Meta Platforms on Wednesday announced that it's adding support for passkeys, the next-generation password standard, on Facebook. "Passkeys are a new way to verify your identity and login to your account that's easier and more secure than traditional passwords," the tech giant said in a post. Support for passkeys is expected to be available "soon" on Android and iOS mobile devices. The feature is

Cybersecurity researchers have uncovered two local privilege escalation (LPE) flaws that could be exploited to gain root privileges on machines running major Linux distributions. The vulnerabilities, discovered by Qualys, are listed below - CVE-2025-6018 - LPE from unprivileged to allow_active in SUSE 15's Pluggable Authentication Modules (PAM) CVE-2025-6019 - LPE from allow_active to root in

A new campaign is making use of Cloudflare Tunnel subdomains to host malicious payloads and deliver them via malicious attachments embedded in phishing emails. The ongoing campaign has been codenamed SERPENTINE#CLOUD by Securonix. It leverages "the Cloudflare Tunnel infrastructure and Python-based loaders to deliver memory-injected payloads through a chain of shortcut files and obfuscated

A new multi-stage malware campaign is targeting Minecraft users with a Java-based malware that employs a distribution-as-service (DaaS) offering called Stargazers Ghost Network. "The campaigns resulted in a multi-stage attack chain targeting Minecraft users specifically," Check Point researchers Jaromír Hořejší and Antonis Terefos said in a report shared with The Hacker News. "The malware was

A member of the notorious Ryuk ransomware operation who specialized in gaining initial access to corporate networks has been extradited to the United States. [...]

The pro-Israel "Predatory Sparrow" hacking group claims to have stolen over $90 million in cryptocurrency from Nobitex, Iran's largest crypto exchange, and burned the funds in a politically motivated cyberattack. [...]

North Korean advanced persistent threat (APT) 'BlueNoroff' (aka 'Sapphire Sleet' or 'TA444') are using deepfake company executives during fake Zoom calls to trick employees into installing custom malware on their computers. [...]

Microsoft has announced that it will soon update security defaults for all Microsoft 365 tenants to block access to SharePoint, OneDrive, and Office files via legacy authentication protocols. [...]

A large-scale malware campaign specifically targets Minecraft players with malicious mods and cheats that infect Windows devices with infostealers that steal credentials, authentication tokens, and cryptocurrency wallets. [...]

Avec plus de 300 millions d’exemplaires vendus et plus de 200 millions de joueurs actifs mensuels, Minecraft est l’un des jeux vidéo les plus populaires de tous les temps. Une partie de son attrait réside dans la possibilité de personnaliser et d’améliorer le jeu grâce aux mods, des outils créés par les utilisateurs pour améliorer […]

The post Les joueurs de Minecraft ciblés par une campagne de malware sophistiquée first appeared on UnderNews.

zLabs, l’équipe de recherche de Zimperium, alerte sur une nouvelle évolution du malware GodFather. Celui-ci utilise désormais une technique avancée de virtualisation embarquée, lui permettant de détourner les applications mobiles bancaires et de cryptomonnaies, directement depuis les smartphones des victimes. Indétectables à l’œil nu, ces attaques redéfinissent les règles de la sécurité mobile. Tribune – […]

The post Zimperium alerte sur le malware GodFather qui détourne les applis bancaires grâce à la virtualisation furtive first appeared on UnderNews.

Phishing has evolved—and trust is the new attack vector. ChainLink Phishing uses real platforms like Google Drive & Dropbox to sneak past filters and steal credentials in the browser. Watch Keep Aware's on-demand webinar to see how these attacks work—and how to stop them. [...]

CISA has warned U.S. federal agencies about attackers targeting a high-severity vulnerability in the Linux kernel's OverlayFS subsystem that allows them to gain root privileges. [...]

Episource warns of a data breach after hackers stole health information of over 5 million people in the United States in a January cyberattack. [...]

Instagram ads impersonating financial institutions like Bank of Montreal (BMO) and EQ Bank (Equitable Bank) are being used to target Canadian consumers with phishing scams and investment fraud. Some ads use AI-powered deepfake videos in an attempt to collect your personal information, while others drive traffic to phishing pages. [...]

For organizations eyeing the federal market, FedRAMP can feel like a gated fortress. With strict compliance requirements and a notoriously long runway, many companies assume the path to authorization is reserved for the well-resourced enterprise. But that’s changing. In this post, we break down how fast-moving startups can realistically achieve FedRAMP Moderate authorization without derailing

Cybersecurity researchers have exposed a previously unknown threat actor known as Water Curse that relies on weaponized GitHub repositories to deliver multi-stage malware. "The malware enables data exfiltration (including credentials, browser data, and session tokens), remote access, and long-term persistence on infected systems," Trend Micro researchers Jovit Samaniego, Aira Marcelo, Mohamed

Des chercheurs en cybersécurité révèlent que Taïwan subit depuis janvier 2025 une offensive numérique d’ampleur inédite, orchestrée par le groupe HoldingHands. Cette opération d’espionnage et de sabotage cible sans relâche les administrations, entreprises et infrastructures stratégiques de l’île.

BeyondTrust has released security updates to fix a high-severity flaw in its Remote Support (RS) and Privileged Remote Access (PRA) solutions that can let unauthenticated attackers gain remote code execution on vulnerable servers. [...]