Latest CyberSec News by @thecyberpicker

The large education tech vendor was hit by a cyberattack and paid a ransom in December. Now, a threat actor is attempting to extort the company’s customers with stolen data.

A Texas firm recently charged with conspiring to distribute synthetic opioids in the United States is at the center of a vast network of companies in the U.S. and Pakistan whose employees are accused of using online ads to scam…

The education tech giant said it is “aware that a threat actor has reached out to multiple school district customers in an attempt to extort them."

A major cyber insurer’s annual report lays out how hackers are trying to steal money and how its policyholders responded.

CEO George Kurtz said the decision to cut about 500 jobs was driven by internal efficiency gains from AI and multibillion-dollar opportunities in new market segments.

The attack temporarily disrupted services at the airline, which is investigating whether information was stolen.

The Play ransomware gang exploited a high-severity Windows Common Log File System flaw in zero-day attacks to deploy malware.

Polish authorities, with support from Europol and international agencies, have arrested four people accused of running six DDoS-for-hire platforms linked to thousands of global cyberattacks.

Hackers are exploiting a critical unauthenticated privilege escalation vulnerability in the OttoKit WordPress plugin to create rogue admin accounts on targeted sites.

A new phishing kit named 'CoGUI' sent over 580 million emails to targets between January and April 2025, aiming to steal account credentials and payment data.

PowerSchool is warning that the hacker behind its December cyberattack is now individually extorting schools, threatening to release the previously stolen student and teacher data if a ransom is not paid.

Meet the minds behind how Microsoft prioritizes cybersecurity across every team and employee. Three deputy chief information security officers share their experiences in cybersecurity and how they are redefining protection.

Inferno Drainer returns, stealing millions from crypto wallets through phishing on Discord

The cybersecurity firm has faced increasing market pressures amid a scramble by rivals to consolidate enterprise customers on unified platforms.

Get a technical breakdown of the 2024 Snowflake data breach, including a description of the Advanced Persistent Threat and how the breach impacted the business.

NCSC CEO Richard Horne said the cyber agency has managed twice as many nationally significant cyber incidents in the period from September 2024 to May 2025

The suspects allegedly operated six platforms that offered distributed denial-of-service attacks for as little as 10 euros.

F5 Labs researchers released a PoC tool to find servers vulnerable to the Apache Parquet vulnerability CVE-2025-30065.

The maker of patient monitoring devices does not currently expect to change its earnings guidance.

The Play ransomware gang has exploited a high-severity Windows Common Log File System flaw in zero-day attacks to gain SYSTEM privileges and deploy malware on compromised systems.

A prolific DDoS-for-hire network has been dismantled by Polish authorities as part of a coordinated international crackdown

Passwords alone aren't cutting it—31% of breaches involve stolen credentials. Learn from Specops Software about how Universal 2nd Factor (U2F) and strong password policies can work together to keep your organization secure.

A U.S. federal jury has ordered Israeli spyware vendor NSO Group to pay WhatsApp $167,254,000 in punitive damages and $444,719 in compensatory damages for a 2019 campaign that targeted 1,400 users of the communication app.

Russian government-backed group COLDRIVER is using LOSTKEYS malware to steal files and system information from NGOs and western targets.

Medical device company Masimo Corporation warns that a cyberattack is impacting production operations and causing delays in fulfilling customers' orders.

The FBI has warned scammers are impersonating the IC3, tricking victims by claiming to be able to recover funds.

CVE-2025-27007 exploited in OttoKit WordPress plugin before v1.0.83 enables admin creation without authentication.

Europol dismantled six DDoS-for-hire services, arrested four, seized nine domains—disrupting attacks since 2022.

Discover the 5 essential pillars of SaaS security to transform your organization's security posture and effectively manage decentralized SaaS environments.

CISA warned critical infrastructure organizations of "unsophisticated" threat actors actively targeting the U.S. oil and natural gas sectors.