Latest CyberSec News by @thecyberpicker

DoJ seized $2.8M in crypto from Ianis Antropenko, indicted in Texas and tied to the defunct Zeppelin ransomware.

Human resources firm Workday disclosed a data breach after attackers accessed a third-party CRM platform via social engineering.

Workday has revealed a breach of its third-party CRM systems in what could be the latest ShinyHunters attack

OpenAI has confirmed it has begun rolling out a new warmer personality for GPT-5, but remember that it won't be as warm as GPT-4o, which is still available for use under legacy models.

Human resources giant Workday has disclosed a data breach after attackers gained access to a third-party customer relationship management (CRM) platform in a recent social engineering attack.

Xerox patched two serious flaws in FreeFlow Core, path traversal and XXE injection, that allowed unauthenticated remote code execution.

A list of topics we covered in the week of August 11 to August 17 of 2025

WarLock ransomware hit Colt Telecom, causing outages in hosting, porting, Colt Online, and Voice API since August 12.

OpenAI rival Anthropic says Claude has been updated with a rare new feature that allows the AI model to end conversations when it feels it poses harm or is being abused.

The U.S. Department of Justice (DoJ) announced the seizure of over $2,800,000 in cryptocurrency from alleged ransomware operator Ianis Aleksandrovich Antropenko.

Google's Gemini never stops delivering, and it's now testing a new feature called "Projects." This will be similar to OpenAI's Project Feature for ChatGPT.

NordVPN propose des promotions sur l'ensemble de ses abonnements jusqu’à 73 % de réduction et trois mois offerts avec en bonus des cartes Amazon. Les VPN permettent de naviguer sereinement sur vos appareils connectés. Parmi les fournisseurs disponibles, NordVPN reste encore aujourd'hui l'un des plus utilisés. Le

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape

OpenAI is testing an AI-powered browser that uses Chromium as its underlying engine, and it could debut on macOS first.

Microsoft recently revealed that it's currently enhancing protection against dangerous file types and malicious URLs in Teams chats and channels.

A security researcher has released a partial proof of concept exploit for a vulnerability in the FortiWeb web application firewall that allows a remote attacker to bypass authentication.

ChatGPT's Voice mode is already pretty good, but OpenAI is working on a new feature that will allow you to control how Voice mode actually works.

OpenAI is working on a cheaper plan called ChatGPT Go, and we previously thought it would be just limited to a few regions like India, but that may not be the case.

Man-in-the-Prompt: a new threat targeting AI tools like ChatGPT and Gemini via simple browser extensions, no complex attack needed.

ERMAC V3.0 source code leak exposes full malware backend, flaws, and 700+ targeted apps

Microsoft empowers Project Ire with specialized reverse engineering tools, multi-level reasoning for automated threat classification.

PXA malware is a potent infostealer that has targeted users across 62 countries to sell stolen data on Telegram-based marketplaces.

EncryptHub exploits CVE-2025-26633 with social engineering and rogue MSC files, delivering Fickle Stealer malware.

Here’s the story. The commenters on X (formerly Twitter) are unimpressed. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy.

A district appeals court ruled that the FCC “correctly determined” that telecoms had a duty to protect customer location data that was sold and later misused by third parties.

The London-based tech and telecom company Colt Technology Services confirmed that a cyberattack earlier this week caused technical issues that it is still addressing.

Cybercriminal groups peddling sophisticated phishing kits that convert stolen card data into mobile wallets have recently shifted their focus to targeting customers of brokerage services, new research shows. Undeterred by security controls at these trading platforms that block users from…

A new report described how criminals use “ghost-tapping” — when stolen payment card details are uploaded onto a burner phone and used in-person to purchase goods.

A cybercriminal was found selling scanned IDs that were stolen from guests at Italian hotels on underground forums, warned CERT-AGID.

National Public Data has changed ownership. Does this mean your personal information has changed hands too?