In cybersecurity, the line between a normal update and a serious incident keeps getting thinner. Systems that once felt reliable are now under pressure from constant change. New AI tools, connected devices, and automated systems quietly create more ways in, often faster than security teams can react. This week’s stories show how easily a small mistake or hidden service can turn into a real

Just a few years ago, the cloud was touted as the “magic pill” for any cyber threat or performance issue. Many were lured by the “always-on” dream, trading granular control for the convenience of managed services. In recent years, many of us have learned (often the hard way) that public cloud service providers are not immune to attacks and SaaS downtime, hiding behind the Shared Responsibility

A team of academics from the CISPA Helmholtz Center for Information Security in Germany has disclosed the details of a new hardware vulnerability affecting AMD processors. The security flaw, codenamed StackWarp, can allow bad actors with privileged control over a host server to run malicious code within confidential virtual machines (CVMs), undermining the integrity guarantees provided by AMD

La généralisation des dispositifs médicaux connectés transforme en profondeur les pratiques de soins, mais expose également les établissements de santé à de nouveaux risques cyber.  En 2024, 749 incidents de cybersécurité affectant des établissements de santé en France ont été déclarés, soit une forte augmentation par rapport à 2023, ce qui illustre la multiplication des […]

The post Cybersécurité des établissements de santé : Keyfactor alerte sur les risques liés à la perte de confiance numérique des dispositifs médicaux first appeared on UnderNews.

​Information technology giant Ingram Micro has revealed that a ransomware attack on its systems in July 2025 led to a data breach affecting over 42,000 individuals. [...]

Cybersecurity researchers have disclosed details of an ongoing campaign dubbed KongTuke that used a malicious Google Chrome extension masquerading as an ad blocker to deliberately crash the web browser and trick victims into running arbitrary commands using ClickFix-like lures to deliver a previously undocumented remote access trojan (RAT) dubbed ModeloRAT. This new escalation of ClickFix has

Zimperium, spécialiste mondial de la sécurité mobile, alerte sur la progression rapide des attaques de phishing via QR codes, aussi appelées « quishing ». En un an, elles ont bondi d’environ 25% et représentent désormais jusqu’à un quart des campagnes d’hameçonnage exploitant ce vecteur comme principal leurre. Tribune – Ces campagnes reposent sur des QR […]

The post Les QR codes s’imposent un vecteur majeur de phishing mobile first appeared on UnderNews.

Une étude de Flare révèle que près de la moitié des cybercriminels utilisent des kits de phishing multi-marques pour voler des données. Un nouveau rapport lève le voile sur l’écosystème sophistiqué qui alimente les campagnes de phishing touchant particuliers et entreprises. Tribune – Flare, leader du Threat Exposure Management, publie une nouvelle étude « The […]

The post Étude Flare : près d’un cybercriminel sur deux utilise des kits de phishing multi-marques first appeared on UnderNews.

Microsoft vient de publier une salve de correctifs d’urgence pour réparer le bug introduit par le premier Patch Tuesday de 2026, qui coupait l’accès à certains environnements Windows dans le cloud et empêchait l’extinction correcte de certains PC.​

OpenAI is reportedly testing a new feature or product codenamed "Sonata," and it could be related to music or audio-related experiences on ChatGPT. [...]

Cybersecurity researchers have disclosed a cross-site scripting (XSS) vulnerability in the web-based control panel used by operators of the StealC information stealer, allowing them to gather crucial insights on one of the threat actors using the malware in their operations. "By exploiting it, we were able to collect system fingerprints, monitor active sessions, and – in a twist that will

OpenAI is internally testing a new update for ChatGPT, at least on the web. It'll begin rolling out in the coming weeks. [...]

Microsoft has released multiple emergency, out-of-band updates for Windows 10, Windows 11, and Windows Server to fix two issues caused by the January Patch Tuesday updates. [...]

The Canadian Investment Regulatory Organization (CIRO) confirmed that the data breach it suffered last year impacts about 750,000 Canadian investors. [...]

Google is testing "Skills" for Gemini in Chrome, which will allow AI in Chrome to perform tasks automatically, and it could challenge Perplexity Comet or Edge's Copilot mode. [...]

Alors que le dispositif avait suscité de nombreuses critiques au sein d'associations en France, la CNAF a choisi de ne pas renoncer à son algorithme de contrôle des allocataires et vient de déployer un nouveau modèle de « data mining ».​ Cette fois, l’organisme mise sur une communication plus transparente et a décidé de soumettre l’algorithme à la vérification de tout un chacun. Numerama a pu s’entretenir avec son directeur, Nicolas Grivel, qui détaille cette démarche.

Google Chrome now lets you delete the local AI models that power the "Enhanced Protection" feature, which was upgraded with AI capabilities last year. [...]

Malicious Chrome extensions on the Chrome Web Store masquerading as productivity and security tools for enterprise HR and ERP platforms were discovered stealing authentication credentials or blocking management pages used to respond to security incidents. [...]

Another set of 17 malicious extensions linked to the GhostPoster campaign has been discovered in Chrome, Firefox, and Edge stores, where they accumulated a total of 840,000 installations. [...]