Latest CyberSec News by @thecyberpicker

Latest CyberSec News by @thecyberpicker

30551 bookmarks
Custom sorting
SHARED INTEL Q&A: From alert to fix — Gomboc brings trusted AI to Infrastructure-as-Code
SHARED INTEL Q&A: From alert to fix — Gomboc brings trusted AI to Infrastructure-as-Code
The promise of AI in cybersecurity has been loudly heralded—yet quietly limited. Related: What is IaC? Machine learning has proven effective at spotting anomalies and flagging misconfigurations. But resolving those issues remains largely manual, slow, and labor-intensive. A recent Cloud Security Alliance survey found: •75% of teams spend at least one-fifth of their time manually
·lastwatchdog.com·
SHARED INTEL Q&A: From alert to fix — Gomboc brings trusted AI to Infrastructure-as-Code
Taiwan’s TSMC fires engineers over suspected theft of semiconductor secrets
Taiwan’s TSMC fires engineers over suspected theft of semiconductor secrets
The two engineers, alongside a third suspect, have since been arrested in what is the first trade secrets case brought under Taiwan’s National Security Act, a law that intends to protect the country’s advantage in producing pioneering semiconductors.
·therecord.media·
Taiwan’s TSMC fires engineers over suspected theft of semiconductor secrets
Why Continuous IaC Validation is Non-Negotiable | CSA
Why Continuous IaC Validation is Non-Negotiable | CSA
Infrastructure as Code (IaC) promises consistency and control. But no matter how pristine your IaC is, your actual cloud environment will start to drift.
·cloudsecurityalliance.org·
Why Continuous IaC Validation is Non-Negotiable | CSA
ReVault! When your SoC turns against you…
ReVault! When your SoC turns against you…
Talos reported 5 vulnerabilities to Broadcom and Dell affecting both the ControlVault3 Firmware and its associated Windows APIs that we are calling “ReVault”.
·blog.talosintelligence.com·
ReVault! When your SoC turns against you…
Rubrik & Sophos Enhance Cyber Resilience for Microsoft 365
Rubrik & Sophos Enhance Cyber Resilience for Microsoft 365
Cybersecurity attacks are rising sharply in 2025, and Microsoft has been one among many prominent targets. Research shows that 70 percent of M365 tenants have experienced account takeovers1 and 81 …
·news.sophos.com·
Rubrik & Sophos Enhance Cyber Resilience for Microsoft 365
Cisco discloses data breach impacting Cisco.com user accounts
Cisco discloses data breach impacting Cisco.com user accounts
Cisco has disclosed that cybercriminals stole the basic profile information of users registered on Cisco.com following a voice phishing (vishing) attack targeting a company representative.
·bleepingcomputer.com·
Cisco discloses data breach impacting Cisco.com user accounts
From Bing Search to Ransomware: Bumblebee and AdaptixC2 Deliver Akira
From Bing Search to Ransomware: Bumblebee and AdaptixC2 Deliver Akira
Overview Bumblebee malware has been an initial access tool used by threat actors since late 2021. In 2023 the malware was first reported as using SEO poisoning as a delivery mechanism. Recently in …
·thedfirreport.com·
From Bing Search to Ransomware: Bumblebee and AdaptixC2 Deliver Akira
SonicWall urges admins to disable SSLVPN amid rising attacks
SonicWall urges admins to disable SSLVPN amid rising attacks
SonicWall has warned customers to disable SSLVPN services due to ransomware gangs potentially exploiting an unknown security vulnerability in SonicWall Gen 7 firewalls to breach networks over the past few weeks.
·bleepingcomputer.com·
SonicWall urges admins to disable SSLVPN amid rising attacks
Exposed Without a Breach: The Cost of Data Blindness
Exposed Without a Breach: The Cost of Data Blindness
These are in plain sight without a Breach. No ransomware. No compromise. Just misconfigured systems, overpermissioned users, silent access.
