Latest CyberSec News by @thecyberpicker

The promise of AI in cybersecurity has been loudly heralded—yet quietly limited. Related: What is IaC? Machine learning has proven effective at spotting anomalies and flagging misconfigurations. But resolving those issues remains largely manual, slow, and labor-intensive. A recent Cloud Security Alliance survey found: •75% of teams spend at least one-fifth of their time manually

The two engineers, alongside a third suspect, have since been arrested in what is the first trade secrets case brought under Taiwan’s National Security Act, a law that intends to protect the country’s advantage in producing pioneering semiconductors.

Infrastructure as Code (IaC) promises consistency and control. But no matter how pristine your IaC is, your actual cloud environment will start to drift.

Talos reported 5 vulnerabilities to Broadcom and Dell affecting both the ControlVault3 Firmware and its associated Windows APIs that we are calling “ReVault”.

IANS found that stagnant budget growth rates have significantly impacted CISOs ability to increase their teams’ headcount

A ransomware attack on Curaçao's tax office and an email breach at Aruba's parliament have put the Dutch Caribbean islands on high alert for cybersecurity issues.

Cybersecurity attacks are rising sharply in 2025, and Microsoft has been one among many prominent targets. Research shows that 70 percent of M365 tenants have experienced account takeovers1 and 81 …

Cisco has disclosed that cybercriminals stole the basic profile information of users registered on Cisco.com following a voice phishing (vishing) attack targeting a company representative.

Overview Bumblebee malware has been an initial access tool used by threat actors since late 2021. In 2023 the malware was first reported as using SEO poisoning as a delivery mechanism. Recently in …

Most SaaS incidents come from misconfigurations or permission issues, not attacks—putting users at unseen risk.

Ever wondered how attackers can compromise modern websites by exploiting invisible cracks in HTTP infrastructure to win big bounties? In his latest video, NahamSec walks through the basics of request

SonicWall has warned customers to disable SSLVPN services due to ransomware gangs potentially exploiting an unknown security vulnerability in SonicWall Gen 7 firewalls to breach networks over the past few weeks.

These are in plain sight without a Breach. No ransomware. No compromise. Just misconfigured systems, overpermissioned users, silent access.

An AI impact analysis assesses how an AI system affects those involved with it. Explore the key ethical and societal considerations for an AI impact analysis.

Skechers is making a line of kid’s shoes with a hidden compartment for an AirTag.

L’avenir de la chasse aux bugs pourrait bien appartenir aussi aux intelligences artificielles (IA). Google vient d’affirmer qu’un de ses systèmes avait été plutôt bon pour déceler plusieurs vulnérabilités au cours des derniers mois. Repérer les failles de sécurité est une opération coûteuse, mais qui fait partie du

Receiving an unexpected package in the post is not always a pleasant surprise.

Google has released security patches for six vulnerabilities in Android's August 2025 security update, including two Qualcomm flaws exploited in targeted attacks.

SecurityScorecard analysis highlights wide variety of Iranian threat actors and coordination with military activity

SonicWall probes possible new zero-day after spike in Akira ransomware attacks on Gen 7 firewalls with SSLVPN enabled.

Un membre présumé du groupe cybercriminel LockBit a été arrêté par les autorités françaises en juillet. Suspecté d'avoir participé à de nombreuses cyberattaques, dont certaines sur des infrastructures sensibles en France, le suspect a été arrêté en Ukraine après une enquête menée par l'unité nationale cyber (UNC). Il

SOC teams using ANY.RUN report 3x faster response and 50% less workload by automating triage and enabling live threat analysis.

Microsoft will offer up to $5 million in bounty awards at this year's Zero Day Quest hacking contest, which the company describes as the "largest hacking event in history."

Cifas noted a record number of filings in its National Fraud Database for the first half of 2025

New flaws in NVIDIA's Triton Server let remote attackers take over systems via RCE, posing major risks to AI infrastructure.

TikTok Shop users are targeted in a phishing and malware campaign using 15,000 fake sites. Data and crypto thefts surge.

Akira ransomware exploits SonicWall SSL VPNs in July 2025, prompting zero-day probe and urgent mitigations.

Can you trust an AI model with you and your customers’ data? This question creates daily operational hurdles. RiskRubric.ai is the answer.

The Treasury Department warned that the massive increase in the number of crypto ATMs — convertible virtual currency kiosks — has been accompanied by a spike in the number of operators who fail to comply with anti-money laundering rules.

Android partners and customers have experienced a temporary respite from double-digit vulnerabilities this summer. Google issued no security patches in its update last month.