Latest CyberSec News by @thecyberpicker

U.S. sanctions Russian BPH provider Aeza Group for hosting ransomware attacks, dark web drugs, and cybercrime.

The Treasury said that Aeza Group has provided infrastructure services for notorious infostealer and ransomware operators

Fin juin 2025, la justice américaine a dévoilé l’opération DPRK RevGen, une initiative des principales agences de sécurité du pays (NSA, FBI, contre-espionnage) visant à démanteler un vaste réseau de travailleurs informatiques nord-coréens. Ils auraient infiltré plus de 100 entreprises américaines, dont plusieurs du

Benefits admin specialist Kelly Benefits has revealed a breach impacting over 500,000 individuals across 45 client organizations

Qantas admits that a “significant” volume of customer data may have been stolen from a contact center

Moodle 4.4.0 - Authenticated Remote Code Execution. CVE-2024-43425 . webapps exploit for Multiple platform

gogs 0.13.0 - Remote Code Execution (RCE). CVE-2024-39930 . remote exploit for Multiple platform

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds TeleMessage TM SGNL flaws to its Known Exploited Vulnerabilities catalog.

Microsoft SharePoint 2019 - NTLM Authentication. CVE-2025-47166 . remote exploit for Windows platform

Threat actors use Vercel's v0 AI tool to create fake sign-in pages, escalating phishing campaigns.

Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE). CVE-2025-47812 . remote exploit for Multiple platform

Australian airline Qantas disclosed that it detected a cyberattack on Monday after threat actors gained access to a third-party platform containing customer data.

AT&T has launched a new security feature called "Wireless Lock" that protects customers from SIM swapping attacks by preventing changes to their account information and the porting of phone numbers while the feature is enabled.

Critical RCE vulnerability discovered in Anthropic's MCP Inspector, impacting AI developers and networks.

Cloudflare announced Tuesday it will allow customers to block or charge fees for web crawlers deployed to scrape their websites and data on behalf of AI systems.

Learn how to optimize your SIEM solution with key strategies and practices.

Microsoft has released the source code for the GitHub Copilot Chat extension for VS Code under the MIT license.

AT&T has launched a feature to help prevent SIM swapping and unauthorized account changes, offering added security for both individual and business wireless customers.

Russia-based Aeza Group allegedly provided infrastructure to BianLian ransomware and the Meduza, RedLine and Lumma infostealer operators.

Support for ransomware, darknet drug markets and other cybercrime activity landed the Russian company Aeza Group on the U.S. government's sanctions list, the Treasury Department said.

A Russian hosting provider allegedly involved in a recent cyberattack against independent media organizations in the country is reportedly connected to a state-affiliated research center sanctioned by the U.S.

Kelly & Associates Insurance Group (dba Kelly Benefits) is informing more than half a million people of a data breach that compromised their personal information.

Proofpoint tracks overlapping tactics of TA829 and UNK_GreenSec, deploying TransferLoader and RomCom RAT globally.

