Latest CyberSec News by @thecyberpicker

Latest CyberSec News by @thecyberpicker

31277 bookmarks
Custom sorting
Data Breach Costs Fall for First Time in Five Years
Data Breach Costs Fall for First Time in Five Years
IBM found that the global average cost of a data breach has fallen by 9% compared to 2024, driven by improved detection and containment
·infosecurity-magazine.com·
Data Breach Costs Fall for First Time in Five Years
Measuring the Attack/Defense Balance - Schneier on Security
Measuring the Attack/Defense Balance - Schneier on Security
“Who’s winning on the internet, the attackers or the defenders?” I’m asked this all the time, and I can only ever give a qualitative hand-wavy answer. But Jason Healey and Tarang Jain’s latest Lawfare piece has amassed data. The essay provides the first framework for metrics about how we are all doing collectively—and not just how an individual network is doing. Healey wrote to me in email: The work rests on three key insights: (1) defenders need a framework (based in threat, vulnerability, and consequence) to categorize the flood of potentially relevant security metrics; (2) trends are what matter, not specifics; and (3) to start, we should avoid getting bogged down in collecting data and just use what’s already being reported by amazing teams at Verizon, Cyentia, Mandiant, IBM, FBI, and so many others...
·schneier.com·
Measuring the Attack/Defense Balance - Schneier on Security
Vos chĂšques vacances ANCV vont bientĂŽt expirer ? Un mail d’arnaque Ă  coup sĂ»r
Vos chĂšques vacances ANCV vont bientĂŽt expirer ? Un mail d’arnaque Ă  coup sĂ»r
Une campagne d’arnaque aux chĂšques-vacances ANCV circule dans les boĂźtes mail des Français, en ce mois de juillet 2025. PrĂ©textant l’expiration imminente des titres, des cybercriminels essaient de piĂ©ger leurs victimes en les redirigeant vers un site frauduleux. Ah, l’été  le temps des verres en terrasse, des clubs
·numerama.com·
Vos chĂšques vacances ANCV vont bientĂŽt expirer ? Un mail d’arnaque Ă  coup sĂ»r
US Tops Hit List as 396 SharePoint Systems Compromised Globally
US Tops Hit List as 396 SharePoint Systems Compromised Globally
A total of 396 compromised Microsoft SharePoint systems have been identified globally, affecting 145 organizations across 41 countries in the wake of the ToolShell zero-day vulnerability
·infosecurity-magazine.com·
US Tops Hit List as 396 SharePoint Systems Compromised Globally
Cobalt Strike Beacon delivered via GitHub and social media
Cobalt Strike Beacon delivered via GitHub and social media
A campaign targeting Russian entities leveraged social media, Microsoft Learn Challenge, Quora, and GitHub as intermediate C2 servers to deliver Cobalt Strike Beacon.
·securelist.com·
Cobalt Strike Beacon delivered via GitHub and social media
OWASP Launches Agentic AI Security Guidance
OWASP Launches Agentic AI Security Guidance
The comprehensive guidance focuses on technical recommendations for securing agentic AI applications, from development to deployment
·infosecurity-magazine.com·
OWASP Launches Agentic AI Security Guidance
Minnesota governor activates National Guard after cyberattack on state capital
Minnesota governor activates National Guard after cyberattack on state capital
Mayor Melvin Carter said during a press conference on Tuesday that the city is most concerned about the data it holds on government employees, arguing that the city does not carry much information on city residents.
·therecord.media·
Minnesota governor activates National Guard after cyberattack on state capital
Minnesota activates National Guard after St. Paul cyberattack
Minnesota activates National Guard after St. Paul cyberattack
Minnesota Governor Tim Walz has activated the National Guard in response to a crippling cyberattack that struck the City of Saint Paul, the state's capital, on Friday.
·bleepingcomputer.com·
Minnesota activates National Guard after St. Paul cyberattack
News Alert: SquareX exposes DevTools blind spot allowing widespread browser extension attacks
News Alert: SquareX exposes DevTools blind spot allowing widespread browser extension attacks
Palo Alto, Calif., July 29, 2025, CyberNewswire — Despite the expanding use of browser extensions, the majority of enterprises and individuals still rely on labels such as “Verified” and “Chrome Featured” provided by extension stores as a security indicator. The recent Geco Colorpick case exemplifies how these certifications provide nothing more than a false sense
·lastwatchdog.com·
News Alert: SquareX exposes DevTools blind spot allowing widespread browser extension attacks
Pourquoi « Archange » est l’avion d’espionnage dont la France avait besoin
Pourquoi « Archange » est l’avion d’espionnage dont la France avait besoin
Le 25 juillet 2025, sur le tarmac d’une base aĂ©rienne française tenue confidentielle, le nouvel avion de renseignement Archange a quittĂ© le sol pour la premiĂšre fois. Un vol inaugural qui concrĂ©tise la volontĂ© de la France d'amplifier sa capacitĂ© Ă  Ă©couter, surveiller et anticiper. Avion de Renseignement Ă  Charge
·numerama.com·
Pourquoi « Archange » est l’avion d’espionnage dont la France avait besoin
Hackers exploit SAP NetWeaver bug to deploy Linux Auto-Color malware
Hackers exploit SAP NetWeaver bug to deploy Linux Auto-Color malware
Hackers were spotted exploiting a critical SAP NetWeaver vulnerability tracked as CVE-2025-31324 to deploy the Auto-Color Linux malware in a cyberattack on a U.S.-based chemicals company.
·bleepingcomputer.com·
Hackers exploit SAP NetWeaver bug to deploy Linux Auto-Color malware
French Telco Orange Hit by Cyber-Attack
French Telco Orange Hit by Cyber-Attack
Some of Orange’s professional and consumer services may be disrupted for a few days because of the cyber incident
·infosecurity-magazine.com·
French Telco Orange Hit by Cyber-Attack