Latest CyberSec News by @thecyberpicker

Get an inside look at how JJ Cummings helped build and lead one of Cisco Talos’ most impactful security teams, and discover what drives him to stay at the forefront of threat intelligence.

Ransomware attackers continue to primarily target small and medium-sized manufacturing businesses in Japan.

Nearly 60% of 2024 breaches involved human factors, showing weak security culture undermines advanced defenses

U.K. drops January 2025 Apple backdoor mandate after U.S. civil liberties concerns, protecting encrypted iCloud data.

Trivial C# Random Exploitation

Researchers detected that FreeVPN.One, a longstanding Chrome Web Store VPN extension, recently turned into spyware

Kaspersky experts analyze GodRAT, a new Gh0st RAT-based tool attacking financial firms. It is likely a successor of the AwesomePuppet RAT connected to the Winnti group.

As digital infrastructure increasingly influences our daily lives, the National Institute of Standards and Technology (NIST) is committed to advancing cybers

A zero-day vulnerability in WinRAR is being exploited by at least two Russian criminal groups: The vulnerability seemed to have super Windows powers. It abused alternate data streams, a Windows feature that allows different ways of representing the same file path. The exploit abused that feature to trigger a previously unknown path traversal flaw that caused WinRAR to plant malicious executables in attacker-chosen file paths %TEMP% and %LOCALAPPDATA%, which Windows normally makes off-limits because of their ability to execute code. More details in the article...

Penetration testing has long served as a cornerstone of cybersecurity—a red-team exercise, often once or twice a year, designed to surface exploitable weaknesses. But in today’s dynamic threat landscape, that model is showing its age. Related: Pentesting in the AI era Cloud-native architectures evolve hourly. APIs sprawl. Misconfigurations are exploited within days—sometimes hours—of deployment. Manual

Dans une étude publiée le 16 août 2025, Paul McCarty, chercheur pour la société américaine Safety, dévoile les résultats de son enquête sur des paquets de développement malveillants ciblant les développeurs de l’écosystème Solana. Fait notable, la plupart des victimes identifiées sont russes, tandis que les serveurs

South Yorkshire Police have been reprimanded by the ICO after deleting 96,000 pieces of evidence from officers’ bodycams

Over 280,000 customers of Australian ISP iiNet have been impacted by a data breach

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Trend Micro Apex One flaw to its Known Exploited Vulnerabilities catalog.

Dans un communiqué publié le 15 août 2025, le géant des logiciels RH Workday annonce avoir été victime d'une cyberattaque ayant compromis certaines données professionnelles de ses clients. L'offensive s’inscrit dans un mode opératoire particulièrement efficace, qui vise les CRM des entreprises et qui continue

PyPI unverified 1,800 emails since June 2025 to block expired-domain attacks, strengthening open-source supply chain security.

A Nebraska man was sentenced to one year in prison for defrauding cloud computing providers of over $3.5 million to mine cryptocurrency worth nearly $1 million.

A state-sponsored espionage campaign is targeting foreign embassies in South Korea to deploy XenoRAT malware from malicious GitHub repositories.

Hackers have stolen the personal information of 1.1 million individuals in a Salesforce data theft attack, which impacted U.S. insurance giant Allianz Life in July.

Fake Gmail security alerts are tricking users into inadvertently handing over control of their accounts to scammers. Here's what to look for.

Hackers are disguising a powerful strain of malware as a ChatGPT desktop application in preparation for ransomware attacks, Microsoft said.

Noodlophile stealer targets enterprises via copyright phishing since 2024, using Gmail, Dropbox, and Telegram for evasion.

The source code for version 3 of the ERMAC Android banking trojan has been leaked online, exposing the internals of the malware-as-a-service platform and the operator's infrastructure.

Thai police found a portable SMS blaster capable of sending barrages of scam texts inside of a Suzuki — at least the second such seizure in Bangkok in recent weeks.

Bragg Gaming Group said on Monday that it “believes that the data breach was limited to Bragg’s internal computer environment” based on its preliminary investigation.

The provisions mentioned by the president, such as banning mail-in voting and voting machines, are viewed by many experts as plainly unconstitutional.

The winning projects were competitively selected following a call for innovative proposals that address technical needs related to NIST’s research areas.

In cybersecurity, speed matters, but trust is crucial. AI must ensure both rapid response and reliable decisions to avoid errors.

PipeMagic exploits CVE-2025-29824 in Windows, enabling RansomExx attacks in Saudi Arabia and Brazil.