Latest CyberSec News by @thecyberpicker

Depuis plusieurs semaines, une vaste campagne d'arnaque par SMS cible les Français. Le désormais célèbre message « Bonjour, vous êtes chez vous ? » se révèle bien plus sournois qu’il n’y paraît. La bonne nouvelle, c’est que tout le monde peut agir pour s’en protéger. Numerama vous délivre quelques conseils et un

Patchwork targets Turkish defense firms with LNK phishing to steal UAV, missile data amid geopolitical tension.

U.S. sanctions North Korean front company, 3 individuals for $17M IT worker fraud funding WMDs.

State-linked hackers and ransomware groups are targeting SharePoint customers across the globe.

The State Department announced Thursday it will pay up to $15 million for information leading to the arrest of seven North Korean nationals accused of operating criminal schemes.

The US and partners from nine countries have taken down part of the ransomware group’s infrastructure

Russian defense firms hit by cyberattacks using EAGLET malware via phishing lures; threat actors linked to Head Mare and Hive0156.

Author: Dr. Andrea Little Limbago, SVP, Applied AI  We are at a rare moment in history, one where an industrial revolution, an information revolution, and

Deepfake audio fraud can mimic voices with alarming accuracy. Many organizations are ill-equipped to combat this sophisticated cybercrime.

This week in cybersecurity from the editors at Cybercrime Magazine

The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) has sanctioned three North Korean nationals and a company for supporting fraudulent IT worker schemes that generated illicit revenue for the Democratic People's Republic of Korea (DPRK) government.

Prosecutors said Chapman helped the North Korean IT workers obtain jobs at 309 companies, including a major television network, a car maker, a media company, a Silicon Valley technology company and more.

Depuis le 23 juillet 2025, un cybercriminel prétend avoir en sa possession des documents secret défense appartenant à Naval Group. À moins de 24 heures de l'échéance fixée par le corbeau virtuel, le leader européen du naval de défense confirme avoir détecté un potentiel incident, mais précise qu’une enquête est en

Today’s freaky LLM behavior: We study subliminal learning, a surprising phenomenon where language models learn traits from model-generated data that is semantically unrelated to those traits. For example, a “student” model learns to prefer owls when trained on sequences of numbers generated by a “teacher” model that prefers owls. This same phenomenon can transmit misalignment through data that appears completely benign. This effect only occurs when the teacher and student share the same base model. Interesting security implications. I am more convinced than ever that we need serious research into ...

Sygnia observed Chinese cyber campaign dubbed Fire Ant deploying sophisticated techniques to gain full compromise of victim environments, discovering isolated assets

Christina Marie Chapman, a 50-year-old woman from Arizona, was sentenced to 102 months in prison after pleading guilty to her involvement in a scheme that enabled North Korean IT workers to infiltrate 309 U.S. companies.

The BlackSuit gang, which is believed to have been operational since April/May 2023, was a private ransomware group that did not license its tooling to other criminals like ransomware-as-a-service (RaaS) schemes.

China-based GenAI tools used by 1,059 employees exposed sensitive enterprise data, raising global compliance concerns.

Two malware campaigns, Soco404 and Koske, target cloud services with cryptominers via images and misconfigurations.

Microsoft has removed a compatibility hold that prevented some Easy Anti-Cheat users from installing the Windows 11 2024 Update because of a known issue that triggers restarts with blue screen of death (BSOD) errors.

Phishers are using legitimate looking Instagram emails in order to scam users.

Cisco Talos warned that the Chaos group, thought to be formed of former BlackSuit members, has launched a wave of attacks targeted a variety of sectors

Près d’un salarié français sur deux a déjà été victime d’une cyberattaque réussie : voilà le constat que dresse KnowBe4 dans un rapport publié le 24 juillet 2025. Selon la société de cybersécurité américaine, les Français se sentiraient moins armés que d'autres salariés dans le monde face au cybermenaces. Ils sont

Mitel addressed a critical MiVoice MX-ONE flaw that could allow an unauthenticated attacker to conduct an authentication bypass attack.

Explaining the ToolShell vulnerabilities in SharePoint: how the POST request exploit works, why initial patches can be easily bypassed, and how to stay protected.

Kim Se Un, Jo Kyong Hun and Myong Chol Min are accused of helping North Korea evade U.S. and United Nations sanctions through an IT worker plot that involved tricking companies into hiring North Koreans using stolen identities.

Law enforcement has seized the dark web leak sites of the BlackSuit ransomware operation, which has targeted and breached the networks of hundreds of organizations worldwide over the past several years.