Latest CyberSec News by @thecyberpicker

More than 200,000 WordPress websites are using a vulnerable version of the Post SMTP plugin that allows hackers to take control of the administrator account.

Insurance company Allianz Life has confirmed that the personal information for the "majority" of its 1.4 million customers was exposed in a data breach that occurred earlier this month.

Ou comment les espions cherchent leurs futurs Mister Q. Ce vendredi 27 juin 2025, les geeks se pressent à la Cité des sciences et de l’industrie, à Paris. Au programme des conférenciers présents au salon « LeHack », des interventions sur des failles de sécurité, la recherche en sources ouvertes et des ateliers

Hackers bypass FIDO keys using spoofed portals and QR codes, exposing MFA weaknesses and risking user accounts.

Arizona woman gets 8 years for helping North Korea-linked threat actors to infiltrate 309 U.S. firms with fake IT jobs.

CERT-UA could link back the LAMEHUG AI malware, that's written in Python and uses Hugging Face AI API, to the Russian hacker group APT28.

Yet another SQUID acronym: “Stable Quasi-Isodynamic Design.” It’s a stellarator for a fusion nuclear power plant.

Hundreds of LG LNV5110R cameras are affected by an unpatched auth bypass flaw that allows hackers to gain admin access.

A hacker planted data wiping code in a version of Amazon's generative AI-powered assistant, the Q Developer Extension for Visual Studio Code.

Microsoft is investigating an ongoing outage blocking Microsoft 365 administrators with business or enterprise subscriptions from accessing the admin center.

A cybercriminal managed to insert malicious files leading to info stealers in a pre-release of a game on the Steam platform

From PowerShell abuse to USB data theft, modern threats hit fast—and hard.vSee how security-minded PMs are responding with real-time controls, smarter policies, and tools like ThreatLocker Patch Management.

The regulatory filing follows a wave of hacks against the industry that researchers have linked to Scattered Spider.

Authorities also charged several of the indicted people with attempting to evade U.S. sanctions on North Korea.

Depuis plusieurs semaines, une vaste campagne d'arnaque par SMS cible les Français. Le désormais célèbre message « Bonjour, vous êtes chez vous ? » se révèle bien plus sournois qu’il n’y paraît. La bonne nouvelle, c’est que tout le monde peut agir pour s’en protéger. Numerama vous délivre quelques conseils et un

Patchwork targets Turkish defense firms with LNK phishing to steal UAV, missile data amid geopolitical tension.

U.S. sanctions North Korean front company, 3 individuals for $17M IT worker fraud funding WMDs.

State-linked hackers and ransomware groups are targeting SharePoint customers across the globe.

The State Department announced Thursday it will pay up to $15 million for information leading to the arrest of seven North Korean nationals accused of operating criminal schemes.

The US and partners from nine countries have taken down part of the ransomware group’s infrastructure

Russian defense firms hit by cyberattacks using EAGLET malware via phishing lures; threat actors linked to Head Mare and Hive0156.

Author: Dr. Andrea Little Limbago, SVP, Applied AI  We are at a rare moment in history, one where an industrial revolution, an information revolution, and

Deepfake audio fraud can mimic voices with alarming accuracy. Many organizations are ill-equipped to combat this sophisticated cybercrime.

This week in cybersecurity from the editors at Cybercrime Magazine

The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) has sanctioned three North Korean nationals and a company for supporting fraudulent IT worker schemes that generated illicit revenue for the Democratic People's Republic of Korea (DPRK) government.

Prosecutors said Chapman helped the North Korean IT workers obtain jobs at 309 companies, including a major television network, a car maker, a media company, a Silicon Valley technology company and more.

Depuis le 23 juillet 2025, un cybercriminel prétend avoir en sa possession des documents secret défense appartenant à Naval Group. À moins de 24 heures de l'échéance fixée par le corbeau virtuel, le leader européen du naval de défense confirme avoir détecté un potentiel incident, mais précise qu’une enquête est en

Today’s freaky LLM behavior: We study subliminal learning, a surprising phenomenon where language models learn traits from model-generated data that is semantically unrelated to those traits. For example, a “student” model learns to prefer owls when trained on sequences of numbers generated by a “teacher” model that prefers owls. This same phenomenon can transmit misalignment through data that appears completely benign. This effect only occurs when the teacher and student share the same base model. Interesting security implications. I am more convinced than ever that we need serious research into ...

Sygnia observed Chinese cyber campaign dubbed Fire Ant deploying sophisticated techniques to gain full compromise of victim environments, discovering isolated assets

Christina Marie Chapman, a 50-year-old woman from Arizona, was sentenced to 102 months in prison after pleading guilty to her involvement in a scheme that enabled North Korean IT workers to infiltrate 309 U.S. companies.