Latest CyberSec News by @thecyberpicker

The company filed for bankruptcy after financial challenges over the past few years and a massive data breach in 2023.

Discover why traditional security questionnaires fail to provide accurate risk assessments and how companies can implement more effective evaluation methods.

North Korea’s IT worker scam has expanded widely into Europe after years of focusing on U.S. companies, according to new research.

Hackers stole $1.67bn of cryptocurrencies in the first quarter of 2025, a 303% increase

La confiance dans les services numériques est en déclin. Sur 13 secteurs de l'économie, seules les organisations gouvernementales, la banque et...-Cybersécurité

Cisco warns admins to patch a critical Cisco Smart Licensing Utility (CSLU) vulnerability, which exposes a built-in backdoor admin account now used in attacks.

A l'occasion du Forum InCyber, le Campus Cyber, en collaboration avec le Hub France IA, publie un guide pour protéger les systèmes...-Intelligence artificielle

Google has found a significant increase in North Korean actors attempting to gain employment as IT workers in European companies, leading to data theft and extortion

The challenges many enterprises face in harnessing AI’s potential are becoming more apparent. MFT plays a crucial role in enabling enterprises to leverage AI.

Outlaw malware exploits weak SSH credentials + uses worm-like spread since 2018 + enables cryptojacking.

93% of service providers struggle with NIST compliance—automation reduces manual work by 70%, boosting efficiency.

John Kelsey and I wrote a short paper for the Rossfest Festschrift: “Rational Astrologies and Security“: There is another non-security way that designers can spend their security budget: on making their own lives easier. Many of these fall into the category of what has been called rational astrology. First identified by Randy Steve Waldman [Wal12], the term refers to something people treat as though it works, generally for social or institutional reasons, even when there’s little evidence that it works—­and sometimes despite substantial evidence that it does not...

A new malware campaign involves numerous malicious Android apps developed by exploiting Microsoft's .NET MAUI to escape detection.

ProSSHD 1.2 - Denial of Service (DOS). CVE-2024-0725 . remote exploit for Windows platform

The dawn of our fifth year deepens our understanding of the enemies at the gate, and some tensions inside it; plus, an anniversary gift from us to you

SAP NetWeaver - 7.53 - HTTP Request Smuggling. CVE-2022-22536 . remote exploit for Multiple platform

The dawn of our fifth year deepens our understanding of the enemies at the gate, and some tensions inside it; plus, an anniversary gift from us to you

53.5% of websites have weak SSL setups—leaving attack surfaces exposed and increasing breach risk.

Gaming community Steam appeared most often in phishing emails and texts detected by Guardio in Q1 2025

Identity and Access Management (IAM) is no longer just about keeping the wrong people out—it’s about ensuring the right people, machines, and AI-driven agents can securely operate in an increasingly complex digital world. Related: How IAM can be a growth engine If 2024 was the year of Zero Trust acceleration, 2025 is shaping up to

Les grandes affaires de fuites de données secouent l'actualité, mais qu'en est-il du quotidien de la sécurité informatique dans les entreprises...-Cybersécurité

Apple backports three critical vulnerabilities actively exploited in attacks against older iOS and macOS models.

The UK’s data protection regulator says it is overwhelmed with complaints from the public

FIN7 deploys Anubis backdoor via malspam to control Windows systems using stealthy, memory-resident payloads.

ABB Cylon Aspect 3.08.01 - Arbitrary File Delete. CVE-2024-6209 . webapps exploit for PHP platform

Elaine's Realtime CRM Automation 6.18.17 - Reflected XSS. CVE-2024-42831 . webapps exploit for PHP platform

ABB Cylon Aspect 3.08.01 - Remote Code Execution (RCE). CVE-2024-6298 . webapps exploit for Multiple platform

Hijack Loader now uses call stack spoofing and ANTIVM modules to bypass detection and persist.

interos.ai’s weighs in on tariffs and the geopolitical landscape ahead of "Liberation Day”