Latest CyberSec News by @thecyberpicker

Google has announced it entered into a definitive agreement to acquire Wiz, a leading cloud security platform, for $32 billion in an all-cash transaction.

Hackers can exploit AI code editors like GitHub Copilot to inject malicious code using hidden rule file manipulations, posing a major supply chain thr

​A new critical severity vulnerability found in American Megatrends International's MegaRAC Baseboard Management Controller (BMC) software can let attackers hijack and potentially brick vulnerable servers.

A Cato Networks researcher discovered a new LLM jailbreaking technique enabling the creation of password-stealing malware

The risks of unchecked AI are multiplying by the day. How can we innovate responsibly while ensuring trust, compliance, and control? The answer is Zero Trust.

La bataille autour de la protection des applications de messageries chiffrées reprend à l'Assemblée nationale. Le ministre de l'Intérieur Bruno Retailleau reste déterminé à défendre une disposition très décriée liée à la proposition de loi contre le narcotrafic. Faut-il affaiblir la protection conférée par les

Chamilo LMS 1.11.24 - Remote Code Execution (RCE). CVE-2023-4220 . webapps exploit for PHP platform

The ransomware gang is collaborating with SocGholish, an extensive malware operation that employs compromised websites and fake browser updates.

The acquisition will be the largest in Google’s history, surpassing the $12.5 billion the company paid to acquire Motorola Mobility in 2012.

CVE-2024-54085 in AMI MegaRAC BMC allows remote control, malware deployment, and server damage; patches released March 11, 2025.

Google Cloud acquires Wiz for $32B in its biggest-ever deal, strengthening multicloud security and expanding AI-driven cybersecurity capabilities.

Microsoft’s unpatched Windows flaw (ZDI-CAN-25373) has been exploited by 11 state-backed groups since 2017, enabling espionage and data theft via .LNK

Google vient de signer le plus important rachat de son histoire en annonçant l'acquisition de Wiz, une licorne israélienne de la cybersécurité. Le géant de la tech pourrait renforcer ses solutions de cybersécurité, un secteur dans lequel Google devient de plus en plus dominant. Le plus gros investissement de Google à

Report reveals common password use in RDP attacks, highlighting weak credentials remain a major security flaw

Leaked chat logs have exposed connections between the BlackBasta ransomware group and Russian authorities, according to new analysis by Trellix

Blockchain gaming platform WEMIX suffered a cyberattack last month, allowing threat actors to steal 8,654,860 WEMIX tokens, valued at approximately $6,100,000 at the time.

This week in cybersecurity from the editors at Cybercrime Magazine

Flashpoint data points to a surge in data breaches fueled by compromised credentials, ransomware and exploits

Automating security questionnaires, vendor risk management, and compliance tasks helps businesses cut costs, reduce manual workload, and improve security efficiency.

Ce sont encore des dizaines de noms de domaine qui ont été bloqués lors du match PSG-OM, pour empêcher les pirates d'accéder à des retransmissions illicites. Des actions organisées de façon à ennuyer au maximum les resquilleurs, mais qui sont jugées encore trop insuffisantes par les titulaires de droits. La lutte

Bitdefender said the malicious app campaign has resulted in more than 60 million downloads of malicious apps from the Google Play Store

331 Android apps with 60M+ downloads ran full-screen ads, stole credentials, and bypassed security in a large-scale ad fraud and phishing scheme.

The share of businesses scrapping most of their AI initiatives increased to 42% this year, up from 17% last year, according to S&P Global Market Intelligence.

Google is set to acquire Wiz, a cloud security platform founded in 2020, for $32bn in an all-cash deal

Amazon informed Echo users in the US that the "Do not send voice recordings" feature will stop working on March 28, 2025.

Improve multi-cloud identity security with better visibility, governance, and resilience using advanced analytics, orchestration tools, and automated failover mechanisms.

Really interesting research: “How WEIRD is Usable Privacy and Security Research?” by Ayako A. Hasegawa Daisuke Inoue, and Mitsuaki Akiyama: Abstract: In human factor fields such as human-computer interaction (HCI) and psychology, researchers have been concerned that participants mostly come from WEIRD (Western, Educated, Industrialized, Rich, and Democratic) countries. This WEIRD skew may hinder understanding of diverse populations and their cultural differences. The usable privacy and security (UPS) field has inherited many research methodologies from research on human factor fields. We conducted a literature review to understand the extent to which participant samples in UPS papers were from WEIRD countries and the characteristics of the methodologies and research topics in each user study recruiting Western or non-Western participants. We found that the skew toward WEIRD countries in UPS is greater than that in HCI. Geographic and linguistic barriers in the study methods and recruitment methods may cause researchers to conduct user studies locally. In addition, many papers did not report participant demographics, which could hinder the replication of the reported studies, leading to low reproducibility. To improve geographic diversity, we provide the suggestions including facilitate replication studies, address geographic and linguistic issues of study/recruitment methods, and facilitate research on the topics for non-WEIRD populations...

BADBOX 2.0 botnet infects 1M+ Android devices for ad fraud, proxy abuse, and cybercrime, leveraging pre-installed malware and trojanized apps

MirrorFace targets an EU diplomatic group using ANEL and AsyncRAT, marking a shift in its cyber espionage tactics beyond Japan

While Okta provides robust native security features, configuration drift, identity sprawl, and misconfigurations can provide opportunities for attacke