In November 2023, Microsoft announced our strategy to unify security operations by bringing the best of XDR and SIEM together. Our first step was bringing Microsoft Sentinel into the Microsoft Defender portal, giving teams a single, comprehensive view of incidents, reducing queue management, enriching threat intel, streamlining response and enabling SOC teams to take advantage of Gen AI in their day-to-day workflow. Since then, considerable progress has been made with thousands of customers using this new unified experience; to enhance the value customers gain when using Sentinel in the Defender portal, multi-tenancy and multi-workspace support was added to help customers with more sophisticated deployments. Our mission is to unify security operations by bringing all your data, workflows, and people together to unlock new capabilities and drive better security outcomes. As a strong example of this, last year we added extended posture management, delivering powerful posture insights to the SOC team. This integration helps build a closed-loop feedback system between your pre- and post-breach efforts. Exposure Management is just one example. By bringing everything together, we can take full advantage of AI and automation to shift from a reactive to predictive SOC that anticipates threats and proactively takes action to defend against them. Beyond Exposure Management, Microsoft has been constantly innovating in the Defender experience, adding not just SIEM but also Security Copilot. The Sentinel experience within the Defender portal is the focus of our innovation energy and where we will continue to add advanced Sentinel capabilities going forward. Onboarding to the new unified experience is easy and doesn’t require a typical migration. Just a few clicks and permissions. Customers can continue to use Sentinel in the Azure portal while it is available even after choosing to transition.  Today, we’re announcing that we are moving to the next phase of the transition with a target to retire the Azure portal for Microsoft Sentinel by July 1, 2026.  Customers not yet using the Defender portal should plan their transition accordingly.   Microsoft Sentinel in the Microsoft Defender portal “Really amazing to see that coming, because cross querying with tables in one UI is really cool! Amazing, big step forward to the unified [Defender] portal.”  Glueckkanja AG  “The biggest benefit of a unified security operations solution (Microsoft Sentinel + Microsoft Defender XDR) has been the ability to combine data in Defender XDR with logs from third party security tools. Another advantage developed has been to eliminate the need to switch between Defender XDR and Microsoft Sentinel portals, now having a single pane of glass, which the team has been wanting for some years.”  Robel Kidane, Group Information Security Manager, Renishaw PLC  Delivering the SOC of the future Unifying threat protection, exposure management and security analytics capabilities in one pane of glass not only streamlines the user experience, but also enables Sentinel customers to realize security outcomes more efficiently:  Analyst efficiency: A single portal reduces context switching, simplifies workflows, reduces training overhead, and improves team agility.  Integrated insights: SOC-focused case management, threat intelligence, incident correlation, advanced hunting, exposure management, and a prioritized incident queue enriched with business and sensitivity context—enabling faster, more informed detection and response across all products. SOC optimization: Security controls that can be adjusted as threats and business priorities change to control costs and provide better coverage and utilization of data, thus maximizing ROI from the SIEM.  Accelerated response: AI-driven detection and response which reduces mean time to respond (MTTR) by 30%, increases security response efficiency by 60%, and enables embedded Gen AI and agentic workflows.   What’s next: Preparing for the retirement of the Sentinel Experience in the Azure Portal Microsoft is committed to supporting every single customer in making that transition over the next 12 months. Beginning July 1, 2026, Sentinel users will be automatically redirected to the Defender portal.  After helping thousands of customers smoothly make the transition, we recommend that security teams begin planning their migration and change management now to ensure continuity and avoid disruption. While the technical process is very straightforward, we have found that early preparation allows time for workflow validation, training, and process alignment to take full advantage of the new capabilities and experience. Tips for a Successful Migration to Microsoft Defender 1. Leverage Microsoft’s help: Leverage Microsoft documentation, instructional videos, guidance, and in-product support to help you be successful. A good starting point is the documentation on Microsoft Learn.    2. Plan early: Engage stakeholders early including SOC and IT Security leads, MSSPs, and compliance teams to align on timing, training and organizational needs. Make sure you have an actionable timeline and agreement in the organization around when you can prioritize this transition to ensure access to the full potential of the new experience.   3. Prepare your environment: Plan and design your environment thoroughly. This includes understanding the prerequisites for onboarding Microsoft Sentinel workspaces, reviewing and deciding on access controls, and planning the architecture of your tenant and workspace. Proper planning will ensure a smooth transition and help avoid any disruptions to your security operations.   4. Leverage Advanced Threat Detection: The Defender portal offers enhanced threat detection capabilities with advanced AI and machine learning for Microsoft Sentinel. Make sure to leverage these features for faster and more accurate threat detection and response. This will help you identify and address critical threats promptly, improving your overall security posture.   5. Utilize Unified Hunting and Incident Management: Take advantage of the enhanced hunting, incident, and investigation capabilities in Microsoft Defender. This provides a comprehensive view for more efficient threat detection and response. By consolidating all security incidents, alerts, and investigations into a single unified interface, you can streamline your operations and improve efficiency. 6. Optimize Cost and Data Management The Defender portal offers cost and data optimization features, such as SOC Optimization and Summary Rules. Make sure to utilize these features to optimize your data management, reduce costs, and increase coverage and SIEM ROI. This will help you manage your security operations more effectively and efficiently. Unleash the full potential of your Security team  The unified SecOps experience available in the Defender portal is designed to support the evolving needs of modern SOCs. The Defender portal is not just a new home for Microsoft Sentinel - it’s a foundation for integrated, AI-driven security operations. We’re committed to helping you make this transition smoothly and confidently. If you haven’t already joined the thousands of security organizations that have done so, now is the time to begin. Resources AI-Powered Security Operations Platform | Microsoft Security  Microsoft Sentinel in the Microsoft Defender portal | Microsoft Learn  Shifting your Microsoft Sentinel Environment to the Defender Portal | Microsoft Learn  Microsoft Sentinel is now in Defender | YouTube  Changes for new customers starting in July 2025 

The U.S. Department of the Treasury has sanctioned Russian hosting company Aeza Group and four operators for allegedly acting as a bulletproof hosting company for ransomware gangs, infostealer operations, darknet drug markets, and Russian disinformation campaigns.

A new FileFix attack allows executing malicious scripts while bypassing the Mark of the Web (MoTW) protection in Windows by exploiting how browsers handle saved HTML webpages.