Latest CyberSec News by @thecyberpicker

Latest CyberSec News by @thecyberpicker

31078 bookmarks
Custom sorting
NY Business Council discloses data breach affecting 47,000 people
NY Business Council discloses data breach affecting 47,000 people
The Business Council of New York State (BCNYS) has revealed that attackers who breached its network in February stole the personal, financial, and health information of over 47,000 individuals.
·bleepingcomputer.com·
NY Business Council discloses data breach affecting 47,000 people
Microsoft: August security updates break Windows recovery, reset
Microsoft: August security updates break Windows recovery, reset
Microsoft has confirmed that the August 2025 Windows security updates are breaking reset and recovery operations on systems running Windows 10 and older versions of Windows 11.
·bleepingcomputer.com·
Microsoft: August security updates break Windows recovery, reset
UK abandons Apple backdoor demand after US diplomatic pressure | CyberScoop
UK abandons Apple backdoor demand after US diplomatic pressure | CyberScoop
The United Kingdom has withdrawn its demand that Apple create a backdoor to its encrypted cloud systems following months of diplomatic pressure from the United States, according to a statement from Director of National Intelligence Tulsi Gabbard.
·cyberscoop.com·
UK abandons Apple backdoor demand after US diplomatic pressure | CyberScoop
An Actionable Approach to Supplier Alternatives: interos.ai Unveils Similar Suppliers to Turn Risk into Strategic Advantage - interos.ai
An Actionable Approach to Supplier Alternatives: interos.ai Unveils Similar Suppliers to Turn Risk into Strategic Advantage - interos.ai
See how itariffs and Similar Suppliers can help you stay ahead of tariff changes and provide actionable insights and next steps to mitigate risk.  With unprecedented supply chain volatility, identifying and engaging with alternative suppliers is no longer just tactical, it’s a necessity to keep your organization running at maximum efficiency.   However, finding alternative....
·interos.ai·
An Actionable Approach to Supplier Alternatives: interos.ai Unveils Similar Suppliers to Turn Risk into Strategic Advantage - interos.ai
Proactive Defense Starts with the Platform | CSA
Proactive Defense Starts with the Platform | CSA
The most effective security isn’t a gate—it’s a foundation. By weaving security into the DNA of platforms, we empower teams to build fast and safely.
·cloudsecurityalliance.org·
Proactive Defense Starts with the Platform | CSA
JJ Cummings: The art of controlling information
JJ Cummings: The art of controlling information
Get an inside look at how JJ Cummings helped build and lead one of Cisco Talos’ most impactful security teams, and discover what drives him to stay at the forefront of threat intelligence.
·blog.talosintelligence.com·
JJ Cummings: The art of controlling information
GodRAT - New RAT targeting financial institutions
GodRAT - New RAT targeting financial institutions
Kaspersky experts analyze GodRAT, a new Gh0st RAT-based tool attacking financial firms. It is likely a successor of the AwesomePuppet RAT connected to the Winnti group.
·securelist.com·
GodRAT - New RAT targeting financial institutions
Zero-Day Exploit in WinRAR File - Schneier on Security
Zero-Day Exploit in WinRAR File - Schneier on Security
A zero-day vulnerability in WinRAR is being exploited by at least two Russian criminal groups: The vulnerability seemed to have super Windows powers. It abused alternate data streams, a Windows feature that allows different ways of representing the same file path. The exploit abused that feature to trigger a previously unknown path traversal flaw that caused WinRAR to plant malicious executables in attacker-chosen file paths %TEMP% and %LOCALAPPDATA%, which Windows normally makes off-limits because of their ability to execute code. More details in the article...
·schneier.com·
Zero-Day Exploit in WinRAR File - Schneier on Security
EMERGING TRENDS Q&A: Pentesting goes continuous as Plainsea joins wave reshaping security
EMERGING TRENDS Q&A: Pentesting goes continuous as Plainsea joins wave reshaping security
Penetration testing has long served as a cornerstone of cybersecurity—a red-team exercise, often once or twice a year, designed to surface exploitable weaknesses. But in today’s dynamic threat landscape, that model is showing its age. Related: Pentesting in the AI era Cloud-native architectures evolve hourly. APIs sprawl. Misconfigurations are exploited within days—sometimes hours—of deployment. Manual
·lastwatchdog.com·
EMERGING TRENDS Q&A: Pentesting goes continuous as Plainsea joins wave reshaping security
Solana, paquets malveillants, infostealers… Des développeurs crypto russes ont-ils été piégés par des Américains ?
Solana, paquets malveillants, infostealers… Des développeurs crypto russes ont-ils été piégés par des Américains ?
Dans une étude publiée le 16 août 2025, Paul McCarty, chercheur pour la société américaine Safety, dévoile les résultats de son enquête sur des paquets de développement malveillants ciblant les développeurs de l’écosystème Solana. Fait notable, la plupart des victimes identifiées sont russes, tandis que les serveurs
·numerama.com·
Solana, paquets malveillants, infostealers… Des développeurs crypto russes ont-ils été piégés par des Américains ?
Workday s’est fait piéger par la méthode redoutable des hackers, les cyberattaques par CRM
Workday s’est fait piéger par la méthode redoutable des hackers, les cyberattaques par CRM
Dans un communiqué publié le 15 août 2025, le géant des logiciels RH Workday annonce avoir été victime d'une cyberattaque ayant compromis certaines données professionnelles de ses clients. L'offensive s’inscrit dans un mode opératoire particulièrement efficace, qui vise les CRM des entreprises et qui continue
·numerama.com·
Workday s’est fait piéger par la méthode redoutable des hackers, les cyberattaques par CRM
Nebraska man gets 1 year in prison for $3.5M cryptojacking scheme
Nebraska man gets 1 year in prison for $3.5M cryptojacking scheme
A Nebraska man was sentenced to one year in prison for defrauding cloud computing providers of over $3.5 million to mine cryptocurrency worth nearly $1 million.
·bleepingcomputer.com·
Nebraska man gets 1 year in prison for $3.5M cryptojacking scheme
Massive Allianz Life data breach impacts 1.1 million people
Massive Allianz Life data breach impacts 1.1 million people
Hackers have stolen the personal information of 1.1 million individuals in a Salesforce data theft attack, which impacted U.S. insurance giant Allianz Life in July.
·bleepingcomputer.com·
Massive Allianz Life data breach impacts 1.1 million people