Latest CyberSec News by @thecyberpicker

A new Go-based malware, XDigo, targets Eastern European governments and organizations, exploiting Windows LNK vulnerability

Walk through how to build a complete system using the Model Context Protocol (MCP), a framework designed to bridge the gap between LLMs and external tools.

The DHS warned of a heightened risk of cyber and physical attacks on US targets by Iran in retaliation for strikes on Iranian nuclear facilities over the weekend

Russian hackers convinced targets to share their app passwords in very sophisticated and targeted social engineering attacks

AI-driven automation is transforming SOCs by reducing burnout, improving workflows, and boosting team performance.

Nucor, North America's largest steel producer and recycler, has confirmed that attackers behind a recent cybersecurity incident have also stolen data from the company's network.

This week in cybersecurity from the editors at Cybercrime Magazine

It was a recently unimaginable 7.3 Tbps: The vast majority of the attack was delivered in the form of User Datagram Protocol packets. Legitimate UDP-based transmissions are used in especially time-sensitive communications, such as those for video playback, gaming applications, and DNS lookups. It speeds up communications by not formally establishing a connection before data is transferred. Unlike the more common Transmission Control Protocol, UDP doesn’t wait for a connection between two computers to be established through a handshake and doesn’t check whether data is properly received by the other party. Instead, it immediately sends data from one machine to another...

Explore how cloud, DevOps, SOC teams share security roles, combat alert fatigue, and work with AI-powered purple teaming for effective threat response.

Google strengthens GenAI defenses with new safeguards against indirect prompt injections and evolving attack vectors.

Des hackers russes, soupçonnés d’appartenir au groupe APT29 (alias Cozy Bear), ont réussi à contourner la double authentification de Gmail sans exploiter de faille technique, mais en visant le maillon faible de la chaîne : l'humain. On fait le point sur cette opération de social engineering d’une rare sophistication

The UK government’s Cyber Essentials scheme hits 10,000 certifications for the first time in a quarter but challenges persist

This week reminded us: real threats don’t make noise—they blend in.

SecurityScorecard has discovered a covert cyber-espionage botnet dubbed “LapDogs” linked to China

A list of topics we covered in the week of June 15 to June 21 of 2025

Hackers are exploiting a critical privilege escalation vulnerability in the WordPress theme "Motors" to hijack administrator accounts and gain complete control of a targeted site.

Russian hackers bypass multi-factor authentication and access Gmail accounts by leveraging app-specific passwords in advanced social engineering attacks that impersonate U.S. Department of State officials.

​Microsoft announced that the Windows screenshot and screencast Snipping Tool utility is getting support for exporting animated GIF recordings.

Oxford City Council warns it suffered a data breach where attackers accessed personally identifiable information from legacy systems.

CoinMarketCap, the popular cryptocurrency price tracking site, suffered a website supply chain attack that exposed site visitors to a wallet drainer campaign to steal visitors' crypto.

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.

Iran confirmed Internet shutdown to counter Israeli cyberattacks,citing threats to critical infrastructure, interference with drone control

U.K. retailers M&S and Co-op targeted by Scattered Spider cyber attack, with losses up to £440M.

The breach marks the latest in a series of recent attacks linked to cybercrime group Scattered Spider.

This is the first ever video of the Antarctic Gonate Squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

New legislation seeks the creation of a Treasury-led task force to examine and combat AI-fueled scams that trick Americans out of their money.

Cloudflare blocked a record 7.3 Tbps DDoS attack in May 2025, +12% than its previous peak and 1 Tbps greater than attack reported by Krebs

24/7 SOCs are essential for off-hours breach protection. Discover how to build one with AI and efficient staffing.

The Taiwanese cryptocurrency exchange BitoPro claims the North Korean hacking group Lazarus is behind a cyberattack that led to the theft of $11,000,000 worth of cryptocurrency on May 8, 2025.