The Illinois Department of Human Services (IDHS), one of Illinois' largest state agencies, accidentally exposed the personal and health data of nearly 700,000 residents due to incorrect privacy settings. [...]

Click rate misses the real email security risk: what attackers can do after they access a mailbox. Material Security explains why containment and post-compromise impact matter more than phishing metrics. [...]

Russian state-sponsored threat actors have been linked to a fresh set of credential harvesting attacks targeting individuals associated with a Turkish energy and nuclear research agency, as well as staff affiliated with a European think tank and organizations in North Macedonia and Uzbekistan. The activity has been attributed to APT28 (aka BlueDelta), which was attributed to a "sustained"

U.S. prosecutors have charged an Illinois man with orchestrating a phishing operation that allowed him to hack the Snapchat accounts of nearly 600 women to steal private photos and sell them online. [...]

As organizations plan for 2026, cybersecurity predictions are everywhere. Yet many strategies are still shaped by headlines and speculation rather than evidence. The real challenge isn’t a lack of forecasts—it’s identifying which predictions reflect real, emerging risks and which can safely be ignored. An upcoming webinar hosted by Bitdefender aims to cut through the noise with a data-driven

Trend Micro has released security updates to address multiple security vulnerabilities impacting on-premise versions of Apex Central for Windows, including a critical bug that could result in arbitrary code execution. The vulnerability, tracked as CVE-2025-69258, carries a CVSS score of 9.8 out of a maximum of 10.0. The vulnerability has been described as a case of remote code execution

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday said it's retiring 10 emergency directives (Eds) that were issued between 2019 and 2024. The list of the directives now considered closed is as follows - ED 19-01: Mitigate DNS Infrastructure Tampering ED 20-02: Mitigate Windows Vulnerabilities from January 2020 Patch Tuesday ED 20-03: Mitigate Windows DNS Server

Japanese cybersecurity software firm Trend Micro has patched a critical security flaw in Apex Central (on-premise) that could allow attackers to execute arbitrary code with SYSTEM privileges. [...]

En pleine guerre en Ukraine, des images publiées par l'analyste OSINT ukrainien Special Kherson Cat sur X, le 8 janvier 2026, montrent un bricolage aussi inattendu que révélateur : un terminal Starlink monté sur un cheval.

Un peu plus de trois mois après la fuite de données de la Fédération Française de Tir, la préfecture de police de Paris a annoncé l’interpellation d’un suspect majeur.​ Né en 2007, il est soupçonné d’avoir pris part à la fuite puis à la revente de ces informations particulièrement sensibles.​

Entre la démocratisation de l’IA et l’industrialisation des cybermenaces, la normalisation progressive de la cryptographie post-quantique et le passage à l’identité numérique dans l’entreprise, Chad Thunberg, CISO chez Yubico, Christopher Harrell, Chief Technology Strategy Officer et Derek Hanson, Field CTO, partagent leurs prédictions pour alerter sur les transformations majeures qui redéfiniront le paysage des menaces […]

The post Prédictions 2026 de Yubico : cybermenaces basées sur l’IA, cryptographie post-quantique et identité numérique first appeared on UnderNews.

Les chercheurs de l’entreprise de cybersécurité Radware ont mis en garde, le 8 janvier 2026, contre une nouvelle attaque par injection indirecte visant ChatGPT.​ Cette offensive détourne une mécanique que l’on pensait réglée depuis quelques mois et cible spécifiquement l’outil Deep Research du chatbot.

Reusing passwords may feel like a harmless shortcut – until a single breach opens the door to multiple accounts

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has retired 10 Emergency Directives issued between 2019 and 2024, saying that the required actions have been completed or are now covered by Binding Operational Directive 22-01. [...]

Google says it's rolling out a new feature called 'AI Inbox,' which summarizes all your emails, but the company promises it won't train its models on your emails. [...]

A sophisticated threat actor that uses Linux-based malware to target telecommunications providers has recently broadened its operations to include organizations in Southeastern Europe. [...]

The North Korean state-sponsored hacker group Kimsuki is using malicious QR codes in spearphishing campaigns that target U.S. organizations, the Federal Bureau of Investigation warns in a flash alert. [...]

Elon Musk-backed xAI has been missing in action for a while now, but today, Musk teased a major upgrade for Grok alongside new products. [...]

Chinese-speaking threat actors used a compromised SonicWall VPN appliance to deliver a VMware ESXi exploit toolkit that seems to have been developed more than a year before the targeted vulnerabilities became publicly known. [...]