Latest CyberSec News by @thecyberpicker

This guidance outlines how OT owners and operators can create and maintain an asset inventory and OT taxonomy, to protect their most vital assets. It includes steps for defining scope and objectives for the inventory, identifying assets, collecting attributes, creating a taxonomy, managing data, and implementing asset life cycle management.

The company said a threat actor accessed and snooped around its account for months, then stole OAuth tokens for Drift integrations from its cloud environment.

A new supply chain attack on GitHub, dubbed 'GhostAction,' has compromised 3,325 secrets, including PyPI, npm, DockerHub, GitHub tokens, Cloudflare, and AWS keys.

The Cybersecurity and Infrastructure Agency is delaying finalization of CIRCIA until next year, according to a recent regulatory notice.

The disruption is the latest to hit a high-profile brand in the United Kingdom, and follows repeated delays in the British government introducing cybersecurity regulations that would require businesses to better protect themselves from attacks.

Signal has introduced a new opt-in feature that helps users create end-to-end encrypted backups of their chats, allowing them to restore messages even if their phones are damaged or lost.

Secretary of State Marco Rubio said U.S. officials sanctioned nine people and companies involved in running Shwe Kokko — a hub for scam centers in Myanmar — as well as four individuals and six entities for their roles operating forced labor compounds in Cambodia.

American furniture brand Lovesac is warning that it suffered a data breach impacting an undisclosed number of individuals, stating their personal data was exposed in a cybersecurity incident.

When I announced my latest book last week, I forgot to mention that you can pre-order a signed copy here. I will ship the books the week of 10/20, when it is published.

​Calcio, a large piracy sports streaming platform with more than 120 million visits in the past year, was shut down following a collaborative effort by the Alliance for Creativity and Entertainment (ACE) and DAZN.

As some observers predicted, Democratic commissioners are racking up lower court victories, but the highest court in the country appears skeptical.

In cybersecurity, trust often hinges on what users think their software is doing — versus what’s actually happening under the hood. Related: Eddy Willem's 'Borrowed Brains' findings Take antivirus, for example. Many users assume threat detection is based on proprietary research, unique signatures, and internal analysis. But what happens when a product’s detection engine is

GitHub compromise led to Drift data breach, impacting 22 companies and prompting Salesloft app suspension.

This week on the Lock and Code podcast, we speak with Emily Galvin-Almanza about predictive policing and whether it actually improves safety.

In what is being called the largest supply chain attack in history, attackers have injected malware into NPM packages with over 2.6 billion weekly downloads after compromising maintainers' accounts in a phishing attack.

Dans un accord signé le 5 septembre 2025, Nintendo et le propriétaire d'un site de piratage de Switch ont mis fin à une bataille judiciaire entamée plus d'un an auparavant. Pour éviter une procédure qui aurait pu s’éterniser, le hacker a choisi d’accepter les conditions du géant japonais, auquel il doit désormais la

An investigation by Mandiant found the attack began months ago, leading to a major supply chain attack.

Salesloft says attackers first breached its GitHub account in March, leading to the theft of Drift OAuth tokens later used in widespread Salesforce data theft attacks in August.

Key Takeaways The intrusion began when a user downloaded and executed a malicious file impersonating DeskSoft’s EarthTime application but instead dropped SectopRAT malware. The threat actor d…

GPUGate malware uses Google Ads and fake GitHub commits to steal data from IT firms since Dec 2024, bypassing sandboxes and GPU-lacking systems.

Wealthsimple confirmed a third-party vendor data breach affecting roughly 30,000 customers

Nearly three-quarters of CIOs and CISOs see information complexity as an adoption roadblock, according to a Ponemon Institute study commissioned by OpenText.

Phishing campaign unveiled MostereRAT, targeting Windows systems with advanced evasion techniques

With WSUS deprecated, it's time to move from an outdated legacy patching system to a modern one. Learn from Action1 how its modern patching platform offers cloud-native speed, 3rd-party coverage, real-time compliance, and zero infrastructure. Try it free now!

Pour contrer les campagnes de désinformation orchestrées par des acteurs étrangers sur les réseaux sociaux, en particulier sur X, le ministère des Affaires étrangères a annoncé le lancement d’un compte officiel dédié à la riposte. Une initiative qui s’inscrit dans une stratégie de communication plus offensive de la

Noisy Bear hit KazMunaiGas in May 2025 via phishing emails, using Aeza Group hosting.

Cisco Talos found that abuse of remote services and remote access software are the most prevalent ‘pre-ransomware’ tactics deployed by threat actors

Continuous compliance is how modern teams stay secure, agile, and trusted. With the right systems in place, compliance stops being a burden.

Adobe breaks their regular patch schedule and will release an emergency fix for CVE-2025-54236 within the next 24 hours. Automated abuse is expected and merc...

Phishers are abusing Apple and Microsoft infrastructure to send out call-back phishing emails with legitimate sender and return addresses.