Latest CyberSec News by @thecyberpicker

The Click Here podcast caught up with Anne Neuberger, the former White House deputy national security advisor for cyber and emerging technologies on the sidelines of this year’s Munich Security Conference.

Three more stalkerware apps have been found to leak data of both victims and customers alike: Spyzie, Cocospy, and Spyic

State and local governments need additional resources, shared intelligence and coordination, an MS-ISAC report showed.

Cellebrite's zero-day exploit bypassed an Android lock screen to access a Serbian activist’s phone. Amnesty links attack to Linux kernel flaws.

Serbian authorities have reportedly used an Android zero-day exploit chain developed by Cellebrite to unlock the device of a student activist in the country and attempt to install spyware.

Learn how to optimize your SIEM solution with key strategies and practices.

“Operation Cumberland,” led by Danish law enforcement, included the arrests of more than two dozen suspected members of a group distributing sexual images of minors generated by artificial intelligence.

Microsoft has confirmed that the Skype video call and messaging service will be shut down in May, 14 years after replacing the Windows Live Messenger.

Cybercriminals use fake CAPTCHAs in phishing PDFs to spread Lumma Stealer, targeting 7,000+ users via Webflow, GoDaddy, and YouTube

Hackers now scan port 1098 to exploit RDP vulnerabilities, targeting 740,000 IPs daily. Microsoft patches two critical flaws. Protect your business no

This week in cybersecurity from the editors at Cybercrime Magazine

Data from Resilience found that third-party attacks made up 23% of material cyber insurance claims in 2024, with ransomware attacks targeting vendors a major driver

Cisco addressed command injection and denial-of-service (DoS) vulnerabilities in some models of its Nexus switches.

Authorities said they arrested a 39-year-old in Bangkok who was the hacker responsible for dozens of high-profile extortion cases.

In February 2025, Sophos completed the Secureworks deal and SolarWinds went private

Microsoft identifies four cybercriminals behind Storm-2139, an AI abuse scheme exploiting Azure OpenAI services for illicit content.

Four in ten flaws exploited by threat actors in 2024 were from 2020 or earlier, with some dating back to the 1990s, according to a GreyNoise report

Un VPN, ou Virtual Private Network (réseau privé virtuel), est un système sécurisé qui crée un « tunnel » chiffré entre votre appareil et un serveur distant. Ce mécanisme permet à deux ordinateurs de communiquer en toute confidentialité, en isolant les données échangées du reste d’Internet. Même si vous n'avez jamais

Sticky Werewolf deploys Lumma Stealer via phishing attacks in Russia and Belarus, stealing credentials, banking data, and cryptowallet information.

Nearly 12,000 live secrets found in LLM training data, exposing AWS, Slack, and Mailchimp credentials—raising AI security risks.

A joint operation between the Thai and Singapore police has resulted in the arrest of a man allegedly responsible for over 90 data extortion attacks worldwide

​The Belgian federal prosecutor's office is investigating whether Chinese hackers were behind a breach of the country's State Security Service (VSSE).

Kaspersky SOC analysts discuss a recent incident where the well-known Behinder web shell was used as a post-exploitation backdoor, showing how web shells have evolved.

Malicious Google ads are redirecting PayPal users looking for assistance to fraudulent pay links embedding scammers' phone numbers.

Federal prosecutors accuse Cameron Wagenius of searching how to defect to Russia before he tried to sell stolen data to a foreign intelligence service.

A new variant of the Vo1d malware botnet has grown to 1,590,299 infected Android TV devices across 226 countries, recruiting devices as part of anonymous proxy server networks.

Jonathan McKernan spoke positively about Rohit Chopra’s rule-making targeting data brokers during a Senate Banking Committee nomination hearing.

Google is gradually phasing out SMS-based verification as part of its two-step verification (2SV) process.

Joe has some advice for anyone experiencing self doubt or wondering about their next career move. Plus, catch up on the latest Talos research on scams targeting sellers, and the Lotus Blossom espionage group.

Privacy-focused email provider Tuta (previously Tutanota) and the VPN Trust Initiative (VTI) are raising concerns over proposed laws in France set to backdoor encrypted messaging systems and restrict internet access.