You lock your doors at night. You avoid sketchy phone calls. You’re careful about what you post on social media. But what about the information about you that’s already out there—without your permission? Your name. Home address. Phone number. Past jobs. Family members. Old usernames. It’s all still online, and it’s a lot easier to find than you think. The hidden safety threat lurking online Most

Security experts have disclosed details of a new campaign that has targeted U.S. government and policy entities using politically themed lures to deliver a backdoor known as LOTUSLITE. The targeted malware campaign leverages decoys related to the recent geopolitical developments between the U.S. and Venezuela to distribute a ZIP archive ("US now deciding what's next for Venezuela.zip")

A threat actor likely aligned with China has been observed targeting critical infrastructure sectors in North America since at least last year. Cisco Talos, which is tracking the activity under the name UAT-8837, assessed it to be a China-nexus advanced persistent threat (APT) actor with medium confidence based on tactical overlaps with other campaigns mounted by threat actors from the region.

De nombreux outils de cybersécurité gratuits, tels que Wireshark et Nmap, peuvent renforcer la sécurité des utilisateurs sur Internet. Cependant, les experts en cybersécurité mettent en garde contre les signaux d’alerte, comme des déclarations vagues dans les politiques de confidentialité, des mises à jour peu fréquentes et de mauvais avis.   Tribune Planet VPN – […]

The post Dangers cachés des outils de cybersécurité gratuits : Comment protéger vos données en 2026 first appeared on UnderNews.

L'unité de recherche sur les menaces d’Acronis révèle une nouvelle campagne de cyberespionnage menée par un groupe lié à la Chine. L’une de leurs techniques pour piéger des diplomates américains ? Promettre des informations exclusives sur les plans de la Maison Blanche après la capture de Nicolás Maduro.

Des chercheurs en cybersécurité de Varonis ont mis en lumière un moyen de contourner les contrôles de sécurité de Copilot. Le procédé est extrêmement furtif : il suffit d'un seul clic pour que l'outil IA de Microsoft exfiltre les données de la victime vers les serveurs de l'attaquant.

​Cisco finally patched a maximum-severity AsyncOS zero-day exploited in attacks targeting Secure Email Gateway (SEG) appliances since November 2025. [...]

Microsoft has confirmed a new issue that prevents Windows 11 23H2 devices with System Guard Secure Launch enabled from shutting down. [...]

Cisco on Thursday released security updates for a maximum-severity security flaw impacting Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager, nearly a month after the company disclosed that it had been exploited as a zero-day by a China-nexus advanced persistent threat (APT) actor codenamed UAT-9686. The vulnerability, tracked as CVE-2025-20393 (CVSS

A critical misconfiguration in Amazon Web Services (AWS) CodeBuild could have allowed complete takeover of the cloud service provider's own GitHub repositories, including its AWS JavaScript SDK, putting every AWS environment at risk. The vulnerability has been codenamed CodeBreach by cloud security company Wiz. The issue was fixed by AWS in September 2025 following responsible disclosure on

Google has confirmed that it's now possible to change your @gmail.com address. This means that if your current email is [email protected], you can now change it to [email protected]. [...]

OpenAI is rolling out a big upgrade for ChatGPT with support for advanced chat history search, but the feature is rolling out to Plus and Pro subscribers only. [...]

The Gootloader malware, typically used for initial access, is now using a malformed ZIP archive designed to evade detection by concatenating up to 1,000 archives. [...]

Food delivery platform Grubhub has confirmed a recent data breach after hackers accessed its systems, with sources telling BleepingComputer the company is now facing extortion demands. [...]

Hackers are actively exploiting a maximum severity flaw in the Modular DS WordPress plugin that allows them to bypass authentication remotely and access the vulnerable sites with admin-level privileges. [...]

Verizon has confirmed that yesterday's nationwide wireless outage was caused by a software issue, though the company has not shared additional details about what went wrong. [...]

Microsoft announced that the Copilot Studio extension for the Visual Studio Code (VS Code) integrated development environment is now available to all users. [...]

A critical vulnerability in Google's Fast Pair protocol can allow attackers to hijack Bluetooth audio accessories like wireless headphones and earbuds, track users, and eavesdrop on their conversations. [...]

Longtemps considérés comme des maquettes de communication inspirées de la science-fiction, les avions du projet militaire chinois Nantianmen ont été remis en avant le 9 janvier 2026 par la CCTV, qui les a présentés comme potentiellement réalisables.