Latest CyberSec News by @thecyberpicker

Latest CyberSec News by @thecyberpicker

30533 bookmarks
Custom sorting
3 key takeaways from the Scattered Spider attacks on insurance firms
3 key takeaways from the Scattered Spider attacks on insurance firms
Identity is the new battleground—and Scattered Spider exploits it. Join Push Security to unpack how identity-based attacks are reshaping the threat landscape, and how to defend against MFA bypass, help desk scams, and more. Watch the webinar now.
·bleepingcomputer.com·
3 key takeaways from the Scattered Spider attacks on insurance firms
Man pleads guilty to hacking networks to pitch security services
Man pleads guilty to hacking networks to pitch security services
A Kansas City man has pleaded guilty to hacking multiple organizations to advertise his cybersecurity services, the U.S. Department of Justice announced on Wednesday.
·bleepingcomputer.com·
Man pleads guilty to hacking networks to pitch security services
Des Rafale français interceptent des drones iraniens dirigés vers Israël
Des Rafale français interceptent des drones iraniens dirigés vers Israël
Dans une allocution faîte face à l'Assemblée Nationale, le mercredi 25 juin 2025, le ministre français des Armées Sébastien Lecornu a déclaré que la France avait intercepté plusieurs drones iraniens se dirigeant vers Israël avant la trêve du conflit. Destinés à viser Israël, des drones iraniens ont survolé « les
·numerama.com·
Des Rafale français interceptent des drones iraniens dirigés vers Israël
Why the Do Not Call Registry doesn’t work
Why the Do Not Call Registry doesn’t work
The Do Not Call Registry hardly works. The reason why is simple and frustrating—it was never meant to stop all unwanted calls.
·malwarebytes.com·
Why the Do Not Call Registry doesn’t work
Why Do Organizations Migrate to the Public Cloud? | CSA
Why Do Organizations Migrate to the Public Cloud? | CSA
Why do organizations migrate to the public cloud? It may sound like a simple question in 2025, but there’s complexity to it. Hint: It isn’t about cost anymore.
·cloudsecurityalliance.org·
Why Do Organizations Migrate to the Public Cloud? | CSA
Cisco fixed critical ISE flaws allowing Root-level RCE
Cisco fixed critical ISE flaws allowing Root-level RCE
Cisco released patches to fix two critical vulnerabilities in Cisco ISE and ISE-PIC that could let remote attackers execute to code as root
·securityaffairs.com·
Cisco fixed critical ISE flaws allowing Root-level RCE
White House Bans WhatsApp - Schneier on Security
White House Bans WhatsApp - Schneier on Security
Reuters is reporting that the White House has banned WhatsApp on all employee devices: The notice said the “Office of Cybersecurity has deemed WhatsApp a high risk to users due to the lack of transparency in how it protects user data, absence of stored data encryption, and potential security risks involved with its use.” TechCrunch has more commentary, but no more information.
·schneier.com·
White House Bans WhatsApp - Schneier on Security
ClickFix Attacks Surge 517% in 2025
ClickFix Attacks Surge 517% in 2025
The ClickFix social engineering technique has become the second most common attack vector, behind only phishing, according to ESET research
·infosecurity-magazine.com·
ClickFix Attacks Surge 517% in 2025
A Copilot Studio Story: Discovery Phase in AI Agents | CSA
A Copilot Studio Story: Discovery Phase in AI Agents | CSA
Copilot Studio is Microsoft’s no-code platform for AI Agents. But AI agents aren’t safe by design. Explore how an agent built using Copilot Studio can go wrong.
·cloudsecurityalliance.org·
A Copilot Studio Story: Discovery Phase in AI Agents | CSA
Comment un groupe de hackers iranien s’introduit en temps réel dans des comptes sécurisés israéliens ?
Comment un groupe de hackers iranien s’introduit en temps réel dans des comptes sécurisés israéliens ?
Dans l’ombre du conflit armé entre l'Iran et Israël, la cyberguerre ne connaît pas de cessez-le-feu. Selon Check Point Research, un groupe de hackers iraniens, connu sous le nom d’« Educated Manticore » (alias Charming Kitten ou APT42), mène une campagne d’espionnage d’une rare sophistication contre des experts
·numerama.com·
Comment un groupe de hackers iranien s’introduit en temps réel dans des comptes sécurisés israéliens ?
Decrement by one to rule them all: AsIO3.sys driver exploitation
Decrement by one to rule them all: AsIO3.sys driver exploitation
Cisco Talos uncovered and analyzed two critical vulnerabilities in ASUS' AsIO3.sys driver, highlighting serious security risks and the importance of robust driver design.
·blog.talosintelligence.com·
Decrement by one to rule them all: AsIO3.sys driver exploitation
CISA: AMI MegaRAC bug enabling server hijacks exploited in attacks
CISA: AMI MegaRAC bug enabling server hijacks exploited in attacks
CISA says a maximum severity vulnerability in AMI's MegaRAC Baseboard Management Controller (BMC) software, which enables attackers to hijack and brick servers, is currently under active exploitation.
·bleepingcomputer.com·
CISA: AMI MegaRAC bug enabling server hijacks exploited in attacks
freeSSHd 1.0.9 - Denial of Service (DoS)
freeSSHd 1.0.9 - Denial of Service (DoS)
freeSSHd 1.0.9 - Denial of Service (DoS). CVE-2024-0723 . remote exploit for Windows platform
·exploit-db.com·
freeSSHd 1.0.9 - Denial of Service (DoS)