Latest CyberSec News by @thecyberpicker

« Je ne suis pas une star donc mes données n’intéressent personne » : il est tentant de se rassurer ainsi. Mais contrairement aux idées reçues, vos informations personnelles, même les plus anodines, ont une grande valeur. Voici pourquoi elles sont si prisées. Dès que vous naviguez sur internet, vous laissez derrière

FatalRAT malware is targeting APAC industries via phishing, using Chinese cloud services for stealthy multi-stage infection

CISA adds Adobe ColdFusion and Oracle Agile PLM flaws to KEV catalog, urging agencies to patch by March 17, 2025, to prevent exploitation

A patch bypass for a bug in the popular desktop emulator enables root-level privilege escalation and has no fix in sight.

This move comes less than a year after the United States banned Kaspersky products, out of the same fear that the company is under Russian government control.

OpenAI says it blocked several North Korean hacking groups from using its ChatGPT platform to research future targets and find ways to hack into their networks.

Cybercriminals are exploiting major e-sports tournaments to target players of the popular video game Counter-Strike 2 (CS2), researchers have found.

Microsoft has released ad-supported versions of its Office desktop apps, which have limited features but allow Windows users to edit their documents.

Russia's National Coordination Center for Computer Incidents (NKTsKI) is warning organizations in the country's credit and financial sector about a breach at LANIT, a major Russian IT service and software provider.

Microsoft has released ad-supported versions of its Office desktop apps, which have limited features but allow Windows users to edit their documents for free.

A new streaming series about a nationwide, catastrophic cyberattack against US critical infrastructure is about as believable as its main character: an honest, bipartisan, universally beloved politician.

Confirmation by South Korea's data protection agency that the AI chatbot sent data to TikTok's Chinese parent company has spurred a ban in that nation, and is again is calling into question DeepSeek's safety.

Cybersecurity researchers say North Korean hackers are behind the largest cryptocurrency heist in history and are actively laundering the more than $1.4 billion in cryptocurrency stolen from the Bybit exchange on Friday.

The Australian government has banned all Kaspersky Lab products and web services from its systems and devices following an analysis that claims the company poses a significant security risk to the country.

Surging since January 2025, ACR Stealer exploits cracked software to steal credentials, leveraging dead drop resolvers via Google Forms and Telegram.

A massive botnet of over 130,000 compromised devices is conducting password-spray attacks against Microsoft 365 (M365) accounts worldwide, attempting to confirm credentials.

Elementor plugin flaw puts 2m WordPress websites at risk, allowing XSS attacks via malicious scripts

Threat actors are chaining the CVE with at least one prior flaw to enable the hack attempts.

The high-severity privilege escalation flaw in Microsoft's website building application was disclosed and patched last week.

The ransomware syndicate’s internal chats exposed a wide swath of the group’s inner workings.

This week on the Lock and Code podcast… Insurance pricing in America makes a lot of sense so long as you’re...

Mandiant observed a notable increase in phishing attacks targeting the education industry, specifically U.S.-based universities.

Les conséquences pour l'industrie tech pourraient être majeures : face à la pression du gouvernement britannique, Apple a retiré l'Advanced...-Club Data Protection

​Over the weekend, blockchain security companies and experts have linked North Korea's Lazarus hacking group to the theft of over $1.5 billion from cryptocurrency exchange Bybit.

Michigan man indicted for dark web credential fraud, purchased 2,500 logins from Genesis Market

Two different exploits for an unpatched Parallels Desktop privilege elevation vulnerability have been publicly disclosed, allowing users to gain root access on impacted Mac devices.

The CCM’s Change Control & Configuration Management domain helps companies adhere to a robust change management process, regardless of who manages the assets.

Only by addressing the inefficiencies of current naming conventions can we create a safer, more resilient landscape for all defenders.

Le gouvernement australien a décidé de mettre fin à l'utilisation des produits et services Kaspersky dans ses agences, invoquant un “risque de...-Cybersécurité