Latest CyberSec News by @thecyberpicker

Attacks on local governments in the last week caused disruptions in the capital of the Choctaw Nation and Puerto Rico, as well as others.

Researchers at Google said the current campaign involving versions of the Salesforce Data Loader tool has targeted about 20 organizations and is ongoing.

Les fournisseurs de VPN seront vraisemblablement les grands gagnants de la décision de trois gros sites pornographiques (Pornhub, RedTube et YouPorn) de quitter le marché français. Ces sites protestent ainsi contre les règles françaises de contrôle obligatoire de l'âge sous peine de blocage. D'ores et déjà, les

Publishing giant Lee Enterprises is notifying over 39,000 people whose personal information was stolen in a February 2025 ransomware attack.

Experts argue that CISOs should avoid product duplication and simplify their language to ensure budget is spent wisely

Hewlett Packard Enterprise (HPE) addressed multiple flaws in its StoreOnce data backup and deduplication solution.

Chaos RAT malware targets Linux and Windows users via phishing and fake tools, enabling remote control.

UNC6040 uses vishing to impersonate IT support, deceiving victims into granting access to their Salesforce instances.

Details on the voice phishing (vishing) threat, and strategic recommendations and best practices to stay ahead of it.

A hacker targets other hackers, gamers, and researchers with exploits, bots, and game cheats in source code hosted on GitHub that contain hidden backdoors to give the threat actor remote access to infected devices.

Think your passwords are strong enough? AS-REP Roasting is back in the spotlight — and it's targeting weak spots in Active Directory. Learn more from Specops Software how attackers exploit missing Kerberos pre-auth and how to stop them with strong password policies.

Google has observed hackers claiming to be the ShinyHunters extortion group conducting social engineering attacks against multi-national companies to steal data from organization's SalesForce platforms.

Agentic AI systems could threaten security and data privacy, unless organizations test each model and component

The parent company of apparel brand The North Face sent data breach notification letters to about 3,000 customer accounts, saying attackers used the technique known as credential stuffing.

Explore event-driven identity systems that enable real-time access decisions, improve security posture, and support zero trust strategies.

This week in cybersecurity from the editors at Cybercrime Magazine

Legacy DLP tools miss 70% of data leaks now happening in-browser across SaaS and AI apps. Learn why this matters.

A phishing campaign spoofing Booking.com has been observed targeting hospitality sector, using ClickFix to install malware

The attacks on UK retailers are “a wake-up call” for the industry, said River Island’s Information Security Officer

Lors du salon Computex 2025 qui se tenait à Taïwan il y a quelques jours, Synology a dévoilé une solution de surveillance, C2 Backup for Surveillance, à destination des entreprises. Ses points forts : elle est très simple à mettre en place, peu coûteuse et s’appuie sur l’expertise de Synology dans le stockage de

Sophos has uncovered a scheme planting malicious code in 130+ GitHub repositories, targeting hackers and gamers

The Acreed malware, which emerged earlier this year, is gaining ground with cybercriminals who otherwise might have used the Lumma infostealer, researchers said.

A critical flaw in Roundcube webmail, undetected for 10 years, allows attackers to take over systems and execute arbitrary code.

Stolen devices are a bigger cause of data loss than stolen credentials or ransomware, according to a new Blancco study

Malicious packages on npm, PyPI, and Ruby exfiltrate wallets, delete projects, and exploit AI tools—threatening developers and CI/CD pipelines.

You can read the details of Operation Spiderweb elsewhere. What interests me are the implications for future warfare: If the Ukrainians could sneak drones so close to major air bases in a police state such as Russia, what is to prevent the Chinese from doing the same with U.S. air bases? Or the Pakistanis with Indian air bases? Or the North Koreans with South Korean air bases? Militaries that thought they had secured their air bases with electrified fences and guard posts will now have to reckon with the threat from the skies posed by cheap, ubiquitous drones that cFan be easily modified for military use. This will necessitate a massive investment in counter-drone systems. Money spent on conventional manned weapons systems increasingly looks to be as wasted as spending on the cavalry in the 1930s...

Zero Trust security requires organizations to rethink how they define trust and enforce controls. John Kindervag reveals 4 truths that are often missed.

A simple customer query leads to a rabbit hole of backdoored malware and game cheats

Les fournisseurs de VPN seront vraisemblablement les grands gagnants de la décision de trois gros sites pornographiques (Pornhub, RedTube et YouPorn) de quitter le marché français. Ces sites protestent ainsi contre les règles françaises de contrôle obligatoire de l'âge sous peine de blocage. D'ores et déjà, les

U.S. CISA adds multiple Qualcomm chipsets flaws to its Known Exploited Vulnerabilities catalog...............