Latest CyberSec News by @thecyberpicker

CISA has launched a new Software Acquisition Guide Web Tool to enhance security in software procurement

Hackers are targeting American industrial firms by contacting them through their website forms, posing as potential business partners before infecting them with malware.

Dans l’écosystème Tesla, il existe une solution qui assouvit la soif toujours plus grande de certains propriétaires en données sur leur précieux véhicule. Son nom ? TeslaMate, un outil open source capable d'enregistrer l’historique de trajets, l’état de la batterie mais également de révéler des données sensibles à la

More than 28,200 Citrix instances are vulnerable to a critical remote code execution vulnerability tracked as CVE-2025-7775 that is already being exploited in the wild.

For a third year a row, Microsoft has been named the number one leader for endpoint security market share, as featured in a new IDC report.

While still in development, PromptLock is described as the “first known AI-powered ransomware” by ESET researchers

The three companies were accused of providing “cyber-related products and services to China’s intelligence services, including multiple units in the People’s Liberation Army and Ministry of State Security” since at least 2021, according to the advisory.

Healthcare Services Group suffered a 2024 breach, exposing personal data of 624,000+ people. Affected individuals are now being notified.

The Office of the Governor of Nevada revealed that the incident has shut down in-person State services, while government phone lines and websites are offline

The company is urging customers to patch their devices immediately, saying the flaw could lead to denial of service or remote code execution.

ShadowSilk hit 36 victims across Central Asia and APAC in July, using Telegram bots to exfiltrate government data.

Anthropic stopped AI-driven cyberattacks in July 2025, blocking extortion demands up to $500K targeting 17 groups.

Dans un article publié le 26 août 2025, les chercheurs d'ESET révèlent une découverte pour le moins perturbante. Derrière le nom « PromptLock » se cache un malware capable de générer son propre code malveillant et de s’adapter en temps réel à l’environnement ciblé, le tout grâce à l'IA. Faisons-nous face au tout

A series of cyber-attacks against government organizations in Central Asia and Asia- Pacific has been linked to the ShadowSilk threat cluster

Spanish police have arrested a university student suspected of hacking the local government’s education management system to alter grades and gain access to professors’ emails.

Zero trust isn't a project you finish—it's a cycle that keeps evolving. From supply chain exploits to policy drift, resilience requires continuous testing and adaptation. Learn how Specops Software supports this journey with tools that make it easier.

Finance, tech and professional services are among the sectors with the widest adoption of AI-based security tools, according to a new report.

The catalog revision is part of NIST’s response to a recent Executive Order on strengthening the nation’s cybersecurity.

To reduce the number of harmful apps targeting Android users, Google is making some changes.

The Digital Identity Rights Framework safeguards digital identities in AI environments by integrating legal & technical controls that ensure traceability.

ShadowSilk hit 36 victims across Central Asia and APAC in July, using Telegram bots to exfiltrate government data.

From international conflicts and cyber warfare to tariffs and trade protectionism, today’s geopolitical landscape is creating unprecedented challenges for global supply chains. These forces directly affect material costs, logistics and overall operational stability, leaving companies to navigate increasing uncertainty. Now more than ever, leaders must understand how national security concerns and international politics can quickly....

A suspected ransomware attack on a Swedish software provider is believed to have impacted around 200 of the country’s municipal governments.

This week in cybersecurity from the editors at Cybercrime Magazine

The Healthcare Services Group (HSGI) is alerting more than 600,000 individuals that their personal information was exposed in a security breach last year.

TheTruthSpy is at it again. A security researcher has discovered a flaw in the Android-based stalkerware that allows anyone to compromise any record in the system.

Researchers have found 77 malicious apps in the official Google Play Store ranging from adware to state of the art banking Trojans.

Compliance frameworks often fall short of addressing the nuanced nature of cyber risks. Risk-based security measures enhance your overall security posture.

Employees adopt AI rapidly; lack of safeguards demands 5 golden rules for CISOs to secure usage.

Nice indirect prompt injection attack: Bargury’s attack starts with a poisoned document, which is shared to a potential victim’s Google Drive. (Bargury says a victim could have also uploaded a compromised file to their own account.) It looks like an official document on company meeting policies. But inside the document, Bargury hid a 300-word malicious prompt that contains instructions for ChatGPT. The prompt is written in white text in a size-one font, something that a human is unlikely to see but a machine will still read. In a proof of concept video of the attack...