Latest CyberSec News by @thecyberpicker

Vehicle inspections and other services have been disrupted in Oregon after a cyberattack on the state Department of Environmental Quality (DEQ).

Martin delves into how threat actors exploit chaos, offering insights from Talos' 2024 Year in Review on how to fortify defenses against evolving email lures and frequently targeted vulnerabilities, even amidst economic disruption.

Dada et al v. NSO Group has been one of many cases where alleged spyware victims have run into jurisdictional hurdles.

Hackers started exploiting a high-severity flaw that allows bypassing authentication in the OttoKit (formerly SureTriggers) plugin for WordPress just hours after public disclosure.

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Linux Kernel flaws to its Known Exploited Vulnerabilities catalog.

The agency is looking to remove some 1,300 people by cutting about half its full-time staff and another 40 percent of its contractors, a source with direct knowledge of the developing plans told Recorded Future News.

OpenAI is giving ChatGPT's memory feature its biggest upgrade yet, allowing the AI to know you better by referencing all your past conversations.

​Microsoft has released an out-of-band Office update to fix a known issue that caused Word, Excel, and Outlook to crash after installing the KB5002700 security update for Office 2016.

The Oregon senator is demanding CISA release a report on security practices in the industry, citing concerns about the Salt Typhoon hacking campaign.

Cisco Talos has observed a widespread and ongoing financial theft SMS phishing (smishing) campaign since October 2024 that targets toll road users in the United States of America.

China-based purveyors of SMS phishing kits are enjoying remarkable success converting phished payment card data into mobile wallets from Apple and Google. Until recently, the so-called “Smishing Triad” mainly impersonated toll road operators and shipping companies. But experts say these…

TOKYO, Apr. 10, 2025 — Today, NTT Corporation (NTT) announced a new, large-scale integration (LSI) for the real-time AI inference processing of ultra-high-definition video up to 4K resolution and 30 frames per second (fps). This low-power technology is designed for edge and power-constrained terminal deployments in which conventional AI inferencing requires the compression of ultra-high-definition

SAN FRANCISCO — If large language AI models are shaping our digital reality, then who—exactly—is shaping those models? And how the heck are they doing it? Related: What exactly is GenAI? Those are the questions Dr. Hidenori Tanaka wants to answer in an effort to put GenAI on solid scientific footing. And it’s the guiding

More MCP links than you can shake a stick at, GHA runtime monitoring & why pinning is hard, scan S3 buckets for misconfigs and ransomware prevention

PortSwigger answers the standout questions raised during The Future of AppSec webinar.

Un rapport de Revolut sur les arnaques financières en ligne rapporte que Facebook, Instagram et WhatsApp représentent plus de la moitié des signalements faits à Revolut. L'application bancaire Revolut a publié ce 10 avril un rapport sur la sécurité des consommateurs et la criminalité financière. Elle y épingle

Microsoft is investigating a potential licensing issue blocking access to Microsoft 365 services for some customers with Family subscriptions.

Google Cloud’s Sandra Joyce said that Chinese state actors’ advanced techniques and ability to stay undetected pose huge challenges

Google Cloud announced a number of security products designed to reduce complexity for security leaders

Claude has a new subscription tier called "MAX," but it costs a whopping $200 per month, and users aren't happy with how the company enforces rate limits.

Incomplete fix for CVE-2024-0132 in NVIDIA Toolkit leaves Linux Docker hosts vulnerable to container escapes and DoS attacks.

The Russian state-backed hacking group Gamaredon (aka "Shuckworm") has been targeting a military mission of a Western country in Ukraine in attacks likely deployed from removable drives.

South Africa’s fourth-largest mobile network operator, Cell C, has confirmed that its data was leaked on the dark web following a cyberattack last year.

Researchers at Expel said a cybercrime group that specializes in gift card fraud used a novel tactic to hide its activities: signing up its own virtual machines (VMs) within a legitimate corporate cloud domain.

A report from Edinburgh University warns that child abusers are using dating apps to find single parents with vulnerable children.

The Cyber Security Breaches Survey 2025 has been released by the UK Home Office and DSIT today, reporting a slight decline in incidents compared to 2024 report

Cybersecurity professionals who participated in discussions over a code of conduct for nations to use commercial hacking tools said the final voluntary guidelines offer modest promise, even if they fall short of what some wanted.

Malicious npm package pdf-to-office trojanizes Atomic Wallet, Exodus apps to steal crypto funds, persisting after deletion.

A new Android malware campaign uses fake Google Play pages to distribute the SpyNote Trojan

Data offers insights into consumer behavior, credit trends, and competitor strategies. This is why using real-time credit data is your key to success!