Latest CyberSec News by @thecyberpicker

Britain's National Crime Agency said police arrested one woman and three men suspected in ransomware attacks against major U.K. retailers.

Kaspersky GReAT experts uncover malicious extensions for Cursor AI that download the Quasar backdoor and a crypto stealer.

AMD reveals new Transient Scheduler vulnerabilities in CPUs, exposing sensitive data risks across multiple Ryzen and EPYC models.

New ZuRu malware infects macOS through trojanized Termius app, delivering remote access via Khepri.

95% of U.S. companies are using generative AI, raising concerns about data privacy, compliance, and operational risks.

Personal data of Nippon Steel Solutions’ customers, partners and employees may be compromised

Good tutorial by Micah Lee. It includes some nonobvious use cases.

The seventh month is always a big one for Microsoft, and this year is no exception

The UK ICO has welcomed a ruling in its favor in a long-running battle to issue a fine to TikTok

Qantas says nearly six million passengers were impacted by a recent data breach

Alors qu'en mars 2024, un tribunal californien avait jugé l'affaire d'espionnage opposant un média salvadorien au logiciel israélien Pegasus « entièrement étrangère », une cour d'appel fédérale a relancé ce dossier le 8 juillet 2025, au motif que les journalistes ont été espionnés via des serveurs américains. Pegasus

ServiceNow's CVE-2025-3648 flaw exposes sensitive data across multiple tables, impacting all users with misconfigured ACLs.

Microsoft is rolling out a new backup system in September for its Authenticator app on iOS, removing the requirement to use a Microsoft personal account to back up TOTP secrets and account names.

BOSTON, July 9, 2025, CyberNewswire -- Reflectiz, a leading cybersecurity company specializing in web exposure management, today announced a new integration with Datadog, Inc. (NASDAQ: DDOG), the monitoring and security platform for cloud applications. This integration combines advanced website security intelligence with enterprise-grade observability, empowering organizations with continuous visibility and control over their expanding attack

Microsoft has confirmed a widespread issue in Windows Server Update Services (WSUS) that prevents organizations from syncing with Microsoft Update and deploying the latest Windows updates.

Australian airline Qantas has confirmed that 5.7 million people have been impacted by a recent data breach, in which threat actors stole customers' data.

Witnesses at a Senate hearing Wednesday connected One Big Beautiful Bill provisions to potential cyber issues in the health care sector, much to GOP Sen. Bill Cassidy’s chagrin.

Google is sharing more information on how Chrome operates when Android mobile users enable Advanced Protection, highlighting strong security improvements.

Gold Melody uses ASP.NET vulnerabilities for long-term access, impacting various industries across Europe and the U.S.

U.S. authorities charged the man and a co-conspirator with hacking COVID-19 researchers and kicking off a cyberattack spree targeting Microsoft Exchange servers.

United States authorities have been warning of potential state-linked or hacktivist threats since the U.S. intervened in the Israel-Iran war.

Bitcoin Depot, which operates cryptocurrency ATMs across North America, says information belonging to more than 26,000 people was breached in an incident last year.

Bitcoin Depot, an operator of Bitcoin ATMs, is notifying customers of a data breach incident that has exposed their sensitive information.

Decentralized exchange GMX disabled trading after it “experienced an exploit." The heist involved more than $40 million in user funds.

The Microsoft Zero Trust workshop has been expanded to cover all six pillars of Microsoft's Zero Trust model, providing a comprehensive guide for organizations to modernize their security posture.

Taking your cyber security skills up a level? Use our comprehensive cheat sheet to ace your CompTIA Security+ exam and kickstart your cyber security career.

The chairman testified before British lawmakers following a major social-engineering attack on the department-store chain.

Multiple vulnerabilities that remain unpatched in Ruckus Wireless management products could be exploited to fully compromise the network environment they serve.

Scattered Spider (aka UNC3944, 0ktapus, & Muddled Libra) is one of the most dangerous threat clusters in operation. Their most damaging operations target ESXi.