Latest CyberSec News by @thecyberpicker

Le ministre de l'Intérieur a tenté une explication visant à démontrer que la proposition de loi contre le narcotrafic n'affaiblit pas le chiffrement, car elle n'introduit pas de porte dérobée (backdoor). Il s'avère que le stratagème proposé constitue malgré tout un énorme problème. Même sans backdoor, même sans

The cybersecurity vendor is ending its customer commitment package, which was launched to help maintain existing relationships.

Cyberattackers with administrative access are actively exploiting vulnerabilities in ESXi, Workstation and Fusion products.

Open-source software security firm Chainguard announced Wednesday that it is now building FIPS-validated images for Apache Cassandra.

The US Justice Department has charged Chinese state security officers along with APT27 and i-Soon hackers for network breaches and cyberattacks that have targeted victims globally since 2011.

Chinese espionage group Silk Typhoon is increasingly exploiting common IT solutions to infiltrate networks and exfiltrate data

OWASP recently introduced a new version of the OWASP Top 10 for Large Language Model Applications to help defenders secure tech services that incorporate AI.

The BadBox Android malware botnet has been disrupted again by removing 24 malicious apps from Google Play and sinkholing communications for half a million infected devices.

Rob Joyce emphasized during a House hearing how important probationary employees are to NSA efforts to counter China and other threats in cyberspace.

We discuss how threat actors protect malware with garble obfuscation, and the process of automatically deobfuscating it.

With increased unidentified drone sightings worldwide, some are concerned they pose a cybersecurity risk. Learn more from Acronis about these risks and a real attack on a Taiwan drone manufacturer.

YouTube warns that scammers are using an AI-generated video featuring the company's CEO in phishing attacks to steal creators' credentials.

Silk Typhoon exploits zero-day vulnerabilities, stolen API keys, and cloud services to infiltrate IT supply chains and government networks worldwide.

Google introduces AI scam detection for Android, flagging fraudulent calls and texts in real time.

Dark Caracal APT deploys Poco RAT malware in Latin America, targeting enterprises via phishing lures. Attackers use .REV archives to evade detection.

USB attacks exploit common devices to spread malware. Wazuh detects threats like Stuxnet and Raspberry Robin across OS platforms.

Task scams are increasingly in volume. We followed up on an invitation by a task scammer to get a first hand look on how they work.

Nonprofits are facing a surge in cyber-attacks as email threats rise 35%, targeting donor data and transactions

AI governance requires clear policies, data protection, and oversight. Learn how companies can manage AI risks, ensure compliance, and establish responsible AI practices.

The Eleven11bot botnet has infected over 86,000 IoT devices, mainly security cameras and network video recorders (NVRs).

With Android Scam Detection for messages and calls, Google wants to push scam detection further than traditional spam detection

The Toronto Zoo, the largest zoo in Canada, has provided more information about the data stolen during a ransomware attack in January 2024.

This week in cybersecurity from the editors at Cybercrime Magazine

Android's March 2025 security update includes two zero-days which are under active exploitation in targeted attacks.

A recent research report highlighted that India faced an alarming 3000% rise in API-targeted Distributed Denial of Service (DDoS) attacks in just three months.

Of the five, one is a Windows vulnerability, another is a Cisco vulnerability. We don’t have any details about who is exploiting them, or how. News article. Slashdot thread.

80% of breaches stem from compromised Identity credentials. Learn why centralizing Identity is crucial for security resilience.

Lotus Panda targets Asian government and media sectors with new Sagerunex backdoor variants using Dropbox, X, and Zimbra for covert operations.

Les services polonais de cybersécurité ont détecté un “accès non autorisé” dans l'infrastructure informatique de l'agence spatiale du pays....-Cybersécurité