Latest CyberSec News by @thecyberpicker

Latest CyberSec News by @thecyberpicker

30531 bookmarks
Custom sorting
Google Patched A Code Execution Vulnerability In Gemini CLI
Google Patched A Code Execution Vulnerability In Gemini CLI
Google patched the code execution vulnerability with Gemini CLI 0.1.14. Users must update to this release to avoid threats like data theft.
·latesthackingnews.com·
Google Patched A Code Execution Vulnerability In Gemini CLI
Post SMTP Plugin Flaw Risked 400K+ WordPress Sites
Post SMTP Plugin Flaw Risked 400K+ WordPress Sites
The Post SMTP plugin flaw could allow account takeover from an authorized low-privilege user account, such as a Subscriber user.
·latesthackingnews.com·
Post SMTP Plugin Flaw Risked 400K+ WordPress Sites
Inadequate Database Security: A Darkbeam Case Study | CSA
Inadequate Database Security: A Darkbeam Case Study | CSA
2023: Darkbeam failed to follow database security best practices, publicly exposing their Elasticsearch & Kibana interface. No data exfiltration was reported.
·cloudsecurityalliance.org·
Inadequate Database Security: A Darkbeam Case Study | CSA
Ransomware gangs join attacks targeting Microsoft SharePoint servers
Ransomware gangs join attacks targeting Microsoft SharePoint servers
Ransomware gangs have recently joined ongoing attacks targeting a Microsoft SharePoint vulnerability chain, part of a broader exploitation campaign that has already led to the breach of at least 148 organizations worldwide.
·bleepingcomputer.com·
Ransomware gangs join attacks targeting Microsoft SharePoint servers
Man-in-the-Middle Attack Prevention Guide
Man-in-the-Middle Attack Prevention Guide
MITM attacks silently steal data from users via spoofed networks and weak encryption. Learn how to stop them.
·thehackernews.com·
Man-in-the-Middle Attack Prevention Guide
First Sentencing in Scheme to Help North Koreans Infiltrate US Companies - Schneier on Security
First Sentencing in Scheme to Help North Koreans Infiltrate US Companies - Schneier on Security
An Arizona woman was sentenced to eight-and-a-half years in prison for her role helping North Korean workers infiltrate US companies by pretending to be US workers. From an article: According to court documents, Chapman hosted the North Korean IT workers’ computers in her own home between October 2020 and October 2023, creating a so-called “laptop farm” which was used to make it appear as though the devices were located in the United States. The North Koreans were hired as remote software and application developers with multiple Fortune 500 companies, including an aerospace and defense company, a major television network, a Silicon Valley technology company, and a high-profile company...
·schneier.com·
First Sentencing in Scheme to Help North Koreans Infiltrate US Companies - Schneier on Security
The Wild West of Shadow IT
The Wild West of Shadow IT
Everyone's an IT decision-maker now. Here's how to keep your organization safe in the world of Shadow IT.
·thehackernews.com·
The Wild West of Shadow IT
Mozilla warns of phishing attacks targeting add-on developers
Mozilla warns of phishing attacks targeting add-on developers
Mozilla has warned browser extension developers of an active phishing campaign targeting accounts on its official AMO (addons.mozilla.org) repository.
·bleepingcomputer.com·
Mozilla warns of phishing attacks targeting add-on developers
Lazarus est de retour : les célèbres voleurs de crypto-monnaies nord-coréens ciblent désormais l’open source
Lazarus est de retour : les célèbres voleurs de crypto-monnaies nord-coréens ciblent désormais l’open source
Dans une étude publiée fin juillet 2025, les chercheurs de Sonatype annoncent avoir détecté une vaste campagne d’espionnage menée au sein des écosystèmes open source. Aux commandes : Lazarus, un groupe cybercriminel affilié à l’État nord-coréen, connu depuis plus d’une décennie pour des détournements spectaculaires
·numerama.com·
Lazarus est de retour : les célèbres voleurs de crypto-monnaies nord-coréens ciblent désormais l’open source
Lovense flaws expose emails and allow account takeover
Lovense flaws expose emails and allow account takeover
Lovense fixed bugs exposing emails and allowing account takeovers. Company CEO may take legal action after the flaws were publicly disclosed.
·securityaffairs.com·
Lovense flaws expose emails and allow account takeover
Pwn2Own Offers $1m for Zero-Click WhatsApp Exploit
Pwn2Own Offers $1m for Zero-Click WhatsApp Exploit
The Pwn2Own competition is offering a $1m reward to any teams able to unearth a WhatsApp code execution exploit
·infosecurity-magazine.com·
Pwn2Own Offers $1m for Zero-Click WhatsApp Exploit
#BHUSA: Cloud Intrusions Skyrocket in 2025
#BHUSA: Cloud Intrusions Skyrocket in 2025
CrowdStrike revealed the surge in cloud intrusions was partly driven by a 40% increase in Chinese-state actors exploiting these environments
·infosecurity-magazine.com·
#BHUSA: Cloud Intrusions Skyrocket in 2025
Attackers exploit link-wrapping services to steal Microsoft 365 logins
Attackers exploit link-wrapping services to steal Microsoft 365 logins
A threat actor has been abusing link wrapping services from reputed technology companies to mask malicious links leading to Microsoft 365 phishing pages that collect login credentials.
·bleepingcomputer.com·
Attackers exploit link-wrapping services to steal Microsoft 365 logins
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 56
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 56
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape
·securityaffairs.com·
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 56
Senate confirms Trump’s national cyber director nominee
Senate confirms Trump’s national cyber director nominee
Sean Cairncross, a political veteran without significant cybersecurity experience, could turn the relatively new White House office into a major player in the administration
·cybersecuritydive.com·
Senate confirms Trump’s national cyber director nominee