Latest CyberSec News by @thecyberpicker

US offers $10M for Russian FSB officers accused of attacking US critical infrastructure and over 500 energy firms worldwide

In breach notifications submitted to regulators in Maine and Vermont, Chess.com explained that 4,541 people had personal information exposed to hackers who breached an unnamed file transfer application between June 5 and June 18.

Bill takes thoughtful look at the transition from summer camp to grind season, explores the importance of mental health and reflects on AI psychiatry.

Threat actors have been exploiting a zero-day vulnerability in legacy Sitecore deployments to deploy WeepSteel reconnaissance malware.

Texas Attorney General Ken Paxton has filed a lawsuit against education software company PowerSchool, which suffered a massive data breach in December that exposed the personal information of 62 million students, including over 880,000 Texans.

The actively exploited defect, triggered by an attacker’s use of a publicly available sample machine key, underscores the vendor and customers’ poor configuration practices.

Artificial intelligence was a recurring theme among federal leaders who spoke at a GDIT event held Thursday.

APT28 deploys NotDoor Outlook backdoor via OneDrive DLL side-loading, enabling email-based data theft in NATO firms.

Chess.com has disclosed a data breach after threat actors gained unauthorized access to a third-party file transfer application used by the platform.

A former information security professor with more than 25 years in the Ukrainian armed forces, Oleksandr Potii is blunt about Moscow’s capabilities: “We see that Russia’s technical level is high and its potential is strong. We cannot underestimate them."

The joint guidance is a welcome first step towards a common, global adoption of SBOMs, experts argued

The browser is now the frontline for cyberattacks. From phishing kits and ClickFix lures to malicious OAuth apps and extensions, attackers are targeting the very place your employees access business-critical apps. Push Security explains how to defend where breaches begin.

The French data protection authority has fined Google €325 million ($378 million) for violating cookie regulations and displaying ads between Gmail users' emails without their consent.

Le mercredi 3 septembre 2025, la Commission Nationale de l’Informatique et des Libertés (CNIL) a annoncé une sanction record à l'encontre de Google et Shein. Accusés de ne pas avoir respecté les réglementations européennes concernant la collecte des cookies et le consentement des utilisateurs, les multinationales

TP-Link has confirmed the existence of an unpatched zero-day vulnerability impacting multiple router models, as CISA warns that other router flaws have been exploited in attacks.

North Korean hackers have been observed exploiting cyber threat intelligence platforms in a campaign targeting job seekers with malware-laced lures

Mandiant said it was able to disarm a ViewState deserialization attack leveraging exposed ASP.NET keys.

Scale AppSec with Burp Suite DAST. Watch our webinar to see enterprise-grade accuracy, API coverage, and seamless CI/CD integration.

Using AI to find vulnerabilities in code, mastering AWS logs for detection engineering, how threat actors are misusing Claude (#4 will surprise you)

Roblox announced plans to roll out age estimation for using the communication features on the platform to help fight sexual predators.

Posts about macOS malware, exploits, and tools

Today we're launching Malwarebytes Tools, a new set of free features designed to give your Windows PC a breath of fresh air.

Car tire giant Bridgestone confirms it is investigating a cyberattack that impacts the operation of some manufacturing facilities in North America.

This week in cybersecurity from the editors at Cybercrime Magazine

Food industry executives used to shrug off ransomware and cyber-espionage risks. A new group is helping to change that, but its reach remains unclear.

A vendor-neutral, AI-informed checklist to evaluate cloud email security solutions for threat detection, remediation, and user protection.

Google Cloud’s Mandiant successfully disrupted an active ViewState deserialization attack affecting Sitecore deployments