Latest CyberSec News by @thecyberpicker

A campaign involving a financially motivated group deploying a downloader that delivers CORNFLAKE.V3 malware.

Six major password managers with tens of millions of users are currently vulnerable to unpatched clickjacking flaws that could allow attackers to steal account credentials, 2FA codes, and credit card details.

PromptFix exploits Comet AI browser via fake CAPTCHA, auto-filling credit cards and enabling phishing scams.

A Russian state-sponsored group, Static Tundra, is exploiting an old Cisco IOS vulnerability to compromise unpatched network devices worldwide, targeting key sectors for intelligence gathering.

Email security is stuck where antivirus was a decade ago—focused only on prevention. Learn from Material Security why it's time for an "EDR for email" mindset: visibility, post-compromise controls, and SaaS-wide protection.

Microsoft is investigating an ongoing issue preventing users across North America from accessing Office.com and the company's Copilot AI-powered assistant.

Read this expert SecurityX vs CISSP comparison guide to learn all you need to know about these top certifications and decide which suits you the best.

Une hackeuse professionnelle, connue sous le pseudonyme « Bobdahacker », raconte comment sa chasse aux vulnérabilités chez McDonald's, entamée par une simple commande de nuggets gratuits, a révélé d'autres failles de sécurité et conduit au licenciement d’une employée qui avait accepté de l’aider. Un rapport de

The company said no critical data was accessed, but the hacker "gained access to one of our IT systems that contains the following data: name, first name, telephone number, SIM card number, PUK code, tariff plan.”

The Russian platform Investment Projects said it is working to restore its infrastructure following a cyberattack claimed by the pro-Ukraine group Cyber Anarchy Squad.

We don’t need to throw out RBAC, but we need to evolve beyond it. Modern identity security requires understanding the full picture of effective permissions.

Recent headlines about the Panama Canal, port concessions in Latin America, and strategic realignments in global shipping have reignited conversations across the logistics and procurement world. For organizations, these developments are immediate signals to assess risk exposure, optimize routing decisions and reevaluate resilience strategies. At interos.ai, our latest analysis shows that these developments are already....

Researchers discovered two new phishing techniques where attackers split malicious QR codes or embed them into legitimate ones

This week in cybersecurity from the editors at Cybercrime Magazine

Recently released Windows 11 24H2 updates are reportedly causing data corruption and failure issues for some SSD and HDD models on up-to-date systems.

Microsoft also addressed the known "BadSuccessor" zero-day flaw with August 2025 Patch Tuesday updates, alongside 100+ other fixes.

Introducing CSA’s MCP Security Resource Center — the first open industry hub for securing the Model Context Protocol and the broader agentic AI control plane.

Shadow AI agents already active in enterprises bypass security controls, creating identity risks that attackers can exploit.

In this input integrity attack against an AI system, researchers were able to fool AIOps tools: AIOps refers to the use of LLM-based agents to gather and analyze application telemetry, including system logs, performance metrics, traces, and alerts, to detect problems and then suggest or carry out corrective actions. The likes of Cisco have deployed AIops in a conversational interface that admins can use to prompt for information about system performance. Some AIOps tools can respond to such queries by automatically implementing fixes, or suggesting scripts that can address issues...

Discover how a business impact analysis lays the groundwork for faster recovery in today’s threat-filled business landscape.

The 2024 CFIUS report highlights heightened U.S. tech investment reviews amid China concerns, urging stronger, transparent national security measures.

Trend Micro highlighted a sophisticated post-compromise attack chain to deploy the Warlock ransomware in unpatched SharePoint on-prem environments

The Better Business Bureau is urging business owners and influencers not to fall for a new type of podcast scam

The enterprise software model that defined the past two decades — SaaS — is being rapidly eclipsed by a new center of gravity: AI-native systems. These are autonomous agents wired directly into company data, tools, and workflows. Related: LLMs fuel automated attacks According to Straiker CEO Ankur Shah, this shift is happening faster than cloud

Dans un rapport publié le 18 août 2025, les chercheurs de la société de cybersécurité Trellix décortiquent les dessous d'une campagne de cyberespionnage qui dure depuis des mois. En protagoniste principal, on retrouve Kimsuky, un groupe de hackers nords-coréens lié au pouvoir de Pyongyang. Leurs cibles ? Les

US director of national intelligence, Tulsi Gabbard, stated that her government persuaded the UK to withdraw its controversial demand

Microsoft has issued an emergency patch to fix Windows recovery problems for some users

North Korean Hackers Used GitHub and Cloud Services in Espionage Campaign Against Diplomats, While IT Workers Exploited AI to Infiltrate 320+ Firms

Google Chrome 139 addressed a high-severity V8 vulnerability, tracked as CVE-2025-9132, found by Big Sleep AI

Microsoft has resolved a known issue that caused Windows upgrades to fail with 0x8007007F errors on some Windows 11 and Windows Server systems.