Latest CyberSec News by @thecyberpicker

Latest CyberSec News by @thecyberpicker

30551 bookmarks
Custom sorting
'123456' password exposed chats for 64 million McDonald’s job applicants
'123456' password exposed chats for 64 million McDonald’s job applicants
Cybersecurity researchers discovered a vulnerability in McHire, McDonald's chatbot job application platform, that exposed the chats of more than 64 million job applicants across the United States.
·bleepingcomputer.com·
'123456' password exposed chats for 64 million McDonald’s job applicants
Squid Dominated the Oceans in the Late Cretaceous - Schneier on Security
Squid Dominated the Oceans in the Late Cretaceous - Schneier on Security
New research: One reason the early years of squids has been such a mystery is because squids’ lack of hard shells made their fossils hard to come by. Undeterred, the team instead focused on finding ancient squid beaks—hard mouthparts with high fossilization potential that could help the team figure out how squids evolved. With that in mind, the team developed an advanced fossil discovery technique that completely digitized rocks with all their embedded fossils in complete 3D form. Upon using that technique on Late Cretaceous rocks from Japan, the team identified 1,000 fossilized cephalopod beaks hidden inside the rocks, which included 263 squid specimens and 40 previously unknown squid species...
·schneier.com·
Squid Dominated the Oceans in the Late Cretaceous - Schneier on Security
'123456' password exposed info for 64 million McDonald’s job applicants
'123456' password exposed info for 64 million McDonald’s job applicants
Cybersecurity researchers discovered a vulnerability in McHire, McDonald's chatbot job application platform, that exposed the personal information of more than 64 million job applicants across the United States.
·bleepingcomputer.com·
'123456' password exposed info for 64 million McDonald’s job applicants
WordPress Gravity Forms developer hacked to push backdoored plugins
WordPress Gravity Forms developer hacked to push backdoored plugins
The popular WordPress plugin Gravity Forms has been compromised in what seems a supply-chain attack where manual installers from the official website were infected with a backdoor.
·bleepingcomputer.com·
WordPress Gravity Forms developer hacked to push backdoored plugins
Airline executive agrees to dismiss litigation around alleged hack-for-hire scheme
Airline executive agrees to dismiss litigation around alleged hack-for-hire scheme
The cases, which stretched across multiple continents and shed light on the shady world of corporate espionage and mercenary hackers, stemmed from a scheme allegedly orchestrated by an attorney at the law firm Dechert to hack into Azima’s accounts for one of its clients.
·therecord.media·
Airline executive agrees to dismiss litigation around alleged hack-for-hire scheme
Exploits for pre-auth Fortinet FortiWeb RCE flaw released, patch now
Exploits for pre-auth Fortinet FortiWeb RCE flaw released, patch now
Proof-of-concept exploits have been released for a critical SQLi vulnerability in Fortinet FortiWeb that can be used to achieve pre-authenticated remote code execution on vulnerable servers.
·bleepingcomputer.com·
Exploits for pre-auth Fortinet FortiWeb RCE flaw released, patch now
Scanner les acheteurs de cigarettes par caméra augmentée ? La CNIL dit non
Scanner les acheteurs de cigarettes par caméra augmentée ? La CNIL dit non
AprĂšs avoir Ă©tudiĂ© le sujet pendant prĂšs de quatre mois, la CNIL a rendu son verdict : le recours Ă  des camĂ©ras augmentĂ©es pour contrĂŽler l’ñge des clients chez les buralistes n’est pas la solution adĂ©quate pour lutter contre la consommation de tabac ou de jeux d’argent chez les mineurs en France. Ni nĂ©cessaire, ni
·numerama.com·
Scanner les acheteurs de cigarettes par caméra augmentée ? La CNIL dit non
Businesses are overconfident as mobile phishing scams surge
Businesses are overconfident as mobile phishing scams surge
Nearly six in 10 companies experienced incidents because of voice or text phishing attacks that led to executive impersonation, according to a new report from Lookout.
