Latest CyberSec News by @thecyberpicker

ITRC report finds that 39% of American consumers believe biometric use should be banned

British retailer giant Marks & Spencer (M&S) is bracing for a potential profit hit of up to £300 million £300 million ($402 million) following a recent cyberattack that led to widespread operational and sales disruptions.

A new NCSC guide offers useful information on how to safely and securely dispose of end-of-life assets

Coinbase, a cryptocurrency exchange with over 100 million customers, revealed that a recent data breach in which cybercriminals stole customer and corporate data affected 69,461 individuals

AI is transforming Application Security, and PortSwigger is leading the charge. In a must-watch interview, Clint Gibler - one of the leading voices in the AppSec industry - sat down with PortSwigger F

Google has launched a new Chrome feature that automatically updates compromised passwords using its built-in Password Manager.

Directeur numérique du groupe SNCF depuis 2021, Julien Nicolas a pris du galon en mars dernier, se voyant confier le pilotage de la stratégie...-IA générative

Rapid advances in artificial intelligence (AI), along with public releases of AI products, have prompted governments, businesses and criminals to accelerate efforts to incorporate this new technology into their operations. This advice provides definitions for some of the most commonly encountered AI terms in cybersecurity and a brief typology of cyberthreats that will arise from AI.

A 19-year-old college student from Worcester, Massachusetts, has agreed to plead guilty to a massive cyberattack on PowerSchool that extorted millions of dollars in exchange for not leaking the personal data of millions of students and teachers.

CSA’s Enterprise Authority to Operate (EATO) framework and auditing guidelines are specifically designed to fulfill stringent regulatory compliance.

It’s the first public break in the case that might be the largest breach of American schoolchildren's data.

KrebsOnSecurity last week was hit by a near record distributed denial-of-service (DDoS) attack that clocked in at more than 6.3 terabits of data per second (a terabit is one trillion bits of data). The brief attack appears to have been…

Homeland Security Secretary Kristi Noem declined to provide specifics on what would be removed from the nation’s leading cybersecurity agency in light of the Trump administration’s proposed $491 million budget cut to the organization.

Wisconsin wireless provider Cellcom has confirmed that a cyberattack is responsible for the widespread service outage and disruptions that began on the evening of May 14, 2025.

A critical privilege escalation vulnerability has been discovered in the premium WordPress theme Motors, which allows unauthenticated attackers to hijack administrator accounts and take complete control of websites.

A flaw in O2 4G Calling (VoLTE) leaked user location data via network responses due to improper IMS standard implementation.

The Trump administration’s workforce purge is sapping CISA of its best talent, experts say. CISA deputy Matt Hartman is the latest to leave the agency.

The VanHelsing ransomware-as-a-service operation published the source code for its affiliate panel, data leak blog, and Windows encryptor builder after an old developer tried to sell it on the RAMP cybercrime forum.

The Kettering Health network based in western Ohio reported a system-wide technology outage that it tracked to "unauthorized access."

A report by FDD says an elaborate online recruiting effort is using LinkedIn and fake online companies to gather sensitive intelligence.

Hotels are a popular target for cyberattacks, but industry collaboration and intelligence sharing can serve as defense mechanisms.

À l’occasion de sa conférence annuelle I/O, Google a trouvé surement l’astuce idéale pour faire de Gemini l'une des intelligences artificielles les plus performantes du moment. Avec « Personal Context », entend devenir un véritable assistant personnel. Parce qu'il est au cœur de la vie numérique de bien des

After a cyberattack first identified about 10 days ago, Alabama's IT leaders said the "threat has been neutralized and Alabama’s core operations are safe and stable."

L'entreprise pharmaceutique a remporté une vente aux enchères à 256 millions de dollars pour reprendre la quasi-totalité des actifs de 23andMe,...-Biotech

Another adversary picks up the email bombing / vishing Storm-1811 playbook, doing thorough reconnaissance to target specific employees with fake help desk call—this time, over the phone.

Another adversary picks up the email bombing / vishing Storm-1811 playbook, doing thorough reconnaissance to target specific employees with fake help desk call—this time, over the phone.

Hazy Hawk hijacked CDC and Deloitte subdomains via DNS flaws, flooding users with scams and malware.

SK Telecom says that a recently disclosed cybersecurity incident in April, first occurred all the way back in 2022, ultimately exposing the USIM data of 27 million subscribers.

The Venice.ai chatbot gained traction in hacking forums for its uncensored access to advanced models

A threat actor named 'Hazy Hawk' has been using DNS CNAME hijacking to hijack abandoned cloud endpoints of domains belonging to trusted organizations and incorporate them in large-scale scam delivery and traffic distribution systems (TDS).