Latest CyberSec News by @thecyberpicker

A new attack targeting Microsoft Teams users used vishing, remote access tools and DLL sideloading to deploy a JavaScript backdoor

Apple has released security updates that backport fixes for actively exploited vulnerabilities that were exploited as zero-days to older versions of its operating systems.

This week in cybersecurity from the editors at Cybercrime Magazine

Google is set to roll out end-to-end encryption for all Gmail users, boosting security, compliance and data sovereignty efforts

Dive into comprehensive strategies for AI assessments to address ethical challenges and help organizations responsibility implement AI practices.

We have observed DPRK IT worker operations expanding beyond the U.S. and into Europe.

Attackers are now targeting a critical authentication bypass vulnerability in the CrushFTP file transfer software using exploits based on publicly available proof-of-concept code.

Apple patched 3 live exploits—CVE-2025-24085, -24200, -24201—across legacy iOS/macOS devices to block escalation attacks.

I have heard stories of more aggressive interrogation of electronic devices at US border crossings. I know a lot about securing computers, but very little about securing phones. Are there easy ways to delete data—files, photos, etc.—on phones so it can’t be recovered? Does resetting a phone to factory defaults erase data, or is it still recoverable? That is, does the reset erase the old encryption key, or just sever the password that access that key? When the phone is rebooted, are deleted files still available? We need answers for both iPhones and Android phones. And it’s not just the US; the world is going to become a more dangerous place to oppose state power...

BlueVoyant found that the use of lookalike domains in email-based attacks is allowing actors to extend the types of individuals and organizations being targeted

Explore phishing tactics, their devastating consequences, and how to protect yourself from these increasingly sophisticated cyber threats.

A number of specialized dating apps leaked the--not so--secret storage location of 1.5 Million more or less explicit images

46 solar inverter flaws in Sungrow, Growatt, SMA expose power grids to botnet attacks, risking blackouts.

Earth Alux used VARGEIT and MASQLOADER in APAC and LATAM cyberattacks, bypassing defenses via stealth techniques.

Facebook Pixel exposed CSRF tokens at major retailer; Reflectiz detected breach early, preventing €20M GDPR fines.

23,958 IPs scanned Palo Alto GlobalProtect portals in late March, signaling systemic recon before potential exploits.

Apple patched 3 live exploits—CVE-2025-24085, -24200, -24201—across legacy iOS/macOS devices to block escalation attacks.

Attack matches three-year long pattern of ScreenConnect attacks tracked by Sophos MDR as STAC4365.

Attack matches three-year long pattern of ScreenConnect attacks tracked by Sophos MDR as STAC4365.

Stay Ahead of Sanctions, Tariffs, and Trade Shocks with Real-Time Intelligence Across Your Global Supply Chain

La fintech Qonto a choisi l'offre de cloud commercialisée par S3NS, la co-entreprise entre Thales et Google. En attendant la qualification...-Cloud

Pour sa 17e édition, le Forum InCyber - qui s'ouvre ce mardi 1e avril à Lilles - est placé sous le signe de la confiance. Un thème qui...-Cybersécurité

A thousand UK service providers will be expected to comply with the forthcoming Cyber Security and Resilience Bill

Sucuri researchers spotted threat actors deploying WordPress malware in the mu-plugins directory to evade security checks.

Le pure player de la cybersécurité ITrust, acquis par le groupe Iliad en 2023, annonce le lancement de "French XDR". Cette plateforme,...-Cybersécurité

Apple fined €150M for applying double consent only to third parties in ATT, breaching French privacy law.

More than 2 in 5 leaders say they’ve strengthened practices to curb increased threats, misuse and other vulnerabilities tied to using the technology.

VMware Workstation users report that the software's automatic update functionality is broken after Broadcom redirected the download URL to its generic support page, triggering certificate errors.

OpenAI has confirmed that its powerful AI agent "Deep Research" will begin rolling out to free users "very soon." At the moment, Deep Research is available only for Plus and Enterprise customers.