Manuel Bissey

Brush exploit can cause any Chromium browser to collapse in 15-60 seconds “Brash” flaw in Chromium’s Blink engine lets attackers crash browsers instantly via a single malicious URL, researcher Jose Pino revealed.

Brush exploit can crash any Chromium browser in 15–60s — urgent patching and mitigations are non-negotiable. Update browsers and block untrusted content now. ⏱️💥 #BrowserSecurity #ZeroDayAlert

buff.ly/KRXIW9r

A New Security Layer for macOS Takes Aim at Admin Errors Before Hackers Do ThreatLocker’s DAC for macOS Beta scans configurations up to four times daily to expose security gaps.

macOS gets a new security layer to block exploit chains before they start — proactive defense is finally catching up to attacker speed. 🍏🛡️ #EndpointSecurity #AppleDefense

AI Trust Paradox: Overcome Fear Auto Cyber Remediation Cybersecurity teams are adopting AI for remediation but fear unintended consequences. Learn how to build trust in AI systems for scalable risk reduction.

Security teams face an AI trust paradox — embracing automation yet fearing its mistakes. Confidence in AI must be earned, not assumed. 🤖⚖️ #SecureAI #SecurityOperations

BPO giant Conduent confirms data breach impacts 10.5 million people American business services giant Conduent has confirmed that a 2024 data breach has impacted over 10.5 million people, according to notifications filed with the US Attorney General's offices.

BPO giant Conduent confirms a breach impacting 105M people — a staggering reminder of how scale multiplies both efficiency and exposure. 🧮🔓 #DataBreach #ThirdPartyRisk

Passwordless adoption moves from hype to habit - Help Net Security Dashlane’s 2025 report reveals global passkey adoption trends, showing growth across e-commerce, enterprise, finance, and government sectors.

👉 Passkey adoption is accelerating in 2025 — signaling the slow fade of passwords and a step toward frictionless security. 🔑🚀 #Passwordless #DigitalIdentity

Email breaches are the silent killers of business growth - Help Net Security Global report shows most firms suffered an email breach last year, with slow response times driving higher costs and ransomware risk.

Email breach response cases are surging — proving phishing remains the oldest yet most effective way in. Awareness still beats any filter. 📧⚠️ #EmailSecurity #IncidentResponse

Orgs See Surge in AI-Powered Attacks Across Africa Africa becomes a proving ground for AI-driven phishing, deepfakes and impersonation, with attackers testing techniques against governments and enterprises.

AI-powered cyberattacks are surging across Africa — blending automation with intent. Defenders must innovate faster than the code chasing them. 🌍⚙️ #AICyberThreats #SecureAI

New AI-Targeted Cloaking Attack Tricks AI Crawlers Into Citing Fake Info as Verified Facts New SPLX research exposes “AI-targeted cloaking,” a simple hack that poisons ChatGPT’s reality and fuels misinformation.

A new AI-targeted cloaking attack fools models into trusting poisoned content — showing that even machines can be deceived by design. 🎭🤖 #AITrust #SecureAI

AI browsers wide open to attack via prompt injection Feature: Agentic features open the door to data exfiltration or worse

AI-powered browsers face prompt injection risks — turning convenience into a new attack vector. Even your tab can be tricked. 🧠🌐 #PromptInjection #SecureAI

Ransomware profits drop as victims stop paying hackers The number of victims paying ransomware threat actors has reached a new low, with just 23% of the breached companies giving in to attackers' demands.

Interesting trend: Ransomware profits are falling as more victims refuse to pay — proof that collective resilience can break the business model of cybercrime. 💪💰 #Ransomware #ResilienceInAction

www.bleepingcomputer.com/news/securit...

Chef to CISO: Empathetic Approaches to Cyber Leadership Myke Lyons, CISO at data-processing SaaS company Cribl, shares how he cooked up an unconventional journey from culinary school to cybersecurity leadership.

Great CISOs lead with empathy — because trust, not fear, builds resilient teams. Cybersecurity starts with human connection. 💬🛡️ #LeadershipMatters #CyberCulture

Scammers target international students by threatening their visa status - Help Net Security International students in the U.S. are prime targets for online scams as fear of visa loss creates openings for cybercriminals.

Scammers are targeting international students with fake visa and tuition schemes — exploiting fear for profit. Awareness is the best protection. 🎓⚠️ #FraudAwareness #StudentSafety

Qilin ransomware abuses WSL to run Linux encryptors in Windows The Qilin ransomware operation was spotted executing Linux encryptors in Windows using Windows Subsystem for Linux (WSL) to evade detection by traditional security tools.

Qilin ransomware abuses WSL to run Linux encryptors on Windows — a cross-platform twist in the ransomware playbook. 🧩💀 #CyberThreats #Ransomware

Chrome Zero-Day Exploited to Deliver Italian Memento Labs' LeetAgent Spyware Kaspersky reveals Chrome zero-day CVE-2025-2783 exploited to deploy Memento Labs’ LeetAgent spyware.

A new Chrome zero-day is being exploited to deliver malware — patch fast, browse safe. The window for attackers is shorter than ever. 🌐⚠️ #BrowserSecurity #ZeroDayExploit

Lazarus targets European defense firms in UAV-themed Operation DreamJob North Korean Lazarus hackers targeted 3 European defense firms via Operation DreamJob, using fake recruitment lures to hit UAV tech staff.

