Latest CyberSec News by @thecyberpicker

While “fairly primitive”, APT28’s LameHug was a testbed for future AI-powered attacks, said two MITRE experts during Black Hat USA 2025

Microsoft announced today that systems running Home and Pro editions of Windows 11 23H2 will stop receiving updates in three months.

With real-time insight, defined ownership, & tools that uncover more than surface-level, teams can turn SaaS from a visibility gap into a business accelerator.

A detailed comparison of Enterprise Browsers vs. Secure Extensions, affecting BYOD, GenAI, and telemetry.

Yes24, the largest ticket retailer in South Korea, faced its second ransomware attack this summer, affecting a tour for K-pop band Day6 and other events.

This week in cybersecurity from the editors at Cybercrime Magazine

New threat intelligence points to targeting of financial services and technology sectors by ShinyHunters group

Manpower, one of the world's largest staffing companies, is notifying nearly 145,000 individuals that their information was stolen by attackers who breached the company's systems in December 2024.

The identity security market got its moment of validation. Related: Inside Palo Alto Networks acquisition of CyberArk Palo Alto Networks’ blockbuster $25 billion acquisition of CyberArk — its largest to date — underscores a strategic inflection point: identity has become the new control plane of modern cybersecurity. The move marks Palo Alto’s aggressive entry into

A few years ago, scammers invented a new phishing email. They would claim to have hacked your computer, turned your webcam on, and videoed you watching porn or having sex. BuzzFeed has an article talking about a “shockingly realistic” variant, which includes photos of you and your house—more specific information. The article contains “steps you can take to figure out if it’s a scam,” but omits the first and most fundamental piece of advice: If the hacker had incriminating video about you, they would show you a clip. Just a taste, not the worst bits so you had to worry about how bad it could be, but something. If the hacker doesn’t show you any video, they don’t have any video. Everything else is window dressing...

The mayor of Saint Paul, Minnesota's capital city, has confirmed that the Interlock ransomware gang is responsible for a cyberattack that disrupted many of the city's systems and services in July.

Dutch NCSC warns of CVE-2025-6543 Citrix attacks on critical organizations, urging urgent patches to prevent further breaches.

Les escrocs en ligne ont mis au point une nouvelle technique pour tromper les utilisateurs de PayPal. En exploitant une option dédiée aux comptes business, les cybercriminels parviennent à tromper leurs victimes en envoyant des messages qui passent par les canaux de communication officiels de PayPal. Et si le

Threat actors have stolen data on at least half a million cancer screening patients

Cary, NC, Aug. 11, 2025, CyberNewswire—INE has been selected for Training Industry's 2025 Top 20 Online Learning Library Companies list, recognizing the company's leadership in cybersecurity training, cybersecurity certifications, and IT training that emphasizes hands-on, practical learning experiences. Training Industry evaluated companies based on course quality and scope, market presence and innovation, client relationships, and

London, Aug. 11, 2025, CyberNewswire—A survey of 80 North American MSPs shows fragmented security stacks drive fatigue, missed threats, and business inefficiency Security tools meant to protect managed service providers are instead overwhelming them. A new study from Heimdal and FutureSafe reveals that 89% of MSPs struggle with tool integration while 56% experience alert fatigue

The vendor ruled out a zero-day vulnerability as the root cause, disputing initial assessments from third-party researchers. Fewer than 40 organizations have been impacted since mid-July.

BlackSuit has been among the most prolific ransomware gangs in recent years, targeting government agencies, critical manufacturing companies and healthcare firms.

Researchers exploited a seven-year-old CPU vulnerability—“L1TF Reloaded”—to leak data from public clouds like AWS and Google Cloud, proving that older, supposedly mitigated flaws pose real-world threats

Navigating the rapid pace of technology within procurement constraints requires experts who understand both and know how to leverage cloud partners.

The North Korean state-sponsored hackers known as Kimsuky has reportedly suffered a data breach after two hackers, who describe themselves as the opposite of Kimsuky's values, stole the group's data and leaked it publicly online.

The Interlock ransomware gang is claiming to have carried out a cyberattack that has disrupted the operations of the city government of St. Paul, Minnesota.

Three Ghanaian men face charges in the U.S. related to a multimillion-dollar operation that defrauded individuals online and ran business email compromise scams.

The FCC has adopted new rules to make it more difficult for foreign firms to apply for licensing to build out submarine cables.

The Netherlands' National Cyber Security Centre (NCSC) is warning that a critical Citrix NetScaler vulnerability tracked as CVE-2025-6543 was exploited to breach "critical organizations" in the country.

Researchers have released a report detailing how a recent WinRAR path traversal vulnerability tracked as CVE-2025-8088 was exploited in zero-day attacks by the Russian 'RomCom' hacking group to drop different malware payloads.

A bipartisan bill from Reps. Crow and Kean would give the Bureau of Industry and Security IT upgrades to help keep U.S. dual-use technologies away from Russia, China and others.

New 2TETRA:2BURST flaws expose TETRA networks to injection, replay, and brute-force risks. Critical for public safety.

Researcher earns Google Chrome ’s top $250K bounty for a sandbox escape vulnerability enabling remote code execution.

JetBrains TeamCity 2023.11.4 - Authentication Bypass. CVE-2024-27198 . webapps exploit for Multiple platform