Latest CyberSec News by @thecyberpicker

Latest CyberSec News by @thecyberpicker

31279 bookmarks
Custom sorting
Why email security needs its EDR moment to move beyond prevention
Why email security needs its EDR moment to move beyond prevention
Email security is stuck where antivirus was a decade ago—focused only on prevention. Learn from Material Security why it's time for an "EDR for email" mindset: visibility, post-compromise controls, and SaaS-wide protection.
·bleepingcomputer.com·
Why email security needs its EDR moment to move beyond prevention
Microsoft investigates outage impacting Copilot, Office.com
Microsoft investigates outage impacting Copilot, Office.com
Microsoft is investigating an ongoing issue preventing users across North America from accessing Office.com and the company's Copilot AI-powered assistant.
·bleepingcomputer.com·
Microsoft investigates outage impacting Copilot, Office.com
SecurityX vs CISSP: Which One’s Better for Pros?
SecurityX vs CISSP: Which One’s Better for Pros?
Read this expert SecurityX vs CISSP comparison guide to learn all you need to know about these top certifications and decide which suits you the best.
·stationx.net·
SecurityX vs CISSP: Which One’s Better for Pros?
« Ça a commencé par des nuggets gratuits », comment une hackeuse a mis McDonald’s face à ses failles de sécurité
« Ça a commencé par des nuggets gratuits », comment une hackeuse a mis McDonald’s face à ses failles de sécurité
Une hackeuse professionnelle, connue sous le pseudonyme « Bobdahacker », raconte comment sa chasse aux vulnérabilités chez McDonald's, entamée par une simple commande de nuggets gratuits, a révélé d'autres failles de sécurité et conduit au licenciement d’une employée qui avait accepté de l’aider. Un rapport de
·numerama.com·
« Ça a commencé par des nuggets gratuits », comment une hackeuse a mis McDonald’s face à ses failles de sécurité
Major Belgian telecom firm says cyberattack compromised data on 850,000 accounts
Major Belgian telecom firm says cyberattack compromised data on 850,000 accounts
The company said no critical data was accessed, but the hacker "gained access to one of our IT systems that contains the following data: name, first name, telephone number, SIM card number, PUK code, tariff plan.”
·therecord.media·
Major Belgian telecom firm says cyberattack compromised data on 850,000 accounts
"Set It and Forget It” Access Control is Not Enough | CSA
"Set It and Forget It” Access Control is Not Enough | CSA
We don’t need to throw out RBAC, but we need to evolve beyond it. Modern identity security requires understanding the full picture of effective permissions.
·cloudsecurityalliance.org·
"Set It and Forget It” Access Control is Not Enough | CSA
Global Port Disruptions are Redefining Supply Chain Strategies - interos.ai
Global Port Disruptions are Redefining Supply Chain Strategies - interos.ai
Recent headlines about the Panama Canal, port concessions in Latin America, and strategic realignments in global shipping have reignited conversations across the logistics and procurement world. For organizations, these developments are immediate signals to assess risk exposure, optimize routing decisions and reevaluate resilience strategies. At interos.ai, our latest analysis shows that these developments are already....
·interos.ai·
Global Port Disruptions are Redefining Supply Chain Strategies - interos.ai
Hackers Weaponize QR Codes in New 'Quishing' Attacks
Hackers Weaponize QR Codes in New 'Quishing' Attacks
Researchers discovered two new phishing techniques where attackers split malicious QR codes or embed them into legitimate ones
·infosecurity-magazine.com·
Hackers Weaponize QR Codes in New 'Quishing' Attacks
Announcing the MCP Security Resource Center | CSA
Announcing the MCP Security Resource Center | CSA
Introducing CSA’s MCP Security Resource Center — the first open industry hub for securing the Model Context Protocol and the broader agentic AI control plane.
·cloudsecurityalliance.org·
Announcing the MCP Security Resource Center | CSA
Subverting AIOps Systems Through Poisoned Input Data - Schneier on Security
Subverting AIOps Systems Through Poisoned Input Data - Schneier on Security
In this input integrity attack against an AI system, researchers were able to fool AIOps tools: AIOps refers to the use of LLM-based agents to gather and analyze application telemetry, including system logs, performance metrics, traces, and alerts, to detect problems and then suggest or carry out corrective actions. The likes of Cisco have deployed AIops in a conversational interface that admins can use to prompt for information about system performance. Some AIOps tools can respond to such queries by automatically implementing fixes, or suggesting scripts that can address issues...
·schneier.com·
Subverting AIOps Systems Through Poisoned Input Data - Schneier on Security
Executives Warned About Celebrity Podcast Scams
Executives Warned About Celebrity Podcast Scams
The Better Business Bureau is urging business owners and influencers not to fall for a new type of podcast scam
·infosecurity-magazine.com·
Executives Warned About Celebrity Podcast Scams
BLACK HAT FIRESIDE CHAT: Straiker extends ‘red teaming’ to the AI layer as AI attacks surge
BLACK HAT FIRESIDE CHAT: Straiker extends ‘red teaming’ to the AI layer as AI attacks surge
The enterprise software model that defined the past two decades — SaaS — is being rapidly eclipsed by a new center of gravity: AI-native systems. These are autonomous agents wired directly into company data, tools, and workflows. Related: LLMs fuel automated attacks According to Straiker CEO Ankur Shah, this shift is happening faster than cloud
·lastwatchdog.com·
BLACK HAT FIRESIDE CHAT: Straiker extends ‘red teaming’ to the AI layer as AI attacks surge
Comment ces cyberespions nord-coréens ont infiltré les ambassades étrangères basées à Séoul
Comment ces cyberespions nord-coréens ont infiltré les ambassades étrangères basées à Séoul
Dans un rapport publié le 18 août 2025, les chercheurs de la société de cybersécurité Trellix décortiquent les dessous d'une campagne de cyberespionnage qui dure depuis des mois. En protagoniste principal, on retrouve Kimsuky, un groupe de hackers nords-coréens lié au pouvoir de Pyongyang. Leurs cibles ? Les
·numerama.com·
Comment ces cyberespions nord-coréens ont infiltré les ambassades étrangères basées à Séoul
Google fixed Chrome flaw found by Big Sleep AI
Google fixed Chrome flaw found by Big Sleep AI
Google Chrome 139 addressed a high-severity V8 vulnerability, tracked as CVE-2025-9132, found by Big Sleep AI
·securityaffairs.com·
Google fixed Chrome flaw found by Big Sleep AI
Microsoft releases emergency updates to fix Windows recovery
Microsoft releases emergency updates to fix Windows recovery
Microsoft has released emergency Windows out-of-band updates to resolve a known issue breaking reset and recovery operations after installing the August 2025 Windows security updates.
·bleepingcomputer.com·
Microsoft releases emergency updates to fix Windows recovery