Latest CyberSec News by @thecyberpicker

Common Good Cyber has released a new mapping database designed to help NGOs find the security tools they need

Researchers warn that popular open source software package tj-actions has been compromised

GitHub Action tj-actions/changed-files was compromised, leaking CI/CD secrets. Users must update immediately to prevent unauthorized access.

A researcher released a free decryptor for Linux Akira ransomware, using GPU power to recover keys through brute force. Security researcher Yohanes Nugroho created a free decryptor for Linux Akira ransomware, using GPUs to brute force the decryption keys. Initially estimating a week, the project took three weeks and cost $1,200 in GPU resources due […]

Cyber threats grow, but Kettering alumni, faculty and students are building a safer world.

A list of topics we covered in the week of March 10 to March 16 of 2025

Denmark 's cybersecurity agency warns of increased state-sponsored campaigns targeting the European telecom companies

A widespread phishing campaign has targeted nearly 12,000 GitHub repositories with fake "Security Alert" issues, tricking developers into authorizing a malicious OAuth app that grants attackers full control over their accounts and code.

Cybercriminals are promoting malicious Microsoft OAuth apps that masquerade as Adobe and DocuSign apps to deliver malware and steal Microsoft 365 accounts credentials.

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Security researcher Yohanes Nugroho has released a decryptor for the Linux variant of Akira ransomware, which utilizes GPU power to retrieve the decryption key and unlock files for free.

Pirated software seekers are targeted by the new MassJacker clipper malware, according to CyberArk researchers.

Les experts en cybersécurité alertent sur une nouvelle campagne d'espionnage menée depuis la Chine contre des routeurs d'entreprises. Mandiant, filiale de Google, dévoile une campagne d’espionnage sophistiquée menée par la Chine, infiltrant les routeurs d’entreprises pour accéder à des réseaux sensibles. Dans un

Cisco addressed a denial of service (DoS) flaw that allows attackers to crash the Border Gateway Protocol (BGP) process on IOS XR routers.

L’Usine Digitale vous propose un récapitulatif des grandes actualités de la semaine en matière de cybersécurité. Au programme, la...-Cybersécurité

Microsoft, IBM and Cisco are among the vendors backing the OASIS Data Provenance Standards Technical Committee announced last week.

A report by Forescout Research points to a threat actor with ties to LockBit.

Researchers uncovered 20 malicious PyPI packages stealing cloud credentials, downloaded 14,100+ times before removal.

A large-scale Coinbase phishing attack poses as a mandatory wallet migration, tricking recipients into setting up a new wallet with a pre-generated recovery phrase controlled by attackers.

A bagpipe and drum band: SQUID transforms traditional Bagpipe and Drum Band entertainment into a multi-sensory rush of excitement, featuring high energy bagpipes, pop music influences and visually stunning percussion!

California's AG has launched an investigation into companies' collection and sale of location data, potentially violating the CCPA.

Microsoft says it partially mitigated a week-long Exchange Online outage causing delays or failures when sending or receiving email messages.

The Black Basta ransomware operation created an automated brute-forcing framework dubbed 'BRUTED' to breach edge networking devices like firewalls and VPNs.

LockBit developer Rostislav Panev extradited to U.S. after aiding ransomware group’s $500M cybercrime spree.

Cisco has patched a denial of service (DoS) vulnerability that lets attackers crash the Border Gateway Protocol (BGP) process on IOS XR routers with a single BGP update message.

Rostislav Panev, who was arrested in Israel in August 2024 on U.S. charges related to dozens of LockBit ransomware attacks, has been extradited and appeared in a New Jersey federal court, authorities said.

This is a current list of where and when I am scheduled to speak: I’m speaking at the Rossfest Symposium in Cambridge, UK, on March 25, 2025. I’m speaking at the University of Toronto’s Rotman School of Management in Toronto, Ontario, Canada, on April 3, 2025. The list is maintained on this page.

A report by Forescout Research points to a threat actor with ties to LockBit.