Latest CyberSec News by @thecyberpicker

California Cryobank sent out a warning it suffered a data breach that exposed customers' personal information.

As AI scales, it faces latency, privacy issues, and network bandwidth constraints. Edge computing addresses this by processing data near the edge of a network.

L'année 2024 a été marquée par un accroissement des fuites de données. Chaque jour, 16 fuites ont été déclarées à la Cnil, pour un total de...-Club Data Protection

Gartner has claimed that AI agents will reduce the time it takes to exploit exposed accounts

Identity-based attacks are rising, but ITDR helps detect threats, prioritize risks, and stop breaches before they happen.

Un site anonyme a publié une carte contenant les informations personnelles de propriétaires de Tesla. Dans un contexte de fortes tensions contre Elon Musk et son entreprise, la plateforme encourage même la revente des véhicules pour être retiré de la liste. Un site web polémique a mis en ligne une carte interactive

Europol’s annual report warns of a growing threat from aligned state and cybercrime groups, enabled by AI technologies

The new Arcane stealer spreads via YouTube and Discord, collecting data from many applications, including VPN and gaming clients, network utilities, messaging apps, and browsers.

Two critical mySCADA myPRO flaws (CVSS 9.3) allow remote command execution, threatening industrial control systems and requiring urgent patching.

U.S. CISA adds Fortinet FortiOS/FortiProxy and GitHub Action flaws to its Known Exploited Vulnerabilities catalog.

CISA warns of CVE-2025-30066, a GitHub supply chain attack exposing secrets via compromised actions logs. Update tj-actions/changed-files by April 4.

The move, which critics say is unconstitutional, also potentially threatens numerous agency investigations and enforcement around privacy and cybersecurity.

We’ve seen this movie before. Alphabet, Google’s parent company's, $32 billion bid for Wiz isn’t just about security and privacy. It’s the latest round in Big Tech’s long-running game of business leapfrog—where each giant keeps lunging into the next guy’s home turf, trying to reshape the battlefield in its favor. Think about it. Google tried

US sperm donor giant California Cryobank is warning customers it suffered a data breach that exposed customers' personal information.

The agency still plans to keep workers on paid administrative leave, despite ongoing concerns about its ability to address cyber threats.

Reddit users from trading and crypto subreddits are being lured into installing malware disguised as premium cracked software.

Inexpensive information-stealing malware surged in 2024, infecting 23 million hosts, according to Flashpoint.

Palo Alto, Calif., Mar. 18, 2025, CyberNewswire -- SquareX, a pioneer in Browser Detection and Response (BDR) space, announced the launch of the "Year of Browser Bugs" (YOBB) project today, a year-long initiative to draw attention to the lack of security research and rigor in what remains one of the most understudied attack vectors -

The Zero Day Initiative measured the prevalence of manipulated Windows shortcut files in campaigns attributed to nation-state hacking groups — finding at least 11 exploited a bug that allows malicious use of the files.

Ce sont encore des dizaines de noms de domaine qui ont été bloqués lors du match PSG-OM, pour empêcher les pirates d'accéder à des retransmissions illicites. Des actions organisées de façon à ennuyer au maximum les resquilleurs, mais qui sont jugées encore trop insuffisantes par les titulaires de droits. La lutte

La bataille autour de la protection des applications de messageries chiffrées reprend à l'Assemblée nationale. Le ministre de l'Intérieur Bruno Retailleau reste déterminé à défendre une disposition très décriée liée à la proposition de loi contre le narcotrafic. Faut-il affaiblir la protection conférée par les

A cascading supply chain attack that began with the compromise of the "reviewdog/action-setup@v1" GitHub Action is believed to have led to the recent breach of "tj-actions/changed-files" that leaked CI/CD secrets.

11 state-sponsored APTs exploit malicious .lnk files for espionage and data theft, with ZDI uncovering 1,000 such files used in attacks.

Arizona-based Western Alliance Bank is notifying nearly 22,000 customers their personal information was stolen in October after a third-party vendor's secure file transfer software was breached.

Cyberattacks on public entities across the U.S. — from police stations to school districts and courts — are causing wide-ranging issues for residents and public employees.

Phoenix-based Western Alliance Bank filed data breach notices saying about 22,000 people were affected by an incident involving file transfer software.

Over 300 malicious Android applications downloaded 60 million items from Google Play acted as adware or attempted to steal credentials and credit card information.

When you’re secure—innovation happens. But, the fast pace of AI often outpaces traditional security measures, leaving gaps that bad actors can take advantage of. As a security professional, you’re the hero in this battle between protecting vast amounts of data while ensuring AI systems remain transparent and compliant. What you need in this time of new threats and complexity in securing interconnected AI applications is a proactive, innovative approach to stay ahead.  That’s why we’re excited to invite you to Microsoft Secure on April 9, a one-hour online event designed specifically for professionals like you. At Microsoft Secure, discover AI innovations for the security lifecycle designed to give you smarter, faster, stronger security.   Why should you attend?  At Microsoft Secure, you’ll get a first look into AI-first tools coming soon to help you in your day-to-day work. Plus, we’ll share how you can maximize what you’ve got in your hands right now.    In 60 minutes, you’ll learn how you can:  Harden your defenses: Learn how to secure your data used by AI, AI apps, and AI cloud workloads. Discover the latest tools and techniques to fortify your defenses against evolving threats.  Secure your AI investments: Use data security, protection against AI-specific cyberthreats, and compliance tools to secure your AI investments. Our experts will share best practices and strategies to safeguard your AI initiatives, ensuring they remain resilient against emerging threats.  Discover AI-first tools and best practices: Hear about new AI-first tools, demos, and best practices across your favorite Microsoft Security solutions. These sessions will provide you with practical insights and hands-on experiences to strengthen your security posture and leverage AI-driven solutions effectively.   Keep up with what’s happening in security: Get the latest reports on security trends and platform innovations directly from Microsoft Security leaders. This is your chance to gain insights that can help you stay ahead of emerging threats.  What can you expect?  Led by security experts, Microsoft Secure is your chance to find out how to use solutions that can help you operate efficiently, stay compliant, and be more secure.  Hear from organizations like yours: Explore compelling customer stories that showcase how end-to-end security can boost, not burden, your teams. These real-world examples will highlight the benefits of comprehensive security solutions and demonstrate how they can enhance productivity and efficiency without compromising on safety.  Engage with Microsoft Security experts: Engage with Microsoft Security experts through live Q&A sessions. This interactive format will allow you to connect directly with our experts, ask questions, and gain valuable insights tailored to your specific needs.    Check out the full agenda here.  Microsoft Secure is more than just an event; it’s a community of like-minded professionals dedicated to moving the field of cybersecurity forward. Join us to get valuable insights, discover innovative solutions, and connect with industry leaders and peers who share your passion for security. Don’t miss this opportunity to elevate your security game and make a real impact in your organization.  Join us on April 9, 2025! Register now and pick the broadcast that works for your time zone.     Microsoft Secure  Wednesday, April 9, 2025  8:00 AM-9:00 AM Pacific Time (UTC-7)    Thursday, April 10, 2025   10:00 AM - 11:00 AM Central European Time (GMT+1)    Thursday, April 10, 2025   12:00 PM - 1:00 PM Singapore Time (GMT+8) 

At least 11 state-backed hacking groups from North Korea, Iran, Russia, and China have been exploiting a new Windows vulnerability in data theft and cyber espionage zero-day attacks since 2017.

Après plusieurs mois de négociations, dont une offre déclinée l'été dernier, Google met la main sur la start-up israélo-américaine Wiz,...-Cybersécurité