Latest CyberSec News by @thecyberpicker

Latest CyberSec News by @thecyberpicker

30533 bookmarks
Custom sorting
Hackers scanning for TeleMessage Signal clone flaw exposing passwords
Hackers scanning for TeleMessage Signal clone flaw exposing passwords
Researchers are seeing exploitation attempts for the CVE-2025-48927 vulnerability in the TeleMessage SGNL app, which allows retrieving usernames, passwords, and other sensitive data.
·bleepingcomputer.com·
Hackers scanning for TeleMessage Signal clone flaw exposing passwords
What Is a SOC 1 Report & Who Needs One? | CSA
What Is a SOC 1 Report & Who Needs One? | CSA
SOC 1 reports verify internal controls for financial data, which is essential for trust, sales, and SOX compliance. Here's when and why you need one.
·cloudsecurityalliance.org·
What Is a SOC 1 Report & Who Needs One? | CSA
Russia Linked to New Malware Targeting Email Accounts for Espionage
Russia Linked to New Malware Targeting Email Accounts for Espionage
Russian military intelligence-linked hackers are using a new malware called “Authentic Antics” to secretly access Microsoft cloud email accounts, the UK's NCSC reports
·infosecurity-magazine.com·
Russia Linked to New Malware Targeting Email Accounts for Espionage
0% chinois : les États-Unis souhaitent rayer Pékin de la carte des câbles sous-marins
0% chinois : les États-Unis souhaitent rayer Pékin de la carte des câbles sous-marins
La Federal Communications Commission (FCC) s’apprête, lors d'un vote prévu début août 2025, à instaurer des mesures drastiques pour bannir toute technologie ou tout équipement chinois des câbles sous-marins reliant l’Amérique au reste du monde.  Les États-Unis s’apprêtent à franchir un cap inédit dans la guerre
·numerama.com·
0% chinois : les États-Unis souhaitent rayer Pékin de la carte des câbles sous-marins
New Mobile Phone Forensics Tool - Schneier on Security
New Mobile Phone Forensics Tool - Schneier on Security
The Chinese have a new tool called Massistant. Massistant is the presumed successor to Chinese forensics tool, “MFSocket”, reported in 2019 and attributed to publicly traded cybersecurity company, Meiya Pico. The forensics tool works in tandem with a corresponding desktop software. Massistant gains access to device GPS location data, SMS messages, images, audio, contacts and phone services. Meiya Pico maintains partnerships with domestic and international law enforcement partners, both as a surveillance hardware and software provider, as well as through training programs for law enforcement personnel...
·schneier.com·
New Mobile Phone Forensics Tool - Schneier on Security
New “LameHug” Malware Deploys AI-Generated Commands
New “LameHug” Malware Deploys AI-Generated Commands
Ukraine’s CERT-UA has identified a new AI-powered malware, dubbed “LameHug,” which executes commands on compromised Windows systems in cyber-attacks, targeting the nation’s security and defense sector
·infosecurity-magazine.com·
New “LameHug” Malware Deploys AI-Generated Commands
5 Features Every AI-Powered SOC Platform Needs in 2025
5 Features Every AI-Powered SOC Platform Needs in 2025
A modern AI-based SOC platform must adapt in real time to handle alert overloads and fast-moving threats, surpassing traditional SIEM tools.
·securityaffairs.com·
5 Features Every AI-Powered SOC Platform Needs in 2025
« Payer ou consentir » : Meta bloque l’accès à Instagram et Facebook si vous ne faites pas ce choix
« Payer ou consentir » : Meta bloque l’accès à Instagram et Facebook si vous ne faites pas ce choix
Sur Instagram ou Facebook, Meta force désormais ses utilisateurs à faire un choix clair : payer pour naviguer sans publicité ou bien accepter le traitement de vos données personnelles pour continuer à utiliser les réseaux sociaux gratuitement. Depuis quelques jours, vous avez peut-être eu la surprise de voir une
·numerama.com·
« Payer ou consentir » : Meta bloque l’accès à Instagram et Facebook si vous ne faites pas ce choix
Poor Passwords Tattle on AI Hiring Bot Maker Paradox.ai
Poor Passwords Tattle on AI Hiring Bot Maker Paradox.ai
Security researchers recently revealed that the personal information of millions of people who applied for jobs at McDonald's was exposed after they guessed the password ("123456") for the fast food chain's account at Paradox.ai, a company that makes artificial intelligence…
·krebsonsecurity.com·
Poor Passwords Tattle on AI Hiring Bot Maker Paradox.ai
News Alert: SquareX, Fortune 500 CISOs to debut bowser security guide at Black Hat USA 2025
News Alert: SquareX, Fortune 500 CISOs to debut bowser security guide at Black Hat USA 2025
Palo Alto, Calif., July 17, 2025, CyberNewswire — SquareX announced the official launch of The Browser Security Field Manual at Black Hat USA 2025. In addition to a comprehensive practical guide to the latest TTPs attackers are using to target employees in the browser, this comprehensive manual features industry perspectives from leading CISOs from multiple
·lastwatchdog.com·
News Alert: SquareX, Fortune 500 CISOs to debut bowser security guide at Black Hat USA 2025
Citrix Bleed 2 exploited weeks before PoCs as Citrix denied attacks
Citrix Bleed 2 exploited weeks before PoCs as Citrix denied attacks
A critical Citrix NetScaler vulnerability, tracked as CVE-2025-5777 and dubbed "CitrixBleed 2," was actively exploited nearly two weeks before proof-of-concept (PoC) exploits were made public, despite Citrix stating that there was no evidence of attacks.
·bleepingcomputer.com·
Citrix Bleed 2 exploited weeks before PoCs as Citrix denied attacks
VMware fixes four ESXi zero-day bugs exploited at Pwn2Own Berlin
VMware fixes four ESXi zero-day bugs exploited at Pwn2Own Berlin
VMware fixed four vulnerabilities in VMware ESXi, Workstation, Fusion, and Tools that were exploited as zero-days during the Pwn2Own Berlin 2025 hacking contest in May 2025.
·bleepingcomputer.com·
VMware fixes four ESXi zero-day bugs exploited at Pwn2Own Berlin
Google sues to disrupt BadBox 2.0 botnet infecting 10 million devices
Google sues to disrupt BadBox 2.0 botnet infecting 10 million devices
Google has filed a lawsuit against the anonymous operators of the Android BadBox 2.0 malware botnet, accusing them of running a global ad fraud scheme against the company's advertising platforms.
·bleepingcomputer.com·
Google sues to disrupt BadBox 2.0 botnet infecting 10 million devices
This is your sign to step away from the keyboard
This is your sign to step away from the keyboard
This week, Martin shows how stepping away from the screen can make you a stronger defender, alongside an inside scoop on emerging malware threats.
·blog.talosintelligence.com·
This is your sign to step away from the keyboard