Latest CyberSec News by @thecyberpicker

Ongoing outages at British retail giant Marks & Spencer are caused by a ransomware attack believed to be conducted by a hacking collective known as "Scattered Spider" BleepingComputer has learned from multiple sources.

Hitachi Vantara, a subsidiary of Japanese multinational conglomerate Hitachi, was forced to take servers offline over the weekend to contain an Akira ransomware attack.

Urban One, the largest media company primarily serving African Americans, disclosed a data breach to regulators. A ransomware group said it had attacked the company.

The company doesn’t keep logs, so couldn’t turn over data: Windscribe, a globally used privacy-first VPN service, announced today that its founder, Yegor Sak, has been fully acquitted by a court in Athens, Greece, following a two-year legal battle in which Sak was personally charged in connection with an alleged internet offence by an unknown user of the service. The case centred around a Windscribe-owned server in Finland that was allegedly used to breach a system in Greece. Greek authorities, in cooperation with INTERPOL, traced the IP address to Windscribe’s infrastructure and, unlike standard international procedures, proceeded to initiate criminal proceedings against Sak himself, rather than pursuing information through standard corporate channels...

“It’s practically taboo” for cyber firms to talk about being targeted, but SentinelLabs said in a new report that it has observed multiple threats.

Employee benefits administration firm VeriSource Services is warning that a data breach exposed the personal information of four million people.

Microsoft Intune offers secure, cloud-based endpoint management that helps healthcare providers empower frontline staff and improve patient care.

​Offensive Security warned Kali Linux users to manually install a new Kali repository signing key to avoid experiencing update failures.

Over 1,200 internet-exposed SAP NetWeaver instances are vulnerable to an actively exploited maximum severity unauthenticated file upload vulnerability that allows attackers to hijack servers.

From zero-click iOS exploits to NTLM credential leaks and the 4Chan breach — this week’s cyber threats hit where trust runs deepest.

In an open letter, Patrick Opet said third-party vendors need to embrace secure development practices over speed to market.

The bureau’s public alert follows months of conversations with the telecom industry about the far-reaching cyber espionage campaign by a Chinese nation-state threat actor.

Microsoft is working on fully mitigating issues causing Outlook on the web and SharePoint Online users to experience delays or failures when searching.

A Ukrainian cloud provider said it had restored services after a power outage disrupted operations for customers including government agencies and major companies over the weekend.

Microsoft avait créé la controverse l'année dernière en présentant sa fonctionnalité d'IA Recall pour PC Copilot+, qui consistait à prendre...-Intelligence artificielle

Internet services giant Cloudflare says it mitigated a record number of DDoS attacks in 2024, recording a massive 358% year-over-year jump and a 198% quarter-over-quarter increase.

Members of the World Uyghur Congress living in exile were targeted with a spear phishing campaign deploying surveillance malware, according to the Citizen Lab

50% of mobile devices run outdated operating systems, increasing vulnerability to cyber-attacks, according to the latest report from Zimperium

According to the 2025 Global Threat Landscape Report from FortiGuard, threat actors are executing 36,000 scans per second

Ransomware, phishing, supply chain hits — this week’s threats show no signs of slowing down.

WorkComposer, an employee monitoring app, has leaked millions of screenshots through an unprotected AWS S3 bucket.

This week in cybersecurity from the editors at Cybercrime Magazine

About 20 percent of the logistics workers for U.K. retail giant M&S were told they could stay home as the company responded to a cyberattack.

​SAQ A and A-EP offer streamlined PCI DSS compliance for merchants outsourcing payment processing, reducing scope, risk, and audit complexity.

Real-world exploits show how overlooked bugs, like SSRF and IDOR, can trigger massive data breaches.

This quarter, phishing attacks surged as the primary method for initial access. Learn how you can detect and prevent pre-ransomware attacks.

Une étude menée par le cabinet d'études économiques Asterès, commandée par le Cigref, montre à quel point l'Europe dépend des Etats-Unis dans...-Cybersécurité

ASUS advises updating routers with the latest firmware releases to receive the vulnerability fix, or disable AiCloud as mitigation.