Latest CyberSec News by @thecyberpicker

The legislation to make contractors implement VDPs aligned with NIST guidelines is aimed at protecting Americans’ data, co-sponsor Rep. Nancy Mace says.

Black Basta and CACTUS ransomware groups share the BackConnect module, suggesting a shift in affiliations.

A cyber-espionage campaign targeting UAE aviation and transport has been identified by researchers, using customized lures to deploy Sosano malware

Private 5G networks face security risks amid AI adoption and a lack of specialized expertise

The data security and backup vendor said it found no evidence that the stolen data was used by cyber threat actors.

A provincial court in Barcelona has ordered that three former senior executives at NSO Group, a prominent spyware manufacturer, be indicted for their alleged role in a high-profile hacking scandal in which at least 63 Catalan civil society members were targeted with the company’s surveillance technology.

Shadow AI is defined as employees using generative AI, coding assistants, or analytics tools without IT’s knowledge. Shadow AI is even riskier than shadow IT.

The Iran-linked botnet has a large presence in the U.S. and is targeting telecom and other firms with DDoS attacks.

L'amendement 8 ter de la proposition de loi sénatoriale visant à sortir la France du piège du narcotrafic impose aux plateformes de messagerie...-Club Data Protection

A previously undocumented polyglot malware is being deployed in attacks against aviation, satellite communication, and critical transportation organizations in the United Arab Emirates.

Companies face the risk of insider threats, worsened by remote work. North Korean hackers infiltrate firms via fake IT hires, stealing data.

​The Polish Space Agency (POLSA) has been offline since it disconnected its systems from the Internet over the weekend to contain a breach of its IT infrastructure.

Broadcom patches three actively exploited VMware flaws, including a critical (CVSS 9.3) bug enabling code execution. Update now for protection.

!exploitable Episode Two - Enter the Matrix

Cloud software firm VMware has issued a critical security advisory, detailing three zero-day vulnerabilities being actively exploited in the wild

The Hunters International ransomware gang has claimed responsibility for a January cyberattack attack on Tata Technologies, stating they stole 1.4TB of data from the company.

This week in cybersecurity from the editors at Cybercrime Magazine

Dark Caracal, a group suspected of cyber mercenary activities, appeared to shift to a new espionage tool in a campaign aimed at Latin American targets, according to researchers.

Broadcom warned customers today about three VMware zero-days, tagged as exploited in attacks and reported by the Microsoft Threat Intelligence Center.

Pete Hegseth, secrétaire à la Défense des États-Unis, a demandé au commandement cyber interarmées de suspendre toutes les opérations offensives...-Cybersécurité

Explore how AI-native security fights back against AI-powered cyberattacks, protecting your organization from human-targeted threats.

Nisos has found six personas leveraging new and existing GitHub accounts to get developer jobs in Japan and the US

Fastly found that organizations have introduced changes such as increasing CISO participation in strategic decisions in response to growing personal liability risks

This is a sad story of someone who downloaded a Trojaned AI tool that resulted in hackers taking over his computer and, ultimately, costing him his job.

Google has released patches for 43 vulnerabilities in Android's March 2025 security update, including two zero-days. Serbian authorities have used one of the zero-days to unlock confiscated devices.

AI-powered credential stuffing could worsen in 2025, as attackers scale automation to breach accounts. Defending identity security is now more critica

CISA has added five more CVEs into its known exploited vulnerabilities catalog

Sumsub research finds European iGaming market is losing billions to fraud each year

Cybercriminals exploit ISPs in China and the U.S. West Coast, deploying info stealers, crypto miners, and brute-force tools on over 4,000 IPs.

Hackers used a compromised Indian electronics firm’s email to deliver a Golang backdoor in a UAE-targeted phishing campaign.