Latest CyberSec News by @thecyberpicker

A clickjack attack was revealed this summer that can steal the credentials from password managers that are integrated into web browsers.

The state-linked espionage group has exploited zero-day flaws in Commvault and Citrix Netscaler, researchers say.

The document is primarily meant for federal agencies, but CISA hopes businesses will also use it to push vendors for software bills of materials.

A new infostealer malware targeting Mac devices, called 'Shamos,' is targeting Mac devices in ClickFix attacks that impersonate troubleshooting guides and fixes.

Grok AI chats that users wanted to share with individual people were in fact shared with the broader web and searchable by everyone.

Phishing emails with RAR archives exploit Linux filename injection to deliver VShell backdoor, bypassing antivirus defenses

The Cybersecurity and Infrastructure Security Agency (CISA) gave civilian federal agencies until September 11 to implement a fix for CVE-2025-43300 — a vulnerability affecting popular brands of Apple phones, iPads and Macbooks.

The tech manufacturer Data I/O reported a ransomware attack to federal regulators, writing that the incident has taken down critical operational systems.

This week in cybersecurity from the editors at Cybercrime Magazine

Security teams can’t fully trust computers to make autonomous decisions, but they need to trust AI agents to scan environments and act quickly.

Authorities across Africa have dismantled large-scale cybercrime and fraud networks, arresting over three months more than 1,200 people suspected of carrying out ransomware attacks, online scams, and business email compromise schemes, Interpol said.

Operation Serengeti 2.0 operators helped recover $97.4m stolen by cybercriminals

Microsoft has confirmed that the August 2025 security updates are causing severe lag and stuttering issues with NDI streaming software on some Windows 10 and Windows 11 systems.

INTERPOL’s Operation Serengeti 2.0 Arrests 1,209 Cybercriminals in Africa, Recovers $97.4M, Dismantles 11,432 Infrastructures

Murky Panda exploited Citrix CVE-2023-3519 and Commvault CVE-2025-3928 to deploy CloudedHope malware, enabling covert espionage.

Darktrace observed a coordinated campaign on customer SaaS accounts, all of which involved logins from IP addresses linked to VPS providers

Think of the Web as a digital territory with its own social contract. In 2014, Tim Berners-Lee called for a “Magna Carta for the Web” to restore the balance of power between individuals and institutions. This mirrors the original charter’s purpose: ensuring that those who occupy a territory have a meaningful stake in its governance. Web 3.0—the distributed, decentralized Web of tomorrow—is finally poised to change the Internet’s dynamic by returning ownership to data creators. This will change many things about what’s often described as the “CIA triad” of ...

Un ressortissant chinois vivant dans l'Ohio vient d'être condamné à 4 ans de prison par la justice américaine. Ce développeur de logiciels, un brin revanchard, est reconnu coupable d'avoir implémenté un logiciel malveillant avant d'avoir été licencié par son employeur. Nous sommes en 2007 et Davis Lu, développeur

Automated pentest delivery replaces static PDFs with real-time workflows, cutting remediation delays and reducing MTTR.

Microsoft halts PoC exploit sharing with Chinese firms after SharePoint zero-day leaks, giving only written bug details to curb future abuse.

Law enforcement authorities in Africa have arrested over 1,200 suspects as part of 'Operation Serengeti 2.0,' an INTERPOL-led international crackdown targeting cross-border cybercriminal gangs.

All Apple users are encouraged to update their iPhones, iPads and macOS devices

Kidney dialysis firm DaVita has confirmed that a ransomware gang that breached its network stole the personal and health information of nearly 2.7 million individuals.

Modern vehicles, their current and future threats, and approaches to automotive cybersecurity.

Le 20 août 2025 a décidément été une grosse journée pour Google. Alors que l'entreprise américaine dévoilait en grande pompe son nouveau smartphone Pixel 10, une nouvelle application est apparue en catimini sur Google Play : un gestionnaire de mots de passe. Un outil qui répond à un besoin essentiel pour les

Microsoft has set out a roadmap to complete transition to PQC in all its products and services by 2033, with roll out beginning by 2029

Officiellement promu par la famille du président américain, le Trump T1 est un appareil mystérieux aux caractéristiques contradictoires. Les dernières images publiées en ligne montrent un Samsung Galaxy S25 Ultra avec une coque Spigen, ce qui n'a pas tardé à faire réagir l'accessoiriste. À quoi joue l'entourage de

U.S. CISA adds Apple iOS, iPadOS, and macOS vulnerability to its Known Exploited Vulnerabilities catalog..

Ex-developer Davis Lu sentenced in March 2025 after 2019 kill switch malware caused $100K+ losses.

The CIS Controls Ambassador program is an initiative of the CIS that focuses on enhancing the adoption of key cybersecurity best practices.