Latest CyberSec News by @thecyberpicker

The FakeUpdate malware campaigns are increasingly becoming muddled, with two additional cybercrime groups tracked as TA2726 and TA2727, running campaigns that push a new macOS infostealer malware called FrigidStealer.

Cary, NC, Feb. 19, 2025, CyberNewswire -- 2025 marks a time of unprecedented volatility in the technology job market. On one hand, dependence on technology is soaring. The growth of AI and machine learning is propelling a surge in new technologies, tactics, and ideas. At the same time, organizations are trying to adapt to the

This isn’t new, but it’s increasingly popular: The technique is known as device code phishing. It exploits “device code flow,” a form of authentication formalized in the industry-wide OAuth standard. Authentication through device code flow is designed for logging printers, smart TVs, and similar devices into accounts. These devices typically don’t support browsers, making it difficult to sign in using more standard forms of authentication, such as entering user names, passwords, and two-factor mechanisms. Rather than authenticating the user directly, the input-constrained device displays an alphabetic or alphanumeric device code along with a link associated with the user account. The user opens the link on a computer or other device that’s easier to sign in with and enters the code. The remote server then sends a token to the input-constrained device that logs it into the account...

A flaw in the Jupiter X Core plugin has been identified, allowing upload of malicious SVG files and remote code execution on vulnerable servers

Finastra notifies customers of data breach that took place more than three months ago, impacting sensitive financial information

The authentication bypass vulnerability in the OS for the company's firewall devices is under increasing attack and being chained with other bugs, making it imperative for organizations to mitigate the issue ASAP.

The company holds investments in several major technology companies, such as Wiz and Kaseya.

Red teams have uncovered serious ethical and security flaws in DeepSeek’s technology. The model is highly biased and susceptible to generating insecure code.

Around 7,000 people rescued from illegal call centers in Myanmar are awaiting transfer to Thailand amid a crackdown on cross-border scam operations, Thailand’s Prime Minister Paetongtarn Shinawatra said on Wednesday.

Pour la troisième fois consécutive, la suite collaborative commercialisée par l'entreprise Oodrive a reçu la qualification "SecNumCloud" de...-Club Data Protection

For years, defensive security strategies have focused on three core areas: network, endpoint, and email. Meanwhile, the browser, sits across all of them. This article examines three key areas where attackers focus their efforts and how browser-based attacks are evolving.

Palo Alto Networks warns that hackers are actively exploiting a critical authentication bypass flaw (CVE-2025-0108) in PAN-OS firewalls, chaining it with two other vulnerabilities to breach devices in active attacks.

By taking several proactive steps, boards can improve their organization's resilience against cyberattacks and protect their critical OT assets.

Russian state-backed hackers are increasingly targeting Signal messenger accounts — including those used by Ukrainian military personnel and government officials — in an effort to access sensitive information that could aid Moscow’s war effort, researchers warn.

WinRAR 7.10 was released yesterday with numerous features, such as larger memory pages, a dark mode, and the ability to fine-tune how Windows Mark-of-the-Web flags are propagated when extracting files.

MSPs and MSSPs can grow revenue with vCISO services, offering expert security leadership minus full-time costs.

New Snake Keylogger variant evades detection using AutoIt, leading to 280M blocked attacks targeting Windows users across China, Turkey, Indonesia, Ta

Malwarebytes now protects ARM-based Windows devices, such as Microsoft’s Surface Pro X and Lenovo’s Yoga laptops.

This week in cybersecurity from the editors at Cybercrime Magazine

The California Privacy Protection Agency (CPPA) is taking a strong stance against dark patterns. Understand what dark patterns are & why they are harmful.

Australia-based Genea said it is investigating the cyber incident to determine whether any personal data was accessed by an unauthorized third party

Avast a publié son rapport sur les cybermenaces pour le quatrième trimestre 2024. L'étude met en avant une recrudescence des escroqueries sur...-Cybersécurité

The head of the Australian Security Intelligence Organisation gave his Annual Threat Assessment for the year ahead

Acquisition strengthens Deepwatch Platform capabilities with actionable insights and risk-based prioritization.

Google is allowing its advertizing customers to fingerprint website visitors. Can you stop it?

Two OpenSSH vulnerabilities could allow machine-in-the-middle (MitM) and denial-of-service (DoS) attacks under certain conditions.

Info stealers are thriving on Mac, with one specific variant accounting for 70% of all info stealer detections at the end of 2024.

There were billions of dollars' worth of cryptocurrency transactions in 2024 by entities sanctioned by the United States, say researchers from Chainalysis in a new report.

The most consequential cyberattacks observed by Darktrace last year were linked to software defects in firewalls and perimeter network technologies.

Venture capital firm Insight Partners, which counts Recorded Future, SentinelOne and Wiz in its portfolio, confirmed an intrusion into its systems via a social engineering attack