SonicWall said it's actively investigating reports to determine if there is a new zero-day vulnerability following reports of a spike in Akira ransomware actors in late July 2025. "Over the past 72 hours, there has been a notable increase in both internally and externally reported cyber incidents involving Gen 7 SonicWall firewalls where SSLVPN is enabled," the network security vendor said in a

French fashion giant Chanel is the latest company to suffer a data breach in an ongoing wave of Salesforce data theft attacks. [...]

Proton fixed a bug in its new Authenticator app for iOS that logged users' sensitive TOTP secrets in plaintext, potentially exposing multi-factor authentication codes if the logs were shared. [...]

Microsoft announced that the transcription, dictation, and read aloud features will stop working in older versions of Office 365 applications in late January 2026. [...]

A newly disclosed set of security flaws in NVIDIA's Triton Inference Server for Windows and Linux, an open-source platform for running artificial intelligence (AI) models at scale, could be exploited to take over susceptible servers. "When chained together, these flaws can potentially allow a remote, unauthenticated attacker to gain complete control of the server, achieving remote code execution

Cybersecurity researchers are calling attention to a new wave of campaigns distributing a Python-based information stealer called PXA Stealer. The malicious activity has been assessed to be the work of Vietnamese-speaking cybercriminals who monetize the stolen data through a subscription-based underground ecosystem that automates the resale and reuse via Telegram APIs, according to a joint

C’est la période des vacances dans de nombreuses régions du monde. Mais aujourd’hui, partir en congés ne signifie plus forcément couper totalement avec le travail, le mode hybride a changé la donne. Cette approche flexible conduit souvent à décaler certaines tâches le soir ou le week-end, et il devient de plus en plus courant d’emporter […]

The post Ne laissez pas les pirates gâcher votre été : les conseils de Kaspersky pour des congés connectés en toute sécurité first appeared on UnderNews.

Les deepfakes ont évolué en escroqueries en temps réel basées sur l’IA : ils alimentent la fraude, l’usurpation d’identité et l’ingénierie sociale. Tribune CheckPoint. Assez réaliste pour tromper : l’évolution des deepfakes Il n’y a pas si longtemps, les deepfakes étaient des curiosités numériques – convaincants pour certains, bancals pour d’autres, et souvent plus proches […]

The post Deepfakes en 2025 : la fraude pilotée par l’IA est déjà une réalité first appeared on UnderNews.

Dans un communiqué publié le 31 juillet, le FBI met en garde contre un nouveau type d'arnaque particulièrement vicieux. Le mode opératoire repose sur deux arnaques déjà en vogue : le « brushing scam » et le « quishing ».

The ClickTok campaign lures victims with fake TikTok shops and drains their crypto wallets. CTM360 exposes how SparkKitty spyware spreads via trojanized apps, phishing pages, and AI-powered scams. [...]

A newly discovered Linux malware, which has evaded detection for over a year, allows attackers to gain persistent SSH access and bypass authentication on compromised systems. [...]

Malware isn’t just trying to hide anymore—it’s trying to belong. We’re seeing code that talks like us, logs like us, even documents itself like a helpful teammate. Some threats now look more like developer tools than exploits. Others borrow trust from open-source platforms, or quietly build themselves out of AI-written snippets. It’s not just about being malicious—it’s about being believable.

Some of the most devastating cyberattacks don’t rely on brute force, but instead succeed through stealth. These quiet intrusions often go unnoticed until long after the attacker has disappeared. Among the most insidious are man-in-the-middle (MITM) attacks, where criminals exploit weaknesses in communication protocols to silently position themselves between two unsuspecting parties

Ransomware gangs have recently joined ongoing attacks targeting a Microsoft SharePoint vulnerability chain, part of a broader exploitation campaign that has already led to the breach of at least 148 organizations worldwide. [...]

Mozilla has warned browser extension developers of an active phishing campaign targeting accounts on its official AMO (addons.mozilla.org) repository. [...]

Everyone’s an IT decision-maker now. The employees in your organization can install a plugin with just one click, and they don’t need to clear it with your team first. It’s great for productivity, but it’s a serious problem for your security posture. When the floodgates of SaaS and AI opened, IT didn’t just get democratized, its security got outpaced. Employees are onboarding apps faster than

Dans une étude publiée fin juillet 2025, les chercheurs de Sonatype annoncent avoir détecté une vaste campagne d’espionnage menée au sein des écosystèmes open source. Aux commandes : Lazarus, un groupe cybercriminel affilié à l’État nord-coréen, connu depuis plus d’une décennie pour des détournements spectaculaires de crypto-monnaies au profit du régime de Pyongyang.

Cybersecurity researchers have discovered a nascent Android remote access trojan (RAT) called PlayPraetor that has infected more than 11,000 devices, primarily across Portugal, Spain, France, Morocco, Peru, and Hong Kong. "The botnet's rapid growth, which now exceeds 2,000 new infections per week, is driven by aggressive campaigns focusing on Spanish and French speakers, indicating a strategic

A threat actor has been abusing link wrapping services from reputed technology companies to mask malicious links leading to Microsoft 365 phishing pages that collect login credentials. [...]