Latest CyberSec News by @thecyberpicker

Read the new whitepaper from the Microsoft AI Red Team to better understand the taxonomy of failure mode in agentic AI.

Attachers are luring victims into a Zoom call and then taking over their PC to install malware, infiltrate their accounts, and steal their assets.

Lazarus exploited zero-days in South Korean software, targeting 6 firms with ThreatNeedle and more.

As RSAC 2025 convenes next week in San Francisco, digital trust is poised to take center stage. Related: PKI and the IoT cloud One quiet but consequential development now taking root in the financial sector could prove pivotal: the emergence of a dedicated Public Key Infrastructure (PKI) framework, tailored to banks and payment networks, guided

AI creating/debugging an exploit for the recent Erlang/OTP SSH vuln, map visualization and firewall for AWS activity, a multi-stage attack simulation tool for k8s

A misconfigured tracking tool has exposed protected health information of 4.7 million Blue Shield members to Google Ads

The Interlock ransomware gang has claimed the cyberattack on DaVita kidney dialysis firm and leaked data allegedly stolen from the organization.

Microsoft announced an increase in bug bounty payouts to $30,000 for AI vulnerabilities found in Dynamics 365 and Power Platform services and products.

VPNs, routers and firewalls are being targeted via older CVEs, new GreyNoise research shows.

Dans le cadre du programme "CaRE", le gouvernement veut que les établissements de santé montent en compétence en matière de gestion de crise...-Cybersécurité

Microsoft says it resolved a known issue causing erroneous 0x80070643 installation failure errors when deploying the April 2025 Windows Recovery Environment (WinRE) updates.

A critical path traversal vulnerability in Commvault’s backup and replication solutions has been reported

Lazarus exploited zero-days in South Korean software, targeting 6 firms with ThreatNeedle and more.

Yale New Haven Health (YNHHS) is warning that threat actors stole the personal data of 5.5 million patients in a cyberattack earlier this month.

Verizon researchers found that 64% of ransomware victims did not pay the ransoms — which was up from 50% two years ago.

Blue Shield of California said it accidentally leaked the personal data of 4.7 million individuals to Google after a Google Analytics misconfiguration.

Maximize your phishing assessments by asking the right questions—ensure tailored, effective campaigns that go beyond just checking the compliance box.

L'entreprise française spécialisée dans l'achat-revente de produits d'occasion a été victime d'un “incident de cybersécurité” à la...-Cybersécurité

A newly discovered malicious program effectively turns Android phones into malicious tap machines that vacuum up payment card data.

ARMO shows io_uring-based rootkits evade Falco, Tetragon, and Defender, risking Linux runtime security.

159 CVEs exploited in Q1 2025 + 28.3% within 1 day + Exploits drive 20% of breaches.

The municipal water company in the town of Mataró said it is working with the Catalonian authorities to recover and restore its infrastructure.

This week in cybersecurity from the editors at Cybercrime Magazine

Darcula adds GenAI tools + Lowers phishing skills barrier + 25,000 scam pages taken down.

While the Verizon annual report showed that ransomware is rising, it also found that ransom payments are in decline

A new era of real-time supply chain visibility and proactive risk mitigation is here for government agencies.

As cyber threats get smarter, companies are using Zero Trust Security Models to keep their data safe. This way of thinking means "never trust, always verify."

A significant security gap in Linux runtime security caused by the 'io_uring' interface allows rootkits to operate undetected on systems while bypassing advanced Enterprise security software.

NCC Group found that ransomware attacks fell by 32% in March compared to February, but described this finding as a “red herring”

WhatsApp adds Advanced Chat Privacy feature that allows users to block others from sharing chat content outside the app.