Latest CyberSec News by @thecyberpicker

Latest CyberSec News by @thecyberpicker

30533 bookmarks
Custom sorting
Unpatched critical bugs in Versa Concerto lead to auth bypass, RCE
Unpatched critical bugs in Versa Concerto lead to auth bypass, RCE
Critical vulnerabilities in Versa Concerto that are still unpatched could allow remote attackers to bypass authentication and execute arbitrary code on affected systems.
·bleepingcomputer.com·
Unpatched critical bugs in Versa Concerto lead to auth bypass, RCE
Anthropic web config hints at Claude Sonnet 4 and Opus 4
Anthropic web config hints at Claude Sonnet 4 and Opus 4
Anthropic is secretly working on two new models called Claude Sonnet 4 and Opus 4, which are believed to be the company's most advanced AI models.
·bleepingcomputer.com·
Anthropic web config hints at Claude Sonnet 4 and Opus 4
OpenAI hints at a big upgrade for ChatGPT Operator Agent
OpenAI hints at a big upgrade for ChatGPT Operator Agent
ChatGPT's Operator, which is still in research preview, will soon become a "very useful tool," according to Jerry Tworek, VP of Research at OpenAI.
·bleepingcomputer.com·
OpenAI hints at a big upgrade for ChatGPT Operator Agent
Critical Samlify SSO flaw lets attackers log in as admin
Critical Samlify SSO flaw lets attackers log in as admin
A critical Samlify authentication bypass vulnerability has been discovered that allows attackers to impersonate admin users by injecting unsigned malicious assertions into legitimately signed SAML responses.
·bleepingcomputer.com·
Critical Samlify SSO flaw lets attackers log in as admin
Russian hackers breach orgs to track aid routes to Ukraine
Russian hackers breach orgs to track aid routes to Ukraine
A Russian state-sponsored cyberespionage campaign attributed to APT28 (Fancy Bear/Forest Blizzard) hackers has been targeting and compromising international organizations since 2022 to disrupt aid efforts to Ukraine.
·bleepingcomputer.com·
Russian hackers breach orgs to track aid routes to Ukraine
Nearly 70,000 impacted by Coinbase breach involving $20 million ransom demand
Nearly 70,000 impacted by Coinbase breach involving $20 million ransom demand
In documents filed with regulators in Maine on Tuesday, Coinbase said the information leaked included details like photos of passports and government IDs, as well as account information such as balances and transaction history.
·therecord.media·
Nearly 70,000 impacted by Coinbase breach involving $20 million ransom demand
3AM ransomware uses spoofed IT calls, email bombing to breach networks
3AM ransomware uses spoofed IT calls, email bombing to breach networks
A 3AM ransomware affiliate is conducting highly targeted attacks using email bombing and spoofed IT support calls to socially engineer employees into giving credentials for remote access to corporate systems.
·bleepingcomputer.com·
3AM ransomware uses spoofed IT calls, email bombing to breach networks
Lumma Stealer toppled by globally coordinated takedown | CyberScoop
Lumma Stealer toppled by globally coordinated takedown | CyberScoop
Global law enforcement authorities and Microsoft seized or disrupted the prolific infostealer’s central command infrastructure, malicious domains and marketplaces where the malware was sold.
·cyberscoop.com·
Lumma Stealer toppled by globally coordinated takedown | CyberScoop
College student to plead guilty to PowerSchool hack
College student to plead guilty to PowerSchool hack
The 19-year-old Assumption College student, Matthew Lane, also was charged Tuesday with hacking and demanding a ransom payment from an unnamed telecommunications company, according to Massachusetts federal prosecutors.
·therecord.media·
College student to plead guilty to PowerSchool hack
Lumma infostealer malware operation disrupted, 2,300 domains seized
Lumma infostealer malware operation disrupted, 2,300 domains seized
Earlier this month, a coordinated disruption action targeting the Lumma malware-as-a-service (MaaS) information stealer operation seized thousands of domains, part of its infrastructure backbone worldwide.
·bleepingcomputer.com·
Lumma infostealer malware operation disrupted, 2,300 domains seized
Lumma Stealer: Breaking down the delivery techniques and capabilities of a prolific infostealer
Lumma Stealer: Breaking down the delivery techniques and capabilities of a prolific infostealer
Over the past year, Microsoft Threat Intelligence observed the persistent growth and operational sophistication of Lumma Stealer, an info-stealing malware used by multiple financially motivated threat actors to target various industries. Microsoft, partnering with others across industry and international law enforcement, facilitated the disruption of Lumma infrastructure.
·microsoft.com·
Lumma Stealer: Breaking down the delivery techniques and capabilities of a prolific infostealer
AI drives cyber strategies, security execs say
AI drives cyber strategies, security execs say
Basic vulnerabilities account for most cyberattacks, but security leaders say they’re more concerned about the risks of AI, new research shows.
·cybersecuritydive.com·
AI drives cyber strategies, security execs say