Latest CyberSec News by @thecyberpicker

This is a current list of where and when I am scheduled to speak: I’m speaking at the Rossfest Symposium in Cambridge, UK, on March 25, 2025. I’m speaking at the University of Toronto’s Rotman School of Management in Toronto, Ontario, Canada, on April 3, 2025. The list is maintained on this page.

A report by Forescout Research points to a threat actor with ties to LockBit.

A shocking amount of iOS apps in Apple's App Store contained hard-coded secrets. Secrets that could lead criminals to user data.

The Cybersecurity for Rural Water Systems Act would expand USDA’s Circuit Rider Program.

GSMA introduces end-to-end encryption for RCS using MLS, enhancing security for cross-platform messaging.

US authorities have extradited Rostislav Panev on charges of being a developer of the notorious LockBit ransomware

A dual Russian-Israeli national, suspected of being a key developer for the LockBit ransomware operation, has been extradited to the United States to face charges.

This week in cybersecurity from the editors at Cybercrime Magazine

AI is revolutionizing how we detect and respond to threats, enhancing the capacity to protect sensitive data and systems from malicious actors.

Andelyn Biosciences enforced 2,700 security policies in weeks, achieving Zero Trust without network redesign.

Join cybersecurity expert Joseph Carson for a live demo revealing how ransomware attacks unfold—and how to stop them.

Barracuda observed threat actors impersonating the Clop ransomware group via email to extort payments, claiming to have exfiltrated sensitive data

There is a new botnet that is infecting TP-Link routers: The botnet can lead to command injection which then makes remote code execution (RCE) possible so that the malware can spread itself across the internet automatically. This high severity security flaw (tracked as CVE-2023-1389) has also been used to spread other malware families as far back as April 2023 when it was used in the Mirai botnet malware attacks. The flaw also linked to the Condi and AndroxGh0st malware attacks. […] Of the thousands of infected devices, the majority of them are concentrated in Brazil, Poland, the United Kingdom, Bulgaria and Turkey; with the botnet targeting manufacturing, medical/healthcare, services and technology organizations in the United States, Australia, China and Mexico...

Sir Jeremy Fleming spoke during Palo Alto Networks’ Ignite event in London on March 13

MassJacker clipper malware hijacks cryptocurrency transactions, targeting piracy users via Pesktop[.]com, with attackers linked to 778K+ wallet addres

OBSCURE#BAT malware exploits fake CAPTCHA pages and malvertising to deploy rootkit r77, evading detection via registry modifications and AMSI patching

One of the four states that make up the Pacific nation of Micronesia is battling against ransomware hackers who have forced all of the computers used by its government health agency offline.

U.S. CISA adds Apple products and Juniper Junos OS vulnerabilities to its Known Exploited Vulnerabilities catalog.

GitLab addressed two critical authentication bypass vulnerabilities in Community Edition (CE) and Enterprise Edition (EE).

Microsoft has reinstated the 'Material Theme - Free' and 'Material Theme Icons - Free' extensions on the Visual Studio Marketplace after finding that the obfuscated code they contained wasn't actually malicious.

While incoming officials grapple with long-standing failures to deter China and other adversaries from launching cyberattacks on the U.S. homeland, the Defense Department faces a startling capability gap

A new ransomware operator named 'Mora_001' is exploiting two Fortinet vulnerabilities to gain unauthorized access to firewall appliances and deploy a custom ransomware strain dubbed SuperBlack.

Microsoft is now testing an AI-powered text summarization feature in Notepad and a Snipping Tool "Draw & Hold" feature that helps draw perfect shapes.

Thorsten picks apart some headlines, highlights Talos’ report on an unknown attacker predominantly targeting Japan, and asks, “Where is the victim, and does it matter?”

Cisco Talos’ Vulnerability Discovery & Research team recently disclosed a Miniaudio and three Adobe vulnerabilities.   The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy.     For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org, and our latest Vulnerability Advisories are always posted on Talos Intelligence’s w

Des sénateurs ont pris position contre l'avis du gouvernement en faisant voter un amendement anti-backdoor (porte dérobée) pour protéger le chiffrement. La mesure a été prise alors qu'un débat a eu lieu à l'Assemblée nationale. Il a concerné une proposition de loi, dont les contours ont fait craindre à un

​Microsoft is investigating a known issue that causes the new Outlook email client to crash when users click the "Go to classic Outlook" button, which should help them switch back to the classic Outlook.

Volt Typhoon's ten-month intrusion of Littleton Electric Light and Water Departments exposes vulnerabilities in the US electric grid

Learn about the Microsoft Security Response Center, which investigates vulnerabilities and releases security updates to help protect customers from cyberthreats.