Latest CyberSec News by @thecyberpicker

The CVE program publishes standardized information about known cyber vulnerabilities, while the NVD is a storehouse for vulnerability management data.

Black Basta affiliates use Teams phishing, Python scripts, and cURL to attack finance, insurance, and construction sectors.

AWS CSO Stephen Schmidt says AI is transforming the way the company does security reviews and incident response.

Catastrophic outages don’t just crash systems — they expose assumptions. Related: Getting the most from cyber insurance At RSAC 2025, I met with ESET Chief Security Evangelist Tony Anscombe to trace a quiet but growing convergence: endpoint defense, cyber insurance, and monoculture risk are no longer separate concerns. They’re overlapping — and reshaping how security

Cisco Talos’ Vulnerability Discovery & Research team recently disclosed three zero-day vulnerabilities in catdoc, as well as vulnerabilities in Parallel, NVIDIA and High-Logic FontCreator 15.

Researchers said the vulnerability, dubbed “EchoLeak,” could allow a hacker to access data without any specific user interaction.

Un nouveau type d'arnaque vise actuellement les professionnels du recrutement sur LinkedIn et Indeed. Derrière des profils de candidats qui semblent tout à fait ordinaires se cache le groupe cybercriminel FIN6. Son but : gagner la confiance des recruteurs, infiltrer les systèmes informatiques des entreprises et

Nearly 2,000 people were arrested and millions of dollars in illicit funds were seized in an operation coordinated by Singapore police against Asian scam operations.

A global law enforcement crackdown on information-stealing malware led to the arrest of 32 suspects and the dismantling of more than 20,000 malicious IP addresses and domains linked to cybercrime.

The grocery company had to entirely shut down its network following the intrusion and is serving customers on only a “limited basis” as it works to recover, CEO Sandy Douglas said.

Microsoft confirmed on Tuesday that it's pushing a revised security update targeting some Windows 11 24H2 systems incompatible with the initial update released during this month's Patch Tuesday.

Authorities in three countries arrested 32 people and seized dozens of servers.

An APT hacking group known as 'Stealth Falcon' exploited a Windows WebDav RCE vulnerability in zero-day attacks since March 2025 against defense and government organizations in Turkey, Qatar, Egypt, and Yemen.

Coordinated brute-force attacks target Tomcat Manager; exposed cameras leak sensitive data globally.

A coordinated campaign of brute-force attacks using hundreds of unique IP addresses targets Apache Tomcat Manager interfaces exposed online.

The legislation aims to expand the federal government’s role in helping healthcare providers protect and respond to cyber-attacks

An international law enforcement action codenamed "Operation Secure" targeted infostealer malware infrastructure in a massive crackdown across 26 countries, resulting in 32 arrests, data seizures, and server takedowns.

AI agents aren’t foolproof, but they could soon replace some of the most common tasks for cyber defenders.

Microsoft has resolved a known issue that caused some Windows Server 2025 domain controllers to become unreachable after a restart and triggered app or service failures.

Orange Business et Toshiba Europe s'allient pour lancer "un réseau quantique". Ce service, baptisé Orange Quantum Defender, vise à répondre à...-Cybersécurité

FIN6, a financially motivated group tracked for years by cybersecurity researchers, is now lurking on sites such as LinkedIn and Indeed to spread malware, a new report says.

This week in cybersecurity from the editors at Cybercrime Magazine

Interpol-coordinated Operation Secure led to 32 arrests, including the suspected ringleader of a cybercriminal organization

The Cloud Security Alliance has launched Valid-AI-ted, an AI-assisted quality check for STAR assessments. CEO Jim Reavis shares the background of this new tool.

Microsoft has fixed a known issue causing authentication problems on Windows Server domain controllers after installing the April 2025 security updates.

An ISC2 study found that 90% of security hiring managers would consider entry-level candidates with only previous IT work experience