Latest CyberSec News by @thecyberpicker

Infoblox reveals VexTrio’s sprawling adtech scam network affecting thousands globally via compromised sites.

Google Cloud and Cloudflare are investigating ongoing outages impacting access to sites and various services across multiple regions.

Recorded Future said on Thursday that it had linked Intellexa infrastructure to new locations, the latest indication that the Predator spyware maker has adapted after setbacks.

An attack in Asia used a legitimate employee monitoring software that researchers hadn't seen employed by ransomware actors, as well as several other unusual tools.

Forensic investigation has confirmed the use of Paragon's Graphite spyware platform in zero-click attacks that targeted Apple iOS devices of at least two journalists in Europe.

Microsoft’s Deputy CISO for Customer Security, Ann Johnson, talks about the need for having a proactive cyber resilience plan.

This is news: A data broker owned by the country’s major airlines, including Delta, American Airlines, and United, collected U.S. travellers’ domestic flight records, sold access to them to Customs and Border Protection (CBP), and then as part of the contract told CBP to not reveal where the data came from, according to internal CBP documents obtained by 404 Media. The data includes passenger names, their full flight itineraries, and financial details. Another article.

A recent Kaspersky report offers a rare glimpse into the alleged arsenal of politically motivated hackers waging a digital war against authoritarian regimes in Russia and Belarus.

La Commission européenne lance deux nouveaux appels à projets pour un montant total de 145,5 millions d'euros afin de soutenir la sécurité...-Cybersécurité

Huge list of tools presented at various Black Hat conferences, how attackers evade modern EDR, OpenAI's report on threat actor campaigns they've disrupted

A crypto CEO shared his screen. What happened next unraveled his digital life.

A Veracode report reveals that government networks have accumulated years of unresolved security flaws, putting them at serious risk of exploitation.

Alors que les start-up françaises spécialisées dans la sécurité informatique lèvent davantage de fonds, le nombre d'opérations chute nettement...-Cybersécurité

Hackers have been using the TeamFiltration pentesting framework to target more than 80,000 Microsoft Entra ID accounts at hundreds of organizations worldwide.

Researchers revealed Wednesday that they have confirmed Paragon spyware on an Apple product amid an unfolding surveillance scandal in Italy.

This week in cybersecurity from the editors at Cybercrime Magazine

New TokenBreak Attack Bypasses AI Moderation with Single-Character Text Changes | Read more hacking news on The Hacker News cybersecurity news website and learn how to protect against cyberattacks and software vulnerabilities.

Microsoft announced that a new Edge feature allowing employees to share passwords more securely in enterprise environments has reached general availability.

Yes24, a South Korean ticketing platform and online bookseller, has been disrupted for days after a ransomware attack, with effects rippling into K-pop concerts, theater performances and more.

Two vulnerabilities in SinoTrack GPS devices can allow remote vehicle control and location tracking by attackers, US CISA warns.

Invisible AI agent identities expose organizations to attacks, risking data and cloud security.

CSA’s AI Trustworthy Pledge is a commitment that signals an organization's dedication to four foundational principles that should underpin every AI initiative.

The cybersecurity provider also implemented recent fixes in Chromium that affected its Prisma Access Browser

GitLab has released security updates to address multiple vulnerabilities in the company's DevSecOps platform, including ones enabling attackers to take over accounts and inject malicious jobs in future pipelines.

...-Le récap' cyber

A new attack on Adobe Commerce may break the menu bar for admin users. If your menu bar is missing, someone is stealing your session via CVE-2025-47110.

70% of secrets from 2022 remain active in 2025, putting enterprises’ machine identities at risk of breaches and compliance failures.

Critical zero-click AI vulnerability EchoLeak exposed sensitive Microsoft 365 Copilot data; Microsoft patched it to prevent data leaks.

Secure enterprise DNS with posture management: gain visibility, detect phishing domains, plus certificate and PQC monitoring.