Latest CyberSec News by @thecyberpicker

Small businesses make up 90% of all companies worldwide and account for half of global GDP. Yet despite their importance, many lack the cybersecurity expertise and resources to fend off a rising tide of digital threats. Related: Protecting lateral networks in SMBs Rich in sensitive data and often connected to larger supply chains, small businesses

A malicious package in the Node Package Manager index uses invisible Unicode characters to hide malicious code and Google Calendar links to host the URL for the command-and-control location.

This week in cybersecurity from the editors at Cybercrime Magazine

Coinbase, a cryptocurrency exchange with over 100 million customers, has disclosed that cybercriminals working with rogue support agents stole customer data and demanded a $20 million ransom not to publish the stolen information.

A malicious package in the Node Package Manager index uses invisible Unicode characters to hide malicious code and Google Calendar links to host the URL for the command-and-control location.

Dior confirmed a data breach compromising customer personal information, discovered on May 7

Sophos X-Ops investigates what financially motivated threat actors invest their ill-gotten profits in, once the dust has settled

In the second of our five-part series, Sophos X-Ops investigates the so-called ‘white’ (legitimate) business interests of threat actors

In the third of our five-part series, Sophos X-Ops explores the more legally and ethically dubious business interests of financially motivated threat actors

In the fourth of our five-part series, Sophos X-Ops explores threat actors’ real-world criminal business interests

In the last of our five-part series, Sophos X-Ops explores the implications and opportunities arising from threat actors’ involvement in real-world industries and crimes

Cryptocurrency trading platform Coinbase said an attacker tried to extort the company for $20 million over stolen data. "We said no," Coinbase said, and instead offered that amount as a bounty.

Learn how to evaluate transparency, risks, scalability, and ethical considerations to make informed cybersecurity decisions about AI-powered tools.

Researchers discovered over 3000 Linux vulnerabilities in 2024, the most of any category

Kaspersky ICS CERT shares trends and statistics on industrial threats in Q1 2025.

The benefits of cybercrime aren't all flashy cars and watches. Sophos X-Ops researchers discovered it also fuels a far-reaching mix of ordinary, sometimes unremarkable businesses.

The voluntary cybersecurity charter asks NHS suppliers to commit to eight cybersecurity pledges, amid rising attacks on healthcare

Vulnerability exploitation rose 34% in 2025, revealing that compliance testing alone can't stop evolving threats.

Zero Trust is only as strong as its foundation. Without Kernel Runtime Integrity, your security stack may be built on compromised ground.

On April 14, Dubai’s ruler, Sheikh Mohammed bin Rashid Al Maktoum, announced that the United Arab Emirates would begin using artificial intelligence to help write its laws. A new Regulatory Intelligence Office would use the technology to “regularly suggest updates” to the law and “accelerate the issuance of legislation by up to 70%.” AI would create a “comprehensive legislative plan” spanning local and federal law and would be connected to public administration, the courts, and global policy trends. The plan was widely greeted with astonishment. This sort of AI legislating would be a global “...

Malicious npm package downloaded 2,001 times hides payload via Unicode and Google Calendar links.

APT28 exploited MDaemon zero-day CVE-2024-11182 in targeted webmail hacks across 10+ nations.

This article discusses the five business continuity and disaster recovery capabilities that businesses must have for effective ransomware defense. Lea

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Fortinet vulnerability to its Known Exploited Vulnerabilities catalog.

Valve dément ce 15 mai 2025 avoir été victime d'un piratage. Après examen, il ne s'agit pas d'une infiltration dans ses systèmes. Les SMS qui avaient fuité sont d'anciens SMS envoyés aux utilisateurs de Steam. Dans un communiqué publié ce 15 mai 2025, Steam l'assure : le service n'a pas été piraté. Selon son éditeur

Most online merchants now believe customers pose as big a threat as professional fraudsters

Russian hackers aren’t just targeting Ukraine — they also appear to be going after their defense contractors in other countries, new ESET research surmises.

Google has released emergency security updates to patch a high-severity Chrome vulnerability that has a public exploit and can let attackers hijack accounts.

The ransomware landscape is more fragmented than ever, with no “market leader,” says William Lyne, Head of Intelligence at the NCA

Chrome flaw CVE-2025-4664 enables cross-origin data leaks; active exploit confirmed; update to 136.0.7103.113.