Latest CyberSec News by @thecyberpicker

Investigations into the Nx "s1ngularity" NPM supply chain attack have unveiled a massive fallout, with thousands of account tokens and repository secrets leaked.

VirusTotal has discovered a phishing campaign hidden in SVG files that create convincing portals impersonating Colombia's judicial system that deliver malware.

Wilmington, Del., Sept. 4, 2025, CyberNewswire — Sendmarc today announced the appointment of Rob Bowker as North American Region Lead. Bowker will oversee regional expansion with a focus on growing the Managed Service Provider (MSP) partner community, developing strategic Value-Added Reseller (VAR) partnerships, and broadening the enterprise customer base. Bowker brings more than two decades

Wilmington, Del., Sept. 4, 2025, CyberNewswire — Sendmarc today announced the appointment of Rob Bowker as North American Region Lead. Bowker will oversee regional expansion with a focus on growing the Managed Service Provider (MSP) partner community, developing strategic Value-Added Reseller (VAR) partnerships, and broadening the enterprise customer base. Bowker brings more than two decades

Noisy Bear hit KazMunaiGas in May 2025 via phishing emails, using Aeza Group hosting.

MeetC2 is a PoC C2 tool using Google Calendar to mimic cloud abuse, helping teams test detection, logging, and response.

Four npm packages uploaded since Sep 2023 impersonate Flashbots, stealing Ethereum keys and seeds via Telegram

NordPass est un gestionnaire de mots de passe efficace, fourni par NordVPN. L'abonnement au service profite actuellement d'une promotion exclusive à Numerama. NordPass, filiale de NordVPN, est un gestionnaire et un générateur de mots de passe puissant, disponible avec les abonnements de NordVPN. Il se charge de

The chairman of the Federal Trade Commission (FTC) last week sent a letter to Google's CEO demanding to know why Gmail was blocking messages from Republican senders while allegedly failing to block similar missives supporting Democrats. The letter followed media…

New research (paywalled): Editor’s summary: Cephalopods are one of the most successful marine invertebrates in modern oceans, and they have a 500-million-year-old history. However, we know very little about their evolution because soft-bodied animals rarely fossilize. Ikegami et al. developed an approach to reveal squid fossils, focusing on their beaks, the sole hard component of their bodies. They found that squids radiated rapidly after shedding their shells, reaching high levels of diversity by 100 million years ago. This finding shows both that squid body forms led to early success and that their radiation was not due to the end-Cretaceous extinction event...

Experts warn of an actively exploited vulnerability, tracked as CVE-2025-42957 (CVSS score: 9.9), in SAP S/4HANA software.

Microsoft says it has been enforcing multifactor authentication (MFA) for Azure Portal sign-ins across all tenants since March 2025.

I am pleased to announce the imminent publication of my latest book, Rewiring Democracy: How AI will Transform our Politics, Government, and Citizenship: coauthored with Nathan Sanders, and published by MIT Press on October 21. Rewriting Democracy looks beyond common tropes like deepfakes to examine how AI technologies will affect democracy in five broad areas: politics, legislating, administration, the judiciary, and citizenship. There is a lot to unpack here, both positive and negative. We do talk about AI’s possible role in both democratic backsliding or restoring democracies, but the fundamental focus of the book is on present and future uses of AIs within functioning democracies. (And there is a lot going on, in both national and local governments around the world.) And, yes, we talk about AI-driven propaganda and artificial conversation...

Microsoft Azure is announcing the start of Phase 2 multifactor authentication enforcement (MFA) starting October 1, 2025. Learn more.

Nexar, a company that sells dashcams--and the footage taken by those dashcams--was a privacy and security nightmare according to a hacker

The European Commission has fined Google €2.95 billion ($3.5 billion) for abusing its dominance in the digital advertising technology market and favoring its adtech services over those of its competitors.

CVE-2025-53690, a critical Sitecore flaw (CVSS 9.0), exploited since Dec 2024, enables RCE and data theft.

Sanctionné par la Commission Nationale de l'Informatique et des Libertés (CNIL) le 3 septembre 2025 d'une amende de 150 millions d'euros, le géant de l'ultra-fast fashion Shein juge cette décision disproportionnée. Dans une déclaration transmise à Numerama le 5 septembre, son porte-parole affirme que « la sévérité de

Researchers at NYU’s Tandon School of Engineering confirmed they created PromptLock to illustrate potential harms of AI-powered malware.

An Argo CD vulnerability allows API tokens with even low project-level get permissions to access API endpoints and retrieve all repository credentials associated with the project.

Wealthsimple, a leading Canadian online investment management service, has disclosed a data breach after attackers stole the personal data of an undisclosed number of customers in a recent incident.

CastleRAT and CastleLoader, active since March 2025, spread malware via phishing and GitHub repos, enabling data theft.

Bridgestone Americas confirmed the incident but has not detailed the scope of the attack

Competition among insurers has forced them to offer concessions on premiums, limits and controls.

The multinational hospitality giant is building a model-agnostic chassis featuring an agentic layer.

Microsoft announced that starting this Thursday, all college students in the United States can get a free year of Microsoft 365 Personal.

An investigation has revealed that files were stolen in a data breach affecting a South Carolina school district

Identity Governance & Administration (IGA) is critical to keeping data secure, ensuring only the right people have access to the right resources. But legacy IGA is slow, costly, and code-heavy. Learn from tenfold why Modern IGA solutions deliver faster out-of-the-box integrations, streamlined governance, and built-in compliance.

A critical SAP S/4HANA code injection vulnerability is being leveraged in attacks in the wild to breach exposed servers, researchers warn.

Overview of California AB 1018 and its impact on automated decision systems, outlining compliance duties and implications for companies.