high-consequence problems with half the data and twice the pressure. Analysts are overwhelmed—not just by threats, but by the systems and processes in place that are meant to help them respond. Tooling is fragmented. Workflows are heavy. Context lives in five places, and alerts never slow down. What started as a

Nucor, North America's largest steel producer and recycler, has confirmed that attackers behind a recent cybersecurity incident have also stolen data from the company's network. [...]

Google has revealed the various safety measures that are being incorporated into its generative artificial intelligence (AI) systems to mitigate emerging attack vectors like indirect prompt injections and improve the overall security posture for agentic AI systems. "Unlike direct prompt injections, where an attacker directly inputs malicious commands into a prompt, indirect prompt injections

Des hackers russes, soupçonnés d’appartenir au groupe APT29 (alias Cozy Bear), ont réussi à contourner la double authentification de Gmail sans exploiter de faille technique, mais en visant le maillon faible de la chaîne : l'humain. On fait le point sur cette opération de social engineering d’une rare sophistication qui a ciblé des chercheurs et critiques du régime russe.

Not every risk looks like an attack. Some problems start as small glitches, strange logs, or quiet delays that don’t seem urgent—until they are. What if your environment is already being tested, just not in ways you expected? Some of the most dangerous moves are hidden in plain sight. It’s worth asking: what patterns are we missing, and what signals are we ignoring because they don’t match old

La cybersécurité, l’utilisation du Cloud et les identifiants mobiles sont les principaux moteurs. Tribune – Mercury Security, spécialiste dans le domaine des équipements de contrôle d’accès reposant sur une plateforme ouvert, a publié son rapport Trends in Access Controllers Report, basé sur une enquête menée auprès de plus de 450 professionnels de la sécurité en […]

The post Le nouveau rapport de Mercury Security révèle les principales tendances qui transforment la technologie du contrôle d’accès first appeared on UnderNews.