Latest CyberSec News by @thecyberpicker

The bipartisan legislation would codify the agency’s position as the one in charge of coordinating responses to incidents like the breach on U.S. telecoms.

UK's National Cyber Security Centre (NCSC) has announced a new Vulnerability Research Initiative (VRI) that aims to strengthen relations with external cybersecurity experts.

DEK: An AI red-teaming company found that xAI’s Grok 4 is “not suitable for enterprises” without substantial security prompting.

The Cambridge Cybercrime Conference was held on 23 June. Summaries of the presentations are here.

Hackers have adopted the new technique called 'FileFix' in Interlock ransomware attacks to drop a remote access trojan (RAT) on targeted systems.

Interlock ransomware group deploys PHP-based RAT via FileFix, targeting various industries since May 2025.

🚨 A fake CAPTCHA is all it takes. Interlock ransomware is back—now pushing a stealthy PHP RAT via “FileFix,” a spin on ClickFix that hijacks File Ex

Last week, the FBI’s Atlanta field office announced the seizure of nsw2u.com, nswdl.com, game-2u.com, bigngame.com, ps4pkg.com, ps4pkg.net and mgnetu.com — placing FBI banners on all of the sites.

Announcing the general availability of Microsoft Security Copilot capabilities for IT with Microsoft Intune and Microsoft Entra, offering AI-powered efficiency and enhanced security for your operations.

This week on the Lock and Code podcast, we speak with Anna Brading and Zach Hinkle about whether using AI is damaging for our health.

A fake extension for the Cursor AI IDE code editor infected devices with remote access tools and infostealers, which, in one case, led to the theft of $500,000 in cryptocurrency from a Russian crypto developer.

Dozens of Gigabyte motherboard models run on UEFI firmware vulnerable to security issues that allow planting bootkit malware that is invisible to the operating system and can survive reinstalls.

Researchers warn that a vulnerability in the file-transfer service could enable remote code execution.

Grok-4 was jailbroken 48 hours post-launch using Echo Chamber and Crescendo attack methods

A vulnerability in Kigen eUICC cards has exposed billions of IoT devices via flawed eSIM profile management

The high-severity flaw could let a hacker abruptly halt — and potentially derail — a train.

Struggling to shift left? Learn how Burp Suite DAST overcomes slow scans, false positives and pipeline friction in our on-demand webinar

CTM360 has identified over 17,000 fake news sites mimicking reputable brands like CNN, BBC and CNBC, spreading investment fraud across 50 countries

Louis Vuitton data breach affects customers in the UK, South Korea, Turkey, and possibly more countries, with notifications underway.

As telecom networks embrace cloud-native to power 5G, the importance of Zero Trust has never been greater. A recent assessment of a 5G core network shows why.

From Bluetooth exploits in vehicles to macOS backdoors and GitHub phishing tricks—this week’s threats go deeper than they appear.

The NCSC has warned that there are still a significant number of organizations using Windows 10, which will soon be unsupported with security updates

This week in cybersecurity from the editors at Cybercrime Magazine

While most said XBOW’s capabilities fall short of an existential crisis for human bug hunters and red-team leaders, they also acknowledge that the balance between human and automation in cybersecurity is shifting rapidly underneath the industry’s feet.

Organizations must turn Cyber Governance, Risk, and Compliance (GRC) into executable pipelines, a Microsoft security product manager argues.

Experts devised a new hack targeting Kigen eSIM tech, used in over 2B devices, exposing smartphones and IoT users to serious security risks.

Britain's tax agency and Romanian police combined on an operation to break up a fraud ring that used phishing emails to capture U.K. taxpayer information.

Wondering what Security+ domains are on this certification exam? Look no further—read our article to learn everything you must know about them.

A Kaspersky GERT expert describes the UserAssist Windows artifact, including previously undocumented binary data structure, and shares a useful parsing tool.

Cybercriminals are using sponsored ads and fake news websites to lure victims to investment scams.