Latest CyberSec News by @thecyberpicker

Latest CyberSec News by @thecyberpicker

30531 bookmarks
Custom sorting
Data-stealing Chrome extensions impersonate Fortinet, YouTube, VPNs
Data-stealing Chrome extensions impersonate Fortinet, YouTube, VPNs
A Google Chrome Web Store campaign uses over 100 malicious browser extensions that mimic legitimate tools, such as VPNs, AI assistants, and crypto utilities, to steal browser cookies and execute remote scripts secretly.
·bleepingcomputer.com·
Data-stealing Chrome extensions impersonate Fortinet, YouTube, VPNs
Trojanized RVTools push Bumblebee malware in SEO poisoning campaign
Trojanized RVTools push Bumblebee malware in SEO poisoning campaign
The official website for the RVTools VMware management tool was taken offline in what appears to be a supply chain attack that distributed a trojanized installer to drop the Bumblebee malware loader on users' machines.
·bleepingcomputer.com·
Trojanized RVTools push Bumblebee malware in SEO poisoning campaign
Coinbase data breach impacted 69,461 individuals
Coinbase data breach impacted 69,461 individuals
Cryptocurrency exchange Coinbase announced that the recent data breach exposed data belonging to 69,461 individuals.
·securityaffairs.com·
Coinbase data breach impacted 69,461 individuals
News alert: Attaxion integrates its EASM Platform with ENISA’s EU Vulnerability Database (EUVD)
News alert: Attaxion integrates its EASM Platform with ENISA’s EU Vulnerability Database (EUVD)
Dover, Del., May 21, 2025, CyberNewswire -- Attaxion, the external attack surface management (EASM) vendor with industry-leading asset coverage, announces the integration of the European Vulnerability Database (EUVD) into its platform. Operated by the European Union Agency for Cybersecurity (ENISA), the EUVD is a publicly accessible vulnerability repository developed in response to the NIS2 Directive.
·lastwatchdog.com·
News alert: Attaxion integrates its EASM Platform with ENISA’s EU Vulnerability Database (EUVD)
News alert: DataHub secures $35M Series B to enable AI to safely manage and use data
News alert: DataHub secures $35M Series B to enable AI to safely manage and use data
Palo Alto, Calif., May 21, 2025 – DataHub, by Acryl Data, the leading open source metadata platform, today announced it has raised $35 million in Series B funding led by Bessemer Venture Partners. This latest round brings the company's total funding to $65 million, enabling accelerated development of its context management platform that provides discovery,
·lastwatchdog.com·
News alert: DataHub secures $35M Series B to enable AI to safely manage and use data
European Union sanctions Stark Industries for enabling cyberattacks
European Union sanctions Stark Industries for enabling cyberattacks
The European Union has imposed strict sanctions against web-hosting provider Stark Industries and the two individuals running it, CEO Iurie Neculiti and owner Ivan Neculiti, for enabling "destabilising activities" against the Union.
·bleepingcomputer.com·
European Union sanctions Stark Industries for enabling cyberattacks
Managing Identities to Strengthen Business Continuity | CSA
Managing Identities to Strengthen Business Continuity | CSA
Identity plays a vital role in keeping cloud platforms operating smoothly. Organizations require an identity framework that can adapt to a wide range of events.
·cloudsecurityalliance.org·
Managing Identities to Strengthen Business Continuity | CSA
Google Chrome pourra changer vos mots de passe lui-même s’ils encourent un risque
Google Chrome pourra changer vos mots de passe lui-même s’ils encourent un risque
Google tente une nouvelle approche pour accompagner les internautes à avoir une hygiène numérique de meilleure qualité. Avec Chrome, le géant du net proposera un mécanisme permettant de renouveler automatiquement un mot de passe à risque, sans avoir à se rendre sur le site. Tout se fera en quelques instants en
·numerama.com·
Google Chrome pourra changer vos mots de passe lui-même s’ils encourent un risque
RSAC Fireside Chat: Enterprise browsers arise to align security with the modern flow of work
RSAC Fireside Chat: Enterprise browsers arise to align security with the modern flow of work
A quiet but consequential shift is underway in enterprise workspace security. The browser has effectively become the new operating system of business. Related: Gartner's enterprise browser review It didn’t happen all at once. But as SaaS took over, remote work went mainstream, and generative AI entered the picture, the browser quietly assumed a central role.
