Latest CyberSec News by @thecyberpicker

Phishing campaign unveiled MostereRAT, targeting Windows systems with advanced evasion techniques

With WSUS deprecated, it's time to move from an outdated legacy patching system to a modern one. Learn from Action1 how its modern patching platform offers cloud-native speed, 3rd-party coverage, real-time compliance, and zero infrastructure. Try it free now!

Pour contrer les campagnes de désinformation orchestrées par des acteurs étrangers sur les réseaux sociaux, en particulier sur X, le ministère des Affaires étrangères a annoncé le lancement d’un compte officiel dédié à la riposte. Une initiative qui s’inscrit dans une stratégie de communication plus offensive de la

Noisy Bear hit KazMunaiGas in May 2025 via phishing emails, using Aeza Group hosting.

Cisco Talos found that abuse of remote services and remote access software are the most prevalent ‘pre-ransomware’ tactics deployed by threat actors

Continuous compliance is how modern teams stay secure, agile, and trusted. With the right systems in place, compliance stops being a burden.

Adobe breaks their regular patch schedule and will release an emergency fix for CVE-2025-54236 within the next 24 hours. Automated abuse is expected and merc...

Phishers are abusing Apple and Microsoft infrastructure to send out call-back phishing emails with legitimate sender and return addresses.

This week in cybersecurity from the editors at Cybercrime Magazine

Explore lessons learned from over two years of Talos IR pre-ransomware engagements, highlighting the key security measures, indicators and recommendations that have proven effective in stopping ransomware attacks before they begin.

Just a few months after Elon Musk’s retreat from his unofficial role leading the Department of Government Efficiency (DOGE), we have a clearer picture of his vision of government powered by artificial intelligence, and it has a lot more to do with consolidating power than benefitting the public. Even so, we must not lose sight of the fact that a different administration could wield the same technology to advance a more positive future for AI in government. To most on the American left, the DOGE end game is a dystopic vision of a government run by machines that benefits an elite few at the expense of the people. It includes AI ...

Palo Alto Networks, Cloudflare and Zscaler were also among confirmed victims of the attack

From Drift chaos to zero-days on the loose — this week’s cyber recap has it all. ⚡ Stay sharp, stay patched.

Security researchers have discovered a new malicious campaign impacting hundreds of GitHub users

Venezuela’s President Maduro shows Huawei Mate X6 gift from China's President Xi Jinping, hailing it as “unhackable” by U.S. spies.

Le 3 septembre 2025, Nati Tal, directeur de Guardio Labs, a révélé sur X le mode opératoire d'une nouvelle menace cyber appelée « Grokking ». Une attaque où l’IA du réseau social, Grok, est exploitée pour contourner la sécurité et diffuser des liens malveillants auprès de millions d'utilisateurs. Les mesures prises

North Korean hiring fraud surged 220% in 2023, using AI deepfakes to infiltrate companies and steal data.

Critical SAP S/4HANA vulnerability CVE-2025-42957 is being exploited in the wild

A list of topics we covered in the week of September 1 to September 7 of 2025

ChatGPT's Projects feature is now feature and second new feature allows you to create new conversations from existing conversations.

Google plans to make it easier for users to access AI mode by allowing them to set it as the default, replacing the traditional blue links.

Czech's NUKIB warns of Chinese cyber threats to critical infrastructure, citing the cyberespionage group APT31 and risky devices.

A new round of the weekly Security Affairs newsletter is out! Every week, the best security articles from Security Affairs in your email box

iCloud Calendar invites are being abused to send callback phishing emails disguised as purchase notifications directly from Apple's email servers, making them more likely to bypass spam filters to land in targets' inboxes.

Investigations into the Nx "s1ngularity" NPM supply chain attack have unveiled a massive fallout, with thousands of account tokens and repository secrets leaked.

Wilmington, Del., Sept. 4, 2025, CyberNewswire — Sendmarc today announced the appointment of Rob Bowker as North American Region Lead. Bowker will oversee regional expansion with a focus on growing the Managed Service Provider (MSP) partner community, developing strategic Value-Added Reseller (VAR) partnerships, and broadening the enterprise customer base. Bowker brings more than two decades

Noisy Bear hit KazMunaiGas in May 2025 via phishing emails, using Aeza Group hosting.

MeetC2 is a PoC C2 tool using Google Calendar to mimic cloud abuse, helping teams test detection, logging, and response.

Four npm packages uploaded since Sep 2023 impersonate Flashbots, stealing Ethereum keys and seeds via Telegram

NordPass est un gestionnaire de mots de passe efficace, fourni par NordVPN. L'abonnement au service profite actuellement d'une promotion exclusive à Numerama. NordPass, filiale de NordVPN, est un gestionnaire et un générateur de mots de passe puissant, disponible avec les abonnements de NordVPN. Il se charge de