Global-e, prestataire e-commerce de Ledger, a été victime d’une intrusion informatique, ayant entraîné la fuite de données personnelles de certains clients de la marque de portefeuilles matériels pour crypto-monnaies. Quelles sont les données concernées ? Quels risques pour les personnes touchées ?

Ledger is informing some customers that their personal data has been exposed after hackers breached the systems of third-party payment processor Global-e. [...]

As agentic AI adoption accelerates, identity is emerging as the primary security challenge. Token Security explains why AI agents behave like a new class of identity and why CISOs must manage their access, lifecycle, and risk. [...]

The year opened without a reset. The same pressure carried over, and in some places it tightened. Systems people assume are boring or stable are showing up in the wrong places. Attacks moved quietly, reused familiar paths, and kept working longer than anyone wants to admit. This week’s stories share one pattern. Nothing flashy. No single moment. Just steady abuse of trust — updates, extensions,

NordVPN denied allegations that its internal Salesforce development servers were breached, saying that cybercriminals obtained "dummy data" from a trial account on a third-party automated testing platform. [...]

Featuring: Cybersecurity is being reshaped by forces that extend beyond individual threats or tools. As organizations operate across cloud infrastructure, distributed endpoints, and complex supply chains, security has shifted from a collection of point solutions to a question of architecture, trust, and execution speed. This report examines how core areas of cybersecurity are evolving in

Depuis le 4 janvier 2025, un hacker affirme sur un forum du dark web détenir des données sensibles appartenant au géant des fournisseurs de réseaux privés virtuels, NordVPN. Contactée par Numerama, l’entreprise dément formellement toute intrusion et dévoile les conclusions de son enquête.

L’armée américaine ouvre un nouveau cursus pour former des officiers spécialistes de l’IA et du machine learning, officiellement réunis sous l’appellation 49B AI/ML Officer. Objectif affiché : transformer l’US Army en force « data‑centrée », capable de mieux tirer parti de l’écosystème d’outils d’IA déjà déployés sur le terrain.

Le nouveau chapitre du Kaspersky Security Bulletin analyse l’impact potentiel de l’Intelligence Artificielle (IA) sur le secteur mondial du divertissement en 2026. L’étude couvre divers aspects, allant des systèmes de billetterie et pipelines VFX aux réseaux de diffusion de contenu (CDN), en passant par le secteur du jeu et les enjeux réglementaires. Tribune – L’IA […]

The post Kaspersky identifie l’IA comme menace de sécurité majeure pour le secteur du divertissement en 2026 first appeared on UnderNews.

Ilya Lichtenstein, who was sentenced to prison last year for money laundering charges in connection with his role in the massive hack of cryptocurrency exchange Bitfinex in 2016, said he has been released early. In a post shared on X last week, the 38-year-old announced his release, crediting U.S. President Donald Trump's First Step Act. According to the Federal Bureau of Prisons' inmate locator

Cybersecurity researchers have disclosed details of a new Python-based information stealer called VVS Stealer (also styled as VVS $tealer) that's capable of harvesting Discord credentials and tokens. The stealer is said to have been on sale on Telegram as far back as April 2025, according to a report from Palo Alto Networks Unit 42. "VVS stealer's code is obfuscated by Pyarmor," researchers

L’attaque par injection de prompt attire particulièrement l’attention des experts. Elle fait partie d'une nouvelle vague de risques cyber, liés à l'omniprésence de nouveaux outils dans nos usages quotidiens, ces dernières années : les modèles de langage (LLM).

The ShinyHunters hacking group claims it breached the systems of cybersecurity firm Resecurity and stole internal data, while Resecurity says the attackers only accessed a deliberately deployed honeypot containing fake information used to monitor their activity. [...]

The Covenant Health organization has revised to nearly 500,000 the number of individuals affected by a data breach discovered last May. [...]

Blockchain investigation firm TRM Labs says ongoing cryptocurrency thefts have been traced to the 2022 LastPass breach, with attackers draining wallets years after encrypted vaults were stolen and laundering the crypto through Russian exchanges. [...]

Over 10,000 Internet-exposed Fortinet firewalls are still vulnerable to attacks exploiting a five-year-old two-factor authentication (2FA) bypass vulnerability. [...]

L'Iran court-circuite le système bancaire international en proposant son arsenal militaire contre des cryptoactifs, révèle le Financial Times. Via son agence Mindex, le régime réinvente le marché de l'armement sous sanctions, malgré une surveillance accrue de Washington.

The threat actor known as Transparent Tribe has been attributed to a fresh set of attacks targeting Indian governmental, academic, and strategic entities with a remote access trojan (RAT) that grants them persistent control over compromised hosts. "The campaign employs deceptive delivery techniques, including a weaponized Windows shortcut (LNK) file masquerading as a legitimate PDF document

Attack Surface Management (ASM) tools promise reduced risk. What they usually deliver is more information.  Security teams deploy ASM, asset inventories grow, alerts start flowing, and dashboards fill up. There is visible activity and measurable output. But when leadership asks a simple question, “Is this reducing incidents?” the answer is often unclear.  This gap between effort and