Latest CyberSec News by @thecyberpicker

Want to enhance your threat modeling? By combining it with threat actor attribution, you can improve your cyber defenses. Read on to learn more.

Meta’s AI plans face legal action for collecting E.U. user data without opt-in consent, starting May 27.

Dans le cadre d'un travail conjoint avec Microsoft, 1Password a rendu la gestion des passkeys sur Windows 11 plus efficace. Ce changement s'appliquera à tout le monde bientôt. Comment survivre dans un monde sans mots de passe, lorsque l'on est un gestionnaire de mots de passe ? En s'adaptant à cette nouvelle donne,

A new report reveals how North Korea has built a global cybercrime syndicate, blending statecraft and criminal tactics.

Nova Scotia Power confirms it suffered a data breach after threat actors stole sensitive customer data in a cybersecurity incident discovered last month.

On the first day of Pwn2Own Berlin 2025, security researchers were awarded $260,000 after successfully demonstrating zero-day exploits for Windows 11, Red Hat Linux, Docker Desktop, and Oracle VirtualBox.

En démontant des équipements lors d'une inspection de sécurité, des experts américains ont découvert plusieurs dispositifs de communication non...-Cybersécurité

Tor has announced Oniux, a new command-line tool for routing any Linux application securely through the Tor network for anonymized network connections.

Coinbase is offering a $20m reward to help catch the threat actor behind a cyber-attack that could cost it between $180-$400m

Insiders bribed at Coinbase leaked customer data (<1% of users), triggering $20M extortion; funds safe.

How to build a Paved Road that improves dev productivity and security, what to do before/after a cloud breach, command & control (C2) that executes attacks using natural language

The Trump administration is facing mounting pressure to formulate a strategy for addressing supply-chain threats that endanger national security.

A stealthy fileless PowerShell attack using Remcos RAT bypassed antivirus by operating in memory

The critical vulnerability is being exploited by BianLian, RansomwEXX and a Chinese nation-state actor known as Chaya_004

En matière de protection des données, créer une sauvegarde et la mettre à jour régulièrement constitue un excellent moyen d’éviter la plupart des accidents. Du moins, pour les particuliers ou les petites structures. Car lorsque le volume de données, ou le nombre d’utilisateurs est élevé, un simple backup n’est plus

Russia-linked hackers known as APT28 mainly targeted entities in Ukraine, Bulgaria and Romania, but governments in Africa, South America and other parts of Europe were also affected.

Small businesses make up 90% of all companies worldwide and account for half of global GDP. Yet despite their importance, many lack the cybersecurity expertise and resources to fend off a rising tide of digital threats. Related: Protecting lateral networks in SMBs Rich in sensitive data and often connected to larger supply chains, small businesses

A malicious package in the Node Package Manager index uses invisible Unicode characters to hide malicious code and Google Calendar links to host the URL for the command-and-control location.

This week in cybersecurity from the editors at Cybercrime Magazine

Coinbase, a cryptocurrency exchange with over 100 million customers, has disclosed that cybercriminals working with rogue support agents stole customer data and demanded a $20 million ransom not to publish the stolen information.

A malicious package in the Node Package Manager index uses invisible Unicode characters to hide malicious code and Google Calendar links to host the URL for the command-and-control location.

Dior confirmed a data breach compromising customer personal information, discovered on May 7

Sophos X-Ops investigates what financially motivated threat actors invest their ill-gotten profits in, once the dust has settled

In the second of our five-part series, Sophos X-Ops investigates the so-called ‘white’ (legitimate) business interests of threat actors

In the third of our five-part series, Sophos X-Ops explores the more legally and ethically dubious business interests of financially motivated threat actors

In the fourth of our five-part series, Sophos X-Ops explores threat actors’ real-world criminal business interests

In the last of our five-part series, Sophos X-Ops explores the implications and opportunities arising from threat actors’ involvement in real-world industries and crimes

Cryptocurrency trading platform Coinbase said an attacker tried to extort the company for $20 million over stolen data. "We said no," Coinbase said, and instead offered that amount as a bounty.

Learn how to evaluate transparency, risks, scalability, and ethical considerations to make informed cybersecurity decisions about AI-powered tools.

Researchers discovered over 3000 Linux vulnerabilities in 2024, the most of any category