Latest CyberSec News by @thecyberpicker

Latest CyberSec News by @thecyberpicker

31297 bookmarks
Custom sorting
Microsoft Patch Tuesday for August 2025 — Snort rules and prominent vulnerabilities
Microsoft Patch Tuesday for August 2025 — Snort rules and prominent vulnerabilities
Microsoft has released its monthly security update for August 2025, which includes 111 vulnerabilities affecting a range of products, including 13 that Microsoft marked as “critical”.   In this month's release, Microsoft observed none of the included vulnerabilities being actively exploited in the wild. Out of 13 "critical" entries, 9 are remote code execution (RCE) vulnerabilities in Microsoft Windows services and applications including the Windows kernel, Microsoft Message Queuing (MSMQ), Win
·blog.talosintelligence.com·
Microsoft Patch Tuesday for August 2025 — Snort rules and prominent vulnerabilities
Malvertising campaign leads to PS1Bot, a multi-stage malware framework
Malvertising campaign leads to PS1Bot, a multi-stage malware framework
Cisco Talos has observed an ongoing malware campaign that seeks to infect victims with a multi-stage malware framework, implemented in PowerShell and C#, which we are referring to as “PS1Bot.”
·blog.talosintelligence.com·
Malvertising campaign leads to PS1Bot, a multi-stage malware framework
Docker Hub still hosts dozens of Linux images with the XZ backdoor
Docker Hub still hosts dozens of Linux images with the XZ backdoor
The XZ-Utils backdoor, first discovered in March 2024, is still present in at least 35 Linux images on Docker Hub, potentially putting users, organizations, and their data at risk.
·bleepingcomputer.com·
Docker Hub still hosts dozens of Linux images with the XZ backdoor
Guess what else GPT-5 is bad at? Security | CyberScoop
Guess what else GPT-5 is bad at? Security | CyberScoop
OpenAI and Microsoft have said that GPT-5 is one of their safest and secure models out of the box yet. An AI red-teamer called its performance “terrible.”
·cyberscoop.com·
Guess what else GPT-5 is bad at? Security | CyberScoop
Windows 11 KB5063878 & KB5063875 cumulative updates released
Windows 11 KB5063878 & KB5063875 cumulative updates released
Microsoft has released Windows 11 KB5063878 and KB5063875 cumulative updates for versions 24H2 and 23H2 to fix security vulnerabilities and issues.
·bleepingcomputer.com·
Windows 11 KB5063878 & KB5063875 cumulative updates released
Microsoft August 2025 Patch Tuesday fixes one zero-day, 107 flaws
Microsoft August 2025 Patch Tuesday fixes one zero-day, 107 flaws
Today is Microsoft's August 2025 Patch Tuesday, which includes security updates for 107 flaws, including one publicly disclosed zero-day vulnerability in Windows Kerberos.
·bleepingcomputer.com·
Microsoft August 2025 Patch Tuesday fixes one zero-day, 107 flaws
Windows 10 KB5063709 update fixes extended security updates enrollment
Windows 10 KB5063709 update fixes extended security updates enrollment
Microsoft has released the KB5063709 cumulative update for Windows 10 22H2 and Windows 10 21H2, with seven fixes or changes, including a fix for a bug that prevented enrollment in extended security updates.
·bleepingcomputer.com·
Windows 10 KB5063709 update fixes extended security updates enrollment
Hacker Alleges Russian Government Role in Kaseya Cyber-Attack
Hacker Alleges Russian Government Role in Kaseya Cyber-Attack
In a new investigation launched at DEFCON 33, Analyst1’s Jon DiMaggio revealed probable Russian government involvement in the Kaseya attack
·infosecurity-magazine.com·
Hacker Alleges Russian Government Role in Kaseya Cyber-Attack
Android's pKVM hypervisor earns SESIP Level 5 security certification
Android's pKVM hypervisor earns SESIP Level 5 security certification
Google announced that its protected Kernel-based Virtual Machine (pKVM) for Android has achieved SESIP Level 5 certification, the highest security assurance level for IoT and mobile platforms.
