Latest CyberSec News by @thecyberpicker

Proton has launched a new tool called Lumo, offering a privacy-first AI assistant that does not log user conversations and doesn't use their prompts for training.

Privacy services provider Proton introduced a privacy-first chatbot called Lumo. We had to take a look at it.

OpenAI is rolling out a new "personality" feature on the ChatGPT web app. This allows you to choose between multiple personalities, such as "Robot."

Clorox is suing IT giant Cognizant for gross negligence, alleging it enabled a massive August 2023 cyberattack by resetting an employee's password for a hacker without first verifying their identity.

According to a new report by blockchain intelligence firm TRM Labs, Kyrgyz-registered exchanges have repeatedly been used by sanctioned Russian entities.

Unknown threat actors have breached the National Nuclear Security Administration's network in attacks exploiting a recently patched Microsoft SharePoint zero-day vulnerability chain.

The popular NPM package 'is' has been compromised in a supply chain attack that injected backdoor malware, giving attackers full access to compromised devices.

The CyberSentry program remains operational, according to CISA, with analysts outside the lab continuing to review sensor data.

The software defects, which have a maximum-severity rating, do not require authentication and allow remote attackers to execute code arbitrarily on the underlying system.

Officials accuse the unnamed suspect of running XSS.is, a key and long-running marketplace with more than 50,000 registered users. The suspect allegedly made more than $8.2 million.

En Grande-Bretagne, la saga de la société de transport KNP restera dans les annales comme l’un des plus retentissants effondrements industriels causés par une cyberattaque. Victime d’un ransomware en 2023, cette entreprise historique, fondée il y a 158 ans, a été précipitée dans la faillite à cause d’un mot de passe

We explore the critical risks of integrating VMware vSphere with Active Directory, especially as it relates to ransomware.

The anatomy of UNC3944's vSphere-centric attacks, and a fortified, multi-pillar defense strategy required for mitigation.

Unknown threat actors have reportedly breached the National Nuclear Security Administration's (NNSA) network in attacks exploiting a recently patched Microsoft SharePoint zero-day vulnerability chain.

The Justice Department said it ended “the largest internet privacy case… ever to go to trial as well as the first illegal streaming case ever to go to trial.”

Kerberoasting gives attackers offline paths to crack service account password, without triggering alerts. Learn from Specops Software how to protect your Active Directory with stronger SPN password policies and reduced attack surfaces.

A series of new cybersecurity regulations related to the water industry have been set out by New York state agencies

French law enforcement said the alleged administrator of the long-running cybercrime forum XSS, formerly known as DaMaGeLab, was arrested in Ukraine.

Learn how to optimize your SIEM solution with key strategies and practices.

OpenAI is testing a new 'Study together' feature, and today, a new announcement within the ChatGPT web app confirms it.

Coyote malware uses Windows UI Automation to target 75 banks and crypto sites in Brazil, risking credential theft.

Help desk workers from the IT services company Cognizant were directly responsible for an August 2023 cyberattack that disrupted operations at the Clorox Company, the cleaning products giant alleges in a lawsuit.

CISA has warned that attackers are actively exploiting two security vulnerabilities in the SysAid IT service management (ITSM) software to hijack administrator accounts.

The suspected administrator of the Russian-speaking hacking forum XSS.is was arrested by the Ukrainian authorities yesterday at the request of the Paris public prosecutor's office.

OpenAI has had enough of Google's Veo 3 dominating generative AI videos and is now working on Sora 2, the successor to Sora.

Learn what ISO 42001 is, what to expect from the certification process, and practical insights to help you lay a strong foundation for compliance.

Depuis quelques jours, de nombreux inscrits à France Travail ont reçu un courriel inquiétant : des personnes non autorisées ont accédé à leurs données personnelles hébergées sur la plateforme. Que s'est-il réellement passé ? Qui est concerné ? France Travail a déroulé la chronologie des faits pour Numerama. L’alerte

npm has taken down all versions of the Stylus library and replaced them with a "security holding" page, breaking pipelines and builds worldwide that rely on the package.

This week in cybersecurity from the editors at Cybercrime Magazine

The individual is accused of numerous illicit cybercrime and ransomware activities that have generated at least $7m in profit