·cybersecuritydive.com·
Businesses are overconfident as mobile phishing scams surge
NVIDIA issues guidance to defend GDDR6 GPUs against Rowhammer attacks
NVIDIA issues guidance to defend GDDR6 GPUs against Rowhammer attacks
NVIDIA is warning users to activate the System Level Error-Correcting Code  mitigation to protect against Rowhammer attacks on graphical processors with GDDR6 memory.
·bleepingcomputer.com·
NVIDIA issues guidance to defend GDDR6 GPUs against Rowhammer attacks
The zero-day that could've compromised every Cursor and Windsurf user
The zero-day that could've compromised every Cursor and Windsurf user
Learn how one overlooked flaw in OpenVSX discovered by Koi Secureity could've let attackers hijack millions of dev machines via an extension supply chain attack. The zero-day threat's been patched—but the wake-up call is clear: extensions are a new, massive supply chain risk.
·bleepingcomputer.com·
The zero-day that could've compromised every Cursor and Windsurf user
CISA tags Citrix Bleed 2 as exploited, gives agencies a day to patch
CISA tags Citrix Bleed 2 as exploited, gives agencies a day to patch
The U.S. Cybersecurity & Infrastructure Security Agency has confirmed active exploitation of the CitrixBleed 2 vulnerability (CVE-2025-5777) in Citrix NetScaler ADC and Gateway and is giving federal agencies one day to apply fixes.
·bleepingcomputer.com·
CISA tags Citrix Bleed 2 as exploited, gives agencies a day to patch
Louis Vuitton victime d’une fuite de donnĂ©es, que risquent les victimes ?
Louis Vuitton victime d’une fuite de donnĂ©es, que risquent les victimes ?
Dans un mail adressé à ses clients, la marque de luxe française annonce avoir été victime d'une fuite de données. Si vous avez reçu ce message, il existe un risque que vos informations soient utilisées à des fins malveillantes. Que faire ? Alors qu'une cyberattaque en Corée du Sud avait été confirmée par la Maison le
·numerama.com·
Louis Vuitton victime d’une fuite de donnĂ©es, que risquent les victimes ?
Joueur de basket, cybercriminel ou les deux ? Un Russe a Ă©tĂ© arrĂȘtĂ© en France
Joueur de basket, cybercriminel ou les deux ? Un Russe a Ă©tĂ© arrĂȘtĂ© en France
Le 21 juin 2025, un joueur de basket-ball russe est arrĂȘtĂ© Ă  l'aĂ©roport Roissy-Charles de Gaulle. AccusĂ© d'avoir servi de nĂ©gociateur pour un groupe de ransomware, il est actuellement dĂ©tenu dans un centre de rĂ©tention et risque l'extradition vers les États-Unis. Daniil Kasatkin, ex-meneur de jeu du MBA Moscow en
·numerama.com·
Joueur de basket, cybercriminel ou les deux ? Un Russe a Ă©tĂ© arrĂȘtĂ© en France
Compliance: Cost Center or Growth Trigger? | CSA
Compliance: Cost Center or Growth Trigger? | CSA
Compliance signals maturity, lowers friction for sales, and builds trust. For startups eyeing global markets, getting your compliance in order is mandatory.
·cloudsecurityalliance.org·
Compliance: Cost Center or Growth Trigger? | CSA
Securing Data in the AI Era
Securing Data in the AI Era
Zscaler’s 2025 Data Risk Report reveals AI tools and SaaS apps led to millions of data losses in 2024. Proactive security is critical.
·thehackernews.com·
Securing Data in the AI Era
British Man Sentenced for Network Rail Wi-Fi Hack
British Man Sentenced for Network Rail Wi-Fi Hack
The man was handed a suspended prison sentence for offenses relating to the hack of Network Rail public Wi-Fi, exposing customers to offensive messaging
·infosecurity-magazine.com·
British Man Sentenced for Network Rail Wi-Fi Hack
Four arrested in UK over M&S, Co-op, Harrods cyberattacks
Four arrested in UK over M&S, Co-op, Harrods cyberattacks
The UK's National Crime Agency (NCA) arrested four people suspected of being involved in cyberattacks on major retailers in the country, including Marks & Spencer, Co-op, and Harrods.
·bleepingcomputer.com·
Four arrested in UK over M&S, Co-op, Harrods cyberattacks