Latest CyberSec News by @thecyberpicker

The explosive growth of data, the rapid adoption of AI, & an evolving threat landscape have outpaced traditional security. Legacy solutions are not enough.

230M stolen passwords met complexity requirements—and were still compromised. Passwords aren't going away for now, but there are new technologies that may increasingly replace them. Learn more from Specops Software about how to protect your passwords.

Microsoft has fixed a known issue causing some USB printers to start printing random text after installing Windows updates released since late January 2025.

A threat actor named 'RedCurl,' known for stealthy corporate espionage operations since 2018, is now using a ransomware encryptor designed to target Hyper-V virtual machines.

The Iris Experts Group

Threat actors are exploiting cloud platforms like Adobe and Dropbox to evade email gateways and steal credentials

A newly discovered malware campaign uses malicious npm packages to deploy reverse shells, compromising development environments

RedCurl deployed QWCrypt ransomware via fake CVs and ISO lures, disabling entire virtual infrastructures.

EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware | Read more hacking news on The Hacker News cybersecurity news website and learn how to protect against cyberattacks and software vulnerabilities.

Continuous Controls Monitoring (CCM) automates compliance oversight, reducing manual effort, improving accuracy, and enhancing security posture for organizations.

Most firms test security annually—configuration drift and missed gaps demand continuous testing to stay resilient.

Trojan npm package downloaded 73 times modifies 'ethers' locally, enabling persistent reverse shell access

This week in cybersecurity from the editors at Cybercrime Magazine

Online networks of teenage boys “dedicated to inflicting harm and committing a range of criminality” are among the most significant concerns for British law enforcement, officials announced this week.

Two malicious packages were discovered on npm (Node package manager) that covertly patch legitimate, locally installed packages to inject a persistent reverse shell backdoor.

Microsoft says that some customers might experience Remote Desktop and RDS connection issues after installing recent Windows updates released since January 2025.

With its growing popularity, sponsored Google search ads have started impersonating DeepSeek AI.

Fake Booking.com emails sent to hotels lead to fake CAPTCHA sites that trick the staff into infecting their own systems

Standards body ETSI has defined a scheme for key encapsulation mechanisms with access control (KEMAC), enabling quantum-secure encryption

Cloudflare has a new feature—available to free users as well—that uses AI to generate random pages to feed to AI web crawlers: Instead of simply blocking bots, Cloudflare’s new system lures them into a “maze” of realistic-looking but irrelevant pages, wasting the crawler’s computing resources. The approach is a notable shift from the standard block-and-defend strategy used by most website protection services. Cloudflare says blocking bots sometimes backfires because it alerts the crawler’s operators that they’ve been detected. “When we detect unauthorized crawling, rather than blocking the request, we will link to a series of AI-generated pages that are convincing enough to entice a crawler to traverse them,” writes Cloudflare. “But while real looking, this content is not actually the content of the site we are protecting, so the crawler wastes time and resources.”...

Security maturity measures an organization's ability to manage risks. This guide explains data security maturity and provides assessment best practices.

EU security agency ENISA has released a new report outlining the threats and potential mitigations for the space sector

Insider attacks cost $4.99M each + 68% of breaches involve human error + PAM reduces breach risk.

It starts with a ripple of confusion, then panic. Hospital systems freeze mid-procedure. Electronic medical records become inaccessible. Related: Valuable intel on healthcare system cyber exposures In the ICU, alarms blare as doctors and nurses scramble to stabilize critical patients without access to real-time data. Admissions come to a standstill. Emergency rooms overflow with patients

The UK government’s new fraud minister will today announce plans for a newly expanded fraud strategy

Atlantis AIO enables credential stuffing across 140+ platforms, fueling fraud, theft, and account takeovers

Microsoft and Veeam are investigating a known issue that triggers connection errors on Windows 11 24H2 systems when restoring from Veeam Recovery Media.

Broadcom addressed a high-severity authentication bypass vulnerability, tracked as CVE-2025-22230, in VMware Tools for Windows.

​Google has fixed a high-severity Chrome zero-day vulnerability exploited to escape the browser's sandbox and deploy malware in espionage attacks targeting Russian organizations.