Latest CyberSec News by @thecyberpicker

OpenSSH has released security updates addressing two vulnerabilities, a machine-in-the-middle (MitM) and a denial of service flaw, with one of the flaws introduced over a decade ago.

Russian state-sponsored hackers have attacked enterprises and government agencies in North America and overseas.

The newspaper chain said attackers encrypted critical applications and impacted billing, payments and print distribution.

Think you're safe because you're compliant? Think again. Recent studies continue to highlight the concerning trend that compliance with major security frameworks does not necessarily prevent data breaches. Learn more from Pentera on how automated security validation bridges the security gaps.

Significant OpenSSH flaws are exposing systems to man-in-the-middle and denial-of service attacks

Media conglomerate Lee Enterprises told regulators on Friday that hackers had stolen files and encrypted “critical applications” as part of an incident that impacted the operations of dozens of newspapers nationwide.

The flaw, when chained together with a prior vulnerability, can allow an attacker to gain access to unpatched firewalls.

Unauthenticated resource sharing exposes cloud data to breaches. Implement MFA, strict access controls, and continuous monitoring to prevent unauthorized access.

Un sondage révèle que les salariés adoptent encore des comportements à risque avec des pratiques, telles que l'ouverture de mails suspects et la réutilisation des mots de passe, qui exposent les entreprises à des menaces majeures. La cybersécurité souffre encore d’un effet « parcmètre » : on se permet des écarts,

Expert Takeaways from a Webinar on Critical Risks Impacting Supply Chains

A vCISO provides expert cybersecurity leadership on demand, helping organizations strengthen security, achieve compliance, and scale cost-effectively.

Trend Micro found that Chinese espionage group Mustang Panda is deploying malware via legitimate Microsoft tools, enabling it to bypass ESET antivirus applications

Le Department of Government Efficiency, dirigé par Elon Musk, multiplie les initiatives pour accéder aux données sensibles des Américains...-Club Data Protection

Winnti’s RevivalStone campaign exploited an ERP SQL flaw to deploy upgraded malware, breaching an MSP and infecting multiple firms.

Over 60% of breaches start with exposed assets. Attack Surface Management helps organizations detect risks before hackers do, reducing successful atta

Juniper Networks patched CVE-2025-21589 (CVSS 9.8), a critical router flaw allowing remote takeovers.

FrigidStealer malware exploits fake browser updates to bypass Gatekeeper and steal macOS user data.

The February 2025 Patch Tuesday update from Microsoft addressed over 50 security vulnerabilities, including the zero-days.

London, United Kingdom, 18th February 2025, CyberNewsWire

A new Snake Keylogger variant, responsible for over 280 million blocked infection attempts worldwide, has been identified targeting Windows users

This week in cybersecurity from the editors at Cybercrime Magazine

The BlackLock or Eldorado ransomware gang could be the year’s fastest-growing ransomware-as-a-service group

Newspaper publishing giant Lee Enterprises has confirmed that a ransomware attack is behind ongoing disruptions impacting the group's operations for over two weeks.

Proofpoint also identified two new threat actors operating components of web inject campaigns, TA2726 and TA2727

Ben Rothke relates a story about me working with a medical device firm back when I was with BT. I don’t remember the story at all, or who the company was. But it sounds about right.

A threat actor claims to have hacked and published data on 12 million Zacks Investment Research accounts

Kaspersky GReAT experts have discovered a new campaign distributing the XMRig cryptominer through popular games such as BeamNG.drive and Dyson Sphere Program on torrent trackers.

Xerox VersaLink C7025 Multifunction printer flaws could allow attackers to capture authentication credentials via pass-back attacks.

MageCart hackers are using image tags to hide JavaScript skimmers, stealing credit card data from Magento checkout pages while bypassing security scan