Latest CyberSec News by @thecyberpicker

​Forensic investigators have found that North Korean Lazarus hackers stole $1.5 billion from Bybit after hacking a developer's device at the multisig wallet platform Safe{Wallet}.

A malicious PyPi package named 'automslc'  has been downloaded over 100,000 times from the Python Package Index since 2019, abusing hard-coded credentials to pirate music from the Deezer streaming service.

99% of organizations report API-related security issues, highlighting risks from API growth

Plusieurs cybercriminels affiliés à l'État chinois ont exploité une vulnérabilité touchant une passerelle Barracuda Networks pour mettre la...-Cybersécurité

The cybersecurity market could grow to $338 billion in value by 2033, driven in part by expanding AI risks, Bloomberg Intelligence analysts said.

DISA Global Solutions confirms data breach affecting 3.3M people, exposing sensitive personal info

The immensely popular memecoin generator Pump.fun had its X account hacked to promote a fake "PUMP" token cryptocurrency scam.

The EU Digital Services Act (DSA) requires cloud providers to enforce content moderation, enhance data governance, and strengthen cybersecurity to ensure compliance.

U.S. has the highest number of unpatched instances for CVE-2025-22467, with more than 850.

Windows Active Directory (AD) service accounts are prime cyber-attack targets due to their elevated privileges and automated/continuous access to important systems. Learn from Specops Software about five best practices to help secure your Active Directory service accounts.

A threat actor tracked as 'EncryptHub,' aka Larva-208,  has been targeting organizations worldwide with spear-phishing and social engineering attacks to gain access to corporate networks.

The hacking group has been distributing phishing emails spoofing officials from Ukraine’s Ministry of Justice. The campaign follows news that suspected Russian military hackers breached Kyiv state registers in December.

The 2015 Cybersecurity Information Sharing Act provides vital legal protections for cyber threat sharing initiatives, they say.

A suspected Belarusian state-backed hacking group is behind a cyber espionage campaign targeting opposition activists in the country, as well as Ukrainian military and government entities, according to a new report.

The Android app SafetyCore was silently installed and looks at incoming and outgoing pictures to check their decency.

Last week it was reported that a lawsuit has been initiated against gaming giant Roblox and leading messaging platform Discord.  The court...

Bridging the cybersecurity skills gap with virtual hands-on experience

Leaked Black Basta chat logs expose internal conflicts, $107M in ransom earnings, and new attack tactics. Key members defect, leaving victims without

Recent incidents are a wake-up call for organizations to rethink their cybersecurity strategies and take a more proactive approach. Zero Trust is the answer.

​The Termite ransomware gang has claimed responsibility for breaching and stealing sensitive healthcare data belonging to Genea patients, one of Australia's largest fertility services providers.

As the industry continues to dissect and implement the JCDC playbook, it’s important to take a step back to better understand the resource.

A 21-year-old East London resident tied to a "Com" cybercrime network has been convicted of fraud and making indecent images of children, authorities said.

OpenAI's newest model, GPT-4.5, is coming sooner than we expected. A new reference has been spotted on ChatGPT's Android app that points to a model called "GPT-4.5 research preview," but it looks like it will initially be limited to those with a Pro subscription.

Meredith Whittaker, Signal's CEO, has threatened to pull the company out of Sweden if a proposed government bill requiring encryption backdoors becomes law

Last month, the UK government demanded that Apple weaken the security of iCloud for users worldwide. On Friday, Apple took steps to comply for users in the United Kingdom. But the British law is written in a way that requires Apple to give its government access to anyone, anywhere in the world. If the government demands Apple weaken its security worldwide, it would increase everyone’s cyber-risk in an already dangerous world. If you’re an iCloud user, you have the option of turning on something called “advanced data protection,” or ADP. In that mode, a majority of your data is end-to-end encrypted. This means that no one, not even anyone at Apple, can read that data. It’s a restriction enforced by mathematics—cryptography—and not policy. Even if someone successfully hacks iCloud, they can’t read ADP-protected data...

PCI DSS 4.0 mandates stronger controls for non-human identities, requiring unique credentials, least-privilege access, and continuous monitoring to prevent security risks.

CERT-UA warns of UAC-0173 phishing deploying DCRat via Cloudflare R2, using RDP exploits, FIDDLER, and SENDMAIL to target Ukrainian notaries.

Hackers crack passwords using brute force, dictionary, and rainbow table attacks. Protect data with MFA, strong hashing, and complex passwords

HaveIBeenPwned has added over 500 million new passwords and email addresses lifted via infostealers

IVF clinic Genea has confirmed that stolen patient data has been published online, with the Termite ransomware group appearing to be the perpetrators