An emerging ransomware strain has been discovered incorporating capabilities to encrypt files as well as permanently erase them, a development that has been described as a "rare dual-threat." "The ransomware features a 'wipe mode,' which permanently erases files, rendering recovery impossible even if the ransom is paid," Trend Micro researchers Maristel Policarpio, Sarah Pearl Camiling, and

Zoomcar Holdings (Zoomcar) has disclosed via an 8-K form filing with the U.S. Securities and Exchange Commission (SEC) a data breach incident impacting 8.4 million users. [...]

À partir de l’été 2025, le portail fiscal français impots.gouv.fr introduira une authentification à deux facteurs obligatoire. Les utilisateurs devront se connecter à l’aide de leur identifiant fiscal et de leur mot de passe, puis valider leur accès grâce à un code à usage unique, disponible pour une durée limitée, et envoyé au mail lié […]

The post Données personnelles et portails de connexion : passer de l’OTP à une authentification plus sûre first appeared on UnderNews.

Some of the biggest security problems start quietly. No alerts. No warnings. Just small actions that seem normal but aren't. Attackers now know how to stay hidden by blending in, and that makes it hard to tell when something’s wrong. This week’s stories aren’t just about what was attacked—but how easily it happened. If we’re only looking for the obvious signs, what are we missing right in front

Introduction The cybersecurity landscape is evolving rapidly, and so are the cyber needs of organizations worldwide. While businesses face mounting pressure from regulators, insurers, and rising threats, many still treat cybersecurity as an afterthought. As a result, providers may struggle to move beyond tactical services like one-off assessments or compliance checklists, and demonstrate

Microsoft has shared a workaround for a known issue that causes the classic Outlook email client to crash when opening or starting a new message. [...]

Law enforcement authorities from six countries took down the Archetyp Market, an infamous darknet drug marketplace that has been operating since May 2020. [...]

Sorbonne Université est victime d'une nouvelle cyberattaque. Les données personnelles de 32 000 salariés et anciens salariés auraient été dérobées, dont certaines très sensibles.

Microsoft acknowledged a new issue caused by the June 2025 security updates, causing the DHCP service to freeze on some Windows Server systems. [...]

ChatGPT's Codex, which is an AI agent that lets you code and delegate programming tasks, is now testing a new feature that lets you choose the best solution. [...]

On June 13, OpenAI began rolling out a new ChatGPT Search update to improve quality as the AI startup challenges Google's dominance. [...]

Cybersecurity researchers from SafeDep and Veracode detailed a number of malware-laced npm packages that are designed to execute remote code and download additional payloads. The packages in question are listed below - eslint-config-airbnb-compat (676 Downloads) ts-runtime-compat-check (1,588 Downloads) solders (983 Downloads) @mediawave/lib (386 Downloads) All the identified npm

More than 46,000 internet-facing Grafana instances remain unpatched and exposed to a client-side open redirect vulnerability that allows executing a malicious plugin and account takeover. [...]

Le « Pentagon Pizza Index », aussi appelé « Pentagon Pizza Meter », est une théorie aussi savoureuse qu’inattendue : le nombre de pizzas commandées autour du Pentagone serait un baromètre officieux des crises internationales et des opérations militaires américaines.

C'était l'opération dans l'opération. En marge de la campagne Rising Lion lancée par Israël contre l'Iran dans la nuit du 12 au 13 juin 2025, pour attaquer son programme de nucléaire militaire, une action spéciale a aussi eu lieu proche de Téhéran. Elle impliquait une base clandestine et des drones explosifs. Un coup qui rappelle celui de l'Ukraine en Russie.

A new malware campaign is exploiting a weakness in Discord's invitation system to deliver an information stealer called Skuld and the AsyncRAT remote access trojan. "Attackers hijacked the links through vanity link registration, allowing them to silently redirect users from trusted sources to malicious servers," Check Point said in a technical report. "The attackers combined the ClickFix

WestJet, Canada's second-largest airline, is investigating a cyberattack that has disrupted access to some internal systems as it responds to the breach. [...]

When Windows 11 was first released, many long-time users felt features they loved had been taken away overnight. Three and a half years later, the same complaints still rise to the top of the Feedback Hub with tens of thousands of votes. [...]