When Technology Resets the Playing Field In 2015 I founded a cybersecurity testing software company with the belief that automated penetration testing was not only possible, but necessary. At the time, the idea was often met with skepticism, but today, with 1200+ of enterprise customers and thousands of users, that vision has proven itself. But I also know that what we’ve built so far is only

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three old security flaws impacting D-Link routers to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation in the wild. The high-severity vulnerabilities, which are from 2020 and 2022, are listed below - CVE-2020-25078 (CVSS score: 7.5) - An unspecified vulnerability in D-Link

A combination of propagation methods, narrative sophistication, and evasion techniques enabled the social engineering tactic known as ClickFix to take off the way it did over the past year, according to new findings from Guardio Labs. "Like a real-world virus variant, this new 'ClickFix' strain quickly outpaced and ultimately wiped out the infamous fake browser update scam that plagued the web

Google has released security updates to address multiple security flaws in Android, including fixes for two Qualcomm bugs that were flagged as actively exploited in the wild. The vulnerabilities include CVE-2025-21479 (CVSS score: 8.6) and CVE-2025-27038 (CVSS score: 7.5), both of which were disclosed alongside CVE-2025-21480 (CVSS score: 8.6), by the chipmaker back in June 2025. CVE-2025-21479

Cybersecurity researchers have disclosed a high-severity security flaw in the artificial intelligence (AI)-powered code editor Cursor that could result in remote code execution. The vulnerability, tracked as CVE-2025-54136 (CVSS score: 7.2), has been codenamed MCPoison by Check Point Research, owing to the fact that it exploits a quirk in the way the software handles modifications to Model

Les équipes Check Point Research révèlent une vulnérabilité critique d’exécution de code à distance (CVE-2025-54136) dans Cursor, l’un des environnements de développement pilotés par l’IA connaissant la plus forte croissance actuellement. Bien que des outils comme Cursor promettent d’accélérer le développement logiciel grâce à l’automatisation par LLM, les chercheurs de Check Point ont identifié une […]

The post Check Point révèle une vulnérabilité RCE persistante dans l’outil de développement IA Cursor : exploitation silencieuse via un MCP de confiance first appeared on UnderNews.

Danish jewelry giant Pandora has disclosed a data breach after its customer information was stolen in the ongoing Salesforce data theft attacks. [...]

PBS has suffered a data breach exposing the corporate contact information of its employees and those of its affiliates, BleepingComputer has learned. [...]

Adobe released emergency updates for two zero-day flaws in Adobe Experience Manager (AEM) Forms on JEE after a PoC exploit chain was disclosed that can be used for unauthenticated, remote code execution on vulnerable instances. [...]

Can your defenses withstand the biggest attacks of Summer 2025? From Interlock's FileFix to Qilin, Scattered Spider, and ToolShell exploits—simulate them all against your organization's defenses with Picus Security Validation Platform to find gaps before attackers do. [...]

CTM360 has discovered a new global malware campaign dubbed "FraudOnTok" that spreads the SparkKitty spyware through fake TikTok shops to steal cryptocurrency wallets and drain funds. [...]

Les chercheurs de SentinelLabs ont dévoilé une campagne d’escroquerie Ethereum particulièrement élaborée. Détournant les principes du trading automatisé sur blockchain, cette opération repose sur de faux bots MEV (Maximal Extractable Value) et les outils sont ici détournés à des fins frauduleuses. Tribune – Sous couvert de contenus pédagogiques très techniques, diffusées via des vidéos YouTube générées par […]

The post SentinelLabs dévoile une escroquerie sophistiquée de près d’un million de dollars via de faux bots de trading sur YouTube first appeared on UnderNews.

L’avenir de la chasse aux bugs pourrait bien appartenir aussi aux intelligences artificielles (IA). Google vient d’affirmer qu’un de ses systèmes avait été plutôt bon pour déceler plusieurs vulnérabilités au cours des derniers mois.

Cisco has disclosed that cybercriminals stole the basic profile information of users registered on Cisco.com following a voice phishing (vishing) attack that targeted a company representative. [...]

SonicWall has warned customers to disable SSLVPN services due to ransomware gangs potentially exploiting an unknown security vulnerability in SonicWall Gen 7 firewalls to breach networks over the past few weeks. [...]

In SaaS security conversations, “misconfiguration” and “vulnerability” are often used interchangeably. But they’re not the same thing. And misunderstanding that distinction can quietly create real exposure. This confusion isn’t just semantics. It reflects a deeper misunderstanding of the shared responsibility model, particularly in SaaS environments where the line between vendor and customer

Google has released security patches for six vulnerabilities in Android's August 2025 security update, including two Qualcomm flaws exploited in targeted attacks. [...]

Microsoft will offer up to $5 million in bounty awards at this year's Zero Day Quest hacking contest, which the company describes as the "largest hacking event in history." [...]

Why do SOC teams still drown in alerts even after spending big on security tools? False positives pile up, stealthy threats slip through, and critical incidents get buried in the noise. Top CISOs have realized the solution isn’t adding more and more tools to SOC workflows but giving analysts the speed and visibility they need to catch real attacks before they cause damage.  Here’s how