A financially motivated threat group dubbed "Diesel Vortex" is stealing credentials from freight and logistics operators in the U.S. and Europe in phishing attacks using 52 domains. [...]

Wynn Resorts has confirmed that a hacker stole employee data from its systems after the company was listed on the ShinyHunters extortion gang's data leak site. [...]

A newly identified cybercrime service known as 1Campaign is enabling threat actors to run malicious Google Ads that remain online for extended periods while evading scrutiny from security researchers. [...]

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a recently disclosed vulnerability in FileZen to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2026-25108 (CVSS v4 score: 8.7), is a case of operating system (OS) command injection that could allow an authenticated user to execute

A vulnerability in GitHub Codespaces could have been exploited by bad actors to seize control of repositories by injecting malicious Copilot instructions in a GitHub issue. The artificial intelligence (AI)-driven vulnerability has been codenamed RoguePilot by Orca Security. It has since been patched by Microsoft following responsible disclosure. "Attackers can craft hidden instructions inside a

A Russia-aligned threat actor has been observed targeting a European financial institution as part of a social engineering attack to likely facilitate intelligence gathering or financial theft, signaling a possible expansion of the threat actor's targeting beyond Ukraine and into entities supporting the war-torn nation. The activity, which targeted an unnamed entity involved in regional

Face à l’extension rapide de la surface d’attaque d’OpenClaw et à la multiplication des risques liés aux supply chains non sécurisées, SentinelOne®, leader de la sécurité native IA, dévoile ClawSec, suite de sécurité open source conçue pour instaurer une protection continue, vérifiable et collaborative des déploiements agentiques. Tribune – À mesure que les agents autonomes […]

The post SentinelOne lance ClawSec, une suite open source pour sécuriser l’essor des agents OpenClaw first appeared on UnderNews.

Dell Technologies annonce la poursuite de son partenariat avec McLaren Racing, la branche de McLaren Group chargée de l’engagement en compétition automobile. Cette dernière s’appuie en effet depuis 2018 sur l’infrastructure IA avancée et les PC Dell afin de renforcer la compétitivité de l’écurie McLaren en Formule 1. Tribune – En tant que Partenaire Officiel […]

The post IA, jumeaux numériques et HPC : McLaren et Dell prolongent leur partenariat pour optimiser la performance en F1 first appeared on UnderNews.

Le Pentagone et la société Anthropic renégocient l’accès au chatbot Claude sur les réseaux classifiés de l’armée, alors que le ministère américain de la Défense presse les acteurs de l'intelligence artificielle d’assouplir leurs garde-fous.

The ShinyHunters extortion group has published personal information in more than 12 million records allegedly stolen from CarGurus, a U.S.-based digital auto platform. [...]

Microsoft is expanding data loss prevention (DLP) controls to block the Microsoft 365 Copilot AI assistant from processing confidential Word, Excel, and PowerPoint documents, regardless of their location. [...]

AI agents now provision infrastructure and approve actions, but many inherit over-scoped privileges without proper governance. Token Security explains why CISOs must treat agents as identities and add intent-based controls so access is granted only when purpose and context align. [...]

The UK Information Commissioner's Office (ICO) has fined Reddit £14.47 million (over $19.5 million) for collecting and using the personal information of children under 13 without adequate safeguards. [...]

SolarWinds has patched four critical Serv-U remote code execution vulnerabilities that could grant attackers root access to unpatched servers. [...]

Conscio Technologies, spécialiste de la sensibilisation à la cybersécurité, présente son livre blanc « Sensibilisation Cybersécurité – plan d’action 2026 », un ouvrage pratique permettant de lancer et mettre en place un plan de sensibilisation efficace. Tribune – Audrey BOUSSICAUD, Responsable pédagogique Conscio Technologies : « Si je devais résumer l’année 2026 en un mot pour les RSSI, […]

The post Conscio Technologies présente son livre blanc « Sensibilisation Cybersécurité – plan d’action 2026 » first appeared on UnderNews.

Commvault revient sur les récentes cyberattaques connues par le milieu sportif. Le golf, l’athlétisme, la voile, la natation, le tennis. Et le ministère des Sports lui-même, attaqué non pas une, mais deux fois. Ces incidents suivent une tendance observable : les organisations sportives sont devenues des cibles de choix pour les cybercriminels. Pourquoi ? Pas […]

The post Cyberattaques dans le sport : comprendre une tendance et s’adapter first appeared on UnderNews.

Most identity programs still prioritize work the way they prioritize IT tickets: by volume, loudness, or “what failed a control check.” That approach breaks the moment your environment stops being mostly-human and mostly-onboarded. In modern enterprises, identity risk is created by a compound of factors: control posture, hygiene, business context, and intent. Any one of these can perhaps be

The ShinyHunters extortion gang has claimed responsibility for breaching Dutch telecommunications provider Odido and stealing millions of user records from its compromised systems. [...]

The North Korea-linked Lazarus Group (aka Diamond Sleet and Pompilus) has been observed using Medusa ransomware in an attack targeting an unnamed entity in the Middle East, according to a new report by the Symantec and Carbon Black Threat Hunter Team. Broadcom's threat intelligence division said it also identified the same threat actors mounting an unsuccessful attack against a healthcare