Latest CyberSec News by @thecyberpicker

VanHelsing RaaS launched March 7, 2025 with 3 victims using a $5,000 deposit model, expanding cyber threats across multiple OS.

Attack attempts via CVE-2025-24813 are underway, but successful attacks require specific, non-default configurations.

Discover what is NIST 800-53 and get the full lowdown on this key information security standard, including a free NIST 800-53 checklist.

Hybrid work expands cyber risks. Organizations must use Zero Trust, MFA, endpoint security, and secure collaboration tools to protect data and maintain productivity.

La principale gare de Kiev, la capitale ukrainienne, tourne au ralenti ce 24 mars 2025 après une cyberattaque massive contre son système informatique. Après les attaques de drones dans la nuit, Kiev subit désormais une cyberattaque. Le système informatique de la gare de la capitale ukrainienne tourne au ralenti

Les députés ont rejeté une proposition de loi contre le narcotrafic qui prévoit la création d’une porte dérobée pour permettre aux services de...-Cybersécurité

This week in cybersecurity from the editors at Cybercrime Magazine

Two years after a data breach that compromised almost seven million customers, 23andMe's CEO has resigned as the company files for bankruptcy

A critical flaw in the Next.js React framework could be exploited to bypass authorization checks under certain conditions.

71% risky reuse drives demand for seamless protocols; improved UX boosts cybersecurity compliance.

Ransomware in VSCode extensions triggers PowerShell payload to encrypt test files; developers warned to strengthen security.

Stay informed with the latest in cybersecurity trends, vulnerabilities, and best practices. Don't miss out on this week's critical updates on patching

The Amazon file transfer breach shows that even prominent players aren’t immune to MFT breaches. Investing in MFT security is now a necessity.

Last month I wrote about the UK forcing Apple to break its Advanced Data Protection encryption in iCloud. More recently, both Sweden and France are contemplating mandating back doors. Both initiatives are attempting to scare people into supporting back doors, which are—of course—are terrible idea. Also: “A Feminist Argument Against Weakening Encryption.”

The UK’s National Crime Agency has launched a new campaign designed to raise awareness of sextortion among teenage boys

Next.js flaw CVE-2025-29927 bypasses authorization checks in versions 12.3.5 to 15.2.3, risking admin page access.

Sur Twitter, plusieurs internautes s'offusquent d'une découverte dans les réglages de confidentialité d'Apple : les adresses IP de toutes les personnes que vous appelez en FaceTime sont stockées sur votre appareil. Y a-t-il un risque pour la vie privée des utilisateurs ? Le 7 juin 2010, le jour de l'annonce de

Threat actors are looking to compromise Google accounts to further malvertising and data theft

ASPM gives organizations control by unifying risk data, automating threat analysis, and prioritizing vulnerabilities based on their business impact.

Over 25 years, the program has weathered challenges and dealt with changes that have enabled it to retain its status as the premier global go-to mechanism for understanding cybersecurity vulnerabilities.

A list of topics we covered in the week of March 17 to March 23 of 2025

The Cloak ransomware group claims responsibility for a cyberattack on the Virginia Attorney General’s Office that occurred in February.

Quantum computing’s ability to break today’s encryption may still be years away—but security leaders can’t afford to wait. Forrester’s The Future of Quantum Security makes it clear: the transition to quantum-safe cryptography must start now. Related: Quantum standards come of age The real threat isn’t just the eventual arrival of quantum decryption—it’s that nation-state actors

At MWC 2025, Google confirmed it was working on screen and video share capabilities for Gemini Live, codenamed "Project Astra". At that time, Google promised that the feature would begin rolling out soon, and now some users have spotted it in the wild.

Cybercriminals are abusing Microsoft's Trusted Signing platform to code-sign malware executables with short-lived three-day certificates.

Cloudflare announced that it closed all HTTP connections and it is now accepting only secure, HTTPS connections for api.cloudflare.com.

The FBI is warning that fake online document converters are being used to steal people's information and, in worst-case scenarios, lead to ransomware attacks.

This week on the Lock and Code podcast, we speak with Carey Parker about what Google Chrome knows about you.

Cisco Talos found UAT-5918, active since 2023, using web shells and open-source tools for persistence, info theft, and credential harvesting.

Des experts en cybersécurité ont développé des logiciels malveillants pour dérober les mots de passe depuis ChatGPT et DeepSeek. Les chercheurs ont construit un monde immersif pour tromper l'IA et pousser les chatbots à produire du code malveillant. Les hackers voient leur rêve devenir réalité. Un rapport de