High-value organizations located in South, Southeast, and East Asia have been targeted by a Chinese threat actor as part of a years-long campaign. The activity, which has targeted aviation, energy, government, law enforcement, pharmaceutical, technology, and telecommunications sectors, has been attributed by Palo Alto Networks Unit 42 to a previously undocumented threat activity group dubbed

Athanasios Rantos, the Advocate General of the Court of Justice of the EU (CJEU), has issued a formal opinion suggesting that banks must immediately refund account holders affected by unauthorized transactions, even when it's their fault. [...]

OpenAI on Friday began rolling out Codex Security, an artificial intelligence (AI)-powered security agent that's designed to find, validate, and propose fixes for vulnerabilities. The feature is available in a research preview to ChatGPT Pro, Enterprise, Business, and Edu customers via the Codex web with free usage for the next month. "It builds deep context about your project to identify

Anthropic on Friday said it discovered 22 new security vulnerabilities in the Firefox web browser as part of a security partnership with Mozilla. Of these, 14 have been classified as high, seven have been classified as moderate, and one has been rated low in severity. The issues were addressed in Firefox 148, released late last month. The vulnerabilities were identified over a two-week period in

Threat actors are abusing the special-use ".arpa" domain and IPv6 reverse DNS in phishing campaigns that more easily evade domain reputation checks and email security gateways. [...]

Ransomware threat actors tracked as Velvet Tempest are using the ClickFix technique and legitimate Windows utilities to deploy the DonutLoader malware and the CastleRAT backdoor. [...]

Microsoft says threat actors are increasingly using artificial intelligence in their operations to accelerate attacks, scale malicious activity, and lower technical barriers across all aspects of a cyberattack. [...]

The ability to continue operating safely in an unsafe environment where competitors cannot is a competitive advantage that is rarely measured or discussed

TriZetto Provider Solutions, a healthcare IT company that develops software and services used by health insurers and healthcare providers, has suffered a data breach that exposed the sensitive information of over 3.4 million people. [...]

CISA ordered U.S. federal agencies to patch three iOS security flaws targeted in cyberespionage and crypto-theft attacks using the Coruna exploit kit. [...]

EC-Council, creator of the world-renowned Certified Ethical Hacker (CEH) credential and a global leader in applied cybersecurity education, today launched its Enterprise AI Credential Suite, with four new role-based AI certifications debuting alongside Certified CISO v4, an overhauled executive cyber leadership program. [...]

The Pakistan-aligned threat actor known as Transparent Tribe has become the latest hacking group to embrace artificial intelligence (AI)-powered coding tools to strike targets with various implants. The activity is designed to produce a "high-volume, mediocre mass of implants" that are developed using lesser-known programming languages like Nim, Zig, and Crystal and rely on trusted services like

Cybersecurity researchers have disclosed details of a multi-stage malware campaign that uses batch scripts as a pathway to deliver various encrypted remote access trojan (RATs) payloads that correspond to XWorm, AsyncRAT, and Xeno RAT. The stealthy attack chain has been codenamed VOID#GEIST by Securonix Threat Research. At a high level, the obfuscated batch script is used to deploy a second

En classant Anthropic comme un risque pour la chaîne d’approvisionnement des États-Unis, le Pentagone prend une décision sans précédent contre une entreprise américaine d’intelligence artificielle. Cette décision, actée début mars 2026, intervient alors que DeepSeek, rival chinois en pleine progression, ne fait pas l’objet d’une qualification équivalente.

Threat actors are employing a new variation of the ClickFix social engineering technique called InstallFix to convince users into running malicious commands under the pretext of installing legitimate command line interface (CLI) tools. [...]

Microsoft will soon begin rolling out a significant upgrade to Microsoft 365 Backup to speed up recovery by allowing administrators to restore individual files and folders. [...]

En classant Anthropic comme un risque pour la chaîne d’approvisionnement des États-Unis, le Pentagone prend une décision sans précédent contre une entreprise américaine d’intelligence artificielle. Cette décision, actée début mars 2026, intervient alors que DeepSeek, rival chinois en pleine progression, ne fait pas l’objet d’une qualification équivalente.

Ces découvertes contribuent à protéger l’infrastructure technologique mondiale, utilisée par des milliards d’utilisateurs, contre des exploitations de workflows CI/CD de type « Shai-Hulud ». Tribune – JFrog Ltd, The Liquid Software company et créatrice de la JFrog Software Supply Chain Platform, a annoncé aujourd’hui que son équipe Security Research a été la première à détecter, signaler et […]

The post JFrog découvre 13 vulnérabilités dans des dépôts GitHub grâce à « RepoHunter », son bot de recherche en sécurité alimenté par l’IA first appeared on UnderNews.

Une analyse de l’entreprise de cybersécurité Proofpoint révèle qu’une majorité d’organisations du secteur public en France ne bloque pas de manière proactive les e-mails frauduleux susceptibles d’atteindre le grand public. Tribune – Proofpoint, Inc., spécialiste en cybersécurité et conformité, publie aujourd’hui les résultats d’une nouvelle étude analysant la posture de sécurité des e-mails de près […]

The post Municipales : 88% du secteur public vulnérable à la fraude par e-mail à l’approche des élections first appeared on UnderNews.