La fraude au remboursement commence à prendre toute autre tournure à cause de l’Intelligence artificielle générative. Sur Vinted, certains utilisent désormais une nouvelle technique basée sur de fausses images duper les vendeurs et se faire rembourser illégalement.

Researchers warn that a newly identified open-source AI security testing platform called CyberStrikeAI was used by the same threat actor behind a recent campaign that breached hundreds of Fortinet FortiGate firewalls. [...]

A phishing campaign is using a fake Google Account security page to deliver a web-based app capable of stealing one-time passcodes, harvesting cryptocurrency wallet addresses, and proxying attacker traffic through victims' browsers. [...]

A 22-year-old Alabama man pleaded guilty to extortion, cyberstalking, and computer fraud charges after hijacking the social media accounts of hundreds of young women (including minors). [...]

A Florida woman was sentenced to 22 months in prison for running a massive years-long scheme to traffic thousands of stolen Microsoft Certificate of Authenticity (COA) labels. [...]

The United Kingdom's National Cyber Security Centre (NCSC) alerted British organizations to a heightened risk of Iranian cyberattacks amid the ongoing conflict in the Middle East. [...]

Cybersecurity researchers have disclosed details of a now-patched security flaw in Google Chrome that could have permitted attackers to escalate privileges and gain access to local files on the system. The vulnerability, tracked as CVE-2026-0628 (CVSS score: 8.8), has been described as a case of insufficient policy enforcement in the WebView tag. It was patched by Google in early January 2026

L’intégration des solutions Akamai Guardicore Segmentation et NVIDIA BlueField met fin au compromis de longue date entre sécurité avancée et performance système pour les secteurs de l’énergie, de la fabrication et des transports. Tribune – Akamai annonce une nouvelle solution développée avec NVIDIA pour protéger la plupart des systèmes critiques contre des cyberattaques de plus […]

The post Akamai sécurise les infrastructures critiques grâce à une segmentation Zéro Trust sans agent avec NVIDIA first appeared on UnderNews.

Google has announced a new program in its Chrome browser to ensure that HTTPS certificates are secure against the future risk posed by quantum computers. "To ensure the scalability and efficiency of the ecosystem, Chrome has no immediate plan to add traditional X.509 certificates containing post-quantum cryptography to the Chrome Root Store," the Chrome Secure Web and Networking Team said. "

À l’ère de l’IA, les entreprises doivent pouvoir développer des logiciels intelligents sans renoncer à la maîtrise et à la confiance. Tribune par Yoav Landman, CTO et cofondateur de JFrog. Lorsque Anthropic a annoncé les nouvelles fonctionnalités de scan de sécurité de Claude Code, à la suite du lancement d’Aardvark par OpenAI, cela a marqué […]

The post Tribune libre « Sécurité logicielle : l’IA règle le problème… ou le déplace ? » de JFrog first appeared on UnderNews.

Anthropic vient de lancer son nouvel outil Claude Code Security, une fonctionnalité de cybersécurité intégrée à sa plateforme Claude Code, conçue pour analyser des vulnérabilités logicielles de façon automatisée. Cette annonce a fait trembler les marchés boursiers, faisant chuter les valeurs de nombreux acteurs du secteur. Doit-on craindre un emplacement imminent des experts en cybersécurité […]

The post L’IA d’Anthropic menace-t-elle vraiment la cybersécurité ? first appeared on UnderNews.

Le deuxième volet de l’étude Zscaler sur la cyber résilience révèle que de nombreuses organisations restent excessivement centrées sur leur périmètre interne, les exposant aux menaces externes telles que les attaques sur la chaîne d’approvisionnement et les chocs géopolitiques. Tribune Zscaler. Principaux enseignements de l’étude : La France se distingue par une prise de conscience […]

The post Stratégie de cyber résilience : la France affiche une prise de conscience supérieure à la moyenne mondiale mais doit accélérer dans ses investissements first appeared on UnderNews.

La fraude au remboursement n’est pas nouvelle, mais elle prend une tout autre tournure à l’ère de l’IA générative. Sur Vinted, certains utilisent désormais une nouvelle technique pour duper les vendeurs et se faire rembourser illégalement.

This week is not about one big event. It shows where things are moving. Network systems, cloud setups, AI tools, and common apps are all being pushed in different ways. Small gaps in access control, exposed keys, and normal features are being used as entry points. The pattern becomes clear only when you see everything together. Faster scans, smarter misuse of trusted services, and steady

Deepfakes and injection attacks are targeting identity verification moments, from onboarding to account recovery. Incode explains why enterprises must validate the full session—media, device integrity, and behavior—to stop synthetic and injected attacks in real time. [...]

Claude appears to be having a major outage right now, with elevated errors reported across all platforms. [...]

Most SaaS teams remember the day their user traffic started growing fast. Few notice the day bots started targeting them. On paper, everything looks great: more sign-ups, more sessions, more API calls. But in reality, something feels off: Sign-ups increase, but users aren’t activating. Server costs rise faster than revenue. Logs are filled with repeated requests from strange user agents. If

A recently disclosed security flaw patched by Microsoft may have been exploited by the Russia-linked state-sponsored threat actor known as APT28, according to new findings from Akamai. The vulnerability in question is CVE-2026-21513 (CVSS score: 8.8), a high-severity security feature bypass affecting the MSHTML Framework. "Protection mechanism failure in MSHTML Framework allows an unauthorized

Cybersecurity researchers have disclosed a new iteration of the ongoing Contagious Interview campaign, where the North Korean threat actors have published a set of 26 malicious packages to the npm registry. The packages masquerade as developer tools, but contain functionality to extract the actual command-and-control (C2) by using seemingly harmless Pastebin content as a dead drop resolver and