Lazarus targets European defense firms with fake UAV job offers — a reminder that espionage often starts with opportunity, not malware. 🎯💼 #APT #CyberDefense

securityaffairs.com/183783/apt/l...

Former L3Harris cyber director charged with selling secrets : The 0-days have left the building

Oops… A former L3Harris cyber director charged with data theft — insider risk remains the breach no firewall can block. 🧑‍💼🚨 #InsiderThreats #DataMisuse

SideWinder Adopts New ClickOnce-Based Attack Chain Targeting South Asian Diplomats SideWinder’s 2025 phishing attacks used fake PDFs and ClickOnce apps to target South Asian embassies.

SideWinder adopts a new ClickOnce-based attack chain — proving that even old delivery methods can power new espionage. 🧩🕵️‍♂️ #APT #MalwareInnovation

72 states sign first global UN Convention against Cybercrime - Help Net Security 72 States signed the first UN Convention against Cybercrime in Hanoi, strengthening global cooperation to combat cybercrime.

☝️ The new UN convention against cybercrime aims to align nations on digital justice — a rare moment of unity in a fragmented cyberspace. 🌍⚖️ #CyberLaw #InternationalCooperation

CISOs Finally Get a Seat at the Board's Table AI’s explosive growth has lifted cybersecurity to the top of the Board's agenda — here's how CISOs can seize the moment, according to Diana Kelley.

👉 CISOs are finally earning a seat at the board table — where cyber risk meets business reality. Security is strategy, not support. 🪑💼 #CyberLeadership #BoardGovernance

How to stop third-party risk from becoming your biggest headache - Help Net Security Learn how to reduce exposure and strengthen identity governance in this third-party cyber risk video featuring insights from One Identity.

Third-party cyber risk keeps expanding — your security is only as strong as your partners’. Vet, verify, and monitor continuously. 🔍🤝 #SupplyChainSecurity #RiskManagement

UN Cybercrime Treaty wins dozens of signatories : Allows surveillance and cross-border evidence sharing, which worries human rights groups

The UN signs a global cybercrime convention — a long-awaited step toward unified digital law enforcement. Cooperation is the new firewall. 🌐🤝 #CyberDiplomacy #GlobalSecurity

3,000 YouTube Videos Exposed as Malware Traps in Massive Ghost Network Operation Check Point exposes the YouTube Ghost Network spreading malware through 3,000 hacked videos since 2021.

Over 3,000 YouTube videos found hosting malware — turning entertainment into exploitation. Watch, but verify. 🎥🦠 #Malvertising #PlatformSecurity

CISA Layoffs Weaken Civilian Cyber Defense Cyber teams need to get to work backfilling diminishing federal resources, says Alexander Garcia-Tobar.

CISA layoffs could weaken U.S. civilian cyber defense — when resources shrink, resilience follows. Strategy needs people behind the firewalls. 🛡️🇺🇸 #CyberDefense #PublicSectorSecurity

DDoS, data theft, and malware are storming the gaming industry - Help Net Security The gaming industry is facing a new wave of cyber threats, from DDoS disruptions to stolen player data and hijacked accounts.

The gaming industry is under fire — from data theft to in-game fraud. As virtual worlds grow, so do real-world risks. 🎮⚔️ #GameSecurity #DigitalRisk

Fake LastPass death claims used to breach password vaults LastPass is warning customers of a phishing campaign sending emails with an access request to the password vault as part of a legacy inheritance process.

Hackers are spreading fake “LastPass death” news to steal vault credentials — when panic meets phishing, passwords die first. 🪦🔑 #CredentialTheft #Phishing

Inside the attack chain: Threat activity targeting Azure Blob Storage | Microsoft Security Blog Azure Blob Storage is a high-value target for threat actors due to its critical role in storing and managing massive amounts of unstructured data at scale across diverse workloads and is increasingly…

Attackers are targeting Azure Blob Storage in complex multi-stage campaigns — reminding us that cloud data needs active defense, not blind trust. ☁️🛡️ #CloudSecurity #DefensiveSecurity

Toys R Us Canada customer data swiped, dumped online : What?! No complimentary credit monitoring?

Toys“R”Us Canada confirms a data leak affecting customers — even childhood brands need grown-up security. 🧸🔐 #Breach #DataProtection

Analysing ClickFix: 3 Reasons Why Copy/Paste Attacks Are Driving Security Breaches ClickFix attacks use fake CAPTCHAs and clipboard scripts to bypass detection and compromise endpoints.

ClickFix attacks keep rising — exploiting trust, curiosity, and automation fatigue. Awareness is still the strongest patch. 🧠⚠️ #UserAwareness #PhishingDefense

Building trust in AI: How to keep humans in control of cybersecurity - Help Net Security Rekha Shenoy, CEO of BackBox, explains the path to trustworthy AI security through transparency, control, and human expertise.

👉 Trustworthy AI starts with secure design — because intelligence without integrity is just another vulnerability. 🤖🧱 #SecureAI #Innovation

Iranian hackers targeted over 100 govt orgs with Phoenix backdoor State-sponsored Iranian hacker group MuddyWater has targeted more than 100 government entities in attacks that deployed version 4 of the Phoenix backdoor.

Iranian hackers breached 100+ government orgs using the Phoenix backdoor — stealthy persistence with geopolitical intent. 🔥🏛️ #NationStateThreats #CyberEspionage