Latest CyberSec News by @thecyberpicker

Phishing emails mimicking PyPI target developers to steal credentials via fake sites. Users urged to stay alert.

Wiz found a critical Base44 flaw letting attackers access private apps via public app_id. Fixed by Wix.

This week on the Lock and Code podcast, we revisit an interview with Joseph Cox about the largest FBI sting operation ever carried out.

Le 25 juillet 2025, sur le tarmac d’une base aérienne française tenue confidentielle, le nouvel avion de renseignement Archange a quitté le sol pour la première fois. Un vol inaugural qui concrétise la volonté de la France d'amplifier sa capacité à écouter, surveiller et anticiper. Avion de Renseignement à Charge

Hackers were spotted exploiting a critical SAP NetWeaver vulnerability tracked as CVE-2025-31324 to deploy the Auto-Color Linux malware in a cyberattack on a U.S.-based chemicals company.

Some of Orange’s professional and consumer services may be disrupted for a few days because of the cyber incident

International authorities are pursuing the group following the arrests of four suspects in a series of attacks targeting British retailers.

Flaw in Base44 allowed unauthorized access to private apps, bypassing authentication systems

Microsoft has introduced Copilot Mode, an experimental feature designed to transform Microsoft Edge into a web browser powered by artificial intelligence (AI).

Orange, a French telecommunications company and one of the world's largest telecom operators, revealed that it detected a breached system on its network on Friday.

Manufacturing remains the number one ransomware target, new data from Zscaler shows.

Think passkeys make you phishing-proof? Think again. Attackers are using downgrade attacks, device-code phishing, and OAuth tricks to sneak past modern MFA. See how Push Security shuts them down.

FBI Dallas has seized almost 23 Bitcoins from a cryptocurrency address belonging to a Chaos ransomware member that is linked to cyberattacks and extortion payments from Texas companies.

Chaos ransomware rises after BlackSuit takedown, hitting U.S. targets with $300K demands and stealthy evasion tactics.

Backdoor malware Auto-Color targets Linux systems, exploiting SAP NetWeaver flaw CVE-2025-31324

Learn how homoglyph attacks work, why they’re a growing concern for major brands, and how DNS Posture Management defends against these invisible threats.

ENISA’s 2025 NIS2 guidance makes compliance more complex, but Talos IR's services directly align with new requirements for reporting, logging and incident response.

This week in cybersecurity from the editors at Cybercrime Magazine

The federal government has applied for forfeiture of the funds, which were seized by FBI Dallas in April 2025

If you’re aiming for the best head start into the IT industry, use our comprehensive CompTIA A+ cheat sheet to ace your exam and launch your IT career.

Hackers are actively exploiting two critical flaws in Cisco Identity Services Engine, said the US Cybersecurity and Infrastructure Security Agency

JavaScript injection attacks surged in 2024, hitting major brands via Polyfill.io. Learn why frameworks failed.

A massive mobile malware campaign targets Android and iOS users in Asia, stealing personal data through fake apps.

Browser-based identity attacks surge in 2025, targeting SaaS apps and weak credentials across enterprise accounts.

Looks serious.

Earlier this year, the NIST National Cybersecurity Center of Excellence published an initial public draft of NIST

Depuis le 28 juillet, la compagnie aérienne russe Aeroflot connaît d'importantes perturbations. La faute à une cyberattaque revendiquée par des hackers ukrainiens et biélorusses. En attendant un retour à la normale, les pirates ne se privent pas de jubiler, en publiant des détails étonnants sur la manière dont ils

A Scottish charity has been fined £18,000 for systematic data protection failings

Two pro-Ukraine hacktivists have claimed responsibility for a destructive attack on Aeroflot