Latest CyberSec News by @thecyberpicker

LangSmith flaw let hackers steal OpenAI API keys and data via LangChain agents. Enterprises risked IP leaks.

Instagram ads impersonating financial institutions like Bank of Montreal (BMO) and EQ Bank (Equitable Bank) are being used to target Canadian consumers with phishing scams and investment fraud. Some ads use AI-powered deepfake videos in an attempt to collect your personal information, while others drive traffic to phishing pages.

Un groupe de hackers, supposément lié à Israël, revendique une cyberattaque majeure contre la banque Sepah, institution clé du système financier iranien. Ils assurent avoir « détruit toutes les données » de la banque. Le groupe de hackers Gonjeshke Darande, également connu sous le nom de « Predatory Sparrow », a

To defend “target rich, resource poor” critical infrastructure from cyberattacks, the U.S. must expand its patchwork volunteer system, a new report concludes.

New SEO poisoning attacks identified, using Hacklink to hijack search rankings and inject malicious links into sites

​Veeam has released security updates today to fix several Veeam Backup & Replication (VBR) flaws, including a critical remote code execution (RCE) vulnerability.

Moving from artisanal to industrial security at scale, and how Google uses AI for reversing malware, analyzing hacker videos, fuzzing, and more

The commission described how recently updated federal regulations affect dealerships — and their vendors.

The UK Information Commissioner's Office (ICO) has fined genetic testing provider 23andMe £2.31 million ($3.12 million) over 'serious security failings' that led to a 'profoundly damaging' data breach in 2023.

A chain of Sitecore Experience Platform (XP) vulnerabilities allows attackers to perform remote code execution (RCE) without authentication to breach and hijack servers.

Researchers say a sudden burst of activity could be linked to a Mirai botnet variant.

Malware detected previously in Italy has popped up in Russia, researchers said. Attackers use it to access devices' near field communications (NFC) and steal payment card data.

Email hosting provider Cock.li has confirmed it suffered a data breach after threat actors exploited flaws in its now-retired Roundcube webmail platform to steal over a million user records.

Completing the CAIQ self-assessment is a prerequisite for pursuing CSA STAR Level 2. This requirement strengthens the overall assurance of cloud providers.

23andMe has been fined over £2m by the UK ICO for failing to adequately protect genetic data

Phishing emails in Taiwan deploy Gh0stCringe and HoldingHands RAT via fake tax lures and PDF malware.

Tired of drowning in IT tickets? This AI-powered workflow built on Tines auto-triages common issues like known bugs & password resets—saving time for your team and speeding up resolution. Learn more about Tines and get a free account now.

Microsoft has released an emergency update to fix a known issue causing startup failures for some Surface Hub v1 devices running Windows 10.

Congress should use renewal of an expiring terrorism insurance program to create a federal backstop for cybersecurity insurance, according to a report out Tuesday that tries to thread many difficult needles to bolster an industry that its author says isn’t developing fast enough. In an ideal world, cybersecurity insurance can be a valuable tool to […]

U.S. CISA adds Apple products, and TP-Link routers vulnerabilities to its Known Exploited Vulnerabilities catalog.

Phishing campaign targeting Taiwan has been identified, using tax-themed emails and malware like Winos and HoldingHands

La maquette impressionnante de l'UCAS est affichée en vedette lors du salon du Bourget 2025. Derrière ce drone de combat autonome se cache un projet militaire numérique européen à l'ambition inédite et parfois contrariée : le SCAF. Posté à l’entrée du hall 2C, le stand extérieur de Dassault Aviation est impossible à

Scattered Spider targets U.S. insurance firms using social engineering and MFA bypass tactics. GTIG urges vigilance.

This week in cybersecurity from the editors at Cybercrime Magazine

This article discusses how ransomware attacks are targeting backups and what to do to keep your data and backups secure.

Three flaws in Sitecore XP v10.1+ let attackers gain remote access using default credentials—impacting banks, airlines, and global enterprises

Botnet attack exploited over 130,000 forgotten AD accounts. Learn why service account oversight matters.

A group tracked as Predatory Sparrow said it was responsible for hacking Bank Sepah as the conflict between Israel and Iran intensified.

If you’ve worried that AI might take your job, deprive you of your livelihood, or maybe even replace your role in society, it probably feels good to see the latest AI tools fail spectacularly. If AI recommends glue as a pizza topping, then you’re safe for another day. But the fact remains that AI already has definite advantages over even the most skilled humans, and knowing where these advantages arise—and where they don’t—will be key to adapting to the AI-infused workforce. AI will often not be as effective as a human doing the same job. It won’t always know more or be more accurate. And it definitely won’t always be fairer or more reliable. But it may still be used whenever it has an advantage over humans in one of four dimensions: speed, scale, scope and sophistication. Understanding these dimensions is the key to understanding AI-human replacement...

WatchTowr has found three vulnerabilities in the Sitecore Experience Platform, used by HSBC and L’Oréal