Latest CyberSec News by @thecyberpicker

CISA has released Thorium, an open-source tool for malware and forensic analysis, now available to analysts.

Information-sharing organizations warned their members that Scattered Spider continues to pose a major threat.

Russia-linked Secret Blizzard targets foreign embassies in Moscow via ISP-level AitM attacks, deploying custom ApolloShadow malware.

The Trump Administration is working with 60 companies on a plan to have Americans voluntarily upload their healthcare and medical data.

In this edition of the Threat Source newsletter, William explores

Microsoft has announced that it will start disabling external workbook links to blocked file types by default between October 2025 and July 2026.

Cybersecurity professionals and researchers can now launch Kali Linux in a virtualized container on macOS Sequoia using Apple's new containerization framework.

Geopolitical shocks, trade wars, tariff policies, cyber threats and compounding supplier disruptions mean today’s supply chain challenges demand more than awa

Russian APT Secret Blizzard uses ISP-level AitM attacks to deploy ApolloShadow malware on embassy devices in Moscow.

Federal analysts are still sizing up what the Chinese hackers known as Volt Typhoon might have intended by setting up shop there, a CISA official said Thursday.

Hackers exploit a critical vulnerability, tracked as CVE-2025-5394 (CVSS score of 9.8), in the 'Alone WordPress theme to hijack sites.

Microsoft's Identity Threat Detection and Response solution integrates identity and security operations to protect against identity-based cyberthreats.

Microsoft has expanded its .NET bug bounty program and increased rewards to $40,000 for some .NET and ASP.NET Core vulnerabilities.

A new Microsoft report finds that the long-running threat group has gained positions on state-aligned ISPs and Russian telecoms, while tricking foreign embassy staff to download custom malware.

Microsoft warns that a cyber-espionage group linked to Russia's Federal Security Service (FSB) is targeting diplomatic missions in Moscow using local internet service providers.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) today announced the public availability of Thorium, an open-source platform for malware and forensic analysts across the government, public, and private sectors.

Microsoft Threat Intelligence has uncovered a cyberespionage campaign by the Russian state actor we track as Secret Blizzard that has been ongoing since at least 2024, targeting embassies in Moscow using an adversary-in-the-middle (AiTM) position to deploy their custom ApolloShadow malware.

Learn which entry-level cyber security certification is right for you in this CompTIA Security+ vs Google Cybersecurity Professional Certificate showdown.

After authorities dismantled LockBit and RansomHub, other groups rushed in to snatch up their affiliates, according to a new report that highlights a cybercrime ecosystem in flux.

The DoubleTrouble Android banking Trojan has evolved, using Discord for delivery and introducing several new features

The goal of Thorium is to enable cyber defenders to bring automation to their existing analysis through simple tool integration and event-driven triggers, CISA said, adding that it is built to support cybersecurity teams across mission functions.

CISA has launched a new tool to streamline cyber incident response and aid in adversary eviction

Tools to scan MCP servers and an MCP WAF, 4 AppSec archetypes, how to strategically protect your org with limited resources

In its latest operation, Lazarus took advantage of major gaps in the open-source software supply chain — like developers depending on unvetted packages and the lack of oversight for popular tools that are often maintained by just one or two people.

Semperis found that executives were physically threatened in 40% of ransomware incidents, in a bid to pressure victims to pay demands

Mike Burgess, who leads the Australian Security Intelligence Organisation, said at the Annual Hawke Lecture at the University of South Australia that he was putting a dollar figure on the economic cost of espionage for the first time to stress the “real, present and costly danger” facing Australia.

Proton has launched Proton Authenticator, a free standalone two-factor authentication (2FA) application for Windows, macOS, Linux, Android, and iOS.

Researchers have found that in roughly 80% of cases, spikes in malicious activity like network reconnaissance, targeted scanning, and brute-forcing attempts are a precursor to the disclosure of new security vulnerabilities (CVEs) within six weeks.