Latest CyberSec News by @thecyberpicker

A cyberattack on Miljödata, an IT systems supplier for roughly 80% of Sweden's municipal systems, has caused accessibility problems in more than 200 regions of the country.

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Citrix NetScaler flaw to its Known Exploited Vulnerabilities catalog.

The U.S. National Security Agency (NSA), the UK's National Cyber Security Centre (NCSC), and partners from over a dozen countries have linked the Salt Typhoon global hacking campaigns to three China-based technology firms.

Financially motivated threat actor Storm-0501 has continuously evolved their campaigns to achieve sharpened focus on cloud-based tactics, techniques, and procedures (TTPs). While the threat actor has been known for targeting hybrid cloud environments, their primary objective has shifted from deploying on-premises endpoint ransomware to using cloud-based ransomware tactics.

Cybersecurity News

Google is introducing a new defense for Android called 'Developer Verification' to block malware installations from sideloaded apps sourced from outside the official Google Play app store.

The financially motivated threat group demonstrates deep knowledge of hybrid cloud environments, which allows it to rapidly steal sensitive data, destroy backups and encrypt systems for ransomware.

ESET uncovers AI-powered PromptLock ransomware using OpenAI gpt-oss:20b model, complicating detection with variable Lua scripts.

CISA has launched a new Software Acquisition Guide Web Tool to enhance security in software procurement

Hackers are targeting American industrial firms by contacting them through their website forms, posing as potential business partners before infecting them with malware.

Dans l’écosystème Tesla, il existe une solution qui assouvit la soif toujours plus grande de certains propriétaires en données sur leur précieux véhicule. Son nom ? TeslaMate, un outil open source capable d'enregistrer l’historique de trajets, l’état de la batterie mais également de révéler des données sensibles à la

More than 28,200 Citrix instances are vulnerable to a critical remote code execution vulnerability tracked as CVE-2025-7775 that is already being exploited in the wild.

For a third year a row, Microsoft has been named the number one leader for endpoint security market share, as featured in a new IDC report.

While still in development, PromptLock is described as the “first known AI-powered ransomware” by ESET researchers

The three companies were accused of providing “cyber-related products and services to China’s intelligence services, including multiple units in the People’s Liberation Army and Ministry of State Security” since at least 2021, according to the advisory.

Healthcare Services Group suffered a 2024 breach, exposing personal data of 624,000+ people. Affected individuals are now being notified.

The Office of the Governor of Nevada revealed that the incident has shut down in-person State services, while government phone lines and websites are offline

The company is urging customers to patch their devices immediately, saying the flaw could lead to denial of service or remote code execution.

ShadowSilk hit 36 victims across Central Asia and APAC in July, using Telegram bots to exfiltrate government data.

Anthropic stopped AI-driven cyberattacks in July 2025, blocking extortion demands up to $500K targeting 17 groups.

Dans un article publié le 26 août 2025, les chercheurs d'ESET révèlent une découverte pour le moins perturbante. Derrière le nom « PromptLock » se cache un malware capable de générer son propre code malveillant et de s’adapter en temps réel à l’environnement ciblé, le tout grâce à l'IA. Faisons-nous face au tout

A series of cyber-attacks against government organizations in Central Asia and Asia- Pacific has been linked to the ShadowSilk threat cluster

Spanish police have arrested a university student suspected of hacking the local government’s education management system to alter grades and gain access to professors’ emails.

Zero trust isn't a project you finish—it's a cycle that keeps evolving. From supply chain exploits to policy drift, resilience requires continuous testing and adaptation. Learn how Specops Software supports this journey with tools that make it easier.

Finance, tech and professional services are among the sectors with the widest adoption of AI-based security tools, according to a new report.

The catalog revision is part of NIST’s response to a recent Executive Order on strengthening the nation’s cybersecurity.

To reduce the number of harmful apps targeting Android users, Google is making some changes.

The Digital Identity Rights Framework safeguards digital identities in AI environments by integrating legal & technical controls that ensure traceability.

ShadowSilk hit 36 victims across Central Asia and APAC in July, using Telegram bots to exfiltrate government data.

From international conflicts and cyber warfare to tariffs and trade protectionism, today’s geopolitical landscape is creating unprecedented challenges for global supply chains. These forces directly affect material costs, logistics and overall operational stability, leaving companies to navigate increasing uncertainty. Now more than ever, leaders must understand how national security concerns and international politics can quickly....