Latest CyberSec News by @thecyberpicker

Health Net Federal Services (HNFS) and its parent company, Centene Corporation, have agreed to pay $11,253,400 to settle allegations that HNFS falsely certified compliance with cybersecurity requirements under its Defense Health Agency (DHA) TRICARE contract.

​Connect with Microsoft at Legalweek 2025 to learn how to embrace AI while protecting your organization’s data with Microsoft Purview. ​

North Korean hackers use fake job interviews on Upwork and GitHub to infect crypto developers with BeaverTail and InvisibleFerret malware, stealing cr

The China-linked threat group has targeted critical infrastructure providers in more than 70 countries.

The new Cloud Key Management Service is part of Google’s new roadmap for implementing the new NIST-based post-quantum cryptography (PQC) standards.

Fake job ads target freelance developers, spreading malware via GitHub

The Chinese state-sponsored Salt Typhoon hacking group uses a custom utility called JumbledPath to stealthily monitor network traffic and potentially capture sensitive data in cyberattacks on U.S. telecommunication providers.

Insights from Chinese intel reports on the NSA's TTPs, understanding and testing passkeys, how Databricks leverages AI to focus on business critical CVEs

An infostealer known as ACRStealer is using legitimate platforms like Google Docs and Steam as part of an attack.

Critical flaws in Ivanti Endpoint Manager were initially disclosed and patched last month.

Large Language Models (LLMs) can provide many benefits to security professionals by helping them analyze logs, detect phishing attacks, or offering threat intelligence. Learn from Wazuh how to incorporate an LLM, like ChatGPT, into its open source security platform.

Brand loyalty can act as a shield protecting organizations from the immediate impact of a breach, but that protection has a shelf life.

Mobile phishing attacks surged in 2024, with 16% of all incidents occurring in the US, according to a new Zimperium report

A survey by IANS and Artico found significant regional variation in cybersecurity salary levels across North America

The Department of Government Efficiency (DOGE) may already have access to sensitive tax and medical data stored at the IRS and Social Security Administration (SSA), which jointly retain disability diagnoses, child adoption information, exceptionally detailed financial data and individuals’ immigration status, experts say.

Cisco Talos has been closely monitoring reports of widespread intrusion activity against several major U.S. telecommunications companies, by a threat actor dubbed Salt Typhoon. This blog highlights our observations on this campaign and identifies recommendations for detection and prevention.

A single-scan, multi-action (SSMA) architecture can improve efficiency. Build simple business policies for Zero Trust, rather than complex network policies.

Microsoft has issued a security bulletin for a high-severity elevation of privilege vulnerability in Power Pages, which hackers exploited as a zero-day in attacks.

South Korea says it's uncovered evidence that DeepSeek has secretly been sharing data with ByteDance, the parent company of popular social media app TikTok.

Kela researchers 330 million compromised credentials to infostealer activity on over four million machines in 2024

XLoader malware is spreading via Eclipse Jarsigner using DLL side-loading, evading detection with encrypted decoys and advanced obfuscation.

PCI DSS 4.0 mandates DMARC by March 31, 2025, to combat phishing. Non-compliance risks $100K fines, email fraud, and low deliverability.

Chinese-aligned hackers exploited CVE-2024-24919 to deploy ShadowPad malware and NailaoLocker ransomware, targeting European healthcare networks.

The Darcula phishing-as-a-service (PhaaS) platform is preparing to release its third major version, with one of the highlighted features, the ability to create do-it-yourself phishing kits to target any brand.

Microsoft is not testing a fix for a longstanding known issue that is breaking SSH connections on some Windows 11 22H2 and 23H2 systems.

This week in cybersecurity from the editors at Cybercrime Magazine

High turnover, burnout, and blame-heavy environments do more than hurt morale. They also weaken security and put the organization at risk.

Businesses can manage generative AI risks by enforcing governance, securing AI-generated content, reviewing AI-written code, and ensuring chatbot compliance.

Microsoft addressed a privilege escalation vulnerability in Power Pages, the flaw is actively exploited in attacks.