Latest CyberSec News by @thecyberpicker

Learn how to avoid service outages by automating secret rotation, setting expiry alerts, and centralizing credential management.

The financial sector was the industry most targeted by distributed denial-of-service (DDoS) attacks in 2024, with a peak in October

This week in cybersecurity from the editors at Cybercrime Magazine

46% of firms faced non-human identity breaches last year, risking automation security. Managing NHIs is now critical for enterprise protection.

Five men from China, the United States, and Turkey pleaded guilty to their involvement in an international crime ring and laundering nearly $37 million stolen from U.S. victims in cryptocurrency investment scams carried out from Cambodia.

La Maison-Blanche a publié vendredi 6 juin 2025 un texte qui bouleverse la stratégie américaine en matière de cybersécurité. L'administration Trump marque une rupture nette avec les politiques menées sous Obama et Biden. C'est un décret exécutif, publié le 6 juin 2025, qui entend « réorienter » les efforts fédéraux

Discover how early adoption of ISO 42001 helps organizations stay ahead on AI compliance, reduce risk, and boost operational efficiency.

Google fixed a flaw allowing attackers to brute-force recovery phone numbers, risking SIM swaps.

SentinelOne revealed details of two new intrusion attempts by China-nexus actors

Rare Werewolf APT uses phishing and legitimate tools to attack Russian and CIS firms, stealing credentials and deploying crypto miners.

UNFI says it is investigating unauthorized network activity, and that some operations are affected

La société de cybersécurité SentinelOne révèle comment des groupes liés à l’État chinois ont discrètement infiltré plus de 75 organisations stratégiques dans le monde entre l’été 2024 et le printemps 2025. L’objectif semble être de positionner des accès pour un usage en cas de conflit. Explications. Automne 2024 :

CISA warns of critical Erlang SSH and Roundcube vulnerabilities actively exploited, affecting servers and webmail users worldwide.

The Arkana Security extortion gang briefly listed over the weekend what appeared to be newly stolen Ticketmaster data but is instead the data stolen during the 2024 Snowflake data theft attacks.

Tel Aviv, Israel, June 9, 2025, CyberNewswire -- Seraphic Security, a leader in enterprise browser security, today announced the launch of BrowserTotal, a unique and proprietary public service enabling enterprises to assess their browser security posture in real-time. The launch coincides with the Gartner Security & Risk Management Summit 2025, where Seraphic will be showcasing the

The incident follows a spree of ransomware and extortion attacks targeting multiple U.S.- and U.K.-based retailers, including grocery stores. The logistics company said its operations are impacted.

Texas said hackers compromised an account at the Department of Transportation (TxDOT) and discovered unusual activity on May 12 involving its Crash Records Information System (CRIS).

Have you been scammed online? Here are some tips to limit the damage and follow up steps you may find useful

Find out where and how victims can report online scams to prevent more victims and possibly recover funds.

Over 84,000 instances of the Roundcube webmail software are vulnerable to CVE-2025-49113, a critical remote code execution (RCE) vulnerability with a publicly available exploit.

A vulnerability allowed researchers to brute-force any Google account's recovery phone number simply by knowing a their profile name and an easily retrieved partial phone number, creating a massive risk for phishing and SIM-swapping attacks.

SentinelOne has shared more details on an attempted supply chain attack by Chinese hackers through an IT services and logistics firm that manages hardware logistics for the cybersecurity firm.

A collective of former WordPress developers and contributors backed by the Linux Foundation has launched the FAIR Package Manager, a new and independent distribution system for trusted WordPress plugins and themes.

Leatherman, a 22-year FBI veteran, has been heavily involved in cyber investigations as section chief and deputy assistant director over the past three years.

Blue Team playbooks are essential—but tools like Wazuh take them to the next level. From credential dumping to web shells and brute-force attacks, see how Wazuh strengthens real-time detection and automated response.

Focus on financial impact, efficiency and risk management to ensure informed cybersecurity investment decisions.

The same group is believed to be behind a wave of attacks against retailers in the UK, the US and elsewhere.

Sensata Technologies is warning former and current employees it suffered a data breach after concluding an investigation into an April ransomware attack.

Reconnaissance and cyberattacks from July 2024 to March 2025 hit 70+ firms, including SentinelOne, linked to Chinese threat actors.

The statement said the Rhode Island-based company identified unauthorized activity on its systems on Thursday, prompting officials to take systems offline. The action “has temporarily impacted the Company’s ability to fulfill and distribute customer orders.”