DEF CON® Hacking Conference - Events, Parties, & Meetups

Latest CyberSec News by @thecyberpicker
Trend Micro fixes critical vulnerabilities in multiple products
Trend Micro has released security updates to address multiple critical-severity remote code execution and authentication bypass vulnerabilities that impact its Apex Central and Endpoint Encryption (TMEE) PolicyServer products.
23andMe privacy ombudsman recommends company obtains consent for sale of customer data
The recommendation to the bankruptcy judge overseeing the sale is partially based on messages from 23andMe customers who told him they are worried about their genetic data’s inclusion in the sale.
WordPress Sites Turned Weapon: How VexTrio and Affiliates Run a Global Scam Network
Infoblox reveals VexTrio’s sprawling adtech scam network affecting thousands globally via compromised sites.
Google Cloud and Cloudflare hit by widespread service outages
Google Cloud and Cloudflare are investigating ongoing outages impacting access to sites and various services across multiple regions.
Predator spyware activity surfaces in new places with new tricks | CyberScoop
Recorded Future said on Thursday that it had linked Intellexa infrastructure to new locations, the latest indication that the Predator spyware maker has adapted after setbacks.
Fog ransomware attack on Asia financial org draws attention over use of employee monitoring software
An attack in Asia used a legitimate employee monitoring software that researchers hadn't seen employed by ransomware actors, as well as several other unusual tools.
Graphite spyware used in Apple iOS zero-click attacks on journalists
Forensic investigation has confirmed the use of Paragon's Graphite spyware platform in zero-click attacks that targeted Apple iOS devices of at least two journalists in Europe.
Cyber resilience begins before the crisis
Microsoft’s Deputy CISO for Customer Security, Ann Johnson, talks about the need for having a proactive cyber resilience plan.
Airlines Secretly Selling Passenger Data to the Government - Schneier on Security
This is news: A data broker owned by the country’s major airlines, including Delta, American Airlines, and United, collected U.S. travellers’ domestic flight records, sold access to them to Customs and Border Protection (CBP), and then as part of the contract told CBP to not reveal where the data came from, according to internal CBP documents obtained by 404 Media. The data includes passenger names, their full flight itineraries, and financial details. Another article.
Belarusian hackers taunt Kaspersky over report detailing their attacks
A recent Kaspersky report offers a rare glimpse into the alleged arsenal of politically motivated hackers waging a digital war against authoritarian regimes in Russia and Belarus.
L'UE injecte 145,5 millions d'euros pour améliorer la cybersécurité des PME, hôpitaux et administrations
La Commission européenne lance deux nouveaux appels à projets pour un montant total de 145,5 millions d'euros afin de soutenir la sécurité...-Cybersécurité
[tl;dr sec] #283 - Awesome Black Hat Tools, Evading EDR, Disrupting Malicious Uses of AI
Huge list of tools presented at various Black Hat conferences, how attackers evade modern EDR, OpenAI's report on threat actor campaigns they've disrupted
The $200,000 Zoom call
A crypto CEO shared his screen. What happened next unraveled his digital life.
Software vulnerabilities pile up at government agencies, research finds
A Veracode report reveals that government networks have accumulated years of unresolved security flaws, putting them at serious risk of exploitation.
Financement des start-up cyber : Moins de levées et des tickets plus gros
Alors que les start-up françaises spécialisées dans la sécurité informatique lèvent davantage de fonds, le nombre d'opérations chute nettement...-Cybersécurité
Password-spraying attacks target 80,000 Microsoft Entra ID accounts
Hackers have been using the TeamFiltration pentesting framework to target more than 80,000 Microsoft Entra ID accounts at hundreds of organizations worldwide.
Paragon spyware found on the phones of Euro journos | CyberScoop
Researchers revealed Wednesday that they have confirmed Paragon spyware on an Apple product amid an unfolding surveillance scandal in Italy.
State of Data Security Report 2025
This week in cybersecurity from the editors at Cybercrime Magazine
New TokenBreak Attack Bypasses AI Moderation with Single-Character Text Changes
New TokenBreak Attack Bypasses AI Moderation with Single-Character Text Changes | Read more hacking news on The Hacker News cybersecurity news website and learn how to protect against cyberattacks and software vulnerabilities.
Microsoft Edge now offers secure password deployment for businesses
Microsoft announced that a new Edge feature allowing employees to share passwords more securely in enterprise environments has reached general availability.
Ransomware attack on ticketing platform upends South Korean entertainment industry
Yes24, a South Korean ticketing platform and online bookseller, has been disrupted for days after a ransomware attack, with effects rippling into K-pop concerts, theater performances and more.
SinoTrack GPS device flaws allow remote vehicle control and location tracking
Two vulnerabilities in SinoTrack GPS devices can allow remote vehicle control and location tracking by attackers, US CISA warns.
AI Agents Run on Secret Accounts — Learn How to Secure Them in This Webinar
Invisible AI agent identities expose organizations to attacks, risking data and cloud security.
The AI Trustworthy Pledge Matters Now More Than Ever | CSA
CSA’s AI Trustworthy Pledge is a commitment that signals an organization's dedication to four foundational principles that should underpin every AI initiative.
Cloud Security Alliance’s AI Safety Initiative Named a 2025 CSO | CSA
Palo Alto Networks Patches Series of Vulnerabilities
The cybersecurity provider also implemented recent fixes in Chromium that affected its Prisma Access Browser
GitLab patches high severity account takeover, missing auth issues
GitLab has released security updates to address multiple vulnerabilities in the company's DevSecOps platform, including ones enabling attackers to take over accounts and inject malicious jobs in future pipelines.
Budget IA vs cyberassurance : le dilemme des grandes entreprises
...-Le récap' cyber
Adobe patches critical Magento admin takeover via menu injection
A new attack on Adobe Commerce may break the menu bar for admin users. If your menu bar is missing, someone is stealing your session via CVE-2025-47110.