Latest CyberSec News by @thecyberpicker

The U.S. Treasury's Office of Foreign Assets Control (OFAC) has sanctioned two individuals and two companies associated with North Korean IT worker schemes that operate at the expense of American organizations.

Google reports that the Salesloft Drift breach is larger than initially thought, warning that attackers also used stolen OAuth tokens to access Google Workspace email accounts in addition to Salesforce data.

Researchers said Google Workspace customers were hit, and noted other platforms are impacted as well. Fresh evidence proves impact was not limited to Salesforce, as Salesloft previously claimed.

This week, Joe encourages you to find your community in cybersecurity and make the effort to grow, network and hack stuff together.

The incident began on July 28 and was discovered two days later, TransUnion told the Maine attorney general. A separate filing in Texas shows that Social Security numbers were among the leaked information.

Google is working to resolve authentication failures preventing users from signing into their Clever and ClassLink accounts on some ChromeOS devices.

VS Code flaw lets attackers reuse deleted extension names, enabling ransomware payload delivery and supply chain risks.

Microsoft says that Word for Windows will soon enable autosave and automatically save all new documents to the cloud by default.

Anthropic's Claude Code large language model has been abused by threat actors who used it in data extortion campaigns and to develop ransomware packages.

Last month, KrebsOnSecurity tracked the sudden emergence of hundreds of polished online gaming and wagering websites that lure people with free credits and eventually abscond with any cryptocurrency funds deposited by players. We've since learned that these scam gambling sites…

The FBI and the Dutch Police have shut down the VerifTools marketplace for fraudulent identity documents after seizing servers in Amsterdam that hosted the online operation.

Click Studios, the company behind the Passwordstate enterprise-grade password manager, has warned customers to patch a high-severity authentication bypass vulnerability as soon as possible.

Dans une alerte publiée le 27 août 2025, le FBI, conjointement avec les services de renseignement de douze pays, a annoncé avoir formellement identifié trois entreprises chinoises utilisées comme paravent par Salt Typhoon. Depuis plusieurs années, ce groupe de cyberespionnage infiltre des infrastructures hautement

Anthropic—maker of AI coding chatbot Claude—says cybercriminals have abused Claude to automate and orchestrate sophisticated attacks.

While ransomware gangs traditionally rely on deploying malware to encrypt files, a threat actor’s recent tactics show they no longer need to do that during attacks.

Nx malware uses AI CLIs to find secrets, ESET discovers malware sample leveraging OpenAI's OSS model, binary exploitation CTF for Phrack's 40th

MathWorks, a leading developer of mathematical simulation and computing software, revealed that a ransomware gang stole the data of over 10,000 people after breaching its network in April.

Fake IT support lures are being used to trick employees into installing remote‑access tools via Microsoft Teams

The Sunday attack disrupted key services across the state and led to the theft of some data.

Palo Alto, Calif., Aug. 28, 2025, CyberNewswire — It is no secret that passwords are highly susceptible to phishing and brute force attacks. This led to the mass adoption of passkeys, a passwordless authentication method leveraging cryptographic key pairs that allows users to log in with biometrics or a hardware key. According to FIDO, over

Salt Typhoon hit 600 organizations in 80 countries since 2019, exploiting router flaws for global espionage.

Microsoft is rolling out a feature that defaults to saving your documents to the cloud. Consumers are divided.

Cyberattack on Miljödata disrupted services in over 200 Swedish municipalities, with concerns over stolen sensitive data.

A new report from the Brennan Center for Justice says the Trump administration has foreshadowed plans to meddle with mail-in voting, voter rolls and much more.

Consumer credit reporting giant TransUnion warns it suffered a data breach exposing the personal information of over 4.4 million people in the United States.

Shadow IT isn't theoretical—it's everywhere. Intruder uncovered exposed backups, open Git repos, and admin panels in just days, all hiding sensitive data. Make your hidden assets visible before attackers do.

Salt Typhoon’s primary Dutch targets were small internet service providers and hosting providers

Visual Studio Code extensions have been identified exploiting a loophole that allows reuse of names from removed packages

Data breaches cost $4.44M in 2025 as app flaws and GenAI risks surge, driving urgent security changes.

Examine the structure of AI agents, the identity gaps they expose, and the principles required to govern them as they take on a larger role in enterprises.