Artificial Intelligence (AI) is no longer just a tool we talk to; it is a tool that does things for us. These are called AI Agents. They can send emails, move data, and even manage software on their own. But there is a problem. While these agents make work faster, they also open a new "back door" for hackers. The Problem: "The Invisible Employee" Think of an AI Agent like a new employee who has

You can't control when the next critical vulnerability drops. You can control how much of your environment is exposed when it does. The problem is that most teams have more internet-facing exposure than they realise. Intruder's Head of Security digs into why this happens and how teams can manage it deliberately. Time-to-exploit is shrinking The larger and less controlled your attack surface is,

The Russian state-sponsored hacking group tracked as APT28 has been observed using a pair of implants dubbed BEARDSHELL and COVENANT to facilitate long‑term surveillance of Ukrainian military personnel. The two malware families have been put to use since April 2024, ESET said in a new report shared with The Hacker News. APT28, also tracked as Blue Athena, BlueDelta, Fancy Bear, Fighting Ursa,

CISA flagged a high-severity Ivanti Endpoint Manager (EPM) vulnerability as actively exploited in attacks and ordered U.S. federal agencies to patch systems within three weeks. [...]

Microsoft will turn on hotpatch security updates by default for all eligible Windows devices managed through Microsoft Intune and the Microsoft Graph API, beginning with the May 2026 Windows security update. [...]

Un agent IA autonome aurait piraté en moins de deux heures l'IA interne du cabinet de conseil McKinsey & Company. C'est en tout cas ce qu'affirme la startup de cybersécurité CodeWall, dont l'agent a pu avoir un accès total à la base de données de production. Sans mot de passe volé. Sans complice interne. Sans intervention humaine.

Contrairement à la plupart des autres pays européens, la France accuse un retard dans la transposition de la directive NIS2 dans son droit, qui aurait déjà dû avoir lieu depuis octobre 2024 selon le calendrier fixé par l’Union européenne, mais qui ne devrait pas se faire avant juillet 2026 au plus tôt. La raison ? Un […]

The post Retard dans la transposition de la directive NIS2 dans le droit en France first appeared on UnderNews.

Les laboratoires d’ESET ont récemment mis en évidence la reprise d’activité du groupe Sednit qui s’appuie désormais sur une boîte à outils modernisée. Celle-ci comporte deux implants complémentaires, BeardShell et Covenant, chacun utilisant un fournisseur cloud distinct afin d’assurer leur résilience. Cette stratégie à double implant a permis au groupe de maintenir une surveillance prolongée […]

The post ESET Research : Sednit modernise ses outils et cible à nouveau l’Ukraine first appeared on UnderNews.

The Russian state-sponsored APT28 threat group is using a custom variant of the open-source Covenant post-exploitation framework for long-term espionage operations. [...]

Retiré sans motif public après avoir attiré plusieurs centaines de milliers de dollars, un pari de Polymarket sur une possible explosion nucléaire remet en lumière la place croissante des marchés liés aux conflits armés sur la plateforme de paris en ligne.

Salesforce has warned of an increase in threat actor activity that's aimed at exploiting misconfigurations in publicly accessible Experience Cloud sites by making use of a customized version of an open-source tool called AuraInspector. The activity, per the company, involves the exploitation of customers' overly permissive Experience Cloud guest user configurations to obtain access to sensitive

Un chercheur français en cybersécurité a découvert que plus d'un million de caméras et babyphones connectés étaient totalement exposés sur Internet : sans mot de passe, sans protection, accessibles à tous. Derrière cette faille béante se cache un fabricant chinois peu connu du grand public, Meari Technology, dont la technologie équipe en réalité des centaines de marques vendues partout en France et dans le monde.

Hackers contacted employees at financial and healthcare organizations over Microsoft Teams to trick them into granting remote access through Quick Assist and deploy a new piece of malware called A0Backdoor. [...]

Hackers are increasingly exploiting newly disclosed vulnerabilities in third-party software to gain initial access to cloud environments, with the window for attacks shrinking from weeks to just days. [...]

Russian state-sponsored hackers have been linked to an ongoing Signal and WhatsApp phishing campaign targeting government officials, military personnel, and journalists to gain access to sensitive messages. [...]

Ericsson Inc., the U.S. subsidiary of Swedish networking and telecommunications giant Ericsson, says attackers have stolen data belonging to over 15,000 employees and customers after hacking one of its service providers. [...]

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability list is as follows - CVE-2021-22054 (CVSS score: 7.5) - A server-side request forgery (SSRF) vulnerability in Omnissa Workspace One UEM (formerly VMware Workspace One UEM) that

Cybersecurity researchers have discovered a malicious npm package that masquerades as an OpenClaw installer to deploy a remote access trojan (RAT) and steal sensitive data from compromised hosts. The package, named "@openclaw-ai/openclawai," was uploaded to the registry by a user named "openclaw-ai" on March 3, 2026. It has been downloaded 178 times to date. The library is still available for

Microsoft says Teams will soon automatically tag third-party bots in lobbies, allowing organizers to control whether they can join meetings. [...]