Latest CyberSec News by @thecyberpicker

Brett Leatherman told CyberScoop in an interview that while the group still poses a threat, the bureau is focused on resilience and victim support, and going on offense could be in the future.

The Spanish police have arrested two individuals in the province of Las Palmas for their alleged involvement in cybercriminal activity, including data theft from the country's government.

Cisco has removed a backdoor account from its Unified Communications Manager (Unified CM), which would have allowed remote attackers to log in to unpatched devices with root privileges.

By strategically integrating CSA’s STAR program, FedRAMP 20x can deliver improved clarity, consistency, and trust in cloud security.

Citrix warns that patching recently disclosed vulnerabilities that can be exploited to bypass authentication and launch denial-of-service attacks may also break login pages on NetScaler ADC and Gateway appliances.

Un groupe de hackers pro-iranien a revendiqué, le 30 juin 2025, le vol de près de 100 gigaoctets d’emails appartenant à des membres de l’entourage de Donald Trump. Cette annonce intervient dans un contexte de tensions accrues entre Washington et Téhéran, après les frappes américaines contre les sites nucléaires en

The Forminator plugin for WordPress is vulnerable to an unauthenticated arbitrary file deletion flaw that could enable full site takeover attacks.

New Android malware Qwizzserial has infected 100,000 devices, primarily in Uzbekistan, stealing SMS data via Telegram distribution

A third of AI-generated login URLs lead to incorrect or dangerous domains, according to Netcraft

The attack follows a recent increase in cyberattacks and disruptions at major airlines.

Sen. Ron Wyden wants FBI briefings to cover four often-overlooked cybersecurity practices.

L’ex-employé d’une entreprise basée dans le Yorkshire a été condamné à 7 mois de prison ferme, le 30 juin 2025, pour avoir volontairement saboté l’infrastructure informatique de son ancien employeur. L’homme a agi par vengeance, après avoir été suspendu de ses fonctions. Mohammed Umar Taj, 31 ans, travaillait comme

Microsoft has fixed a known bug that breaks the 'Print to PDF' feature on Windows 11 24H2 systems after installing the April 2025 preview update.

Explore how AI adoption dramatically compresses technology development cycles and how humans are resisting this shift. Learn how to help employees embrace AI.

Spain’s Interior Ministry said the suspects were responsible for stealing and leaking personal data belonging to high-ranking political figures, including Prime Minister Pedro Sánchez, President of the Congress of Deputies Francina Armengol and Catalonia’s President Salvador Illa.

This week in cybersecurity from the editors at Cybercrime Magazine

Cybercriminals are extorting the German humanitarian aid group Welthungerhilfe (WHH) for 20 bitcoin. The charity said it will not pay.

Australian airline Qantas alerted customers and authorities about a data breach at a contact center. The industry remains on edge after cyberattacks on airlines elsewhere.

More than 40 fake extensions in Firefox's official add-ons store are impersonating popular cryptocurrency wallets from trusted providers to steal wallet credentials and sensitive data.

Microsoft is working to fix a DNS misconfiguration that is causing one-time passcode (OTP) message delivery failures in Exchange Online for some users.

Elon Musk-funded xAI is skipping Grok 3.5 and releasing Grok 4 after Independence Day in the United States.

Australian airline Qantas has confirmed a data breach at a third party provider that affects six million customers.

A popular social engineering technique returns: callback phishing, or TOAD attacks, which leverage PDFs, VoIP anonymity and even QR code tricks.

Multi-Factor Authentication (MFA) is a core part of Zero Trust strategies. Yet, MFA adoption lags due to the poor user experience, leaving companies vulnerable.

The French cybersecurity agency identified Houken, a new Chinese intrusion campaign targeting various industries in France

A whole class of speculative execution attacks against CPUs were published in 2018. They seemed pretty catastrophic at the time. But the fixes were as well. Speculative execution was a way to speed up CPUs, and removing those enhancements resulted in significant performance drops. Now, people are rethinking the trade-off. Ubuntu has disabled some protections, resulting in 20% performance boost. After discussion between Intel and Canonical’s security teams, we are in agreement that Spectre no longer needs to be mitigated for the GPU at the Compute Runtime level. At this point, Spectre has been mitigated in the kernel, and a clear warning from the Compute Runtime build serves as a notification for those running modified kernels without those patches. For these reasons, we feel that Spectre mitigations in Compute Runtime no longer offer enough security impact to justify the current performance tradeoff...

Phishing campaigns use PDF attachments and callback phishing to exploit brands like Microsoft and DocuSign, affecting businesses and users.

SOCs face evolving cyber threats as 80% of attacks mimic user behavior. Discover how multi-layered NDR detection strategies enhance defense.

U.S. sanctions Russian BPH provider Aeza Group for hosting ransomware attacks, dark web drugs, and cybercrime.

The Treasury said that Aeza Group has provided infrastructure services for notorious infostealer and ransomware operators