Latest CyberSec News by @thecyberpicker

Startups can prioritize security and privacy by embedding governance, automation, and compliance early, ensuring scalable and cost-effective protection.

Banking fraud and financial crimes are growing more sophisticated every day. By understanding the threats and building strong collaborations, banks can protect themselves and their clients.

Companies pursing internal AI development using models from Hugging Face and other repositories need to focus on supply chain security and checking for vulnerabilities.

AI has the power to transform penetration testing by augmenting your human knowledge and expertise.

Un jeu d'aventure, disponible sur Steam, a été retiré après la découverte d’un malware caché dans son téléchargement. Cet incident met en évidence la vulnérabilité des joueurs face aux cybermenaces, souvent dissimulées sous des titres attrayants. La plateforme d'achats de jeux video Steam a récemment retiré un jeu en

Volexity highlighted how Russian nation-state actors are stealing Microsoft device authentication codes to compromise accounts

The China-sponsored state espionage group has exploited known, older bugs in Cisco gear for successful cyber intrusions on six continents in the past two months.

Author: Andrea Little Limbago, PhD, SVP, Applied AI  Over a decade ago, mutual assured economic destruction (MAED) defined the unprecedented interdependence

RansomHub, 2024’s most active ransomware group, breached 600+ organizations via Active Directory flaws and brute-force VPN attacks.

Microsoft warns of Storm-2372 using 'device code phishing' to steal tokens and infiltrate networks.

AI-driven social engineering is transforming cybercrime, leveraging deepfake videos, voice cloning, and OSINT automation to bypass traditional defense

Romance-baiting losses were up 40% last year, as more and more pig-butchering efforts crop up in the wild.

​Rapid7's vulnerability research team says attackers exploited a PostgreSQL security flaw as a zero-day to breach the network of privileged access management company BeyondTrust in December.

China's Salt Typhoon hackers are still actively targeting telecoms worldwide and have breached more U.S. telecommunications providers via unpatched Cisco IOS XE network devices.

CyberArk announced the Zilla deal on the same day leading identity and access governance provider SailPoint returned to the public markets.

Donald Trump and Elon Musk’s chaotic approach to reform is upending government operations. Critical functions have been halted, tens of thousands of federal staffers are being encouraged to resign, and congressional mandates are being disregarded. The next phase: The Department of Government Efficiency reportedly wants to use AI to cut costs. According to The Washington Post, Musk’s group has started to run sensitive data from government systems through AI programs to analyze spending and determine what could be pruned. This may lead to the elimination of human jobs in favor of automation. As one government official who has been tracking Musk’s DOGE team told the...

The organization becomes the AI Security Institute as the UK shifts its focus to tackling AI risks to national security

La société de sécurité des identités CyberArk s'empare de Zilla, une start-up américaine qui aide les entreprises à gérer l'accès des employés...-Cybersécurité

​Microsoft has fixed a known issue causing "boot device inaccessible" errors during startup on some Windows Server 2025 systems using iSCSI.

Symantec found that tools previously only used by Chinese nation-state espionage actors were deployed in a ransomware attack

Threat actors are exploiting a zero-day SQL injection vulnerability in PostgreSQL, according to researchers from cybersecurity firm Rapid7.

PostgreSQL SQL injection flaw (CVE-2025-1094) exploited alongside BeyondTrust zero-day, enabling arbitrary code execution.

Microsoft Threat Intelligence Center discovered an active and successful device code phishing campaign by a threat actor we track as Storm-2372. Our ongoing investigation indicates that this campaign has been active since August 2024 with the actor creating lures that resemble messaging app experiences including WhatsApp, Signal, and Microsoft Teams. Storm-2372’s targets during this time have included government, non-governmental organizations (NGOs), information technology (IT) services and technology, defense, telecommunications, health, higher education, and energy/oil and gas in Europe, North America, Africa, and the Middle East. Microsoft assesses with medium confidence that Storm-2372 aligns with Russian interests, victimology, and tradecraft.

The Trump administration made it clear that innovation and competition with China would be bigger priorities.

Security researchers discovered a name confusion attack that allows access to an Amazon Web Services account to anyone that publishes an Amazon Machine Image (AMI) with a specific name.

Cybersecurity experts weigh in on the red flags flying around the new Department of Government Efficiency's handling of the mountains of US data it now has access to, potentially without basic information security protections in place.

Pivoting from prior cyber espionage, the threat group deployed its backdoor tool set to ultimately push out RA World malware, demanding $2 million from its victim.

Scammers are once again using AI to take over Gmail accounts.

Hazel discusses Interpol’s push to rename pig butchering scams as ‘romance baiting’. Plus, catch up on the latest vulnerability research from Talos, and why a recent discovery is a “rare industry win”.

Researchers at cybersecurity firm Resecurity detected a rise in cyberattacks targeting UAV and counter-UAV technologies.