Latest CyberSec News by @thecyberpicker

If you use ChatGPT to learn new topics, you might want to try its new flashcard-based quiz feature, which can help you evaluate your progress.

Anthropic is planning to bring the famous Claude Code to the web, and it might be similar to ChatGPT Codex, but you'll need GitHub to get started.

OpenAI has announced a big update for Codex, which is the company's agentic coding tool.

Cybercriminals are abusing Meta's advertising platforms with fake offers of a free TradingView Premium app that spreads the Brokewell malware for Android.

Cybercriminals spread Brokewell via fake TradingView Premium ads on Meta, stealing crypto and data with remote control since July 2024.

Here’s this week’s cybersecurity recap in plain terms, built for leaders and practitioners who need the signal, not the noise.

Pennsylvania’s Attorney General confirmed the OAG had refused to pay a ransom demand to the attackers after files were encrypted

Over 80% of security incidents stem from browser-based apps, with Scattered Spider exploiting sessions and APIs.

ScarCruft (APT37) launches Operation HanKook Phantom, a phishing campaign using RokRAT to target academics, ex-officials, and researchers.

Some scammers are selling ETA documents at exaggerated prices, and others are after your personal and financial data.

Dans une étude parue le 27 août 2025, les chercheurs de Truesec décortiquent le mode opératoire d'une large campagne de vols de données. La porte d'entrée dans les infrastructures victimes ? Un éditeur de PDF promu sur Google Ads puis modifié après coup pour intégrer le logiciel malveillant Tampered Chef. Gratuit et

Cyber attackers don’t always need sophisticated exploits. Too often, they succeed by exploiting the basics. Related: 51 common SMB cyberattacks That’s the warning from Chris Wallis, founder and CEO of London-based Intruder, who sat down with Last Watchdog during Black Hat USA 2025. His company has carved out a niche helping small and mid-sized businesses,

The campaign shows APT29’s intentions to “cast a wider net in their intelligence collection efforts,” said Amazon

Adversaries targeting the Salesloft Drift application integration with Salesforce have also compromised Google Workspace accounts

ScarCruft’s Operation HanKook Phantom uses RokRAT malware in spear-phishing campaigns, targeting South Korean academics for espionage.

WhatsApp has fixed a zero-day vulnerability linked to a sophisticated cyber-attack

A list of topics we covered in the week of August 25 to August 31 of 2025

Ils opèrent des campagnes d'espionnage et de sabotage ultra-sophistiquées et infiltrent en silence les organisations et entreprises stratégiques du monde entier. Pour mieux comprendre les grandes menaces qui entourent le monde cyber, Numerama dresse les portraits des groupes dits « APT ». Quels sont leurs modes

OpenAI is working on a new feature called the Thinking effort picker for ChatGPT.

WhatsApp patched CVE-2025-55177 zero-day linked with Apple CVE-2025-43300, exploited in spyware attacks.

Learn about the top external network risks and recommendations to harden configurations from the CIS Cyber Threat Intelligence team.

Un samedi pas comme les autres pour les clients de grandes banques françaises : Crédit Mutuel, CIC, mais aussi Crédit Agricole et Caisse d'Épargne n'assurent plus les retraits d'argent et les paiements en ligne. Des millions de clients sont potentiellement affectés. Si vous avez eu un refus de paiement cette

Threat actors have been using multiple websites promoted through Google ads to distribute a convincing PDF editing app that delivers an info-stealing malware called TamperedChef.

Threat actors abused Velociraptor via Cloudflare Workers in 2024, enabling C2 tunneling and ransomware precursors

Google reveals UNC6395 exploited Drift OAuth tokens Aug 8–18, 2025, forcing Salesforce to disable integrations

WhatsApp patched CVE-2025-55177 zero-day linked with Apple CVE-2025-43300, exploited in spyware attacks.

First-person account of someone accidentally catching several Humboldt squid on a fishing line. No photos, though. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy.

In a post mortem of the incident, Baltimore Inspector General Isabel Mercedes Cumming said the city’s accounts payable department had failed to implement corrective measures after previous incidents of fraud and did not have proper protections in place to verify supplier details.

Microsoft has released the KB5064081 preview cumulative update for Windows 11 24H2, which includes thirty-six new features or changes, with many gradually rolling out. These updates include new Recall features and a new way of displaying CPU usage in Task Manager.

Microsoft has resolved a known issue causing false CertificateServicesClient (CertEnroll) error messages after installing the July 2025 preview and subsequent Windows 11 24H2 updates.