https://www.bleepingcomputer.com/news/security/inside-a-real-clickfix-attack-how-this-social-engineering-hack-unfolds/

Latest CyberSec News by @thecyberpicker
Quishing is Here, and Itâs Hiding in Plain Sight | CSA
QR codes promise convenience, but most people donât realize the sheer ease with which those codes can be weaponized. Learn more about the new âquishingâ threat.
Senate legislation would direct federal agencies to fortify against quantum computing cyber threats | CyberScoop
A bipartisan pair of senators are introducing legislation Thursday that would direct a White House office to develop a strategy for reckoning with the cybersecurity ramifications of quantum computers, and require agencies to begin pilot programs on quantum-safe encryption.
Prison visitor details shared with all inmates at correctional facility
A Florida correctional institution leaked the names, email addresses, and telephone numbers of visitors to the facility to every inmate.
N. Korean Hackers Used Job Lures, Cloud Account Access, and Malware to Steal Millions in Crypto
UNC4899 used job lures and cloud exploits to breach two firms, steal crypto, and embed malware in open source.
That seemingly innocent text is probably a scam
Scammers are using texts that appear to have been sent to a wrong number to get targets to engage in a conversation.
AI-Driven Trends in Endpoint Security: What the 2025 GartnerÂź Magic Quadrantâą Reveals
SentinelOne boosts enterprise cyber defense with AI-powered endpoint security, cutting response time and risk across industries.
Top 10 Cybersecurity Companies in 2025: Keeping the Digital World Safe
This week in cybersecurity from the editors at Cybercrime Magazine
Alert Fatigue, Data Overload, and the Fall of Traditional SIEMs
SOCs face alert overload and rising costs as SIEMs struggle with cloud complexity and false positives.
UNC2891 Breaches ATM Network via 4G Raspberry Pi, Tries CAKETAP Rootkit for Fraud
UNC2891 used a 4G Raspberry Pi and Linux rootkits to breach ATM networks, exposing flaws in banking infrastructure.
Cheating on Quantum Computing Benchmarks - Schneier on Security
Peter Gutmann and Stephan Neuhaus have a new paperâI think itâs new, even though it has a March 2025 dateâthat makes the argument that we shouldnât trust any of the quantum factorization benchmarks, because everyone has been cooking the books: Similarly, quantum factorisation is performed using sleight-of-hand numbers that have been selected to make them very easy to factorise using a physics experiment and, by extension, a VIC-20, an abacus, and a dog. A standard technique is to ensure that the factors differ by only a few bits that can then be found using a simple search-based approach that has nothing to do with factorisationâŠ. Note that such a value would never be encountered in the real world since the RSA key generation process typically requires that |p-q| > 100 or more bits [9]. As one analysis puts it, âInstead of waiting for the hardware to improve by yet further orders of magnitude, researchers began inventing better and better tricks for factoring numbers by exploiting their hidden structureâ [10]...
IR Trends Q2 2025: Phishing attacks persist as actors leverage compromised valid accounts to enhance legitimacy
Phishing remained the top initial access method in Q2 2025, while ransomware incidents see the emergence of new Qilin tactics.
Using LLMs as a reverse engineering sidekick
LLMs may serve as powerful assistants to malware analysts to streamline workflows, enhance efficiency, and provide actionable insights during malware analysis.
Cybercriminals âSpookedâ After Scattered Spider Arrests
The arrest of members of the Scattered Spider cyber-attack group have temporarily halted new intrusions, however, similar threat actors continue to pose risks
NIST NCCoE Secure Software Development (DevSecOps) Virtual Event
Overview
FunkSec Ransomware Victims Can Now Recover Files with Free Decryptor
Avast researchers shared a step-by-step guide to decrypt files for victims of FunkSec ransomware
Passwordless Future Years Away Despite Microsoft Authenticator Move
Experts argue that password managers are still useful despite Microsoft Authenticator ditching its capabilities
AprĂšs Aeroflot, c'est au tour des pharmacies russes d'ĂȘtre visĂ©es par des hackers - Numerama
Depuis fin juillet, des centaines de pharmacies russes n'accueillent plus aucun patient. La raison ? Deux des plus grands réseaux d'officines du pays sont victimes d'une cyberattaque majeure. Réservation de médicaments en ligne indisponible, personnel mis au chÎmage forcé : un nouveau pan de l'économie russe est visé
Over 200 Malicious Open Source Packages Traced to Lazarus Campaign
North Koreaâs Lazarus Group has been blamed for a cyber-espionage campaign using open source packages
Hackers Exploit Critical WordPress Theme Flaw to Hijack Sites via Remote Plugin Install
Critical WordPress flaw CVE-2025-5394 lets attackers take over sites using the "Alone" theme. 120K+ attempts blocked.
Researchers released a decryptor for the FunkSec ransomware
Researchers have released a decryptor for the ransomware FunkSec, allowing victims to recover their encrypted files for free.
Dahua Camera flaws allow remote hacking. Update firmware now
Critical flaws in Dahua cameras let hackers take control remotely. The vendor has released patches, users should update firmware asap.
Project Zero disclosure policy change puts vendors on early notice | CyberScoop
Google wants to shorten delays in the vulnerability lifecycle by sharing limited details about newly discovered defects within a week of reporting to the affected vendor.
Palo Alto Networks to buy CyberArk for $25 billion
The agreement could completely reshape the market for identity security, according to analysts.
SHARED INTEL Q&A: Inside the access mess no one sees â and the identity risk no one owns
For decades, identity and access management (IAM) and privileged access management (PAM) sat on the sidelines of cybersecurity strategyâviewed more as IT maintenance than frontline defense. Related: The hidden threat of rogue access But thatâs changing. Fast. Historically, security investments prioritized the visible: firewalls, antivirus software, endpoint monitoring. IAM and PAMâmeant to control who gets
VPN use rises following Online Safety Actâs age verification controls
VPN use is skyrocketing across the UK as the region's Online Safety Act places age verification controls on adult websites.
Senate Democrats call Trump adminâs focus on state voter rolls a pretext for disenfranchisement | CyberScoop
Sen. Alex Padilla and other Democrats say the GOP is pressing inflated concerns about noncitizen voting to justify legal and legislative challenges to eligible voters.
Dollar Tree denies ransomware claims, says stolen data is from defunct discount chain
Discount retail giant Dollar Tree denied its systems were impacted by ransomware after a cybercriminal group claimed to have attacked the company.
5 ans aprĂšs, Dropbox renonce Ă son gestionnaire de mots de passe
Dropbox a pris la dĂ©cision d'arrĂȘter son aventure du gestionnaire de mots de passe, dĂ©marrĂ©e en 2020. L'outil sera progressivement coupĂ© dans les mois Ă venir. Les internautes concernĂ©s doivent migrer sans tarder. C'Ă©tait en 2020. En pleine pĂ©riode de pandĂ©mie de coronavirus, et de forte croissance dans le secteur du
ShinyHunters behind Salesforce data theft attacks at Qantas, Allianz Life, and LVMH
A wave of data breaches impacting companies like Qantas, Allianz Life, LVMH, and Adidas has been linked to the ShinyHunters extortion group, which has been using voice phishing attacks to steal data from Salesforce CRM instances.