Latest CyberSec News by @thecyberpicker

A subgroup of the Russian state-sponsored hacking group APT44, also known as 'Seashell Blizzard' and 'Sandworm', has been targeting critical organizations and governments in a multi-year campaign dubbed 'BadPilot.'

Ivanti has released security updates for Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS), and Ivanti Secure Access Client (ISAC) to address multiple vulnerabilities, including three critical severity problems.

L'Anssi a organisé au Campus Cyber un exercice de gestion de crise avec 200 participants d'une vingtaine de nationalités différentes. L'objectif...-Cybersécurité

Threat actors adapted to improved threat detection, law enforcement actions, new Huntress research finds.

Sandworm (aka Seashell Blizzard) has an initial access wing called "BadPilot" that uses standard intrusion tactics to spread Russia's tendrils around the world.

Romance scams cost Americans $697.3m in 2024, with crypto fraud schemes on the rise

NCSC CTO Ollie Whitehouse discussed a UK government-backed project designed to secure underlying computer hardware, preventing most vulnerabilities from occurring

When it comes to keeping patient information safe, people empowerment is just as necessary as deploying new technologies.

Massive IoT data breach exposed 2.7 billion records including Wi-Fi credentials

Cybersecurity has exploded into a critical business imperative. Take a whirlwind tour of the top cybersecurity milestones since Y2K.

Etsy sellers are being targeted by scammers that use a legitimate Etsy domain to host their dodgy PDFs.

The analyst firm recommends defining security and governance processes while reducing friction for business stakeholders.

This week in cybersecurity from the editors at Cybercrime Magazine

The combined companies will create a seamless ecosystem of trust, governance, risk, and compliance.

Clear ownership of non-human identities (NHIs) is key to reducing insider threats, improving IAM, and streamlining governance. Learn how to enhance security posture.

A new Everfox survey shows a growing consensus among regulated organizations in favor of a strategic shift away from detecting cyber threats to preventing them

Here’s a supply-chain attack just waiting to happen. A group of researchers searched for, and then registered, abandoned Amazon S3 buckets for about $400. These buckets contained software libraries that are still used. Presumably the projects don’t realize that they have been abandoned, and still ping them for patches, updates, and etc. The TL;DR is that this time, we ended up discovering ~150 Amazon S3 buckets that had previously been used across commercial and open source software products, governments, and infrastructure deployment/update pipelines—and then abandoned...

Microsoft patches 63 flaws, including two exploited Windows vulnerabilities (CVE-2025-21391, CVE-2025-21418). CISA requires fixes by March 4.

North Korean hackers use PowerShell trick to hijack devices, while a U.S. woman helped fake IT workers infiltrate 300 firms, stealing $17.1M.

CISOs lead AI strategy without clear guidance. The CLEAR framework helps security teams track AI, enforce policies, and drive responsible adoption.

Gambling companies are sharing their users’ data with Meta for marketing and tracking purposes.

The US and its allies have sanctioned Russian bulletproof hoster Zservers for abetting ransomware attacks

February Patch Tuesday sees Microsoft fix four zero-days, including two under active exploitation

Ivanti patches critical flaws in Connect Secure, Policy Secure, and CSA. Urgent updates address CVEs up to 9.9 CVSS. Apply fixes now to prevent RCE ri

Microsoft Patch Tuesday security updates for February 2025 addressed four zero-day flaws, two of which are actively exploited in the wild.

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Windows, Zyxel device flaws to its Known Exploited Vulnerabilities catalog.

President Donald Trump has selected Sean Cairncross, the former CEO of the Millennium Challenge Corporation, to be his national cyber director.

More than half of attacks on Indian businesses come from outside the country, while 45% of those targeting consumers come from Cambodia, Myanmar, and Laos.

Google Threat Intelligence Group discusses the current state of cybercrime, and why it must be considered a national security threat.