Latest CyberSec News by @thecyberpicker

Malware campaign exploits exposed Docker APIs to mine Dero, spread worm-like, and persist in containers.

Les services de renseignement des Pays-Bas ont attribué le vol de données de la police du pays, en septembre dernier, à un groupe de...-Cybersécurité

Massachusetts-based MathWorks provided an update to customers on Monday after initially reporting outages on May 18, confirming that it experienced a ransomware attack that took down online applications and internal systems used by staff.

A targeted cyber-attack on an MSP exploited flaws in remote management tools, resulting in ransomware deployment and data theft

En octobre dernier, Free était victime d'un piratage massif de données, concernant 13,9 millions de comptes. Depuis ce 27 mai, le site Have I Been Pwned les répertorie. Voici comment savoir si votre compte est concerné. 26 octobre 2024 : Free informe ses abonnés qu'il a été victime d'une cyberattaque. Les données

Derrière l’apparence inoffensive de centaines de sites web, dont un dédié à Star Wars, la CIA cachait un réseau de communication secret destiné à ses informateurs. Mal protégé, le dispositif a exposé de nombreux agents avec des conséquences humaines désastreuses. Nous sommes au début des années 2000 et la CIA

A huge dataset with all kinds of sensitive information, likely to be the result of infostealers, was found exposed online.

Most of the leaders of the agency’s operating divisions and regional offices have left or will leave this month amid the Trump administration’s aggressive government-downsizing campaign.

Not every "critical" vulnerability is a critical risk. Picus Exposure Validation cuts through the noise by testing what's actually exploitable in your environment — so you can patch what matters.

Discover how model scanning and AI red teaming protect different layers of your AI stack - securing both what your models contain and how they behave.

MathWorks, a leading developer of mathematical computing and simulation software, has revealed that a recent ransomware attack is behind an ongoing service outage.

Adversary emulation is a key component of Threat-informed defense. This post details emulating Microsoft Edge browser data theft using FourCore ATTACK and validating detections with HarfangLab EDR to enhance security posture.

A novel attack exploited machine learning models on PyPI, using zipped Pickle files to deliver infostealer malware

This week in cybersecurity from the editors at Cybercrime Magazine

Cybercriminals are using fake AI-themed ads and websites to deliver malware such as infostealers and backdoors.

Former UK government minister Rory Stewart and NCSC Director of Operations Paul Chichester will explore the growing link between geopolitics and cybersecurity

23.7M secrets were exposed on GitHub in 2024—driven by AI agent sprawl and poor NHI governance.

Void Blizzard targeted over 20 NGOs using credential phishing via fake Entra logins, exfiltrating sensitive cloud data.

One one my biggest worries about VPNs is the amount of trust users need to place in them, and how opaque most of them are about who owns them and what sorts of data they retain. A new study found that many commercials VPNS are (often surreptitiously) owned by Chinese companies. It would be hard for U.S. users to avoid the Chinese VPNs. The ownership of many appeared deliberately opaque, with several concealing their structure behind layers of offshore shell companies. TTP was able to determine the Chinese ownership of the 20 VPN apps being offered to Apple’s U.S. users by piecing together corporate documents from around the world. None of those apps clearly disclosed their Chinese ownership...

In retail, the commerce platform you choose should earn your trust through verifiable compliance practices & transparent operations that protect your customers.

Microsoft Threat Intelligence has discovered a cluster of worldwide cloud abuse activity conducted by a threat actor we track as Void Blizzard, who we assess with high confidence is Russia-affiliated and has been active since at least April 2024. Void Blizzard’s cyberespionage operations tend to be highly targeted at specific organizations of interest to Russia, including in government, defense, transportation, media, non-governmental organizations (NGOs), and healthcare sectors primarily in Europe and North America.

The audit of the NVD will be conducted by the US Department of Commerce’s Office of Inspector General

A previously unknown Russian-backed cyberespionage group now tracked as Void Blizzard has been linked to a September 2024 Dutch police security breach.

Ransomware actor exploited RMM to access multiple organizations; Sophos EDR blocked encryption on customer’s network

Ransomware actor exploited RMM to access multiple organizations; Sophos EDR blocked encryption on customer’s network

Mobile-focused phishing using SEO poisoning and fake portals hit payroll systems in May 2025, rerouting salaries and evading detection via home router

Cisco Talos reported that a Chinese group has deployed web shells and malware in local government networks post-exploitation

A joint advisory from the US, UK, Australia and others highlights the importance of SIEM/SOAR platforms and overcoming implementation challenges

Microsoft has released an emergency update to address a known issue causing some Hyper-V virtual machines with Windows Server 2022 to freeze or restart unexpectedly.

Les cyberattaques visant les infrastructures de télécommunications spatiales se multiplient, avec des impacts potentiels sur des secteurs...-Cybersécurité