Latest CyberSec News by @thecyberpicker

Skechers is making a line of kid’s shoes with a hidden compartment for an AirTag.

L’avenir de la chasse aux bugs pourrait bien appartenir aussi aux intelligences artificielles (IA). Google vient d’affirmer qu’un de ses systèmes avait été plutôt bon pour déceler plusieurs vulnérabilités au cours des derniers mois. Repérer les failles de sécurité est une opération coûteuse, mais qui fait partie du

Receiving an unexpected package in the post is not always a pleasant surprise.

Google has released security patches for six vulnerabilities in Android's August 2025 security update, including two Qualcomm flaws exploited in targeted attacks.

SecurityScorecard analysis highlights wide variety of Iranian threat actors and coordination with military activity

SonicWall probes possible new zero-day after spike in Akira ransomware attacks on Gen 7 firewalls with SSLVPN enabled.

Un membre présumé du groupe cybercriminel LockBit a été arrêté par les autorités françaises en juillet. Suspecté d'avoir participé à de nombreuses cyberattaques, dont certaines sur des infrastructures sensibles en France, le suspect a été arrêté en Ukraine après une enquête menée par l'unité nationale cyber (UNC). Il

SOC teams using ANY.RUN report 3x faster response and 50% less workload by automating triage and enabling live threat analysis.

Microsoft will offer up to $5 million in bounty awards at this year's Zero Day Quest hacking contest, which the company describes as the "largest hacking event in history."

Cifas noted a record number of filings in its National Fraud Database for the first half of 2025

New flaws in NVIDIA's Triton Server let remote attackers take over systems via RCE, posing major risks to AI infrastructure.

TikTok Shop users are targeted in a phishing and malware campaign using 15,000 fake sites. Data and crypto thefts surge.

Akira ransomware exploits SonicWall SSL VPNs in July 2025, prompting zero-day probe and urgent mitigations.

Can you trust an AI model with you and your customers’ data? This question creates daily operational hurdles. RiskRubric.ai is the answer.

The Treasury Department warned that the massive increase in the number of crypto ATMs — convertible virtual currency kiosks — has been accompanied by a spike in the number of operators who fail to comply with anti-money laundering rules.

Android partners and customers have experienced a temporary respite from double-digit vulnerabilities this summer. Google issued no security patches in its update last month.

Multiple cybersecurity incident response firms are warning about the possibility that a zero-day vulnerability in some SonicWall devices is allowing ransomware attacks.

Cloudflare said it received complaints from customers about Perplexity using stealthy tactics to evade network blocks against systematic browsing and scraping of web pages.

French fashion giant Chanel is the latest company to suffer a data breach in an ongoing wave of Salesforce data theft attacks.

Proton fixed a bug in its new Authenticator app for iOS that logged users' sensitive TOTP secrets in plaintext, potentially exposing multi-factor authentication codes if the logs were shared.

SentinelOne and Beazley Security say the group has been evolving its techniques of late, all with the goal of making money off stolen data.

In 2023, Cisco Talos and partners created a special Backdoors & Breaches card deck to help NGOs improve their cybersecurity skills with practical, easy-to-use training tailored to their needs.

The Russian cybercrime group attacked more than 180 organizations before members abandoned the brand and dispersed to new ransomware groups earlier this year.

Orange telecom confirmed isolating the information systems impacted by the cyberattack, warning users of possible service disruptions.

Proton authenticator is an open-source, free-to-use app, featuring cross-platform compatibility, no ads, and E2EE sync.

Microsoft announced that the transcription, dictation, and read aloud features will stop working in older versions of Office 365 applications in late January 2026.

Dans un communiqué publié le 31 juillet, le FBI met en garde contre un nouveau type d'arnaque particulièrement vicieux. Le mode opératoire repose sur deux arnaques déjà en vogue : le « brushing scam » et le « quishing ». Après le livreur qui estimait que votre boîte aux lettres était trop petite, les cybercriminels

NVIDIA Triton bugs let remote attackers hijack AI servers—AI models and data at risk. Patch now.

According to a new Forrester Total Economic Impact™ study, organizations using the Microsoft Entra Suite achieved a 131% ROI, $14.4 million in benefits, and payback in less than six months.

The ClickTok campaign lures victims with fake TikTok shops and drains their crypto wallets. CTM360 exposes how SparkKitty spyware spreads via trojanized apps, phishing pages, and AI-powered scams.