Latest CyberSec News by @thecyberpicker

Multiple cybersecurity incident response firms are warning about the possibility that a zero-day vulnerability in some SonicWall devices is allowing ransomware attacks.

Cloudflare said it received complaints from customers about Perplexity using stealthy tactics to evade network blocks against systematic browsing and scraping of web pages.

French fashion giant Chanel is the latest company to suffer a data breach in an ongoing wave of Salesforce data theft attacks.

Proton fixed a bug in its new Authenticator app for iOS that logged users' sensitive TOTP secrets in plaintext, potentially exposing multi-factor authentication codes if the logs were shared.

SentinelOne and Beazley Security say the group has been evolving its techniques of late, all with the goal of making money off stolen data.

In 2023, Cisco Talos and partners created a special Backdoors & Breaches card deck to help NGOs improve their cybersecurity skills with practical, easy-to-use training tailored to their needs.

The Russian cybercrime group attacked more than 180 organizations before members abandoned the brand and dispersed to new ransomware groups earlier this year.

Orange telecom confirmed isolating the information systems impacted by the cyberattack, warning users of possible service disruptions.

Proton authenticator is an open-source, free-to-use app, featuring cross-platform compatibility, no ads, and E2EE sync.

Microsoft announced that the transcription, dictation, and read aloud features will stop working in older versions of Office 365 applications in late January 2026.

Dans un communiqué publié le 31 juillet, le FBI met en garde contre un nouveau type d'arnaque particulièrement vicieux. Le mode opératoire repose sur deux arnaques déjà en vogue : le « brushing scam » et le « quishing ». Après le livreur qui estimait que votre boîte aux lettres était trop petite, les cybercriminels

NVIDIA Triton bugs let remote attackers hijack AI servers—AI models and data at risk. Patch now.

According to a new Forrester Total Economic Impact™ study, organizations using the Microsoft Entra Suite achieved a 131% ROI, $14.4 million in benefits, and payback in less than six months.

The ClickTok campaign lures victims with fake TikTok shops and drains their crypto wallets. CTM360 exposes how SparkKitty spyware spreads via trojanized apps, phishing pages, and AI-powered scams.

CrowdStrike’s annual cyber-threat-hunting report reveals the double threat that AI poses to many businesses.

Python-based PXA Stealer has stolen data from more than 4000 victims in over 62 countries, according to SentinalLabs

PXA Stealer infects 4,000+ IPs, stealing 200K passwords via Telegram, affecting users and firms globally.

Newark, NJ, Aug. 4, 2025, CyberNewswire—Early Bird registration is now available for the inaugural OpenSSL Conference, scheduled for October 7–9, 2025, in Prague. The event will bring together leading voices in cryptography, secure systems, and open-source infrastructure. Early registrants can save up to $240 per ticket. Registration Information Registration packages are designed to reflect the

A newly discovered Linux malware, which has evaded detection for over a year, allows attackers to gain persistent SSH access and bypass authentication on compromised systems.

Forescout also observed a big rise in CVEs added to CISA’s KEV catalog, some of which impacted end-of-life products

Google patched the code execution vulnerability with Gemini CLI 0.1.14. Users must update to this release to avoid threats like data theft.

For the auth bypass flaw, Mitel urges upgrading to the patched MiVoice MX-ONE releases, and prevent internet exposure of vulnerable systems.

The Post SMTP plugin flaw could allow account takeover from an authorized low-privilege user account, such as a Subscriber user.

Web traffic to AI sites surged 50% from Feb 2024 to Jan 2025, driven by browser-based GenAI tools

2023: Darkbeam failed to follow database security best practices, publicly exposing their Elasticsearch & Kibana interface. No data exfiltration was reported.

This week in cybersecurity from the editors at Cybercrime Magazine

Arctic Wolf has spotted an increase in Akira ransomware attacks targeting SonicWall SSL VPNs

The UK Online Safety Act promises protection online but risks privacy and free speech. Learn why critics warn it's a step toward surveillance and censorship.

Ransomware gangs have recently joined ongoing attacks targeting a Microsoft SharePoint vulnerability chain, part of a broader exploitation campaign that has already led to the breach of at least 148 organizations worldwide.