Scott Schober: Video Game Pirate Turned Cybersecurity Expert, Invetor, and Author
This week in cybersecurity from the editors at Cybercrime Magazine
Latest CyberSec News by @thecyberpicker
AI Agents Act Like Employees With Root Access—Here's How to Regain Control
Generative AI systems risk exploitation without identity-first security, affecting sensitive data and systems. Learn how to secure them.
Critical Golden dMSA Attack in Windows Server 2025 Enables Cross-Domain Attacks and Persistent Access
Researchers expose critical flaw in Windows Server 2025’s dMSA, enabling enterprise-wide access and lateral movement across domains.
21-year-old former US soldier pleads guilty to hacking, extorting telecoms
Cameron John Wagenius faces up to 27 years in prison after pleading guilty to wire fraud, extortion and aggravated identity theft in data breaches involving major corporations.
Talos IR ransomware engagements and the significance of timeliness in incident response
The decision between immediate action and delayed response made the difference between ransomware prevention and complete encryption in these two real-world Talos IR engagements.
AWS, Google Drive, Dropbox : quand le cloud est détourné pour espionner des négociations
Depuis fin 2024, une campagne d’espionnage d’une sophistication inédite vise les gouvernements d’Asie du Sud-Est. L’outil au cœur de cette opération : HazyBeacon, un logiciel malveillant capable de se dissimuler dans le trafic légitime des services cloud d’Amazon, afin de collecter des informations sensibles sur des
Amazon warns 200 million Prime customers that scammers are after their login info
Amazon has emailed 200 million customers to warn them about a rather convincing phishing campaign.
CVE-2025-6554 marks the fifth actively exploited Chrome Zero-Day patched by Google in 2025
Google released security patches to address multiple Chrome vulnerabilities, including one flaw that has been exploited in the wild.
Grok 4 benchmark results: Tops math, ranks second in coding
Grok 4 is a huge leap from Grok 3, but how good is it compared to other models in the market, such as Gemini 2.5 Pro? We now have answers, thanks to new independent benchmarks.
Google fixes actively exploited sandbox escape zero day in Chrome
Google has released a security update for Chrome to address half a dozen vulnerabilities, one of them actively exploited by attackers to escape the browser's sandbox protection.
Cloudflare Blocks Record-Breaking 7.3 Tbps DDoS Attack
Cloudflare highlighted a huge rise in hyper-volumetric DDoS attacks in Q2 2025, with attackers seeking to overwhelm defenses
Comment Now: Reducing the Cybersecurity Risks of Portable Storage Media in OT Environments
The NIST National Cybersecurity Center of Excellence has developed the draft two-pager
DDoS peaks hit new highs: Cloudflare mitigated massive 7.3 Tbps assault
Cloudflare blocked 7.3M DDoS attacks in Q2 2025, down from 20.5M in Q1, while hyper-volumetric attacks surged with 6,500+ blocked.
Education Sector is Most Exposed to Remote Attacks
CyCognito research finds that a third of education sector APIs, web apps and cloud assets are exposed to attack
NodeJS 24.x - Path Traversal
NodeJS 24.x - Path Traversal. CVE-2025-27210 . remote exploit for NodeJS platform
Deepfakes. Fake Recruiters. Cloned CFOs — Learn How to Stop AI-Driven Attacks in Real Time
AI-driven social engineering campaigns are evolving, targeting your employees, customers, and partners with impersonation tactics.
New Konfety Malware Variant Evades Detection by Manipulating APKs and Dynamic Code
Researchers uncover sophisticated Konfety Android malware using evil twin apps and complex evasion methods to conduct ad fraud.
GUEST ESSAY: Why IoT security must start at the module—a blueprint for scaling IoT security
A few years ago, a casino was breached via a smart fish tank thermometer. Related: NIST's IoT security standard It’s a now-famous example of how a single overlooked IoT device can become an entry point for attackers — and a cautionary tale that still applies today. The Internet of Things (IoT) is expanding at an
SugarCRM 14.0.0 - SSRF/Code Injection
SugarCRM 14.0.0 - SSRF/Code Injection. CVE-2024-58258 . webapps exploit for Multiple platform
White Star Software Protop 4.4.2-2024-11-27 - Local File Inclusion (LFI)
White Star Software Protop 4.4.2-2024-11-27 - Local File Inclusion (LFI). CVE-2025-44177 . webapps exploit for Multiple platform
WP Publications WordPress Plugin 1.2 - Stored XSS
WP Publications WordPress Plugin 1.2 - Stored XSS. CVE-2024-11605 . webapps exploit for Multiple platform
MikroTik RouterOS 7.19.1 - Reflected XSS
MikroTik RouterOS 7.19.1 - Reflected XSS. CVE-2025-6563 . remote exploit for Multiple platform
Co-op Aims to Divert More Young Hackers into Cyber Careers
The Co-op is teaming up with The Hacking Games to inspire pathways into ethical cybersecurity careers
TOTOLINK N300RB 8.54 - Command Execution
TOTOLINK N300RB 8.54 - Command Execution. CVE-2025-52089 . hardware exploit for Multiple platform
Microsoft Graphics Component Windows 11 Pro (Build 26100+) - Local Elevation of Privileges
Microsoft Graphics Component Windows 11 Pro (Build 26100+) - Local Elevation of Privileges. CVE-2025-49744 . local exploit for Windows platform
Langflow 1.2.x - Remote Code Execution (RCE)
Langflow 1.2.x - Remote Code Execution (RCE). CVE-2025-3248 . webapps exploit for Multiple platform
Keras 2.15 - Remote Code Execution (RCE)
Keras 2.15 - Remote Code Execution (RCE). CVE-2025-1550 . remote exploit for Python platform
Microsoft Brokering File System Windows 11 Version 22H2 - Elevation of Privilege
Microsoft Brokering File System Windows 11 Version 22H2 - Elevation of Privilege. CVE-2025-49677 . local exploit for Windows platform
PivotX 3.0.0 RC3 - Remote Code Execution (RCE)
PivotX 3.0.0 RC3 - Remote Code Execution (RCE). CVE-2025-52367 . webapps exploit for Multiple platform
Google AI "Big Sleep" Stops Exploitation of Critical SQLite Vulnerability Before Hackers Act
Google AI "Big Sleep" Stops Exploitation of Critical SQLite Vulnerability Before Hackers Act | Read more hacking news on The Hacker News cybersecurity news website and learn how to protect against cyberattacks and software vulnerabilities.