Apple has been fined €98.6 million ($116 million) by Italy's antitrust authority after finding that the company's App Tracking Transparency (ATT) privacy framework restricted App Store competition. The Italian Competition Authority (Autorità Garante della Concorrenza e del Mercato, or AGCM) said the company's "absolute dominant position" in app distribution allowed it to "unilaterally impose"

Cybersecurity researchers have discovered two malicious Google Chrome extensions with the same name and published by the same developer that come with capabilities to intercept traffic and capture user credentials. The extensions are advertised as a "multi-location network speed test plug-in" for developers and foreign trade personnel. Both the browser add-ons are available for download as of

The WebRAT malware is now being distributed through GitHub repositories that claim to host proof-of-concept exploits for recently disclosed vulnerabilities. [...]

Voilà plus de 24 heures qu'une grande partie des services en ligne de La Poste sont indisponibles. La faute à une cyberattaque d'une ampleur inédite qui frappe le groupe français juste avant Noël. On fait le point sur la situation.

En 2025, les services de sécurité ont fait face à des défis majeurs : recrudescence du ransomware, phishing assisté par l’IA, campagnes parrainées par des États, et un manque de préparation face à la rapidité d’évolution des cybermenaces. Cette accélération s’inscrit dans un contexte de transformation profonde des usages numériques au sein des entreprises. L’IA […]

The post Cybersécurité : l’intégration des plateformes redéfinira la protection face aux menaces IA en 2026 first appeared on UnderNews.

Malgré une clé d'accès (passkey) et une double authentification avec un gestionnaire de mots de passe, un hacker a réussi à me dérober mon compte PlayStation Network à deux reprises en seulement quelques heures. J'ai réussi à le contacter : il m'explique que Sony est beaucoup trop laxiste et attribue la paternité d'un compte sans vérifier le mot de passe ou l'identité.

Two Chrome extensions in the Web Store named 'Phantom Shuttle' are posing as plugins for a proxy service to hijack user traffic and steal sensitive data. [...]

Microsoft Teams will automatically enable messaging safety features by default in January to strengthen defenses against content tagged as malicious. [...]

Les États-Unis viennent d’inscrire les drones étrangers sur une liste noire de sécurité nationale, empêchant toute nouvelle homologation de modèles fabriqués hors du pays. Une décision qui cible en particulier les géants chinois du secteur et pourrait rebattre les cartes d’un marché largement dominé par DJI.

The French national postal service's online services were knocked offline by "a major network incident" on Monday, disrupting digital banking and other services for millions. [...]

Italy's competition authority (AGCM) has fined Apple €98.6 million ($116 million) for using the App Tracking Transparency (ATT) privacy framework to abuse its dominant market position in mobile app advertising. [...]

A law enforcement operation coordinated by INTERPOL has led to the recovery of $3 million and the arrest of 574 suspects by authorities from 19 countries, amidst a continued crackdown on cybercrime networks in Africa. The coordinated effort, named Operation Sentinel, took place between October 27 and November 27, 2025, and mainly focused on business email compromise (BEC), digital extortion, and

Passwd is designed specifically for organizations operating within Google Workspace. Rather than competing as a general consumer password manager, its purpose is narrow, and business-focused: secure credential storage, controlled sharing, and seamless Workspace integration. The platform emphasizes practicality over feature overload, aiming to provide a reliable system for teams that already rely

A comprehensive analysis and assessment of a critical severity vulnerability with low likelihood of mass exploitation

The U.S. Justice Department (DoJ) on Monday announced the seizure of a web domain and database that it said was used to further a criminal scheme designed to target and defraud Americans by means of a bank account takeover scheme. The domain in question, web3adspanels[.]org, was used as a backend web panel to host and manipulate illegally harvested bank login credentials. Users to the website

Un grave bug de sécurité met en danger des dizaines de milliers d’instances n8n exposées sur Internet. Notée 9,9 sur 10, la vulnérabilité CVE‑2025‑68613 permet à un utilisateur d’exécuter du code arbitraire sur le serveur, bien au-delà de ce que la plateforme est censée autoriser.

Baker University has disclosed a data breach after attackers gained access to its network one year ago and stole the personal, health, and financial information of over 53,000 individuals. [...]

A critical security vulnerability has been disclosed in the n8n workflow automation platform that, if successfully exploited, could result in arbitrary code execution under certain circumstances. The vulnerability, tracked as CVE-2025-68613, carries a CVSS score of 9.9 out of a maximum of 10.0. Security researcher Fatih Çelik has been credited with discovering and reporting the flaw. The package

The U.S. Federal Communications Commission (FCC) on Monday announced a ban on all drones and critical components made in a foreign country, citing national security concerns. To that end, the agency has added to its Covered List Uncrewed aircraft systems (UAS) and UAS critical components produced in a foreign country, and all communications and video surveillance equipment and services pursuant