Latest CyberSec News by @thecyberpicker

Modern vehicles, their current and future threats, and approaches to automotive cybersecurity.

Le 20 août 2025 a décidément été une grosse journée pour Google. Alors que l'entreprise américaine dévoilait en grande pompe son nouveau smartphone Pixel 10, une nouvelle application est apparue en catimini sur Google Play : un gestionnaire de mots de passe. Un outil qui répond à un besoin essentiel pour les

Microsoft has set out a roadmap to complete transition to PQC in all its products and services by 2033, with roll out beginning by 2029

Officiellement promu par la famille du président américain, le Trump T1 est un appareil mystérieux aux caractéristiques contradictoires. Les dernières images publiées en ligne montrent un Samsung Galaxy S25 Ultra avec une coque Spigen, ce qui n'a pas tardé à faire réagir l'accessoiriste. À quoi joue l'entourage de

U.S. CISA adds Apple iOS, iPadOS, and macOS vulnerability to its Known Exploited Vulnerabilities catalog..

Ex-developer Davis Lu sentenced in March 2025 after 2019 kill switch malware caused $100K+ losses.

The CIS Controls Ambassador program is an initiative of the CIS that focuses on enhancing the adoption of key cybersecurity best practices.

A software developer has been sentenced to four years in prison for sabotaging his ex-employer's Windows network with custom malware and a kill switch that locked out employees when his account was disabled.

The defect, which affects the company’s most popular devices, has been exploited in an “extremely sophisticated attack against specific targeted individuals,” Apple said.

UK-based telecommunications company Colt Technology Services confirms that customer documentation was stolen as Warlock ransomware gang auctions files.

The bipartisan Cybersecurity Hiring Modernization Act would give the edge to skills-based hiring for cyber jobs at federal agencies.

Amy (ahem, Special Agent Dale Cooper) shares lessons from their trip to the Olympic Peninsula and cybersecurity travel tips for your last-minute adventures.

The China-affiliated espionage group, which CrowdStrike tracks as Murky Panda, has been linked to more than a dozen incident response cases since late spring.

Chair Ferguson cited the E.U.’s Digital Service Act and the U.K.’s Online Safety Act as statutes that incentivize U.S. tech companies “to censor speech, including speech outside of Europe.”

Apple addressed a vulnerability impacting iOS, iPadOS, and macOS that it is under active exploitation in the wild.

The ClickFix social engineering technique has been growing in popularity, with campaigns targeting thousands of enterprise and end-user devices daily. This technique exploits users’ tendency to resolve technical issues by tricking them into running malicious commands. These commands, in turn, deliver payloads that ultimately lead to information theft and exfiltration.

Commvault patched four flaws before 11.36.60, including CVE-2025-57790 (8.7 CVSS), preventing remote code execution.

Federal prosecutors called Rapper Bot one of the most powerful DDoS botnets in history.

Dans un rapport publié le 20 août 2025, les chercheurs de Cisco Talos alertent sur l'exploitation active d'une vulnérabilité par un groupe de cyberespions affilié aux services de renseignements russes. Une campagne qui vise principalement des machines en fin de vie et dont les correctifs ont pourtant été publiés en

Europol has confirmed that a Telegram channel impersonating the agency and offering a $50,000 reward for information on two Qilin ransomware administrators is fake. The impostor later admitted it was created to troll researchers and journalists.

ClickFix attacks deliver CORNFLAKE.V3 backdoor via fake CAPTCHAs, enabling multi-payload delivery and persistence since Sept 2024.

Critical vulnerabilities in MCPs, stealthily enumerating AWS resources, a North Korean government hacker's computer was pwned, backdoors & campaigns leaked

​Microsoft is seeking further information from customers who reported failure and data corruption issues affecting their solid-state drives (SSDs) and hard disk drives (HDDs) after installing the August 2025 security update.

The powerful “Rapper Bot” DDoS-for-hire botnet impacted the Department of Defense Information Network (DODIN) in at least three attacks between April and August, two officials told DefenseScoop.

Noah Michael Urban, 20, of Palm Coast, Florida, pleaded guilty to conspiracy, wire fraud and aggravated identity theft charges in two separate federal cases spanning Florida and California.

Cloud security and identity and access management tool purchases insulated the market from tariff-induced economic shocks, according to Forrester.

From hybrid cloud to AI, IT complexity and security risks are accelerating. Certified VMware pros bring clarity and resilience that keep teams ahead. See why CIOs are making certification a workforce strategy with VMUG.

Russian state-backed hackers are exploiting a seven-year-old Cisco Smart Install vulnerability (CVE-2018-0171) in end-of-life devices, prompting warnings from the FBI and Cisco Talos

Colt customers can request a list of filenames posted on the dark web via a dedicated call center

As economic pressure mounts, global supply chains are under extraordinary strain. Shifting tariffs and trade disputes are forcing companies to rethink sourcing strategies. Geopolitical tensions are introducing costly delays and unpredictable bottlenecks. It’s clear that the ability to anticipate and adapt is no longer optional. Business leaders need a clear-eyed, forward-looking view of where supply....