·lastwatchdog.com·
RSAC Fireside Chat: Enterprise browsers arise to align security with the modern flow of work
Securing CI/CD workflows with Wazuh
Securing CI/CD workflows with Wazuh
Wazuh detects container vulnerabilities, monitors CI/CD workflows, and automates incident response to prevent breaches.
·thehackernews.com·
Securing CI/CD workflows with Wazuh
Kettering Health hit by system-wide outage after ransomware attack
Kettering Health hit by system-wide outage after ransomware attack
Kettering Health, a healthcare network that operates 14 medical centers in Ohio, was forced to cancel inpatient and outpatient procedures following a cyberattack that caused a system-wide technology outage.
·bleepingcomputer.com·
Kettering Health hit by system-wide outage after ransomware attack
MCP: The Protocol Revolutionizing AI Integration | CSA
MCP: The Protocol Revolutionizing AI Integration | CSA
Model Context Protocol is a one-size-fits-all connector that bridges LLMs & the real-world. Learn how next-gen AI assistants are being wired to get things done.
·cloudsecurityalliance.org·
MCP: The Protocol Revolutionizing AI Integration | CSA
More AIs Are Taking Polls and Surveys - Schneier on Security
More AIs Are Taking Polls and Surveys - Schneier on Security
I already knew about the declining response rate for polls and surveys. The percentage of AI bots that respond to surveys is also increasing. Solutions are hard: 1. Make surveys less boring. We need to move past bland, grid-filled surveys and start designing experiences people actually want to complete. That means mobile-first layouts, shorter runtimes, and maybe even a dash of storytelling. TikTok or dating app style surveys wouldn’t be a bad idea or is that just me being too much Gen Z? 2. Bot detection. There’s a growing toolkit of ways to spot AI-generated responses—using things like response entropy, writing style patterns or even metadata like keystroke timing. Platforms should start integrating these detection tools more widely. Ideally, you introduce an element that only humans can do, e.g., you have to pick up your price somewhere in-person. Btw, note that these bots can easily be designed to find ways around the most common detection tactics such as Captcha’s, timed responses and postcode and IP recognition. Believe me, way less code than you suspect is needed to do this...
·schneier.com·
More AIs Are Taking Polls and Surveys - Schneier on Security
U.S. CISA adds Ivanti EPMM, MDaemon Email Server, Srimax Output Messenger, Zimbra Collaboration, and ZKTeco BioTime flaws to its Known Exploited Vulnerabilities catalog
U.S. CISA adds Ivanti EPMM, MDaemon Email Server, Srimax Output Messenger, Zimbra Collaboration, and ZKTeco BioTime flaws to its Known Exploited Vulnerabilities catalog
CISA adds Ivanti, MDaemon Email Server, Srimax Output Messenger, Zimbra, ZKTeco BioTime flaws to its Known Exploited Vulnerabilities catalog
·securityaffairs.com·
U.S. CISA adds Ivanti EPMM, MDaemon Email Server, Srimax Output Messenger, Zimbra Collaboration, and ZKTeco BioTime flaws to its Known Exploited Vulnerabilities catalog
M&S Braces for £300 Million Cyber-Attack Costs
M&S Braces for £300 Million Cyber-Attack Costs
An M&S trading update estimates the ongoing cyber-incident will cost £300m, largely from lost sales due to the suspension of online orders
·infosecurity-magazine.com·
M&S Braces for £300 Million Cyber-Attack Costs
Marks & Spencer faces $402 million profit hit after cyberattack
Marks & Spencer faces $402 million profit hit after cyberattack
British retailer giant Marks & Spencer (M&S) is bracing for a potential profit hit of up to £300 million £300 million ($402 million) following a recent cyberattack that led to widespread operational and sales disruptions.
·bleepingcomputer.com·
Marks & Spencer faces $402 million profit hit after cyberattack