La sécurité des systèmes d’information est devenue le nerf de la guerre pour les entreprises françaises. En 2024, 59% des entreprises françaises déclaraient avoir été victimes d’au moins une cyberattaque réussie au cours des 12 derniers mois. Si la cybersécurité a longtemps reposé sur des solutions logicielles, l’évolution des menaces impose une réflexion constante et globale. […]

The post Le TPM 2.0 est-il un réel standard de confiance pour les environnements professionnels ? first appeared on UnderNews.

Microsoft is testing a new policy that allows IT administrators to uninstall the AI-powered Copilot digital assistant on managed devices. [...]

Et si la vraie faille de sécurité, c’était l’absence de stratégie de formation Nous n’avons de cesse de le dire, le répéter, les cybermenaces explosent en volume et en sophistication. 2025 impose une prise de conscience : la cybersécurité ne relève plus uniquement de la technologie, mais avant tout de la compétence humaine. Or, trop […]

The post Former pour performer : comment bien bâtir un plan de formation cybersécurité efficace ? first appeared on UnderNews.

Threat actors are systematically hunting for misconfigured proxy servers that could provide access to commercial large language model (LLM) services. [...]

Les chercheurs de l’entreprise de cybersécurité Check Point ont révélé le 9 janvier 2026 une arnaque emblématique de l’avènement de l’IA dans l’industrialisation des scams en ligne. Baptisée le « Truman Show Scam », il s’agit d’une opération financière entièrement artificielle qui enferme ses victimes dans une réalité de trading fabriquée de toutes pièces.

Chinese-speaking threat actors are suspected to have leveraged a compromised SonicWall VPN appliance as an initial access vector to deploy a VMware ESXi exploit that may have been developed as far back as February 2024. Cybersecurity firm Huntress, which observed the activity in December 2025 and stopped it before it could progress to the final stage, said it may have resulted in a ransomware

The Illinois Department of Human Services (IDHS), one of Illinois' largest state agencies, accidentally exposed the personal and health data of nearly 700,000 residents due to incorrect privacy settings. [...]

Click rate misses the real email security risk: what attackers can do after they access a mailbox. Material Security explains why containment and post-compromise impact matter more than phishing metrics. [...]

Russian state-sponsored threat actors have been linked to a fresh set of credential harvesting attacks targeting individuals associated with a Turkish energy and nuclear research agency, as well as staff affiliated with a European think tank and organizations in North Macedonia and Uzbekistan. The activity has been attributed to APT28 (aka BlueDelta), which was attributed to a "sustained"

U.S. prosecutors have charged an Illinois man with orchestrating a phishing operation that allowed him to hack the Snapchat accounts of nearly 600 women to steal private photos and sell them online. [...]

As organizations plan for 2026, cybersecurity predictions are everywhere. Yet many strategies are still shaped by headlines and speculation rather than evidence. The real challenge isn’t a lack of forecasts—it’s identifying which predictions reflect real, emerging risks and which can safely be ignored. An upcoming webinar hosted by Bitdefender aims to cut through the noise with a data-driven

Trend Micro has released security updates to address multiple security vulnerabilities impacting on-premise versions of Apex Central for Windows, including a critical bug that could result in arbitrary code execution. The vulnerability, tracked as CVE-2025-69258, carries a CVSS score of 9.8 out of a maximum of 10.0. The vulnerability has been described as a case of remote code execution

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday said it's retiring 10 emergency directives (Eds) that were issued between 2019 and 2024. The list of the directives now considered closed is as follows - ED 19-01: Mitigate DNS Infrastructure Tampering ED 20-02: Mitigate Windows Vulnerabilities from January 2020 Patch Tuesday ED 20-03: Mitigate Windows DNS Server

Japanese cybersecurity software firm Trend Micro has patched a critical security flaw in Apex Central (on-premise) that could allow attackers to execute arbitrary code with SYSTEM privileges. [...]

En pleine guerre en Ukraine, des images publiées par l'analyste OSINT ukrainien Special Kherson Cat sur X, le 8 janvier 2026, montrent un bricolage aussi inattendu que révélateur : un terminal Starlink monté sur un cheval.

Un peu plus de trois mois après la fuite de données de la Fédération Française de Tir, la préfecture de police de Paris a annoncé l’interpellation d’un suspect majeur.​ Né en 2007, il est soupçonné d’avoir pris part à la fuite puis à la revente de ces informations particulièrement sensibles.​

Entre la démocratisation de l’IA et l’industrialisation des cybermenaces, la normalisation progressive de la cryptographie post-quantique et le passage à l’identité numérique dans l’entreprise, Chad Thunberg, CISO chez Yubico, Christopher Harrell, Chief Technology Strategy Officer et Derek Hanson, Field CTO, partagent leurs prédictions pour alerter sur les transformations majeures qui redéfiniront le paysage des menaces […]

The post Prédictions 2026 de Yubico : cybermenaces basées sur l’IA, cryptographie post-quantique et identité numérique first appeared on UnderNews.

Les chercheurs de l’entreprise de cybersécurité Radware ont mis en garde, le 8 janvier 2026, contre une nouvelle attaque par injection indirecte visant ChatGPT.​ Cette offensive détourne une mécanique que l’on pensait réglée depuis quelques mois et cible spécifiquement l’outil Deep Research du chatbot.

Reusing passwords may feel like a harmless shortcut – until a single breach opens the door to multiple accounts