Palo Alto Networks patched a high-severity vulnerability that could allow unauthenticated attackers to disable firewall protections in denial-of-service (DoS) attacks. [...]

Microsoft announced on Wednesday that it disrupted RedVDS, a massive cybercrime platform linked to at least $40 million in reported losses in the United States alone since March 2025. [...]

OpenAI is internally testing a new feature called "Agora," and it could be related to some sort of cross-platform feature that works in real time or some other new product. [...]

Google appears to be testing a new feature that integrates Gemini into Chrome for Android, allowing you to use agentic browser capabilities on your mobile device. [...]

Google is rolling out 'Personal Intelligence,' a new Gemini feature that pulls your data from Gmail, Photos, Google Search, and other products. [...]

The Black Lotus Labs team at Lumen Technologies said it null-routed traffic to more than 550 command-and-control (C2) nodes associated with the AISURU/Kimwolf botnet since early October 2025. AISURU and its Android counterpart, Kimwolf, have emerged as some of the biggest botnets in recent times, capable of directing enslaved devices to participate in distributed denial-of-service (DDoS)

AI agents have quickly moved from experimental tools to core components of daily workflows across security, engineering, IT, and operations. What began as individual productivity aids, like personal code assistants, chatbots, and copilots, has evolved into shared, organization-wide agents embedded in critical processes. These agents can orchestrate workflows across multiple systems, for example:

À l’heure des soldes d’hiver période de forte affluence en ligne et d’achats massifs, CyberArk, leader mondial de la sécurité des identités, alerte sur cette recrudescence d’activité des cybercriminels, notamment qui multiplie les attaques concernant les identités, qu’il s’agisse d’utilisateurs, de machines ou de systèmes.   Anne Gueneret, directrice commerciale France chez CyberArk, experte en sécurité […]

The post Soldes d’hiver : CyberArk alerte sur la recrudescence du phishing et des fraudes first appeared on UnderNews.

68% des employés qui utilisent des outils comme ChatGPT ou d’autres IA génératives le font à l’insu de leurs responsables directs ou sans en informer leur DSI. Tout comme le shadow IT, le shadow IA consiste à utiliser des outils technologiques sans l’approbation de la DSI. En se passant des processus internes d’approbation et de […]

The post Shadow IA : Comment sécuriser son SI face à l’IA invisible first appeared on UnderNews.

Le Campus Cyber s’est officiellement doté de sa nouvelle feuille de route (2026-2028), la première depuis sa création. Cette étape majeure, actée par le Conseil d’administration, concrétise la dynamique d’accélération et de transformation engagée par la nouvelle présidence en juin 2025. Elle est le fruit de vastes consultations menées depuis l’été dernier avec l’ensemble des […]

The post Le Campus Cyber dévoile sa nouvelle stratégie 2026-2028 first appeared on UnderNews.

C’est l’épilogue d’une des fuites de données les plus massives de l’histoire des télécoms en France. La CNIL vient de condamner lourdement Free et Free Mobile pour leur négligence lors du piratage survenu en octobre 2024. La note est salée : 42 millions d’euros.

OpenAI has quietly rolled out a new ChatGPT feature called ChatGPT Translate, and it looks very similar to Google Translate on the web. [...]

The Kyowon Group (Kyowon), a South Korean conglomerate, disclosed that a cyberattack has disrupted its operations and customer information may have been exposed in the incident. [...]

The French data protection authority (CNIL) has imposed cumulative fines of €42 million on Free Mobile and its parent company, Free, for inadequate protection of customer data against cyber threats. [...]

Technical details and a public exploit have been published for a critical vulnerability affecting Fortinet's Security Information and Event Management (SIEM) solution that could be leveraged by a remote, unauthenticated attacker to execute commands or code. [...]

Verizon Wireless is suffering a massive outage in the US, with customers reporting their phones stuck in SOS mode with no cellular service. [...]

Microsoft has resolved a known issue that was causing security applications to flag a core Windows component, the company said in a service alert posted this week. [...]

Security experts have disclosed details of an active malware campaign that's exploiting a DLL side-loading vulnerability in a legitimate binary associated with the open-source c-ares library to bypass security controls and deliver a wide range of commodity trojans and stealers. "Attackers achieve evasion by pairing a malicious libcares-2.dll with any signed version of the legitimate ahost.exe (

ConsentFix is an OAuth phishing technique abusing browser-based authorization flows to hijack Microsoft accounts. Push Security shares new insights from continued tracking, community research, and evolving attacker techniques. [...]