Latest CyberSec News by @thecyberpicker

Key Takeaways Initial access was via a password spray attack against an exposed RDP server, targeting numerous accounts over a four-hour period. Mimikatz and Nirsoft were used to harvest credential…

Google is rolling out Veo 3 to everyone using Vertex AI, which is an ML-testing platform provided by Google Cloud.

Let's Encrypt has announced it will no longer notify users about imminent certificate expirations via email due to high costs, privacy concerns, and unnecessary complexities.

Cloudflare has implemented end-to-end encryption (E2EE) to its video calling app Orange Meets and open-sourced the solution for transparency.

Vulnerabilities affecting a Bluetooth chipset present in more than two dozen audio devices from ten vendors can be exploited for eavesdropping or stealing sensitive information.

Pour les soldes d'été, NordVPN propose des promotions sur l'ensemble de ses abonnements jusqu'à 73 % de réduction, avec un mois offert. 👉 Retrouvez les meilleures offres à saisir pendant les soldes d’été 2025 Les VPN sont utiles pour surfer l'esprit tranquille sur vos appareils connectés. Parmi les nombreux

A cartel affiliate notified an FBI agent about a hacker who infiltrated cameras and phones to track an FBI official’s meetings, the DOJ inspector general said.

Pour faciliter le téléchargement pirate de films et de séries, il y a les débrideurs. Ces programmes permettent d'avoir des débits plus élevés dans les téléchargements peer-to-peer et directs à des prix attractifs. Pour le plus grand bonheur des ayant-droits, télécharger des films et des séries illégalement n'est pas

Scattered Spider targets airlines with advanced social engineering and MFA bypass tactics. Industry must reassess identity verification.

GIFTEDCROOK malware evolves in June 2025, shifting from browser data theft to targeting sensitive files in Ukraine.

Meta's new AI feature requests photo uploads from users for personalized suggestions, sparking privacy concerns.

After confirming exploitation of a separate zero-day flaw, Cloud Software Group promises to be transparent.

A cyberattack on Hawaiian Airlines carries some hallmarks of the notorious cybercrime group.

Tips on what to do if you find a mop of squid eggs. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy.

Third-party antivirus software will no longer have access to the Windows kernel as Microsoft rolls out changes to reduce IT downtime from unexpected crashes or disruptions.

Pig butchering scams were the most common activity carried out at the facilities identified in the Amnesty International investigation.

Threat actors are adopting Rust for malware development. RIFT, an open-source tool, helps reverse engineers analyze Rust malware, solving challenges in the security industry.

The aviation industry has seemingly become the latest target of Scattered Spider, a sophisticated cybercriminal group that has shifted its focus from retail and insurance companies to airlines in what cybersecurity experts describe as a coordinated campaign against the sector.

An Open VSX Registry bug could let attackers hijack the VS Code extension hub, exposing millions of developers to supply chain attacks.

APIs have become the digital glue of the enterprise — and attackers know it. Related: API security - the big picture In this debut edition of the Last Watchdog Strategic Reel (LWSR), A10 Networks’ Field CISO Jamison Utter cuts through the noise from RSAC 2025 with a sharp breakdown of today’s API threatscape. From 15,000

Hackers associated with Scattered Spider tactics have expanded their targeting to the aviation and transportation industries after previously attacking insurance and retail sectors

A study of over 467,000 building management systems across 500 organizations found that 2% of all devices essential to business operations had the highest level of risk exposure.

China-linked hackers use compromised SOHO devices in espionage campaign, targeting Taiwan, the U.S., and Southeast Asia.

À la suite des frappes américaines contre trois sites nucléaires iraniens le 22 juin 2025, Donald Trump n’a pas tardé à qualifier l’opération de « succès spectaculaire ». Pourtant, la diffusion d’un rapport confidentiel du renseignement militaire est rapidement venue jeter le doute sur l’ampleur réelle des dégâts

Starting June 9, 2025, Russian internet service providers (ISPs) have begun throttling access to websites and services protected by Cloudflare, an American internet giant.

The company, which supplies Whole Foods and other grocery stores nationwide, had to disable electronic ordering systems while responding to the attack earlier this month.

A critical NetScaler ADC and Gateway vulnerability dubbed "Citrix Bleed 2" (CVE-2025-5777) is now likely exploited in attacks, according to cybersecurity firm ReliaQuest, seeing an increase in suspicious sessions on Citrix devices.

A critical NetScaler ADC and Gateway vulnerability dubbed "Citrix Bleed 2" (CVE-2025-5777) is now likely exploited in attacks, according to cybersecurity firm ReliaQuest, seeing an increase in suspicious sessions on Citrix devices.

Mustang Panda malware targets Tibet and Taiwan, using spear-phishing emails and PUBLOAD for cyber espionage.