Latest CyberSec News by @thecyberpicker

A senior Moscow official said the city hired several hackers who previously launched a cyberattack against the capital’s digital education platform.

Google has disputed a widely reported story about the company warning all Gmail users to reset their passwords due to a recent data breach that also affected some Workspace accounts.

Staff at the company's plant in Halewood, near Liverpool, were sent an email early on Monday morning and told not to report for work, according to the Liverpool Echo. The shutdown is expected to continue into Wednesday, the newspaper reported.

Jaguar has proactively shut down systems to mitigate the impact of the incident, amid reports that workers at a UK manufacturing plant had been told to stay at home

Jaguar Land Rover (JLR) announced that a cyberattack forced the company to shut down certain systems as part of the mitigation effort.

FTX’s weak security measures, including SMS-based two-factor authentication, enabled a SIM swap attack that resulted in a loss of over $400 million.

Palo Alto Networks suffered a data breach that exposed customer data and support cases after attackers abused compromised OAuth tokens from the Salesloft Drift breach to access its Salesforce instance.

Californians are receiving scammy text messages that tell them they're owed a tax refund. Don't click any links or reply!

The Office of the Pennsylvania Attorney General announced that a ransomware attack is behind the ongoing two-week service outage.

Dans une note publiée le 1er septembre sur son blog, Google tente de rassurer les utilisateurs Gmail. Depuis fin août, la plateforme d'email fait l'objet de nombreuses rumeurs selon lesquelles 2,5 milliards de comptes seraient en danger. « Complètement faux » rétorque le géant américain qui vante les capacités de

This week in cybersecurity from the editors at Cybercrime Magazine

Palo Alto Networks suffered a data breach that exposed customer data and support cases after attackers abused compromised OAuth tokens from the Salesloft Drift breach to access its Salesforce instance.

90% of employees use AI daily outside enterprise controls—discover Shadow AI risks before they discover you.

Break down the US AI executive orders, BBB, and AI action plan, exploring how these directives define federal guidelines and oversight of AI.

FDN3 brute-force attacks peaked July 6–8, 2025, tied to Seychelles bulletproof hosts enabling ransomware entry.

In the early 1960s, National Security Agency cryptanalyst and cryptanalysis instructor Lambros D. Callimahos coined the term “Stethoscope” to describe a diagnostic computer program used to unravel the internal structure of pre-computer ciphertexts. The term appears in the newly declassified September 1965 document Cryptanalytic Diagnosis with the Aid of a Computer, which compiled 147 listings from this tool for Callimahos’s course, CA-400: NSA Intensive Study Program in General Cryptanalysis. The listings in the report are printouts from the Stethoscope program, run on the NSA’s Bogart computer, showing statistical and structural data extracted from encrypted messages, but the encrypted messages themselves are not included. They were used in NSA training programs to teach analysts how to interpret ciphertext behavior without seeing the original message...

Kaspersky experts explain the different types of cookies, how to configure them correctly, and how to protect yourself from session hijacking attacks.

ksmbd - Fuzzing Improvements and Vulnerability Discovery (2/3)

Ianis Aleksandrovich Antropenko allegedly committed ransomware attacks from 2018 to 2022. He’s been out on bond since his arrest almost a year ago, despite multiple run-ins with police.

Silver Fox exploited a Microsoft-signed WatchDog driver in May 2025 to bypass defenses, deploy ValleyRAT, and enable fraud.

D'après un article du New York Times paru le 30 août 2025, l'armée israélienne a bombardé, en juin dernier, un bunker où s'étaient réunis de hauts dirigeants iraniens, dont le président de la république islamique Massoud Pezeshkian. Cette opération, planifiée et exécutée avec une extrême précision, a été rendue

The UK National Cyber Security Centre thinks public disclosure programs could help mitigate AI safety threats

Zscaler has emerged as the latest corporate victim of a supply chain attack targeting Salesforce data

Malicious npm package nodejs-smtp, downloaded 347 times since April 2025, hijacks Atomic and Exodus wallets.

The recent mass-theft of authentication tokens from Salesloft, whose AI chatbot is used by a broad swath of corporate America to convert customer interaction into Salesforce leads, has left many companies racing to invalidate the stolen credentials before hackers can…

Zscaler breach tied to Salesloft Drift attack exposed Salesforce data, leaking customer info and support case details in a supply-chain compromise.

Android droppers spread spyware via fake banking apps in India as Google Play Protect faces evasion.

Cybersecurity company Zscaler warns it suffered a data breach after threat actors gained access to its Salesforce instance and stole customer information, including the contents of support cases.

L'avion de la présidente de la Commission européenne, Ursula von der Leyen, aurait connu un incident de vol l'empêchant d'utiliser le GPS, pendant un déplacement en Bulgarie. Les regards se tournent vers Moscou, accusé de procéder à des brouillages réguliers du GPS dans l'est de l'Europe. L'affaire a été révélée le

Last week, a contract worth €10 million had been awarded to the Spanish multinational Telefónica to use Huawei kit to upgrade the RedIRIS network, effectively more than 16,000km of infrastructure.