Latest CyberSec News by @thecyberpicker

The FBI confirmed that North Korea is responsible for the record-breaking cyber heist at the crypto exchange Bybit.

Microsoft outed four foreign and two U.S. developers who it said illicitly used AI services — including the company's own — in a celebrity deepfake scheme.

Microsoft has identified individuals from Iran, China, Vietnam and the United Kingdom as primary players in an alleged international scheme to hijack and sell Microsoft accounts that could bypass safety guidelines for generative AI tools.

More than 7,000 people rescued from scam compounds in Myanmar more than a week ago are still languishing in a detention center on the border with Thailand as they await repatriation.

Researchers discovered 49,000 misconfigured and exposed Access Management Systems (AMS) across multiple industries and countries, which could compromise privacy and physical security in critical sectors.

Interesting research: “Emergent Misalignment: Narrow finetuning can produce broadly misaligned LLMs“: Abstract: We present a surprising result regarding LLMs and alignment. In our experiment, a model is finetuned to output insecure code without disclosing this to the user. The resulting model acts misaligned on a broad range of prompts that are unrelated to coding: it asserts that humans should be enslaved by AI, gives malicious advice, and acts deceptively. Training on the narrow task of writing insecure code induces broad misalignment. We call this emergent misalignment. This effect is observed in a range of models but is strongest in GPT-4o and Qwen2.5-Coder-32B-Instruct. Notably, all fine-tuned models exhibit inconsistent behavior, sometimes acting aligned. Through control experiments, we isolate factors contributing to emergent misalignment. Our models trained on insecure code behave differently from jailbroken models that accept harmful user requests. Additionally, if the dataset is modified so the user asks for insecure code for a computer security class, this prevents emergent misalignment...

Microsoft has named multiple threat actors part of a cybercrime gang accused of developing malicious tools capable of bypassing generative AI guardrails to generate celebrity deepfakes and other illicit content.

The veteran official’s appointment could reassure the cyber community that a steady hand will help lead the agency.

​The Belgian federal prosecutor's office is investigating whether Chinese hackers were behind a breach of the country's State Security Service (VSSE).

U.S. has the most VPNs not yet patched for CVE-2025-22467.

Rogue state actors are increasingly outsourcing their intel and hacking tools to attack key industries, a report by Dragos shows.

Cybercrime group focused on Microsoft vulnerabilities as well as flaws in network edge devices and communications software.

Adieu les SMS sur Gmail pour la double authentification. Google désire les remplacer par une autre méthode, moins exposée aux abus et aux pratiques de piratage : les QR codes. Le changement, selon l'entreprise américaine, sera positif pour la sécurité des internautes, mais il faudra encore attendre un peu avant de le

DragonForce ransomware attacks Saudi firms stealing 6TB data, escalating cyber threats in real estate

Winos 4.0 malware uses phishing emails to target organizations in Taiwan, Fortinet experts warn

Winos 4.0 malware, deployed via phishing emails impersonating Taiwan’s tax authority, steals data through keylogging, clipboard monitoring, and remote

How Burp Suite is adding AI-powered features, understanding and mitigating OAuth vulns, a PoC to subtly backdoor an LLM

Combining zero-trust security and AI is not only a novel approach for enterprises to improve their security posture, but it is also critical.

A suspected cyber criminal believed to have extorted companies under the name "DESORDEN Group" or "ALTDOS" has been arrested in Thailand for leaking the stolen data of over 90 organizations worldwide.

The bureau attributed the $1.5 billion hack to the North Korean threat actor known as TraderTraitor, or Lazarus, following similar assessments by cybersecurity researchers.

L'Unité nationale cyber de la Gendarmerie nationale a permis de faire tomber un réseau de trafic de drogues de synthèse opérant sur une...-Cybersécurité

While countries and companies are fighting over access to encrypted files and chats, our data privacy may get crushed.

Many GRC programs rely on manual, point-in-time compliance. Continuous Controls Monitoring (CCM) helps organizations shift to an automated, proactive compliance mindset.

This week in cybersecurity from the editors at Cybercrime Magazine

​Microsoft has fixed a known issue that broke email and calendar drag-and-drop in classic Outlook after installing recent updates on Windows 24H2 systems.

TgToxic malware evolves with advanced anti-analysis, DGA-based C2, and global expansion, targeting banking and crypto users

90% of enterprise GenAI usage bypasses IT oversight, exposing organizations to data leaks and security risks.

Space Pirates deploys LuckyStrike Agent malware to infiltrate Russian IT networks, using OneDrive for C2 and evading detection for 19 months.

Veracode found a 47% increase in the average time taken to patch software vulnerabilities, driven by growing reliance on third-party code