Latest CyberSec News by @thecyberpicker

Microsoft Deputy CISO Yonatan Zunger shares tips and guidance for safely and efficiently implementing AI in your organization.

Threat actors continue to develop and leverage various techniques that aim to compromise cloud identities. Despite advancements in protections like multifactor authentication (MFA) and passwordless solutions, social engineering remains a key aspect of phishing attacks. Implementing phishing-resistant solutions, like passkeys, can improve security against these evolving threats.

Talos Content Manager Amy introduces themself, shares her unconventional journey into cybersecurity and reports on threats masquerading as AI installers.

Threat actors are abusing the trusted Google platform 'Google Apps Script' to host phishing pages, making them appear legitimate and eliminating the risk of them getting flagged by security tools.

Fake AI installers for ChatGPT and InVideo deliver ransomware and info-stealers via SEO scams and social ads, targeting businesses.

Funnull Technology supports “hundreds of thousands of websites” dedicated to the scams, otherwise known as pig butchering, according to the sanctions announcement by the Treasury Department’s Office of Foreign Assets Control.

Although stores are open, the company has also halted some in-store services as it works to fully restore operations.

A weakness in Apple's Safari web browser allows threat actors to leverage the fullscreen browser-in-the-middle (BitM) technique to steal account credentials from unsuspecting users.

The firm’s remote monitoring management tool, ScreenConnect, has reportedly been patched

The APT41 nation-state threat group is exploiting yet another cloud service to mask its operations, according to new research.

The U.S. Treasury Department has sanctioned Funnull Technology, a Philippines-based company that supports hundreds of thousands of malicious websites behind cyber scams linked to over $200 million in losses for Americans.

Threat actors linked to lesser-known ransomware and malware projects now use AI tools as lures to infect unsuspecting victims with malicious payloads.

Free Black Hat training by Microsoft's AI red team, a cloud security roadmap for your start-up, o3 finds an 0-day in the Linux kernel’s SMB implementation

This week in cybersecurity from the editors at Cybercrime Magazine

Malware with corrupted DOS and PE headers evades detection for weeks, decrypts TLS-based C2 and enables full attacker control.

Attackers are mapping your infrastructure before you even realize what's exposed. Sprocket ASM flips the script — giving you the same recon capabilities they use, plus change detection and actionable insights to close gaps fast. See your attack surface the way hackers do and beat them to it.

Legacy Privileged Access Management (PAM) quietly drains resources, stalls innovation, & introduces security risks. It’s time to consider a modern alternative.

Four porn sites are being investigated by the European Commission under its Digital Services Act (DSA) for allegedly failing to verify its users' ages properly.

Fullscreen Browser-in-the-Middle attacks are making it harder for users to detect malicious websites

Malwarebytes Browser Guard has a cool new feature to protect you against search hijacking.

Fortinet has identified a new Windows RAT operating stealthily on compromised systems with advanced evasion techniques

A man is facing a $450,000 AU fine after he published deepfake images of prominent Australian women on the now-defunct MrDeepfakes...

Google says China-linked group APT41 controlled malware via Google Calendar to target governments through a hacked site.

A threat actor has used ASUS routers’ legitimate features to create persistent backdoors that survive firmware updates and reboots

Cisco Talos has uncovered new threats, including ransomware like CyberLock and Lucky_Gh0$t, and a destructive malware called Numero, all disguised as legitimate AI tool installers to target victims.

Enkrypt AI's new report reveals critical safety flaws in multimodal models, exposing risks like CSEM content and CBRN info via hidden image prompts.

The only links are from The Daily Mail and The Mirror, but a marital affair was discovered because the cheater was recorded using his smart toothbrush at home when he was supposed to be at work.

Victoria's Secret, the fashion giant, has taken down its website and some store services because of an ongoing security incident

DragonForce exploited three SimpleHelp CVEs to hijack an MSP’s RMM tool, steal data, and deploy ransomware on customer systems.

A new EY report found that cybersecurity teams are a major vehicle for business growth, and CISOs should push for a seat at the top table