OpenAI has had enough of Google's Veo 3 dominating generative AI videos and is now working on Sora 2, the successor to Sora. [...]

The suspected administrator of the Russian-speaking hacking forum XSS.is was arrested by the Ukrainian authorities yesterday at the request of the Paris public prosecutor's office. [...]

CISA has warned that attackers are actively exploiting two security vulnerabilities in the SysAid IT service management (ITSM) software to hijack administrator accounts. [...]

npm has taken down all versions of the Stylus library and replaced them with a "security holding" page, breaking pipelines and builds worldwide that rely on the package. [...]

The Windows banking trojan known as Coyote has become the first known malware strain to exploit the Windows accessibility framework called UI Automation (UIA) to harvest sensitive information. "The new Coyote variant is targeting Brazilian users, and uses UIA to extract credentials linked to 75 banking institutes' web addresses and cryptocurrency exchanges," Akamai security researcher Tomer

Security experts have been talking about Kerberoasting for over a decade, yet this attack continues to evade typical defense methods. Why? It’s because existing detections rely on brittle heuristics and static rules, which don’t hold up for detecting potential attack patterns in highly variable Kerberos traffic. They frequently generate false positives or miss “low-and-slow” attacks altogether.&

Depuis quelques jours, de nombreux inscrits à France Travail ont reçu un courriel inquiétant : des personnes non autorisées ont accédé à leurs données personnelles hébergées sur la plateforme. Que s'est-il réellement passé ? Qui est concerné ? France Travail a déroulé la chronologie des faits pour Numerama.

Dévoilé en 2020, le Escobar Fold 2 se présentait comme un concurrent du Samsung Galaxy Fold aux couleurs du trafiquant Pablo Escobar. Après plusieurs polémiques, une extraction et une enquête internationale, son créateur a finalement reconnu avoir conçu une vaste arnaque.

Behind every free online service, there's a price being paid. Learn why your digital footprint is so valuable, and why you might be the product.

Google has announced the launch of a new initiative called OSS Rebuild to bolster the security of the open-source package ecosystems and prevent software supply chain attacks. "As supply chain attacks continue to target widely-used dependencies, OSS Rebuild gives security teams powerful data to avoid compromise without burden on upstream maintainers," Matthew Suozzo, Google Open Source Security

The ringleader of the Jetflicks illegal paid streaming operation, a massive service with tens of thousands of subscribers, was sentenced to seven years in prison. [...]

Microsoft has resolved a known issue that triggers invalid Windows Firewall errors after rebooting Windows 11 24H2 systems with the June 2025 preview update installed. [...]

Une nouvelle campagne de phishing aux couleurs de Free Mobile est en cours. Si vous avez reçu un mail de l'opérateur vous demandant de confirmer certaines informations personnelles, il s'agit très probablement d'un piège.

Avant d'installer une mise à jour, pour changer d'iPhone ou simplement par sécurité, il est vivement recommandé de sauvegarder son iPhone. Il existe plusieurs moyens pour récupérer toutes ses données.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two security flaws impacting SysAid IT support software to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities in question are listed below - CVE-2025-2775 (CVSS score: 9.3) - An improper restriction of XML external entity (XXE) reference vulnerability in the

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), on July 22, 2025, added two Microsoft SharePoint flaws, CVE-2025-49704 and CVE-2025-49706, to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. To that end, Federal Civilian Executive Branch (FCEB) agencies are required to remediate identified vulnerabilities by July 23, 2025. "CISA is

The Lumma infostealer malware operation is gradually resuming activities following a massive law enforcement operation in May, which resulted in the seizure of 2,300 domains and parts of its infrastructure. [...]

L'écosystème cyber est en alerte depuis la découverte de deux vulnérabilités « zero-day » affectant la célèbre solution de gestion collaborative SharePoint de Microsoft. Toujours activement exploitées, ces failles sont au cœur d’une large campagne de piratage menée, selon de nombreux experts, par des groupes de cyberespionnage soutenus par Pékin.

Microsoft has formally tied the exploitation of security flaws in internet-facing SharePoint Server instances to two Chinese hacking groups called Linen Typhoon and Violet Typhoon as early as July 7, 2025, corroborating earlier reports. The tech giant said it also observed a third China-based threat actor, which it tracks as Storm-2603, weaponizing the flaws as well to obtain initial access to