Latest CyberSec News by @thecyberpicker

Discord is testing the feature: “We’re currently running tests in select regions to age-gate access to certain spaces or user settings,” a spokesperson for Discord said in a statement. “The information shared to power the age verification method is only used for the one-time age verification process and is not stored by Discord or our vendor. For Face Scan, the solution our vendor uses operates on-device, which means there is no collection of any biometric information when you scan your face. For ID verification, the scan of your ID is deleted upon verification.”...

A set of 57 Chrome extensions with 6,000,000 users have been discovered with very risky capabilities, such as monitoring browsing behavior, accessing cookies for domains, and potentially executing remote scripts.

La célèbre chaîne française d'opticiens et d'acousticiens a subi une cyberattaque en raison d'une faille de sécurité chez l'un de ses...-Cybersécurité

Apple patched two zero-day vulnerabilities that were used in sophisticated targeted attacks manipulating device memory

An NTLM hash disclosure spoofing vulnerability that leaks hashes with minimal user interaction has been observed being exploited in the wild

The former CISA director departed the cybersecurity company in response to the order, which directs DOJ to investigate him.

Bipartisan support grows in Congress to extend Cybersecurity Information Sharing Act for 10 years

CISA added the high-severity flaw, initially disclosed in 2021, to its known exploited vulnerabilities catalog this week.

Mustang Panda uses StarProxy, SplatCloak, and updated TONESHELL to breach Myanmar target undetected.

Deliberately vulnerable MCP to practice your hacking chops, how Figma's balances usability & security, a new tool to put a leash on naughty AWS permissions

Thousands tricked by fake reward & toll scam texts. CTM360 exposes PointyPhish & TollShark—SMS phishing campaigns powered by the Darcula PhaaS platform, with 5K+ domains stealing payment info worldwide.

Food retail giant Ahold Delhaize confirms that data was stolen from its U.S. business systems during a November 2024 cyberattack.

Le financement du gouvernement américain au MITRE, qui gère la base de données CVE utilisée par de grandes entreprises du monde entier pour...-Cybersécurité

L'Agence nationale de la sécurité des systèmes d'information fait le point sur l'état de la menace dans le secteur des transports urbains. Les...-Cybersécurité

The agency is asking organizations to come forward if they detect suspicious activity or other evidence of a compromise.

​​Microsoft has reminded customers that Office 2016 and Office 2019 will reach the end of extended support six months from now, on October 14, 2025.

Here’s why a managed cloud file transfer (MFT) solution is the best answer to enterprise requirements surrounding modernization, security, and compliance.

Microsoft warns of a malvertising campaign using Node.js to deliver malware via fake crypto trading sites like Binance and TradingView.

ClickFix malware tactic used by Iran, Russia, and North Korea from Nov 2024–Feb 2025 replaces payload delivery in major phishing campaigns.

AI-powered threats escalate: 25M fraud via voice cloning + state use of ChatGPT in cyberattacks.

This week in cybersecurity from the editors at Cybercrime Magazine

An analysis from iVerify found U.S. allies on the list where mobile providers employ China-based networks.

Apple a corrigé deux failles de sécurité zero day qui ont été exploitées dans le cadre "d'attaques extrêmement sophistiquées contre des...-Cybersécurité

Targeted changes to content and structure respond to stakeholder needs and make the document easier to use.

On Wednesday, CISA warned of heightened breach risks after the compromise of legacy Oracle Cloud servers earlier this year and highlighted the significant threat to enterprise networks.

Zero Trust isn't enough in 2025. Explore the next wave of cloud security with AI, XDR, decentralized identity, and adaptive trust for evolving threats.

Blockchain reduces breach risks by removing central databases, but energy use and legal gaps remain.

With April release, Microsoft Defender for Endpoint isolates undiscovered endpoints to prevent lateral movement on a network.

The flaw existed in Chrome for 20+ years, exposing users' browsing history to websites once used to visit a specific link.

Cisco Talos observed the ongoing global spread of the XorDDoS malware, predominantly targeting the United States, with evidence suggesting Chinese-speaking operators are using sophisticated tools to orchestrate widespread attacks.