Latest CyberSec News by @thecyberpicker

Accusée d’avoir sciemment aidé des agents nord-coréens à se faire recruter par de grandes entreprises américaines, Christina Chapman a été condamnée à plus de 8 ans de prison le 24 juillet par un tribunal fédéral. Blanchiment d'argent et usurpation d'identité : retour sur l'épilogue d'un fait divers cyber et

Apple has released security updates to address a high-severity vulnerability that has been exploited in zero-day attacks targeting Google Chrome users.

Decryptor for FunkSec ransomware released as group goes dormant; 172 victims affected across 3 sectors.

The Stolichki pharmacy chain, which operates about 1,000 stores across Russia confirmed that a technical failure that halted its operations on Tuesday was caused by a hack.

Lenovo is warning about high-severity BIOS flaws that could allow attackers to potentially bypass Secure Boot in all-in-one desktop PC models that use customized Insyde UEFI (Unified Extensible Firmware Interface).

A covert ATM attack used a Raspberry Pi to breach bank systems, employing stealthy malware and anti-forensics techniques

Palo Alto Networks has agreed to acquire identity security firm CyberArk for approximately $25 billion, marking the cybersecurity giant's largest acquisition and its formal entry into the identity security market.

JCDC’s troubles add to the woes of the already-depleted CISA, which could lose even more personnel as additional contracts with private companies expire.

Google’s Project Zero team will provide limited details of new vulnerabilities early following discovery, in a bid to speed up end users’ patching

NIST is soliciting comments from the public on the draft until Sept. 12, and the agency is planning a virtual event to showcase the project and gather feedback on Aug. 27.

Steer clear of the dangers of oversharing on social media. This blog offers examples of what can go wrong and easy-to-follow steps on how to do things right.

PyPI warns of phishing emails from noreply@pypj[.]org posing as "[PyPI] Email verification" to redirect users to fake package sites.

Cybersecurity company Avast released a decryptor for the short-lived FunkSec ransomware, and said it is assisting dozens of the gang's targets with the process.

This week in cybersecurity from the editors at Cybercrime Magazine

Critical RCE flaws in Dahua smart cameras affect 9 models; threat enables device hijack over LAN/Internet.

AI is reshaping vCISO services—and SMBs are fueling the surge. Cynomi's 2025 report shows 3x adoption growth and major workload drops as MSPs and MSSPs scale cybersecurity like never before. Learn more in the 2025 State of the vCISO Report.

Dropbox a pris la décision d'arrêter son aventure du gestionnaire de mots de passe, démarrée en 2020. L'outil sera progressivement coupé dans les mois à venir. Les internautes concernés doivent migrer sans tarder. C'était en 2020. En pleine période de pandémie de coronavirus, et de forte croissance dans le secteur du

Cisco Talos is back at Black Hat with new research, threat detection overviews and opportunities to connect with our team. Whether you're interested in what we’re seeing in the threat landscape, detection engineering or real-world incident response, here's where and how to find us.

Learn what e‑skimming is, why it’s so dangerous, how PCI DSS v4.x addresses it, and some of the options available to help you.

32.1% of vulnerabilities listed in VulnCheck’s Known Exploited Vulnerabilities catalog were weaponized before being detected or within the following day

The agency has two months to publish its final rule. It will not meet that mark, but a new CISA director has the tools to move the program forward.

72% of surveyed CFOs anticipated the North American economy would improve this year, according to Deloitte’s fourth quarter North American CFO Signals Survey.

Apple and Google fix CVE-2025-6558, a zero-day bug in Chrome and Safari risking browser security.

Pillar Security unveils full-lifecycle AI platform securing assets from design to runtime—critical for safe AI deployment.

China-linked firms behind Silk Typhoon filed patents for cyber tools, revealing links to MSS and offensive hacking ops.

IBM found that the global average cost of a data breach has fallen by 9% compared to 2024, driven by improved detection and containment

“Who’s winning on the internet, the attackers or the defenders?” I’m asked this all the time, and I can only ever give a qualitative hand-wavy answer. But Jason Healey and Tarang Jain’s latest Lawfare piece has amassed data. The essay provides the first framework for metrics about how we are all doing collectively—and not just how an individual network is doing. Healey wrote to me in email: The work rests on three key insights: (1) defenders need a framework (based in threat, vulnerability, and consequence) to categorize the flood of potentially relevant security metrics; (2) trends are what matter, not specifics; and (3) to start, we should avoid getting bogged down in collecting data and just use what’s already being reported by amazing teams at Verizon, Cyentia, Mandiant, IBM, FBI, and so many others...

IBM’s yearly report finds that a data breach now costs U.S. organizations more than $10 million for recovery.

Companies are failing to protect their AI tools from compromise, often leading to more extensive data breaches, according to new data from IBM.

Une campagne d’arnaque aux chèques-vacances ANCV circule dans les boîtes mail des Français, en ce mois de juillet 2025. Prétextant l’expiration imminente des titres, des cybercriminels essaient de piéger leurs victimes en les redirigeant vers un site frauduleux. Ah, l’été… le temps des verres en terrasse, des clubs