Latest CyberSec News by @thecyberpicker

Recent global events highlight the need to look at computer networks as an adversary would. AI tools are lowering the bar for hacktivists hoping to wreak havoc.

Legacy email filters miss post-delivery threats in Microsoft 365 and Google Workspace, exposing data. Here's how EDR-style tools change the game.

Despite claims by a hacker, French defense company Naval Group has detected no intrusions into its IT environments at the time of writing

We are pleased to openly share our pledges and the progress we are making in each of the seven core pillars of product security in the Secure by Design framework

Suggestions de code, aide au débogage, automatisation des tâches… la promesse d’Amazon Q Developer est simple : fluidifier le travail des développeurs. Et si cette extension, téléchargée près d’un million de fois, était piratée et se retrouvait programmée pour essayer d’effacer toutes vos données ? C’est le scénario

The tech giant’s model is built around anticompetitive practices, the head of the Coalition for Fair Software Licensing argues.

China-linked group Fire Ant exploits VMware and F5 flaws to stealthily breach secure systems, reports cybersecurity firm Sygnia.

Default-deny, strict controls, and real-time monitoring: how to stop threats before they start.

Arizonan woman sentenced to 102 months for operating laptop farm for North Korean IT workers

Dating app Tea has been compromised by a hacker, resulting in the exposure of 13,000 selfies

A list of topics we covered in the week of July 21 to July 27 of 2025

Qu'on les nomme « silencieux » ou « fantômes », ces appels intempestifs sans interlocuteur au bout du fil intriguent, agacent, voire inquiètent. Pour tenter de comprendre le mécanisme derrière ces coups de fil étranges, un expert a répondu aux questions de Numerama. « Tu as entendu un souffle ? C’est une blague ?

Scattered Spider targets VMware ESXi in fast, stealthy ransomware attacks across U.S. retail and airline sectors.

Tridium Niagara flaws expose critical infrastructure to takeover if misconfigured, affecting security and system uptime.

Le détective privé Charles Berthinier était spécialisé en terrain lorsque le covid l’a amené à se former à l’OSINT. Il s’en sert aujourd’hui pour toutes ses enquêtes, et n’a parfois même pas à se déplacer pour les résoudre. Récit. Quand j’ai décidé de devenir détective privé, j’étais sur le point d’obtenir mon

Scattered Spider hackers have been aggressively targeting virtualized environments by attacking VMware ESXi hypervisors at U.S. companies in the retail, airline, transportation, and insurance sectors.

C'est peut-être la nouvelle bataille médiatique qui va occuper les États-Unis : le premier épisode de la saison 27 de South Park porte en lui tout le nécessaire pour faire sortir le président américain de ses gonds. Donald Trump dans la saison 27 de South Park. // Source : Comedy Central L’épisode de South Park sur

More than 200,000 WordPress websites are using a vulnerable version of the Post SMTP plugin that allows hackers to take control of the administrator account.

Insurance company Allianz Life has confirmed that the personal information for the "majority" of its 1.4 million customers was exposed in a data breach that occurred earlier this month.

Ou comment les espions cherchent leurs futurs Mister Q. Ce vendredi 27 juin 2025, les geeks se pressent à la Cité des sciences et de l’industrie, à Paris. Au programme des conférenciers présents au salon « LeHack », des interventions sur des failles de sécurité, la recherche en sources ouvertes et des ateliers

Hackers bypass FIDO keys using spoofed portals and QR codes, exposing MFA weaknesses and risking user accounts.

Arizona woman gets 8 years for helping North Korea-linked threat actors to infiltrate 309 U.S. firms with fake IT jobs.

CERT-UA could link back the LAMEHUG AI malware, that's written in Python and uses Hugging Face AI API, to the Russian hacker group APT28.

Yet another SQUID acronym: “Stable Quasi-Isodynamic Design.” It’s a stellarator for a fusion nuclear power plant.

Hundreds of LG LNV5110R cameras are affected by an unpatched auth bypass flaw that allows hackers to gain admin access.

A hacker planted data wiping code in a version of Amazon's generative AI-powered assistant, the Q Developer Extension for Visual Studio Code.

Microsoft is investigating an ongoing outage blocking Microsoft 365 administrators with business or enterprise subscriptions from accessing the admin center.

A cybercriminal managed to insert malicious files leading to info stealers in a pre-release of a game on the Steam platform

From PowerShell abuse to USB data theft, modern threats hit fast—and hard.vSee how security-minded PMs are responding with real-time controls, smarter policies, and tools like ThreatLocker Patch Management.

The regulatory filing follows a wave of hacks against the industry that researchers have linked to Scattered Spider.