Latest CyberSec News by @thecyberpicker

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free.

A free-to-play game named PirateFi in the Steam store has been distributing the Vidar infostealing malware to unsuspecting users.

U.S. CISA adds Apple iOS and iPadOS and Mitel SIP Phones vulnerabilities to its Known Exploited Vulnerabilities catalog.

Si on ne connaît pas de faille majeure en interne à la plateforme, les chaînes de ses vidéastes sont parfois un fruit mûr pour les hackers de tout poil. La plateforme de partage de vidéos YouTube fête ses 20 ans. Si l’on ignore précisément la date du premier piratage qui a visé le célèbre site à la flèche blanche sur

An active campaign from a threat actor potentially linked to Russia is targeting Microsoft 365 accounts of individuals at organizations of interest using device code phishing.

Threat actors are exploiting a recently disclosed vulnerability, tracked as CVE-2025-0108, in Palo Alto Networks PAN-OS firewalls.

Un groupe de hackers liés au Kremlin a lancé une campagne de phishing ciblant les utilisateurs de services de messagerie populaires comme WhatsApp, Signal et Microsoft Teams. En envoyant de fausses invitations à des réunions en ligne, ils parviennent à tromper leurs victimes et à voler leurs données sensibles. Les

Android 16 Beta 2 blocks sideloading and accessibility changes during calls to prevent scammers from tricking users into installing malware.

L’Usine Digitale vous propose un récapitulatif des grandes actualités de la semaine en matière de cybersécurité. Au programme, une...-Cybersécurité

Researchers uncover the whoAMI attack, exploiting AWS AMI name confusion for remote code execution.

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SimpleHelp vulnerability to its Known Exploited Vulnerabilities catalog.

Suspected Russian nation-state threat groups have duped multiple victims into granting potentially persistent access to networks via authentication requests and valid tokens.

Hackers are launching attacks against Palo Alto Networks PAN-OS firewalls by exploiting a recently fixed vulnerability (CVE-2025-0108) that allows bypassing authentication.

Catherine De Bolle, the chief of Europol, said at the Munich Cyber Security Conference that societies must understand why law enforcement agencies need new powers to fight increasingly sophisticated cybercrime operations.

Lazarus Group’s Marstech1 malware targets developers, crypto wallets; 233+ confirmed victims globally.

A Pennsylvania utility company says that basic customer data stolen from one of its vendors in 2023 was recently exposed online, but the incident did not affect its core systems.

Credible Security's founders bring their varied experiences to help growing companies turn trust into a strategic advantage.

Attackers are now targeting an authentication bypass vulnerability affecting SonicWall firewalls shortly after the release of proof-of-concept (PoC) exploit code.

A cybercriminal stole a reported 12 million data records on Zacks’ customers and clients.

Attackers are now targeting an authentication bypass vulnerability affecting SonicWall firewalls shortly after the release of proof-of-concept (PoC) exploit code.

In Q4 2024, the Top 10 Malware observed by the MS-ISAC® changed slightly from the previous quarter. Here are the malware that topped our list.

Here is an overview of the CIS Benchmarks that the Center for Internet Security (CIS) updated or released for February 2025.

Cisco Talos’ Vulnerability Discovery & Research team recently disclosed two vulnerabilities in ClearML and four vulnerabilities in Nvidia.  The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy.    For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org, and our latest Vulnerability Advisories are always posted on Ta

L'équipe de recherche sur les cybermenaces de Microsoft a publié un rapport sur BadPilot, une entité du groupe de pirates russes “Sandworm”....-Cybersécurité

A free-to-play game named PirateFi in the Steam store has been distributing the Vidar infostealing malware to unsuspecting users.

Learn how to optimize your SIEM solution with key strategies and practices.

This is a current list of where and when I am scheduled to speak: I’m speaking at Boskone 62 in Boston, Massachusetts, USA, which runs from February 14-16, 2025. My talk is at 4:00 PM ET on the 15th. I’m speaking at the Rossfest Symposium in Cambridge, UK, on March 25, 2025. The list is maintained on this page.

The Vanderbilt University Medical Center has a pediatric care dog named “Squid.” Blog moderation policy.

Learn how to implement the Business Continuity Management and Operational Resilience domain of CCM. Safeguard critical business processes and services.

Le site du DOGE, vitrine du projet controversé d’Elon Musk pour réformer le gouvernement fédéral, a été piraté. Cette attaque met en lumière des failles de sécurité et alimente les critiques sur la gestion de l’agence DOGE. Le site du DOGE, mis en place pour documenter les actions de l’équipe d’Elon Musk dans son