Latest CyberSec News by @thecyberpicker

This week in cybersecurity from the editors at Cybercrime Magazine

A must-read for defenders: Key exploits, cloud breaches, AI-driven attacks, and global takedowns—all in one sharp security recap.

Information Security Analyst Ishaan Gulati has worked with both internal and external auditors. His hard-earned lessons can help you prepare for a SOC 2 audit.

A Chinese developer has been sentenced to four years in prison after being found to deploy malicious code in his employer’s network, including a “kill switch”

Organizations detected only 1 in 7 attacks in 2025; log failures, misconfigurations, and performance issues left systems exposed.

​Microsoft is working to resolve an Exchange Online issue causing email access problems for Outlook mobile users who use Hybrid Modern Authentication (HMA).

The Federal Trade Commission (FTC) is warning major U.S. tech companies against yielding to foreign government demands that weaken data security, compromise encryption, or impose censorship on their platforms.

A new Android malware posing as an antivirus tool software created by Russia's Federal Security Services agency (FSB) is being used to target executives of Russian businesses.

Look at this: McDonald’s chose the password “123456” for a major corporate system.

The US Cybersecurity and Infrastructure Security Agency is planning to launch an update to a 2021 guideline for SBOM requirements

Transparent Tribe targets Indian government using weaponized .desktop files since 2022, enabling persistence and credential theft.

Depuis plusieurs jours, WhatAapp dévoile, à travers un message destiné à ses utilisateurs, de nouvelles fonctionnalités pour ne pas tomber dans les pièges de « groupes que vous ne connaissez pas ». Ces nouveaux outils répondent à un réel besoin de sécurisation de la plateforme aux 3 milliards d'utilisateurs mensuels.

APT36 uses Linux .desktop files in new attacks on Indian gov & defense, aiming for data theft and persistent espionage access.

A list of topics we covered in the week of August 18 to August 24 of 2025

This week on the Lock and Code podcast, we speak with Julie-Anne Kearns about what it felt like, as a scam hunter, to fall for a scam.

Malicious Go module published June 24, 2022 steals SSH credentials via Telegram bot, evading detection.

Kidney dialysis firm DaVita confirms ransomware breach exposed personal and health data of nearly 2.7M individuals.

CVE-2024-36401 exploited since 2024 enables stealthy monetization of 7,100 GeoServer instances worldwide.

A Chinese state-sponsored hacking group known as Murky Panda (Silk Typhoon) exploits trusted relationships in cloud environments to gain initial access to the networks and data of downstream customers.

Nice short article on the bobtail squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy.

This academic year, I am taking a sabbatical from the Kennedy School and Harvard University. (It’s not a real sabbatical—I’m just an adjunct—but it’s the same idea.) I will be spending the Fall 2025 and Spring 2026 semesters at the Munk School at the University of Toronto. I will be organizing a reading group on AI security in the fall. I will be teaching my cybersecurity policy class in the Spring. I will be working with Citizen Lab, the Law School, and the Schwartz Reisman Institute. And I will be enjoying all the multicultural offerings of Toronto...

INTERPOL arrested 1,209 cybercriminals in 18 African nations seizing $97.4M, and dismantling 11,432 malicious infrastructures.

The Pakistani APT36 cyberspies are using Linux .desktop files to load malware in new attacks against government and defense entities in India.

Une enquête menée par 404 Media révèle les dessous d'un marché peu scrupuleux qui ne cesse d'évoluer. Celui des Flipper Zero, ou plus précisément celui des logiciels que cet outil peut embarquer. Les dernières versions, disponibles à l'achat sous le manteau, permettent de déverrouiller une très large gamme de modèles

Operation Serengeti 2.0 dismantled almost 11,500 malicious infrastructures between June and August. Officials arrested more than 1,200 alleged cybercriminals.

A clickjack attack was revealed this summer that can steal the credentials from password managers that are integrated into web browsers.

The state-linked espionage group has exploited zero-day flaws in Commvault and Citrix Netscaler, researchers say.

The document is primarily meant for federal agencies, but CISA hopes businesses will also use it to push vendors for software bills of materials.

A new infostealer malware targeting Mac devices, called 'Shamos,' is targeting Mac devices in ClickFix attacks that impersonate troubleshooting guides and fixes.

Grok AI chats that users wanted to share with individual people were in fact shared with the broader web and searchable by everyone.