Latest CyberSec News by @thecyberpicker

Storm-2603 group exploits SharePoint flaws and uses a custom C2 framework, AK47 C2, with HTTP- and DNS-based variants.

Legacy data is limiting SOC AI effectiveness, leaving defenders vulnerable as attackers optimize with AI.

New research reveals that employees engage with 44% of read vendor email compromise attacks. See which industries and roles are most vulnerable to this threat.

Proton annonce le lancement de Proton Authenticator, un logiciel pour smartphone et pour ordinateur pour gérer ses codes pour la double authentification. L'outil vient challenger les ténors du genre, comme Google Authenticator. Avoir un mot de passe d'excellente qualité et unique par service, c'est bien. Utiliser un

Microsoft has observed Russian state actor Secret Blizzard using an AiTM position to gain initial access, assisted by official domestic intercept systems

Airportr is a service that allows passengers to have their luggage picked up, checked, and delivered to their destinations. As you might expect, it’s used by wealthy or important people. So if the company’s website is insecure, you’d be able to spy on lots of wealthy or important people. And maybe even steal their luggage. Researchers at the firm CyberX9 found that simple bugs in Airportr’s website allowed them to access virtually all of those users’ personal information, including travel plans, or even gain administrator privileges that would have allowed a hacker to redirect or steal luggage in transit. Among even the small sample of user data that the researchers reviewed and shared with WIRED they found what appear to be the personal information and travel records of multiple government officials and diplomats from the UK, Switzerland, and the US...

The NIST National Cybersecurity Center of Excellence (NCCoE) has released a second public draft of

The Zero Day Initiative is offering a $1 million reward to security researchers who will demonstrate a zero-click WhatsApp exploit at its upcoming Pwn2Own Ireland 2025 hacking contest.

Dans un rapport publié le 31 juillet 2025, Microsoft détaille le mode opératoire d'une campagne de cyberespionnage très sophistiquée qui vise les ambassades étrangères basées en Russie. À l'origine de cette attaque furtive ? Le groupe Secret Blizzard, fortement soupçonné d'être piloté par le Service fédéral de

Spikes in attacker activity precede the disclosure of vulnerabilities 80% of the time, according to a new GreyNoise report

Storm-2603 exploits Microsoft SharePoint flaws to deploy dual ransomware in APAC and Latin America.

Flashpoint data reveals an 800% increase in credentials stolen via infostealers in just six months

The UK’s AI Security Institute has announced a new AI misalignment research program

CISA has released Thorium, an open-source tool for malware and forensic analysis, now available to analysts.

Information-sharing organizations warned their members that Scattered Spider continues to pose a major threat.

Russia-linked Secret Blizzard targets foreign embassies in Moscow via ISP-level AitM attacks, deploying custom ApolloShadow malware.

The Trump Administration is working with 60 companies on a plan to have Americans voluntarily upload their healthcare and medical data.

In this edition of the Threat Source newsletter, William explores

Microsoft has announced that it will start disabling external workbook links to blocked file types by default between October 2025 and July 2026.

Cybersecurity professionals and researchers can now launch Kali Linux in a virtualized container on macOS Sequoia using Apple's new containerization framework.

Geopolitical shocks, trade wars, tariff policies, cyber threats and compounding supplier disruptions mean today’s supply chain challenges demand more than awa

Russian APT Secret Blizzard uses ISP-level AitM attacks to deploy ApolloShadow malware on embassy devices in Moscow.

Federal analysts are still sizing up what the Chinese hackers known as Volt Typhoon might have intended by setting up shop there, a CISA official said Thursday.

Hackers exploit a critical vulnerability, tracked as CVE-2025-5394 (CVSS score of 9.8), in the 'Alone WordPress theme to hijack sites.

Microsoft's Identity Threat Detection and Response solution integrates identity and security operations to protect against identity-based cyberthreats.

Microsoft has expanded its .NET bug bounty program and increased rewards to $40,000 for some .NET and ASP.NET Core vulnerabilities.

A new Microsoft report finds that the long-running threat group has gained positions on state-aligned ISPs and Russian telecoms, while tricking foreign embassy staff to download custom malware.

Microsoft warns that a cyber-espionage group linked to Russia's Federal Security Service (FSB) is targeting diplomatic missions in Moscow using local internet service providers.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) today announced the public availability of Thorium, an open-source platform for malware and forensic analysts across the government, public, and private sectors.