Latest CyberSec News by @thecyberpicker

The new NIST guidance sets out 19 example implementations of zero trust using commercial, off-the-shelf technologies

Microsoft has released an emergency Windows 11 24H2 update to address an incompatibility issue triggering restarts with blue screen of death (BSOD) errors on systems with Easy Anti-Cheat.

Des chercheurs israéliens ont prouvé que les montres connectées, objets du quotidien, peuvent servir à dérober des données sensibles depuis des ordinateurs pourtant totalement coupés d’Internet. Leur méthode, baptisée SmartAttack, repose sur la transmission de données par ultrasons et révèle une faille insoupçonnée

Europol warns of “vicious circle” of data breaches and cybercrime

Fog ransomware hackers are using an uncommon toolset, which includes open-source pentesting utilities and a legitimate employee monitoring software called Syteca.

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Wazuh, and WebDAV flaws to its Known Exploited Vulnerabilities catalog.

Vous ne le savez peut-être pas, mais Amazon vend des abonnements VPN, dont ceux du leader sur le marché. NordVPN ou Surfshark proposent plusieurs offres, avec parfois quelques promotions. Les VPN sont de plus en plus utilisés pour surfer sur Internet l'esprit tranquille, et ce, sur la plupart de vos appareils

Over 40,000 internet-exposed security cameras worldwide are vulnerable to remote hacking, posing serious privacy and security risks.

Erie Insurance reveals suspected network breach and ongoing outage

ConnectWise rotates ScreenConnect certificates by June 13 after config data concerns, impacting on-prem users to prevent remote access risks.

A new ATO campaign using TeamFiltration breached 80,000+ Microsoft Entra ID accounts via password spraying, impacting hundreds of cloud tenants

The organizations say a reintroduced version of the bill would “break” encryption for most Americans and make it impossible for end-to-end encrypted service providers to avoid lawsuits.

ChatGPT o3, which has been available via API, is now 80% cheaper for developers, and there's no visible impact on performance.

Flight data of US customers is being sold by several airlines through a joint data broker sending contracts to ICE and CBP.

A new attack dubbed 'SmartAttack' uses smartwatches as a covert ultrasonic signal receiver to exfiltrate data from physically isolated (air-gapped) systems.

Erie Insurance and Erie Indemnity Company have disclosed that a weekend cyberattack is behind the recent business disruptions and platform outages on its website.

Operation Secure targeted malicious IPs, domains and servers used for infostealer operations that claimed more than 216,000 victims.

In a US Senate hearing, 23andMe was questioned about the impending take-over of the company and its trove of genetic data

A new attack dubbed 'EchoLeak' is the first known zero-click AI vulnerability that enables attackers to exfiltrate sensitive data from Microsoft 365 Copilot from a user's context without interaction.

The CVE program publishes standardized information about known cyber vulnerabilities, while the NVD is a storehouse for vulnerability management data.

Black Basta affiliates use Teams phishing, Python scripts, and cURL to attack finance, insurance, and construction sectors.

AWS CSO Stephen Schmidt says AI is transforming the way the company does security reviews and incident response.

Catastrophic outages don’t just crash systems — they expose assumptions. Related: Getting the most from cyber insurance At RSAC 2025, I met with ESET Chief Security Evangelist Tony Anscombe to trace a quiet but growing convergence: endpoint defense, cyber insurance, and monoculture risk are no longer separate concerns. They’re overlapping — and reshaping how security

Cisco Talos’ Vulnerability Discovery & Research team recently disclosed three zero-day vulnerabilities in catdoc, as well as vulnerabilities in Parallel, NVIDIA and High-Logic FontCreator 15.

Researchers said the vulnerability, dubbed “EchoLeak,” could allow a hacker to access data without any specific user interaction.

Un nouveau type d'arnaque vise actuellement les professionnels du recrutement sur LinkedIn et Indeed. Derrière des profils de candidats qui semblent tout à fait ordinaires se cache le groupe cybercriminel FIN6. Son but : gagner la confiance des recruteurs, infiltrer les systèmes informatiques des entreprises et

Nearly 2,000 people were arrested and millions of dollars in illicit funds were seized in an operation coordinated by Singapore police against Asian scam operations.

A global law enforcement crackdown on information-stealing malware led to the arrest of 32 suspects and the dismantling of more than 20,000 malicious IP addresses and domains linked to cybercrime.

The grocery company had to entirely shut down its network following the intrusion and is serving customers on only a “limited basis” as it works to recover, CEO Sandy Douglas said.