Latest CyberSec News by @thecyberpicker

Cyberattack on Miljödata disrupted services in over 200 Swedish municipalities, with concerns over stolen sensitive data.

A new report from the Brennan Center for Justice says the Trump administration has foreshadowed plans to meddle with mail-in voting, voter rolls and much more.

Consumer credit reporting giant TransUnion warns it suffered a data breach exposing the personal information of over 4.4 million people in the United States.

Shadow IT isn't theoretical—it's everywhere. Intruder uncovered exposed backups, open Git repos, and admin panels in just days, all hiding sensitive data. Make your hidden assets visible before attackers do.

Salt Typhoon’s primary Dutch targets were small internet service providers and hosting providers

Visual Studio Code extensions have been identified exploiting a loophole that allows reuse of names from removed packages

Data breaches cost $4.44M in 2025 as app flaws and GenAI risks surge, driving urgent security changes.

Examine the structure of AI agents, the identity gaps they expose, and the principles required to govern them as they take on a larger role in enterprises.

This week in cybersecurity from the editors at Cybercrime Magazine

Nevada’s CIO confirmed in a press conference that ransomware actors had exfiltrated data from state networks, amid an ongoing incident investigation

Enterprise security teams are under more pressure than ever to secure sprawling application estates, without slowing down delivery. That's why, over the first half of 2025, we've delivered some of our

German prosecutors charged a man with carrying out a damaging cyberattack on Rosneft Deutschland, the German subsidiary of Russia’s state-owned oil giant, in the weeks following Russia's invasion of Ukraine.

15M Trello profiles leaked in 2024; built-in SaaS security fails, making third-party backup essential.

Everyone hates robocalls. However, it’s difficult to track down all the scammers and spammers that make them, so the Federal Communications...

Anthropic—maker of AI coding chatbot Claude—says cybercriminals have abused Claude to automate and orchestrate sophisticated attacks.

Nx supply chain attack on Aug 26, 2025 leaked 2,349 secrets via npm packages, risking GitHub and cloud accounts.

The US Director of National Intelligence is reporting that the UK government is dropping its backdoor mandate against the Apple iPhone. For now, at least, assuming that Tulsi Gabbard is reporting this accurately.

The US, UK and allies have called out China’s “commercial cyber ecosystem” for enabling large-scale Salt Typhoon campaigns

Le SCAF apparaît enlisé dans sa phase 1B. La faute à des désaccords sur la gouvernance du projet entre les trois principaux acteurs industriels chargés de concevoir le système de combat aérien du futur. Les passes d’armes entre Dassault Aviation et les filiales allemande et espagnole d’Airbus se poursuivent, alors

U.S. sanctions target DPRK IT worker scheme using AI, crypto, and fraud, generating $1M+ since 2021

Chainalysis, OKX, Binance and Tether have managed to stop nearly $50m reaching romance baiting fraudsters

Hackers breached Salesloft to steal OAuth/refresh tokens for Drift AI chat; GTIG and Mandiant link the campaign to threat actor UNC6395.

Microsoft observed Storm-0501 pivot to the victim’s cloud environment to exfiltrate data rapidly and prevent the victim’s recovery

Automated Malware Analysis - Development and Licensing of Automated Malware Analysis Tools to Fight Malware

As the sanctions-evading scheme has grown, so too has the U.S. government’s response.

Newark, N.J., Aug. 25, 2025, CyberNewwire — Only 7 days left to secure the Early Bird registration at the OpenSSL Conference 2025, October 7 – 9 in Prague. The event will bring together lawyers, regulators, developers, and entrepreneurs to explore issues of security and privacy for everyone, everywhere. Attendees will have the opportunity to: •Meet

Microsoft warns that a threat actor tracked as Storm-0501 has evolved its operations, shifting away from encrypting devices with ransomware to focusing on cloud-based encryption, data theft, and extortion.

A notorious Chinese hacking campaign against telecommunications companies has now reached into a variety of additional sectors across the globe, including government, transportation, lodging and military targets.

Threat researchers discovered the first AI-powered ransomware, called PromptLock, that uses Lua scripts to steal and encrypt data on Windows, macOS, and Linux systems.

Storm-0501 exfiltrates and deletes Azure data in hybrid cloud attacks, forcing ransom via Teams.