Latest CyberSec News by @thecyberpicker

Latest CyberSec News by @thecyberpicker

31276 bookmarks
Custom sorting
« Ça a commencĂ© par des nuggets gratuits », comment une hackeuse a mis McDonald’s face Ă  ses failles de sĂ©curitĂ©
« Ça a commencĂ© par des nuggets gratuits », comment une hackeuse a mis McDonald’s face Ă  ses failles de sĂ©curitĂ©
Une hackeuse professionnelle, connue sous le pseudonyme « Bobdahacker », raconte comment sa chasse aux vulnĂ©rabilitĂ©s chez McDonald's, entamĂ©e par une simple commande de nuggets gratuits, a rĂ©vĂ©lĂ© d'autres failles de sĂ©curitĂ© et conduit au licenciement d’une employĂ©e qui avait acceptĂ© de l’aider. Un rapport de
·numerama.com·
« Ça a commencĂ© par des nuggets gratuits », comment une hackeuse a mis McDonald’s face Ă  ses failles de sĂ©curitĂ©
Major Belgian telecom firm says cyberattack compromised data on 850,000 accounts
Major Belgian telecom firm says cyberattack compromised data on 850,000 accounts
The company said no critical data was accessed, but the hacker "gained access to one of our IT systems that contains the following data: name, first name, telephone number, SIM card number, PUK code, tariff plan.”
·therecord.media·
Major Belgian telecom firm says cyberattack compromised data on 850,000 accounts
"Set It and Forget It” Access Control is Not Enough | CSA
"Set It and Forget It” Access Control is Not Enough | CSA
We don’t need to throw out RBAC, but we need to evolve beyond it. Modern identity security requires understanding the full picture of effective permissions.
·cloudsecurityalliance.org·
"Set It and Forget It” Access Control is Not Enough | CSA
Global Port Disruptions are Redefining Supply Chain Strategies - interos.ai
Global Port Disruptions are Redefining Supply Chain Strategies - interos.ai
Recent headlines about the Panama Canal, port concessions in Latin America, and strategic realignments in global shipping have reignited conversations across the logistics and procurement world. For organizations, these developments are immediate signals to assess risk exposure, optimize routing decisions and reevaluate resilience strategies. At interos.ai, our latest analysis shows that these developments are already....
·interos.ai·
Global Port Disruptions are Redefining Supply Chain Strategies - interos.ai
Hackers Weaponize QR Codes in New 'Quishing' Attacks
Hackers Weaponize QR Codes in New 'Quishing' Attacks
Researchers discovered two new phishing techniques where attackers split malicious QR codes or embed them into legitimate ones
·infosecurity-magazine.com·
Hackers Weaponize QR Codes in New 'Quishing' Attacks
Announcing the MCP Security Resource Center | CSA
Announcing the MCP Security Resource Center | CSA
Introducing CSA’s MCP Security Resource Center — the first open industry hub for securing the Model Context Protocol and the broader agentic AI control plane.
·cloudsecurityalliance.org·
Announcing the MCP Security Resource Center | CSA
Subverting AIOps Systems Through Poisoned Input Data - Schneier on Security
Subverting AIOps Systems Through Poisoned Input Data - Schneier on Security
In this input integrity attack against an AI system, researchers were able to fool AIOps tools: AIOps refers to the use of LLM-based agents to gather and analyze application telemetry, including system logs, performance metrics, traces, and alerts, to detect problems and then suggest or carry out corrective actions. The likes of Cisco have deployed AIops in a conversational interface that admins can use to prompt for information about system performance. Some AIOps tools can respond to such queries by automatically implementing fixes, or suggesting scripts that can address issues...
·schneier.com·
Subverting AIOps Systems Through Poisoned Input Data - Schneier on Security
Executives Warned About Celebrity Podcast Scams
Executives Warned About Celebrity Podcast Scams
The Better Business Bureau is urging business owners and influencers not to fall for a new type of podcast scam
·infosecurity-magazine.com·
Executives Warned About Celebrity Podcast Scams
BLACK HAT FIRESIDE CHAT: Straiker extends ‘red teaming’ to the AI layer as AI attacks surge
BLACK HAT FIRESIDE CHAT: Straiker extends ‘red teaming’ to the AI layer as AI attacks surge
The enterprise software model that defined the past two decades — SaaS — is being rapidly eclipsed by a new center of gravity: AI-native systems. These are autonomous agents wired directly into company data, tools, and workflows. Related: LLMs fuel automated attacks According to Straiker CEO Ankur Shah, this shift is happening faster than cloud
·lastwatchdog.com·
BLACK HAT FIRESIDE CHAT: Straiker extends ‘red teaming’ to the AI layer as AI attacks surge
Comment ces cyberespions nord-coréens ont infiltré les ambassades étrangÚres basées à Séoul
Comment ces cyberespions nord-coréens ont infiltré les ambassades étrangÚres basées à Séoul
Dans un rapport publié le 18 août 2025, les chercheurs de la société de cybersécurité Trellix décortiquent les dessous d'une campagne de cyberespionnage qui dure depuis des mois. En protagoniste principal, on retrouve Kimsuky, un groupe de hackers nords-coréens lié au pouvoir de Pyongyang. Leurs cibles ? Les
·numerama.com·
Comment ces cyberespions nord-coréens ont infiltré les ambassades étrangÚres basées à Séoul
Google fixed Chrome flaw found by Big Sleep AI
Google fixed Chrome flaw found by Big Sleep AI
Google Chrome 139 addressed a high-severity V8 vulnerability, tracked as CVE-2025-9132, found by Big Sleep AI
·securityaffairs.com·
Google fixed Chrome flaw found by Big Sleep AI
A hacker tied to Yemen Cyber Army gets 20 months in prison
A hacker tied to Yemen Cyber Army gets 20 months in prison
UK hacker Al-Tahery Al-Mashriky, tied to Yemen Cyber Army, gets 20 months in prison for website defacements and stolen data possession.
·securityaffairs.com·
A hacker tied to Yemen Cyber Army gets 20 months in prison
Microsoft releases emergency updates to fix Windows recovery
Microsoft releases emergency updates to fix Windows recovery
Microsoft has released emergency Windows out-of-band updates to resolve a known issue breaking reset and recovery operations after installing the August 2025 Windows security updates.
·bleepingcomputer.com·
Microsoft releases emergency updates to fix Windows recovery