·securityaffairs.com·
Exposed Without a Breach: The Cost of Data Blindness
AI Impact Analysis: Ethical & Societal Considerations | CSA
AI Impact Analysis: Ethical & Societal Considerations | CSA
An AI impact analysis assesses how an AI system affects those involved with it. Explore the key ethical and societal considerations for an AI impact analysis.
·cloudsecurityalliance.org·
AI Impact Analysis: Ethical & Societal Considerations | CSA
Pourquoi payer les chasseurs de bugs quand on peut confier la traque à l’IA ?
Pourquoi payer les chasseurs de bugs quand on peut confier la traque à l’IA ?
L’avenir de la chasse aux bugs pourrait bien appartenir aussi aux intelligences artificielles (IA). Google vient d’affirmer qu’un de ses systèmes avait été plutôt bon pour déceler plusieurs vulnérabilités au cours des derniers mois. Repérer les failles de sécurité est une opération coûteuse, mais qui fait partie du
·numerama.com·
Pourquoi payer les chasseurs de bugs quand on peut confier la traque à l’IA ?
Android gets patches for Qualcomm flaws exploited in attacks
Android gets patches for Qualcomm flaws exploited in attacks
Google has released security patches for six vulnerabilities in Android's August 2025 security update, including two Qualcomm flaws exploited in targeted attacks.
·bleepingcomputer.com·
Android gets patches for Qualcomm flaws exploited in attacks
Pro-Iran Hackers Aligned Cyber with Kinetic War Aims
Pro-Iran Hackers Aligned Cyber with Kinetic War Aims
SecurityScorecard analysis highlights wide variety of Iranian threat actors and coordination with military activity
·infosecurity-magazine.com·
Pro-Iran Hackers Aligned Cyber with Kinetic War Aims
« Nous savons précisément ce qu'il a fait », un Ukrainien suspecté d'appartenir au gang cyber LockBit arrêté par les autorités françaises - Numerama
« Nous savons précisément ce qu'il a fait », un Ukrainien suspecté d'appartenir au gang cyber LockBit arrêté par les autorités françaises - Numerama
Un membre présumé du groupe cybercriminel LockBit a été arrêté par les autorités françaises en juillet. Suspecté d'avoir participé à de nombreuses cyberattaques, dont certaines sur des infrastructures sensibles en France, le suspect a été arrêté en Ukraine après une enquête menée par l'unité nationale cyber (UNC). Il
·numerama.com·
« Nous savons précisément ce qu'il a fait », un Ukrainien suspecté d'appartenir au gang cyber LockBit arrêté par les autorités françaises - Numerama
Microsoft increases Zero Day Quest prize pool to $5 million
Microsoft increases Zero Day Quest prize pool to $5 million
Microsoft will offer up to $5 million in bounty awards at this year's Zero Day Quest hacking contest, which the company describes as the "largest hacking event in history."
·bleepingcomputer.com·
Microsoft increases Zero Day Quest prize pool to $5 million
AI Fuels Record Number of Fraud Cases
AI Fuels Record Number of Fraud Cases
Cifas noted a record number of filings in its National Fraud Database for the first half of 2025
·infosecurity-magazine.com·
AI Fuels Record Number of Fraud Cases
Announcing RiskRubric.ai: A Scorecard for Every AI | CSA
Announcing RiskRubric.ai: A Scorecard for Every AI | CSA
Can you trust an AI model with you and your customers’ data? This question creates daily operational hurdles. RiskRubric.ai is the answer.
·cloudsecurityalliance.org·
Announcing RiskRubric.ai: A Scorecard for Every AI | CSA
Crypto ATMs fueling criminal activity, Treasury warns
Crypto ATMs fueling criminal activity, Treasury warns
The Treasury Department warned that the massive increase in the number of crypto ATMs — convertible virtual currency kiosks — has been accompanied by a spike in the number of operators who fail to comply with anti-money laundering rules.
·therecord.media·
Crypto ATMs fueling criminal activity, Treasury warns