Latest CyberSec News by @thecyberpicker

NIST just released a comprehensive taxonomy of adversarial machine learning attacks and countermeasures.

Sophos X-Ops uncovers a recent campaign from an Android RAT first seen in 2019 – now infecting users in Taiwan

Traditional CASB tools miss 100% of shadow SaaS threats—browser-based security offers real-time visibility and control.

The UK’s National Crime Agency is warning of a growing cyber and physical threat from homegrown teens

Phishing Office files and CVE-2017-11882 exploits still active in 2025, exposing unpatched systems to malware.

The UK’s National Cyber Security Centre has released new guidance to help domain registrars enhance security

Le Kremlin continue sa politique de contrôle d'Internet en interdisant l'utilisation de plusieurs dizaines de services de VPN. Des pannes sur des sites populaires ont également été constatées à la suite des restrictions. Les internautes russes font face à une recrudescence des restrictions en ligne. Depuis le début

150,000 sites infected with JavaScript redirect users to gambling pages—showcasing evolving, global-scale threats.

CVE-2025-26512 in NetApp SnapCenter scored 9.9 CVSS; patch required to prevent remote admin escalation.

CISA adds Sitecore flaws CVE-2019-9874 and CVE-2019-9875 to KEV amid active exploitation and agency patch mandates.

The UK Information Commissioner's Office (ICO) has fined Advanced Computer Software Group Ltd £3.07 million over a 2022 ransomware attack that exposed the sensitive personal data of 79,404 people, including National Health Service (NHS) patients.

A business that provides IT services to numerous healthcare providers in the United Kingdom has been fined about $4 million by the country’s privacy regulator over a ransomware attack in 2022.

Tory Hunt, security expert and Have I Been Pwned owner, disclosed a phishing attack against him in a commendable display of transparency.

U.S. intelligence leaders found themselves under scrutiny from Congress for a second straight day, following revelations that military plans were discussed over Signal.

Honoring Jennifer Bisceglie, Jane Ganina and Mahnoor Khokhar for Their Exceptional Contributions to the Industry

The sanctions place the companies under a strict licensing regime meant to limit their access to foundational technology for quantum computing, cloud and AI.

Despite Oracle denying a breach of its Oracle Cloud federated SSO login servers and the theft of account data for 6 million people, BleepingComputer has confirmed with multiple companies that associated data samples shared by the threat actor are valid.

Cloud-based streaming company StreamElements confirms it suffered a data breach at a third-party service provider after a threat actor leaked samples of stolen data on a hacking forum.

FamousSparrow deployed two enhanced SparrowDoor variants and ShadowPad in July 2024 attacks, signaling active tool development.

A new cybercrime platform named 'Atlantis AIO' provides an automated credential stuffing service against 140 online platforms, including email services, e-commerce sites, banks, and VPNs.

In its 2025 Global Third-Party Breach Report, SecurityScorecard has found that 35.5% of all cyber breaches in 2024 were third-party related, up from 29% in 2023

Researchers aren’t aware of active exploitation in the wild, but they warn the risk for publicly exposed and unpatched Ingress Nginx controllers is extremely high.

The company’s devices are also randomly rebooting in connection with additional CVEs disclosed earlier this month.

Claude could be getting a ChatGPT-like Deep Research feature called Compass. You can tell Claude's Compass what you need, and the AI agent will take care of everything.

Colin Ahern sat down with Recorded Future News earlier this year to discuss New York’s efforts to protect local governments from ransomware and more.

Learn how to optimize your SIEM solution with key strategies and practices.

“EncryptHub” threat actor first began exploiting the zero-day vulnerability before it was patched earlier this month.

The explosive growth of data, the rapid adoption of AI, & an evolving threat landscape have outpaced traditional security. Legacy solutions are not enough.

230M stolen passwords met complexity requirements—and were still compromised. Passwords aren't going away for now, but there are new technologies that may increasingly replace them. Learn more from Specops Software about how to protect your passwords.