Latest CyberSec News by @thecyberpicker

A wave of data breaches impacting companies like Qantas, Allianz Life, LVMH, and Adidas has been linked to the ShinyHunters extortion group, which has been using voice phishing attacks to steal data from Salesforce CRM instances.

The Python Software Foundation warned users this week that threat actors are trying to steal their credentials in phishing attacks using a fake Python Package Index (PyPI) website.

Fraudsters are flooding Discord and other social media platforms with ads for hundreds of polished online gaming and wagering websites that lure people with free credits and eventually abscond with any cryptocurrency funds deposited by players. Here's a closer look…

The United States Military Academy abruptly ended the appointment of Jen Easterly to a high-profile academic position in West Point’s Department of Social Sciences, according to a memorandum issued Wednesday by the Secretary of the Army.

Apple addressed a high-severity vulnerability that has been exploited in zero-day attacks targeting Google Chrome users.

The SafePay ransomware gang is threatening to leak 3.5TB of data belonging to IT giant Ingram Micro, allegedly stolen from the company's compromised systems earlier this month.

Threat actors are actively exploiting a critical unauthenticated arbitrary file upload vulnerability in the WordPress theme 'Alone,' to achieve remote code execution and perform a full site takeover.

Malware campaign using Facebook ads and fake crypto apps delivers JSCEAL, targeting credentials and wallets.

Dropbox a pris la décision d'arrêter son aventure du gestionnaire de mots de passe, démarrée en 2020. L'outil sera progressivement coupé dans les mois à venir. Les internautes concernés doivent migrer sans tarder. C'était en 2020. En pleine période de pandémie de coronavirus, et de forte croissance dans le secteur du

Apple has released important security updates for iOS and iPadOS patching 29 vulnerabilities, mostly in WebKit.

The notorious hacker collective has attracted the attention of government authorities in several nations around the globe.

The global average cost of a data breach fell from $4.88 million in 2024, a 9% decrease that now matches numbers seen in 2023.

The UNC2891 hacking group, also known as LightBasin, used a 4G-equipped Raspberry Pi hidden in a bank's network to bypass security defenses in a newly discovered attack.

Accusée d’avoir sciemment aidé des agents nord-coréens à se faire recruter par de grandes entreprises américaines, Christina Chapman a été condamnée à plus de 8 ans de prison le 24 juillet par un tribunal fédéral. Blanchiment d'argent et usurpation d'identité : retour sur l'épilogue d'un fait divers cyber et

Apple has released security updates to address a high-severity vulnerability that has been exploited in zero-day attacks targeting Google Chrome users.

Decryptor for FunkSec ransomware released as group goes dormant; 172 victims affected across 3 sectors.

The Stolichki pharmacy chain, which operates about 1,000 stores across Russia confirmed that a technical failure that halted its operations on Tuesday was caused by a hack.

Lenovo is warning about high-severity BIOS flaws that could allow attackers to potentially bypass Secure Boot in all-in-one desktop PC models that use customized Insyde UEFI (Unified Extensible Firmware Interface).

A covert ATM attack used a Raspberry Pi to breach bank systems, employing stealthy malware and anti-forensics techniques

Palo Alto Networks has agreed to acquire identity security firm CyberArk for approximately $25 billion, marking the cybersecurity giant's largest acquisition and its formal entry into the identity security market.

JCDC’s troubles add to the woes of the already-depleted CISA, which could lose even more personnel as additional contracts with private companies expire.

Google’s Project Zero team will provide limited details of new vulnerabilities early following discovery, in a bid to speed up end users’ patching

NIST is soliciting comments from the public on the draft until Sept. 12, and the agency is planning a virtual event to showcase the project and gather feedback on Aug. 27.

Steer clear of the dangers of oversharing on social media. This blog offers examples of what can go wrong and easy-to-follow steps on how to do things right.

PyPI warns of phishing emails from noreply@pypj[.]org posing as "[PyPI] Email verification" to redirect users to fake package sites.

Cybersecurity company Avast released a decryptor for the short-lived FunkSec ransomware, and said it is assisting dozens of the gang's targets with the process.

This week in cybersecurity from the editors at Cybercrime Magazine

Critical RCE flaws in Dahua smart cameras affect 9 models; threat enables device hijack over LAN/Internet.