Latest CyberSec News by @thecyberpicker

“We have discovered and reported dozens of zero-day exploits actively used in attacks, but this particular exploit is certainly one of the most interesting we’ve encountered,” researchers from Kaspersky said in their analysis published Tuesday.

Discover why combining SaaS and IaaS security is crucial for cloud security. See how organizations safeguard their cloud ecosystem against evolving threats.

Vivaldi has announced the integration of Proton VPN directly into its browser without requiring add-on downloads or plugin activations, allowing users to protect their data against 'Big Tech' surveillance for free.

Two investigative journalists in Serbia were targeted with advanced commercial spyware last month, Amnesty International said Thursday.

Un VPN accessible gratuitement dans un navigateur web. C'est ce que proposent Proton et Vivaldi, qui viennent de s'associer pour inclure Proton VPN dans le navigateur des power users. C'est une nouveauté qui pourrait bien réussir à faire gagner quelques points de parts de marché à Vivaldi. Le navigateur web, qui

U.S. CISA adds Sitecore CMS and XP, and GitHub Action flaws to its Known Exploited Vulnerabilities catalog.

This week in cybersecurity from the editors at Cybercrime Magazine

APT36 spoofed India Post using malware-laced PDFs and Android apps to harvest sensitive data.

The ICO’s Deputy Commissioner told Infosecurity that organizations that fail to implement MFA and suffer a breach can expect heavy penalties

Dozens of vulnerabilities in products from three leading makers of solar inverters, Sungrow, Growatt, and SMA, could be exploited to control devices or execute code remotely on the vendor's cloud platform.

Once considered inactive, the Chinese cyber espionage group FamousSparrow has reemerged, targeting organizations across the US, Mexico and Honduras

Hybrid cloud security requires visibility, governance, and automation. Learn best practices to mitigate risks like misconfigurations, compliance gaps, and insider threats.

NIST just released a comprehensive taxonomy of adversarial machine learning attacks and countermeasures.

Sophos X-Ops uncovers a recent campaign from an Android RAT first seen in 2019 – now infecting users in Taiwan

Traditional CASB tools miss 100% of shadow SaaS threats—browser-based security offers real-time visibility and control.

The UK’s National Crime Agency is warning of a growing cyber and physical threat from homegrown teens

Phishing Office files and CVE-2017-11882 exploits still active in 2025, exposing unpatched systems to malware.

The UK’s National Cyber Security Centre has released new guidance to help domain registrars enhance security

Le Kremlin continue sa politique de contrôle d'Internet en interdisant l'utilisation de plusieurs dizaines de services de VPN. Des pannes sur des sites populaires ont également été constatées à la suite des restrictions. Les internautes russes font face à une recrudescence des restrictions en ligne. Depuis le début

150,000 sites infected with JavaScript redirect users to gambling pages—showcasing evolving, global-scale threats.

CVE-2025-26512 in NetApp SnapCenter scored 9.9 CVSS; patch required to prevent remote admin escalation.

CISA adds Sitecore flaws CVE-2019-9874 and CVE-2019-9875 to KEV amid active exploitation and agency patch mandates.

The UK Information Commissioner's Office (ICO) has fined Advanced Computer Software Group Ltd £3.07 million over a 2022 ransomware attack that exposed the sensitive personal data of 79,404 people, including National Health Service (NHS) patients.

A business that provides IT services to numerous healthcare providers in the United Kingdom has been fined about $4 million by the country’s privacy regulator over a ransomware attack in 2022.

Tory Hunt, security expert and Have I Been Pwned owner, disclosed a phishing attack against him in a commendable display of transparency.

U.S. intelligence leaders found themselves under scrutiny from Congress for a second straight day, following revelations that military plans were discussed over Signal.

Honoring Jennifer Bisceglie, Jane Ganina and Mahnoor Khokhar for Their Exceptional Contributions to the Industry

The sanctions place the companies under a strict licensing regime meant to limit their access to foundational technology for quantum computing, cloud and AI.

Despite Oracle denying a breach of its Oracle Cloud federated SSO login servers and the theft of account data for 6 million people, BleepingComputer has confirmed with multiple companies that associated data samples shared by the threat actor are valid.

Cloud-based streaming company StreamElements confirms it suffered a data breach at a third-party service provider after a threat actor leaked samples of stolen data on a hacking forum.