·bleepingcomputer.com·
Android's pKVM hypervisor earns SESIP Level 5 security certification
US govt seizes $1 million in crypto from BlackSuit ransomware gang
US govt seizes $1 million in crypto from BlackSuit ransomware gang
The U.S. Department of Justice (DoJ) seized cryptocurrency and digital assets worth $1,091,453 at the time of confiscation, on January 9, 2024, from the BlackSuit ransomware gang.
·bleepingcomputer.com·
US govt seizes $1 million in crypto from BlackSuit ransomware gang
Financial impact from severe OT events could top $300B
Financial impact from severe OT events could top $300B
A report from industrial cybersecurity firm Dragos highlights growing risks of business interruption and supply-chain disruptions.
·cybersecuritydive.com·
Financial impact from severe OT events could top $300B
Quand un avion agricole ukrainien devient un chasseur de drones russes
Quand un avion agricole ukrainien devient un chasseur de drones russes
Pour contrer le déploiement massif de drones envoyés par la Russie, les forces armées ukrainiennes rivalisent d’ingéniosité face à cet ennemi à la fois peu coûteux et redoutable. Début août 2025, un avion agricole modifié a été aperçu dans le ciel ukrainien. Sa nouvelle mission : intercepter les drones ennemis à
·numerama.com·
Quand un avion agricole ukrainien devient un chasseur de drones russes
Scam hunter scammed by tax office impersonators
Scam hunter scammed by tax office impersonators
Scam hunter Julie-Anne Kearns, who helps scam victims online, opened up about a tax scam she fell for herself.
·malwarebytes.com·
Scam hunter scammed by tax office impersonators
29,000 Servers Remain Unpatched Against Microsoft Exchange Flaw
29,000 Servers Remain Unpatched Against Microsoft Exchange Flaw
Over 29,000 Microsoft Exchange servers remain unpatched against a vulnerability that could allow attackers to seize control of entire domains in hybrid cloud environments
·infosecurity-magazine.com·
29,000 Servers Remain Unpatched Against Microsoft Exchange Flaw
Over 3,000 NetScaler devices left unpatched against CitrixBleed 2 bug
Over 3,000 NetScaler devices left unpatched against CitrixBleed 2 bug
Over 3,300 Citrix NetScaler devices remain unpatched against a critical vulnerability that allows attackers to bypass authentication by hijacking user sessions, nearly two months after patches were released.
·bleepingcomputer.com·
Over 3,000 NetScaler devices left unpatched against CitrixBleed 2 bug
Curly COMrades cyberspies hit govt orgs with custom malware
Curly COMrades cyberspies hit govt orgs with custom malware
A new cyber-espionage threat group has been using a new backdoor malware that provides persistent access through a seemingly inactive scheduled task.
·bleepingcomputer.com·
Curly COMrades cyberspies hit govt orgs with custom malware
« C'est une attaque vraiment massive », pourquoi le Muséum national d'histoire naturelle de Paris est-il la cible de cybercriminels ? - Numerama
« C'est une attaque vraiment massive », pourquoi le Muséum national d'histoire naturelle de Paris est-il la cible de cybercriminels ? - Numerama
Depuis la fin juillet 2025, le Muséum national d’Histoire naturelle (MNHN) de Paris, l’une des institutions majeures en recherche et patrimoine naturel dans le monde, est la cible d’une cyberattaque d’une ampleur inédite. L'organisation ne parvient plus à accéder à de nombreuses bases de données destinées à la
·numerama.com·
« C'est une attaque vraiment massive », pourquoi le Muséum national d'histoire naturelle de Paris est-il la cible de cybercriminels ? - Numerama
275M patient records breached—How to meet HIPAA password manager requirements
275M patient records breached—How to meet HIPAA password manager requirements
Healthcare led all industries in 2024 breaches—over 275M patient records exposed, mostly via weak or stolen passwords. See how the self-hosted password manager by Passwork helps providers meet HIPAA requirements, protect ePHI, and keep care running. Try it free for 1 month.
·bleepingcomputer.com·
275M patient records breached—How to meet HIPAA password manager requirements
Home Office Phishing Scam Targets UK Immigration Sponsors
Home Office Phishing Scam Targets UK Immigration Sponsors
The sophisticated campaign aims to steal credentials of sponsor license holders to facilitate immigration fraud, extortion and other monetization schemes
·infosecurity-magazine.com·
Home Office Phishing Scam Targets UK Immigration Sponsors