Latest CyberSec News by @thecyberpicker

Sortie de terre il y a plus d'un an, la start-up française H Company passe à la vitesse supérieure. Elle a secrètement mis la main sur Mithril...-IA générative

Stealth malware MintsLoader delivers GhostWeaver RAT + Evades sandboxes using DGA + Powers data theft via encrypted C2

Harrods confirmed a cyberattack, following similar incidents suffered by M&S and Co-op, making it the third major UK retailer hit in one week

FIDO Alliance found an uptick in awareness and takeup of passkeys as an alternative method to passwords

UK retailers including Harrods, M&S, and the Co-op are under a surge of cyber-attacks that may be linked by a common supplier or shared technological vulnerability

La Cnil rappelle les fondamentaux en matière d'hygiène informatique. Pour éviter les fuites de données, elle recommande l'utilisation de...-Cybersécurité

U.S. CISA adds SonicWall SMA100 and Apache HTTP Server flaws to its Known Exploited Vulnerabilities catalog.

It's been almost a year since the Qilin cybercrime group breached sensitive data from U.K. pathology services company Synnovis, and its patient information page is still short on details about what was exposed and how many people were affected.

Microsoft has announced that all new Microsoft accounts will be "passwordless by default" to secure them against password attacks such as phishing, brute force, and credential stuffing.

Microsoft now defaults new accounts to passkeys instead of passwords + Safer logins + Reduced phishing risk.

Alexei Bulazel, the senior director for cyber on the National Security Council, said it was important to be able "to respond in kind" if the U.S. is targeted with cyberattacks.

A employee at Elon Musk's artificial intelligence company xAI leaked a private key on GitHub that for the past two months could have allowed anyone to query private xAI large language models (LLMs) which appear to have been custom made for…

The senior director for cyber at the National Security Council said Thursday that he wants to “destigmatize” offensive cyber operations.

Federal law enforcement officials accuse Artem Stryzhak, who was arrested in Spain last year, of attacking and extorting multiple companies between 2018 and 2021.

A California man who used the alias "NullBulge" has pleaded guilty to illegally accessing Disney's internal Slack channels and stealing over 1.1 terabytes of internal company data.

Ascension Health revealed another security incident this week, warning more than 100,000 people in multiple states that their information was likely accessed by hackers late last year.

Cryptography experts say the race to fend off future quantum-computer attacks has entered a decisive but measured phase, with companies quietly replacing the internet plumbing that the majority of the industry once considered unbreakable.

Ukrainian national Artem Stryzhak is accused of using Nefilim ransomware to target large companies in the U.S. and elsewhere.

Russia-aligned hacktivists persistently target key public and private organizations in the Netherlands with distributed denial of service (DDoS) attacks, causing access problems and service disruptions.

Microsoft uncovered a vulnerability in macOS that could allow specially crafted codes to escape the App Sandbox and run unrestricted on the system. We shared our findings with Apple and a fix was released for this vulnerability, now identified as CVE-2025-31191. We encourage macOS users to apply security updates as soon as possible.

A Ukrainian national has been extradited from Spain to the United States to face charges over allegedly conducting Nefilim ransomware attacks against companies.

One cybersecurity expert even said he recently found evidence that a U.S. political campaign in Oregon hired a North Korean IT worker.

Joe talks about how helping the helpers can put a fire in you and the importance of keeping nonprofits cybersecure.

London's iconic department store, Harrods, has confirmed it was targeted in a cyberattack, becoming the third major UK retailer to report cyberattacks in a week following incidents at M&S and the Co-op.

The Justice Department accuses two men of running a “network of nihilistic violent extremists” who engaged in and facilitated the grooming, manipulation and extortion of minors.

Join us in embracing passkeys for secure, passwordless sign-ins. Learn more about our commitment to a safer digital future.

Threat actors are bypassing MFA with adversary-in-the-middle attacks via reverse proxies. Phishing-as-a-Service tools like Evilproxy make these threats harder to detect.

Two essays were just published on DOGE’s data collection and aggregation, and how it ends with a modern surveillance state. It’s good to see this finally being talked about.

A prominent former member of a recently shuttered cyber-incident review panel said the board should be reconstituted with independent authority.

The tech giant's cloud profits more than doubled year over year as it invested more than $17 billion, primarily in servers and data centers.