Latest CyberSec News by @thecyberpicker

Latest CyberSec News by @thecyberpicker

30533 bookmarks
Custom sorting
How to Spot and Stop E-Skimming | CSA
How to Spot and Stop E-Skimming | CSA
Learn what e‑skimming is, why it’s so dangerous, how PCI DSS v4.x addresses it, and some of the options available to help you.
·cloudsecurityalliance.org·
How to Spot and Stop E-Skimming | CSA
Data Breach Costs Fall for First Time in Five Years
Data Breach Costs Fall for First Time in Five Years
IBM found that the global average cost of a data breach has fallen by 9% compared to 2024, driven by improved detection and containment
·infosecurity-magazine.com·
Data Breach Costs Fall for First Time in Five Years
Measuring the Attack/Defense Balance - Schneier on Security
Measuring the Attack/Defense Balance - Schneier on Security
“Who’s winning on the internet, the attackers or the defenders?” I’m asked this all the time, and I can only ever give a qualitative hand-wavy answer. But Jason Healey and Tarang Jain’s latest Lawfare piece has amassed data. The essay provides the first framework for metrics about how we are all doing collectively—and not just how an individual network is doing. Healey wrote to me in email: The work rests on three key insights: (1) defenders need a framework (based in threat, vulnerability, and consequence) to categorize the flood of potentially relevant security metrics; (2) trends are what matter, not specifics; and (3) to start, we should avoid getting bogged down in collecting data and just use what’s already being reported by amazing teams at Verizon, Cyentia, Mandiant, IBM, FBI, and so many others...
·schneier.com·
Measuring the Attack/Defense Balance - Schneier on Security
Vos chèques vacances ANCV vont bientôt expirer ? Un mail d’arnaque à coup sûr
Vos chèques vacances ANCV vont bientôt expirer ? Un mail d’arnaque à coup sûr
Une campagne d’arnaque aux chèques-vacances ANCV circule dans les boîtes mail des Français, en ce mois de juillet 2025. Prétextant l’expiration imminente des titres, des cybercriminels essaient de piéger leurs victimes en les redirigeant vers un site frauduleux. Ah, l’été… le temps des verres en terrasse, des clubs
·numerama.com·
Vos chèques vacances ANCV vont bientôt expirer ? Un mail d’arnaque à coup sûr
US Tops Hit List as 396 SharePoint Systems Compromised Globally
US Tops Hit List as 396 SharePoint Systems Compromised Globally
A total of 396 compromised Microsoft SharePoint systems have been identified globally, affecting 145 organizations across 41 countries in the wake of the ToolShell zero-day vulnerability
·infosecurity-magazine.com·
US Tops Hit List as 396 SharePoint Systems Compromised Globally
Cobalt Strike Beacon delivered via GitHub and social media
Cobalt Strike Beacon delivered via GitHub and social media
A campaign targeting Russian entities leveraged social media, Microsoft Learn Challenge, Quora, and GitHub as intermediate C2 servers to deliver Cobalt Strike Beacon.
·securelist.com·
Cobalt Strike Beacon delivered via GitHub and social media
OWASP Launches Agentic AI Security Guidance
OWASP Launches Agentic AI Security Guidance
The comprehensive guidance focuses on technical recommendations for securing agentic AI applications, from development to deployment
·infosecurity-magazine.com·
OWASP Launches Agentic AI Security Guidance
Minnesota governor activates National Guard after cyberattack on state capital
Minnesota governor activates National Guard after cyberattack on state capital
Mayor Melvin Carter said during a press conference on Tuesday that the city is most concerned about the data it holds on government employees, arguing that the city does not carry much information on city residents.
·therecord.media·
Minnesota governor activates National Guard after cyberattack on state capital
Minnesota activates National Guard after St. Paul cyberattack
Minnesota activates National Guard after St. Paul cyberattack
Minnesota Governor Tim Walz has activated the National Guard in response to a crippling cyberattack that struck the City of Saint Paul, the state's capital, on Friday.
·bleepingcomputer.com·
Minnesota activates National Guard after St. Paul cyberattack
News Alert: SquareX exposes DevTools blind spot allowing widespread browser extension attacks
News Alert: SquareX exposes DevTools blind spot allowing widespread browser extension attacks
Palo Alto, Calif., July 29, 2025, CyberNewswire — Despite the expanding use of browser extensions, the majority of enterprises and individuals still rely on labels such as “Verified” and “Chrome Featured” provided by extension stores as a security indicator. The recent Geco Colorpick case exemplifies how these certifications provide nothing more than a false sense
·lastwatchdog.com·
News Alert: SquareX exposes DevTools blind spot allowing widespread browser extension attacks