Latest CyberSec News by @thecyberpicker

Explore how AI and data privacy are reshaping global business, driving innovation, and demanding agile, ethical governance across industries.

Strengthening U.S. maritime cybersecurity in 2025 is vital. Learn about recent port cyberattacks and key steps to secure America’s ports and shipping against rising global threats.

Abilene, Texas, shut down systems after a cyberattack caused server issues. IT staff and experts are investigating the security incident.

Security firm Human lifts the lid on prolific new ad fraud scheme dubbed “scallywag”

The UN has warned that Southeast Asian fraud groups are expanding their operations

L'émergence de l'intelligence artificielle générative s'accompagne d'un nouveau type de risque informatique : le Slopsquatting. Il s'agit d'une manipulation construite grâce aux hallucinations d'une IA, qui permet à une personne malveillante d'injecter du code corrompu dans des logiciels. Ce n'est un secret pour

Microsoft secures MSA and Entra ID with Azure Confidential VMs + HSM, preventing token forgery and reducing breach risks.

Lotus Panda breached 6 Southeast Asian organizations using custom tools, browser stealers, and sideloaded malware.

A security architect with the National Labor Relations Board (NLRB) alleges that employees from Elon Musk's Department of Government Efficiency (DOGE) transferred gigabytes of sensitive data from agency case files in early March, using short-lived accounts configured to leave few…

This week on the Lock and Code podcast, we speak with Sydney Saubestre about DOGE and its access to Americans' data.

The city of Abilene disconnected servers after officials detected a cyber incident last week.

The CVE could allow unauthenticated attackers to gain full access to a device. Many of these devices are widely used in IoT and telecom platforms.

A U.S. judge limits what evidence NSO Group can present in the WhatsApp spyware trial, blocking arguments about suspected criminal targets and focusing the case on NSO’s conduct.

In a statement to CyberScoop, acting Director Bridget Bean said that encouraging the private sector to build more secure products will continue to be a priority at the agency.

Kimsuky exploited CVE-2019-0708 and CVE-2017-11882 since Oct 2023 to target 15 countries.

The CVE could allow unauthenticated attackers to gain full access to a device. Many of these devices are widely used in IoT and telecom platforms.

The Microsoft Secure Future Initiative (SFI) stands as the largest cybersecurity engineering project in history and most extensive effort of its kind at Microsoft. Now, we are sharing the second SFI progress report, which highlights progress made in our multi-year journey to improve the security posture of Microsoft, our customers, and the industry at large.

Microsoft confirms that the weekend Entra account lockouts were caused by the invalidation of short-lived user refresh tokens that were mistakenly logged into internal systems.

SuperCard X malware exploits NFC relay and social engineering to steal card data in Italy, enabling ATM fraud.

The technology giant, as part of its Secure Future Initiative program, has overhauled security practices following a series of crippling nation-state-linked cyberattacks.

There are plenty of frameworks, tools and strategies to help map out a risk-resilient cloud infrastructure.

Recent CVEs were patched amid concerns of exploitation. While traditional patching requires downtime, virtual patching allows critical systems to stay online.

ClickFix attacks are being increasingly adopted by threat actors of all levels, with researchers now seeing multiple advanced persistent threat (APT) groups from North Korea, Iran, and Russia utilizing the tactic to breach networks.

In a rather clever attack, hackers leveraged a weakness that allowed them to send a fake email that seemed delivered from Google's systems, passing all verifications but pointing to a fraudulent page that collected logins.

A large-scale ad fraud operation called 'Scallywag' is monetizing pirating and URL shortening sites through specially crafted WordPress plugins that generate billions of daily fraudulent requests.

Cloud security providers aren't all the same, and knowing what to look for and what questions to ask when making a decision comes down to five keys to success.

This week in cybersecurity from the editors at Cybercrime Magazine

Une campagne d'espionnage menée depuis la Russie tente de piéger les politiques européens avec de fausses invitations envoyées par mail. Une fois la pièce jointe ouverte, l'ordinateur de la victime sera infecté et va offrir toutes ses informations aux hackers. Les pirates de Moscou mènent une nouvelle campagne de