Latest CyberSec News by @thecyberpicker

Latest CyberSec News by @thecyberpicker

30551 bookmarks
Custom sorting
Proton fixes Authenticator bug leaking TOTP secrets in logs
Proton fixes Authenticator bug leaking TOTP secrets in logs
Proton fixed a bug in its new Authenticator app for iOS that logged users' sensitive TOTP secrets in plaintext, potentially exposing multi-factor authentication codes if the logs were shared.
·bleepingcomputer.com·
Proton fixes Authenticator bug leaking TOTP secrets in logs
Details emerge on BlackSuit ransomware takedown | CyberScoop
Details emerge on BlackSuit ransomware takedown | CyberScoop
The Russian cybercrime group attacked more than 180 organizations before members abandoned the brand and dispersed to new ransomware groups earlier this year.
·cyberscoop.com·
Details emerge on BlackSuit ransomware takedown | CyberScoop
French Telecom Orange Disclosed Suffering A Cyberattack
French Telecom Orange Disclosed Suffering A Cyberattack
Orange telecom confirmed isolating the information systems impacted by the cyberattack, warning users of possible service disruptions.
·latesthackingnews.com·
French Telecom Orange Disclosed Suffering A Cyberattack
« Brushing Scam » et faux QR code sur les colis, la nouvelle arnaque qui alerte le FBI
« Brushing Scam » et faux QR code sur les colis, la nouvelle arnaque qui alerte le FBI
Dans un communiqué publié le 31 juillet, le FBI met en garde contre un nouveau type d'arnaque particulièrement vicieux. Le mode opératoire repose sur deux arnaques déjà en vogue : le « brushing scam » et le « quishing ». Après le livreur qui estimait que votre boîte aux lettres était trop petite, les cybercriminels
·numerama.com·
« Brushing Scam » et faux QR code sur les colis, la nouvelle arnaque qui alerte le FBI
CTM360 spots Malicious ‘ClickTok’ Campaign Targeting TikTok Shop users
CTM360 spots Malicious ‘ClickTok’ Campaign Targeting TikTok Shop users
The ClickTok campaign lures victims with fake TikTok shops and drains their crypto wallets. CTM360 exposes how SparkKitty spyware spreads via trojanized apps, phishing pages, and AI-powered scams.
·bleepingcomputer.com·
CTM360 spots Malicious ‘ClickTok’ Campaign Targeting TikTok Shop users
News alert: OpenSSL conference to convene experts on cryptograohy, compliance and open-source
News alert: OpenSSL conference to convene experts on cryptograohy, compliance and open-source
Newark, NJ, Aug. 4, 2025, CyberNewswire—Early Bird registration is now available for the inaugural OpenSSL Conference, scheduled for October 7–9, 2025, in Prague. The event will bring together leading voices in cryptography, secure systems, and open-source infrastructure. Early registrants can save up to $240 per ticket. Registration Information Registration packages are designed to reflect the
·lastwatchdog.com·
News alert: OpenSSL conference to convene experts on cryptograohy, compliance and open-source
New Plague Linux malware stealthily maintains SSH access
New Plague Linux malware stealthily maintains SSH access
A newly discovered Linux malware, which has evaded detection for over a year, allows attackers to gain persistent SSH access and bypass authentication on compromised systems.
·bleepingcomputer.com·
New Plague Linux malware stealthily maintains SSH access
Post SMTP Plugin Flaw Risked 400K+ WordPress Sites
Post SMTP Plugin Flaw Risked 400K+ WordPress Sites
The Post SMTP plugin flaw could allow account takeover from an authorized low-privilege user account, such as a Subscriber user.
·latesthackingnews.com·
Post SMTP Plugin Flaw Risked 400K+ WordPress Sites
Inadequate Database Security: A Darkbeam Case Study | CSA
Inadequate Database Security: A Darkbeam Case Study | CSA
2023: Darkbeam failed to follow database security best practices, publicly exposing their Elasticsearch & Kibana interface. No data exfiltration was reported.
·cloudsecurityalliance.org·
Inadequate Database Security: A Darkbeam Case Study | CSA
Ransomware gangs join attacks targeting Microsoft SharePoint servers
Ransomware gangs join attacks targeting Microsoft SharePoint servers
Ransomware gangs have recently joined ongoing attacks targeting a Microsoft SharePoint vulnerability chain, part of a broader exploitation campaign that has already led to the breach of at least 148 organizations worldwide.
·bleepingcomputer.com·
Ransomware gangs join attacks targeting Microsoft SharePoint servers