Latest CyberSec News by @thecyberpicker

Latest CyberSec News by @thecyberpicker

31333 bookmarks
Custom sorting
ClickFix Attacks Surge 517% in 2025
ClickFix Attacks Surge 517% in 2025
The ClickFix social engineering technique has become the second most common attack vector, behind only phishing, according to ESET research
·infosecurity-magazine.com·
ClickFix Attacks Surge 517% in 2025
A Copilot Studio Story: Discovery Phase in AI Agents | CSA
A Copilot Studio Story: Discovery Phase in AI Agents | CSA
Copilot Studio is Microsoft’s no-code platform for AI Agents. But AI agents aren’t safe by design. Explore how an agent built using Copilot Studio can go wrong.
·cloudsecurityalliance.org·
A Copilot Studio Story: Discovery Phase in AI Agents | CSA
Comment un groupe de hackers iranien s’introduit en temps réel dans des comptes sécurisés israéliens ?
Comment un groupe de hackers iranien s’introduit en temps réel dans des comptes sécurisés israéliens ?
Dans l’ombre du conflit armé entre l'Iran et Israël, la cyberguerre ne connaît pas de cessez-le-feu. Selon Check Point Research, un groupe de hackers iraniens, connu sous le nom d’« Educated Manticore » (alias Charming Kitten ou APT42), mène une campagne d’espionnage d’une rare sophistication contre des experts
·numerama.com·
Comment un groupe de hackers iranien s’introduit en temps réel dans des comptes sécurisés israéliens ?
Decrement by one to rule them all: AsIO3.sys driver exploitation
Decrement by one to rule them all: AsIO3.sys driver exploitation
Cisco Talos uncovered and analyzed two critical vulnerabilities in ASUS' AsIO3.sys driver, highlighting serious security risks and the importance of robust driver design.
·blog.talosintelligence.com·
Decrement by one to rule them all: AsIO3.sys driver exploitation
CISA: AMI MegaRAC bug enabling server hijacks exploited in attacks
CISA: AMI MegaRAC bug enabling server hijacks exploited in attacks
CISA says a maximum severity vulnerability in AMI's MegaRAC Baseboard Management Controller (BMC) software, which enables attackers to hijack and brick servers, is currently under active exploitation.
·bleepingcomputer.com·
CISA: AMI MegaRAC bug enabling server hijacks exploited in attacks
freeSSHd 1.0.9 - Denial of Service (DoS)
freeSSHd 1.0.9 - Denial of Service (DoS)
freeSSHd 1.0.9 - Denial of Service (DoS). CVE-2024-0723 . remote exploit for Windows platform
·exploit-db.com·
freeSSHd 1.0.9 - Denial of Service (DoS)
British hacker 'IntelBroker' charged with $25M in cybercrime damages
British hacker 'IntelBroker' charged with $25M in cybercrime damages
A British national known online as "IntelBroker" has been charged by the U.S. for stealing and selling sensitive data from dozens of victims, causing an estimated $25 million in damages.
·bleepingcomputer.com·
British hacker 'IntelBroker' charged with $25M in cybercrime damages
Hackers turn ScreenConnect into malware using Authenticode stuffing
Hackers turn ScreenConnect into malware using Authenticode stuffing
Threat actors are abusing the ConnectWise ScreenConnect installer to build signed remote access malware by modifying hidden settings within the client's  Authenticode signature.
·bleepingcomputer.com·
Hackers turn ScreenConnect into malware using Authenticode stuffing
Many data brokers aren’t registering across state lines, privacy groups say | CyberScoop
Many data brokers aren’t registering across state lines, privacy groups say | CyberScoop
Hundreds of companies registered as data brokers in one U.S. state are not recognized as such in other states with similar disclosure laws, according to a new analysis by the Privacy Rights Clearinghouse and the Electronic Frontier Foundation.
·cyberscoop.com·
Many data brokers aren’t registering across state lines, privacy groups say | CyberScoop
Hackers abuse Microsoft ClickOnce and AWS services for stealthy attacks
Hackers abuse Microsoft ClickOnce and AWS services for stealthy attacks
A sophisticated malicious campaign that researchers call OneClik has been leveraging Microsoft's ClickOnce software deployment tool and custom Golang backdoors to compromise organizations within the energy, oil, and gas sectors.
·bleepingcomputer.com·
Hackers abuse Microsoft ClickOnce and AWS services for stealthy attacks