Latest CyberSec News by @thecyberpicker

Compliance frameworks often fall short of addressing the nuanced nature of cyber risks. Risk-based security measures enhance your overall security posture.

Employees adopt AI rapidly; lack of safeguards demands 5 golden rules for CISOs to secure usage.

Nice indirect prompt injection attack: Bargury’s attack starts with a poisoned document, which is shared to a potential victim’s Google Drive. (Bargury says a victim could have also uploaded a compromised file to their own account.) It looks like an official document on company meeting policies. But inside the document, Bargury hid a 300-word malicious prompt that contains instructions for ChatGPT. The prompt is written in white text in a size-one font, something that a human is unlikely to see but a machine will still read. In a proof of concept video of the attack...

L’histoire du DOGE n’est peut-être pas close, du moins pas ses répercussions. Le 26 août 2025, un employé de l'Administration de la Sécurité Sociale américaine (SSA) s’est mué en lanceur d’alerte. Il affirme que des fonctionnaires du département fondé par Elon Musk auraient dupliqué l’ensemble des données de Sécurité

Citrix customers are urged to patch their vulnerable NetScaler appliances, but “patching alone won’t cut it,” experts said

This report provides statistical data on published vulnerabilities and exploits we researched in Q2 2025. It also includes summary data on the use of C2 frameworks.

EU security agency ENISA is being handed €36m to operate the EU Cybersecurity Reserve

Five Blind Eagle clusters found May 2024–July 2025; 60% target government, heightening Colombia’s cyber risk.

Drift OAuth theft hit Salesforce Aug 8–18, 2025 + tokens revoked Aug 20 + possible AWS keys, passwords, Snowflake exposure.

In a brand-new collaboration between ethical hacking and AppSec expert John Hammond and world-renowned security researcher James Kettle, the pair explore how tens of millions of websites are compromis

Abnormal AI said the campaign, which lures victims into downloading legitimate RMM software, marks a major evolution in phishing tactics

Google is warning of a new credential theft campaign targeting Salesforce customers via Salesloft Drift

The China-linked APT group Silk Typhoon targeted diplomats by hijacking web traffic to redirect it to websites that delivered malware.

The vendor, which has been widely targeted, said the memory-overflow vulnerability can result in remote-code execution or denial of service.

This approach represents an evolution from threat actors abusing remote monitoring and management tools

Google is introducing a new defense for Android called 'Developer Verification' to block malware installations from sideloaded apps sourced from outside the official Google Play app store.

Farmers Insurance suffered a breach tied to Salesforce attacks, exposing data of 1.1M customers across its nationwide insurance network.

State-sponsored hackers linked to the Mustang Panda activity cluster targeted diplomats by hijacking web traffic to redirect to a malware serving website.

Citrix fixed three NetScaler ADC and NetScaler Gateway flaws today, including a critical remote code execution flaw tracked as CVE-2025-7775 that was actively exploited in attacks as a zero-day vulnerability.

Department of Government Efficiency members stored a copy of a massive Social Security Administration database in a “vulnerable” custom cloud environment, putting more than 300 million people’s personal information at risk, the agency’s chief data officer said in a new whistleblower complaint.

The malware, called PromptLock, essentially functions as a hard-coded prompt injection attack on a large language model, inspecting local filesystems, exfiltrating files and encrypting data.

A threat group Google tracks as UNC6395 systematically stole large amounts of data from Salesforce customer instances by using OAuth tokens stolen from Salesloft Drift, researchers said.

Citrix addressed three vulnerabilities in NetScaler ADC and NetScaler Gateway, including one that has been actively exploited in the wild.

Google researchers say the hackers abused a third-party tool in an attack spree designed to harvest credentials.

The U.S. State Department said it worked with the Ministries of Foreign Affairs in Japan and South Korea to organize the forum, which had more than 130 attendees from freelance work platforms, payment service providers, cryptocurrency companies, AI firms and more.

Hackers breached sales automation platform Salesloft to steal OAuth and refresh tokens from its Drift chat agent integration with Salesforce to pivot to customer environments and exfiltrate data. The ShinyHunters extortion group claims responsibility for these additional Salesforce attacks.

Learn how to govern and protect autonomous agents with Microsoft Security tools built for enterprise environments.

A court injunction in the long fight between Fortnite publisher Epic Games and Google could have “catastrophic results for the nation’s security” and “risks creating massive cybersecurity vulnerabilities in the online ecosystem,” a group of former top government officials said in a filing Monday.

Sni5Gect attack downgrades 5G to 4G via unencrypted messages, with 90% injection success rate.

Citrix patches CVE-2025-7775 exploited in NetScaler ADC; fixes three flaws with no workarounds.