Latest CyberSec News by @thecyberpicker

interos.ai’s weighs in on tariffs and the geopolitical landscape ahead of "Liberation Day”

As medical devices are bought and re-sold on the secondary market, they become harder to find and patch when a new vulnerability is discovered, a doctor told House lawmakers.

A previously unknown trick lets you easily bypass using a Microsoft Account in Windows 11, just as Microsoft tries to make it harder to use local accounts.

Retired Lt. Gen. Dan Caine, President Trump's nominee to serve as chairman of the Joint Chiefs of Staff, also expressed support for the current dual-hat arrangement between U.S. Cyber Command and NSA.

As thousands were laid off from the Department of Health and Human Services on Tuesday morning, Congress held a hearing on medical device cybersecurity where experts raised concerns about the ramifications of the firings.

The company released a host of security patches Monday, including ones that address two zero-day vulnerabilities.

The program faces a number of challenges before it is set to expire, during a time where state and local governments face a bevy of cyber risks and changes.

Microsoft’s offensive security team discovered a critical code execution vulnerability impacting Canon printer drivers.

​North Korea's IT workers have expanded operations beyond the United States and are now increasingly targeting organizations across Europe.

Read how Microsoft’s unified security operations platform can use generative AI to transform cybersecurity for the public sector.

The lawsuit casts much of the order as broadly illegal and outside the scope of the executive branch’s constitutional powers.

A RAR file, a fake summons, and a Nietzsche quote—all part of a multi-stage malware chain delivering DCRat & Rhadamanthys. Acronis TRU breaks down how attackers use VBS, batch, and PowerShell scripts to slip past defenses.

Over 1,500 PostgreSQL servers compromised via weak credentials and SQL abuse, enabling fileless crypto mining.

The prolific gang is linked to the exploitation of critical flaws in Cleo file transfer software.

The Commission said it would create roadmaps regarding both the “lawful and effective access to data for law enforcement” and on encryption.

Autorité de la concurrence, France's antitrust watchdog, has fined Apple €150 million ($162 million) for using the App Tracking Transparency privacy framework to abuse its dominant market position in mobile app advertising on its devices.

Questions and confusion surround the authentication bypass vulnerability, which was privately disclosed to customers on March 21.

Gmail launches client-side E2EE beta on its 21st birthday, simplifying encryption and boosting admin control.

The CERT-UA investigation concluded that the attack’s techniques were “characteristic of Russian intelligence services”

WP Ultimate CSV Importer flaws expose 20,000 websites to attacks enabling attackers to achieve full site compromise

Vladimir Putin signed a law on Monday that prohibits state institutions, banks and others from using foreign messaging apps when communicating with customers.

Cisco Talos observed identity-based attacks in 60% of the incidents it responded to last year.

The belated reworking of the country’s cybersecurity regulations comes three years after the previous government had prematurely described those laws as “updated” while failing to actually introduce the legislation.

Zero Trust takes the fear factor out of AI threats by limiting threat actors’ chances of gaining access. No matter how advanced an attack, access is required.

A significant spike in scanning activity targeting Palo Alto Network GlobalProtect login portals has been observed, with researchers concerned it may be a prelude to an upcoming attack or flaw being exploited.

​Google has started rolling out a new end-to-end encryption (E2EE) model for Gmail enterprise users, making it easier to send encrypted emails to any recipient.

U.S.-based cybersecurity firm ReliaQuest has secured a significant funding boost with a new investment round totaling over $500 million, elevating the company's valuation to $3.4 billion.

Lucid PhaaS hit 169 targets in 88 countries by abusing iMessage and RCS to bypass SMS filters

Attackers exploit CrushFTP CVE-2025-2825 flaw, enabling unauthenticated access to unpatched devices using public proof-of-concept code.