Latest CyberSec News by @thecyberpicker

The FBI and the Dutch Police have shut down the VerifTools marketplace for fraudulent identity documents after seizing servers in Amsterdam that hosted the online operation.

Click Studios, the company behind the Passwordstate enterprise-grade password manager, has warned customers to patch a high-severity authentication bypass vulnerability as soon as possible.

Dans une alerte publiée le 27 août 2025, le FBI, conjointement avec les services de renseignement de douze pays, a annoncé avoir formellement identifié trois entreprises chinoises utilisées comme paravent par Salt Typhoon. Depuis plusieurs années, ce groupe de cyberespionnage infiltre des infrastructures hautement

Anthropic—maker of AI coding chatbot Claude—says cybercriminals have abused Claude to automate and orchestrate sophisticated attacks.

While ransomware gangs traditionally rely on deploying malware to encrypt files, a threat actor’s recent tactics show they no longer need to do that during attacks.

Nx malware uses AI CLIs to find secrets, ESET discovers malware sample leveraging OpenAI's OSS model, binary exploitation CTF for Phrack's 40th

MathWorks, a leading developer of mathematical simulation and computing software, revealed that a ransomware gang stole the data of over 10,000 people after breaching its network in April.

Fake IT support lures are being used to trick employees into installing remote‑access tools via Microsoft Teams

The Sunday attack disrupted key services across the state and led to the theft of some data.

Palo Alto, Calif., Aug. 28, 2025, CyberNewswire — It is no secret that passwords are highly susceptible to phishing and brute force attacks. This led to the mass adoption of passkeys, a passwordless authentication method leveraging cryptographic key pairs that allows users to log in with biometrics or a hardware key. According to FIDO, over

Salt Typhoon hit 600 organizations in 80 countries since 2019, exploiting router flaws for global espionage.

Microsoft is rolling out a feature that defaults to saving your documents to the cloud. Consumers are divided.

Cyberattack on Miljödata disrupted services in over 200 Swedish municipalities, with concerns over stolen sensitive data.

A new report from the Brennan Center for Justice says the Trump administration has foreshadowed plans to meddle with mail-in voting, voter rolls and much more.

Consumer credit reporting giant TransUnion warns it suffered a data breach exposing the personal information of over 4.4 million people in the United States.

Shadow IT isn't theoretical—it's everywhere. Intruder uncovered exposed backups, open Git repos, and admin panels in just days, all hiding sensitive data. Make your hidden assets visible before attackers do.

Salt Typhoon’s primary Dutch targets were small internet service providers and hosting providers

Visual Studio Code extensions have been identified exploiting a loophole that allows reuse of names from removed packages

Data breaches cost $4.44M in 2025 as app flaws and GenAI risks surge, driving urgent security changes.

Examine the structure of AI agents, the identity gaps they expose, and the principles required to govern them as they take on a larger role in enterprises.

This week in cybersecurity from the editors at Cybercrime Magazine

Nevada’s CIO confirmed in a press conference that ransomware actors had exfiltrated data from state networks, amid an ongoing incident investigation

Enterprise security teams are under more pressure than ever to secure sprawling application estates, without slowing down delivery. That's why, over the first half of 2025, we've delivered some of our

German prosecutors charged a man with carrying out a damaging cyberattack on Rosneft Deutschland, the German subsidiary of Russia’s state-owned oil giant, in the weeks following Russia's invasion of Ukraine.

15M Trello profiles leaked in 2024; built-in SaaS security fails, making third-party backup essential.

Everyone hates robocalls. However, it’s difficult to track down all the scammers and spammers that make them, so the Federal Communications...

Anthropic—maker of AI coding chatbot Claude—says cybercriminals have abused Claude to automate and orchestrate sophisticated attacks.

Nx supply chain attack on Aug 26, 2025 leaked 2,349 secrets via npm packages, risking GitHub and cloud accounts.

The US Director of National Intelligence is reporting that the UK government is dropping its backdoor mandate against the Apple iPhone. For now, at least, assuming that Tulsi Gabbard is reporting this accurately.

The US, UK and allies have called out China’s “commercial cyber ecosystem” for enabling large-scale Salt Typhoon campaigns