Latest CyberSec News by @thecyberpicker

The technology giant, as part of its Secure Future Initiative program, has overhauled security practices following a series of crippling nation-state-linked cyberattacks.

There are plenty of frameworks, tools and strategies to help map out a risk-resilient cloud infrastructure.

Recent CVEs were patched amid concerns of exploitation. While traditional patching requires downtime, virtual patching allows critical systems to stay online.

ClickFix attacks are being increasingly adopted by threat actors of all levels, with researchers now seeing multiple advanced persistent threat (APT) groups from North Korea, Iran, and Russia utilizing the tactic to breach networks.

In a rather clever attack, hackers leveraged a weakness that allowed them to send a fake email that seemed delivered from Google's systems, passing all verifications but pointing to a fraudulent page that collected logins.

A large-scale ad fraud operation called 'Scallywag' is monetizing pirating and URL shortening sites through specially crafted WordPress plugins that generate billions of daily fraudulent requests.

Cloud security providers aren't all the same, and knowing what to look for and what questions to ask when making a decision comes down to five keys to success.

This week in cybersecurity from the editors at Cybercrime Magazine

Une campagne d'espionnage menée depuis la Russie tente de piéger les politiques européens avec de fausses invitations envoyées par mail. Une fois la pièce jointe ouverte, l'ordinateur de la victime sera infecté et va offrir toutes ses informations aux hackers. Les pirates de Moscou mènent une nouvelle campagne de

Japanese regulators published an urgent warning about hundreds of millions of dollars worth of unauthorized trades being conducted on hacked brokerage accounts in the country.

Device management tools miss unmanaged devices and OS gaps—device trust closes them for safer access.

From zero-click iOS exploits to NTLM credential leaks and the 4Chan breach — this week’s cyber threats hit where trust runs deepest.

Uncover key insights from AI red teaming experts on securing generative AI systems against adversarial attacks, harmful outputs, and infrastructure risks.​

Discover how Next-Generation Firewalls are adapting to combat AI-enabled cyberattacks and evolving to protect organizations in today's dynamic threat landscape.

Attackers are increasingly sending phishing emails with SVG attachments that contain embedded HTML pages or JavaScript code.

Proton66-hosted IPs launched global cyberattacks since Jan 8, 2025, exploiting critical CVEs to deploy malware.

A list of topics we covered in the week of April 12 to April 18 of 2025

This week on the Lock and Code podcast, we speak with Sydney Saubestre about DOGE and its access to Americans' data.

Un expert en cybersécurité démontre aux entreprises, à travers une maquette en LEGO, comment une cyberattaque peut mettre en péril une chaîne de production. Un simple zéro tapé sur un clavier et la machine s’arrête. En quelques secondes, une chaîne de production peut être paralysée et une entreprise mise à l'arrêt

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free.

APT29 deployed GRAPELOADER to target European diplomats in early 2025, enhancing stealth and persistence.

Windows administrators from numerous organizations report widespread account lockouts triggered by false positives in the rollout of a new Microsoft Entra ID's "leaked credentials" detection app called MACE.

Public exploits are now available for a critical Erlang/OTP SSH vulnerability tracked as CVE-2025-32433, allowing unauthenticated attackers to remotely execute code on impacted devices.

A new malware-as-a-service (MaaS) platform named 'SuperCard X' has emerged, targeting Android devices via NFC relay attacks that enable point-of-sale and ATM transactions using compromised payment card data.

Threat actors are actively exploiting a remote code execution flaw in SonicWall Secure Mobile Access (SMA) appliances since January 2025.

3 fake npm packages mimicking Telegram Bot API added SSH backdoors on Linux, risking persistent access.

Google Gemini is testing a ChatGPT-like scheduled tasks feature called "Scheduled Actions," which will allow you to create tasks that Gemini will execute later.

CVE-2025-2492 flaw in ASUS AiCloud routers allows remote control; firmware fix issued for 4 versions.

L'Usine Digitale vous propose un best-of des actualités de la semaine du 14 avril en matière de protection des données. Au menu : l'offre...-Data protection