Latest CyberSec News by @thecyberpicker

One of the four states that make up the Pacific nation of Micronesia is battling against ransomware hackers who have forced all of the computers used by its government health agency offline.

U.S. CISA adds Apple products and Juniper Junos OS vulnerabilities to its Known Exploited Vulnerabilities catalog.

GitLab addressed two critical authentication bypass vulnerabilities in Community Edition (CE) and Enterprise Edition (EE).

Microsoft has reinstated the 'Material Theme - Free' and 'Material Theme Icons - Free' extensions on the Visual Studio Marketplace after finding that the obfuscated code they contained wasn't actually malicious.

While incoming officials grapple with long-standing failures to deter China and other adversaries from launching cyberattacks on the U.S. homeland, the Defense Department faces a startling capability gap

A new ransomware operator named 'Mora_001' is exploiting two Fortinet vulnerabilities to gain unauthorized access to firewall appliances and deploy a custom ransomware strain dubbed SuperBlack.

Microsoft is now testing an AI-powered text summarization feature in Notepad and a Snipping Tool "Draw & Hold" feature that helps draw perfect shapes.

Thorsten picks apart some headlines, highlights Talos’ report on an unknown attacker predominantly targeting Japan, and asks, “Where is the victim, and does it matter?”

Cisco Talos’ Vulnerability Discovery & Research team recently disclosed a Miniaudio and three Adobe vulnerabilities.   The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy.     For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org, and our latest Vulnerability Advisories are always posted on Talos Intelligence’s w

Des sénateurs ont pris position contre l'avis du gouvernement en faisant voter un amendement anti-backdoor (porte dérobée) pour protéger le chiffrement. La mesure a été prise alors qu'un débat a eu lieu à l'Assemblée nationale. Il a concerné une proposition de loi, dont les contours ont fait craindre à un

​Microsoft is investigating a known issue that causes the new Outlook email client to crash when users click the "Go to classic Outlook" button, which should help them switch back to the classic Outlook.

Volt Typhoon's ten-month intrusion of Littleton Electric Light and Water Departments exposes vulnerabilities in the US electric grid

Learn about the Microsoft Security Response Center, which investigates vulnerabilities and releases security updates to help protect customers from cyberthreats.

CISA and FBI warn of Medusa ransomware impacting over 300 victims across critical infrastructure sectors with double extortion tactics

North Korea-linked APT group ScarCruft used a new Android spyware dubbed KoSpy to target Korean and English-speaking users.

​Juniper Networks has released emergency security updates to patch a Junos OS vulnerability exploited by Chinese hackers to backdoor routers for stealthy access.

The new council is part of an effort to thwart Salt Typhoon and other cyber espionage groups.

GitLab released security updates for Community Edition (CE) and Enterprise Edition (EE), fixing nine vulnerabilities, among which two critical severity ruby-saml library authentication bypass flaws.

2006 AT&T whistleblower Mark Klein has died.

Starting in December 2024, leading up to some of the busiest travel days, Microsoft Threat Intelligence identified a phishing campaign that impersonates online travel agency Booking.com and targets organizations in the hospitality industry. The campaign uses a social engineering technique called ClickFix to deliver multiple credential-stealing malware in order to conduct financial fraud and theft. […]

Microsoft warns of a phishing campaign using ClickFix to spread malware via fake Booking.com emails. Attackers exploit fake CAPTCHA pages to steal cre

Microsoft said the ongoing phishing campaign is designed to infect hospitality firms with multiple credential-stealing malware

To parents worried about their children's presence on Roblox, the CEO said don't let your kids be on Roblox.

En juillet 2024, Dassault Systèmes annonçait un partenariat avec la pépite Mistral AI, donnant naissance à une nouvelle offre "LMaaS"...-Souveraineté

Cyber Guru, qui développe un outil de sensibilisation en cybersécurité basé sur des modèles de machine learning, met la main sur Mantra,...-Cybersécurité

The ransomware-as-service gang tallied more than 300 victims in industries such as healthcare, manufacturing and technology.

Researchers warn of a "coordinated surge" in the exploitation attempts of SSRF vulnerabilities in multiple platforms.

Des sénateurs ont pris position contre l'avis du gouvernement en faisant voter un amendement anti-backdoor (porte dérobée) pour protéger le chiffrement. La mesure a été prise alors qu'un débat a eu lieu à l'Assemblée nationale. Il a concerné une proposition de loi, dont les contours ont fait craindre à un

KoSpy spyware targets Android users via fake apps, collecting data while evading detection with Firestore.