Latest CyberSec News by @thecyberpicker

A House hearing on state voter roll purges saw GOP lawmakers claim outdated voter lists enable fraud, but evidence was scant. Experts and voters testified about the real impacts of registration challenges and voter roll maintenance.

Microsoft is rolling out significant changes to Windows 11 24H2 as part of the Windows Resilience Initiative, designed to reduce downtime and help devices recover from serious failures, as well as an overhaul of the all-too-familiar BSOD crash screens.

A new variant of the banking trojan 'Coyote' has begun abusing a Windows accessibility feature, Microsoft's UI Automation framework, to identify which banking and cryptocurrency exchange sites are accessed on the device for potential credential theft.

NIST has issued draft updates to Special Publication (SP) 800-53 to provide additional guidance on how to securely and reliably deploy patches and updates in

L'écosystème cyber est en alerte depuis la découverte de deux vulnérabilités « zero-day » affectant la célèbre solution de gestion collaborative SharePoint de Microsoft. Toujours activement exploitées, ces failles sont au cœur d’une large campagne de piratage menée, selon de nombreux experts, par des groupes de

AMEOS Group, an operator of a massive healthcare network in Central Europe, has announced it has suffered a security breach that may have exposed customer, employee, and partner information.

CISA and the FBI warned on Tuesday of increased Interlock ransomware activity targeting businesses and critical infrastructure organizations in double extortion attacks.

Microsoft links SharePoint attacks to three China-based groups; flaws allow code execution and data theft on unpatched systems.

Education was the fourth-most-targeted sector during the first half of 2025, according to a report from Comparitech.

Linen Typhoon, Violet Typhoon and Storm-2603 are behind the initial attack spree that erupted over the weekend. Other threat groups are now following suit.

The company urged customers to apply security updates as security researchers warn of escalating attacks.

A new wave of phishing attacks exploiting Microsoft 365 OAuth tools has been observed impersonating diplomats to steal access codes

A plan to transfer cybersecurity and resilience responsibilities to states could have major unintended consequences.

A widespread RFQ scam exploited net payment terms to fraudulently obtain high-value devices

The British government announced plans to prohibit public sector organizations and critical infrastructure operators from paying ransoms to cybercriminals, marking a significant shift in the nation's approach to combating ransomware attacks.

Russian cybersecurity researchers identified and dismantled a network of domains operated by the hacker group NyashTeam.

Cisco is warning that three recently patched critical remote code execution vulnerabilities in Cisco Identity Services Engine (ISE) are now being actively exploited in attacks.

Microsoft has observed three China-based threat actors, Linen Typhoon, Violet Typhoon and Storm-2603, exploiting the SharePoint vulnerabilities

A tech startup is using personal data stolen by infostealer malware that it has found on the dark web, and then selling access to that data.

Modified AllaKore RAT and Ghost Crypt crypter target Mexican entities and global victims for financial fraud.

Cisco confirms active exploitation of critical ISE bugs, exposing systems to remote root access. Urgent patching advised.

Microsoft has observed two named Chinese nation-state actors, Linen Typhoon and Violet Typhoon, exploiting vulnerabilities targeting internet-facing SharePoint servers. In addition, we have observed another China-based threat actor, tracked as Storm-2603, exploiting these vulnerabilities. Microsoft has released new comprehensive security updates for all supported versions of SharePoint Server (Subscription Edition, 2019, and 2016) that protect customers against these new vulnerabilities. Customers should apply these updates immediately to ensure they are protected.

Learn more about how Microsoft Sentinel data lake accelerates AI adoption, empowering teams to detect and respond faster

A woman in Florida was tricked into giving thousands of dollars to a scammer after her daughter's voice was AI-cloned and used in a scam.

The United Kingdom's government is planning to ban public sector and critical infrastructure organizations from paying ransoms after ransomware attacks.

Unlock faster, safer deployments by leveling up your IaC maturity. Reduce misconfig risk, alert fatigue, and cloud costs—here’s how.

The UK government said a public consultation showed widespread support on a payment ban for public sector and CNI organizations

This week in cybersecurity from the editors at Cybercrime Magazine

Britain's Home Office wants public feedback on several anti-ransomware proposals, including a requirement for all victims to report attacks to law enforcement.

Despite being a rebrand of several ransomware families, GLOBAL GROUP innovated with the use of an AI chatbot in the negotiation process