Latest CyberSec News by @thecyberpicker

GreyNoise observed exploitation of CVE-2018-0171, which Cisco Talos researchers said was used in a recent attack by the China-backed threat group.

Pour la première fois, l'Agence de l'Union européenne pour la cybersécurité s'est penchée sur les menaces dans le secteur de la finance. Sur...-Club Data Protection

Houston-based employee screening company DISA Global Solutions says a 2024 data breach exposed the information of more than 3.3 million people.

PortSwigger is proud to announce a strategic partnership with SAP, a global leader in enterprise software solutions.

Dans une publication remplie d'ironie, le patron du gang de hackers Lockbit, connu pour avoir piraté des hôpitaux, propose de fournir des documents confidentiels au nouveau directeur du FBI, nommé par Donald Trump. Le gang Lockbit, auteur de nombreuses cyberattaques, y compris contre des hôpitaux en France

Active Directory (AD) is the go-to for managing users, permissions, and access. But AD wasn’t built for today’s hybrid environments, where on-prem meets cloud.

Background check provider DISA has disclosed a major data breach which may have affected over 3 million people.

Une faille de sécurité a touché une application back-office utilisée par la filiale roumaine de la société télécoms. Des pirates associés au...-Cybersécurité

Standard SecOps training is no longer enough to tackle modern cybersecurity challenges. People need to develop non-traditional skills.

This week in cybersecurity from the editors at Cybercrime Magazine

Forescout observed the recently identified Chinese hacking group using medical imaging software applications to deliver malware

Anthropic has started rolling out Claude 3.7 Sonnet, the company's most advanced model and the first hybrid reasoning model it has shipped.

ReliaQuest claims 80% of ransomware attacks now focus solely on exfiltrating data as it is faster

A Censys survey illustrated the extent of global industrial control systems exposures. Get a preview of their findings about critical infrastructure security.

Evolving threats and hybrid identity challenges keep AD at risk.

There are many risks associated with selling items on online marketplaces that individuals and organizations should be aware of when conducting business on these platforms.

SecurityScorecard revealed that the large-scale password spraying campaign can bypass MFA and security access policies by utilizing Non-interactive sign-ins

U.S. CISA adds Adobe ColdFusion and Oracle Agile PLM flaws to its Known Exploited Vulnerabilities catalog.

Nearly a third of organizations have an operational system connected to the Internet with a known exploited vulnerability, as attacks by state and non-state actors increase.

States are increasingly collaborating with cybercriminal groups to share resources and amplify attacks on critical infrastructure in rival nations, a new report finds.

Palo Alto Networks’ threat intelligence firm said nearly 9 in 10 cyberattacks it responded to last year involved disrupted business operations.

A hacker claims to have stolen thousands of internal documents with user records and employee data after breaching the systems of Orange Group, a leading French telecommunications operator and digital service provider.

GitVenom malware on GitHub stole $456K in Bitcoin via fake projects, hijacking wallets and banking data.

A large-scale malware campaign exploited a vulnerable Windows driver to bypass security and deploy HiddenGh0st RAT.

NetSupport RAT spread via fake CAPTCHAs, Lynx stole 170GB, and AsyncRAT used Python payloads in Q1 2025.

The stolen information included listed contacts, call logs, text messages, photos, and the device’s location.

La start-up texane NinjaOne conçoit une plateforme utilisée par les équipes IT pour faciliter la maintenance des terminaux des salariés. Elle...-Informatique

New Hiya data finds 26% of UK consumers encountered a deepfake scam call in Q4 2024

Des pirates ont relancé une campagne pour piéger les consommateurs avec de prétendus soucis de livraison de leur colis, une arnaque par SMS bien rodée qui revient régulièrement pour les vacances. Une campagnes de phishing par SMS fait son retour en cette période de vacances, avec un narratif bien connu : le colis non

Des chaînes YouTube et d'autres comptes sur les réseaux sociaux avec des millions d'abonnés sont détournés par des hackers, pour cibler les joueurs de Counter-Strike 2 avec des arnaques. La communauté Counter-Strike 2 (CS2) est dans le viseur des hackers. L'entreprise de cybersécurité BitDefender alerte sur une