Latest CyberSec News by @thecyberpicker

Get a technical breakdown of the 2024 Snowflake data breach, including a description of the Advanced Persistent Threat and how the breach impacted the business.

NCSC CEO Richard Horne said the cyber agency has managed twice as many nationally significant cyber incidents in the period from September 2024 to May 2025

The suspects allegedly operated six platforms that offered distributed denial-of-service attacks for as little as 10 euros.

F5 Labs researchers released a PoC tool to find servers vulnerable to the Apache Parquet vulnerability CVE-2025-30065.

The maker of patient monitoring devices does not currently expect to change its earnings guidance.

The Play ransomware gang has exploited a high-severity Windows Common Log File System flaw in zero-day attacks to gain SYSTEM privileges and deploy malware on compromised systems.

A prolific DDoS-for-hire network has been dismantled by Polish authorities as part of a coordinated international crackdown

Passwords alone aren't cutting it—31% of breaches involve stolen credentials. Learn from Specops Software about how Universal 2nd Factor (U2F) and strong password policies can work together to keep your organization secure.

A U.S. federal jury has ordered Israeli spyware vendor NSO Group to pay WhatsApp $167,254,000 in punitive damages and $444,719 in compensatory damages for a 2019 campaign that targeted 1,400 users of the communication app.

Russian government-backed group COLDRIVER is using LOSTKEYS malware to steal files and system information from NGOs and western targets.

Medical device company Masimo Corporation warns that a cyberattack is impacting production operations and causing delays in fulfilling customers' orders.

The FBI has warned scammers are impersonating the IC3, tricking victims by claiming to be able to recover funds.

CVE-2025-27007 exploited in OttoKit WordPress plugin before v1.0.83 enables admin creation without authentication.

Europol dismantled six DDoS-for-hire services, arrested four, seized nine domains—disrupting attacks since 2022.

Discover the 5 essential pillars of SaaS security to transform your organization's security posture and effectively manage decentralized SaaS environments.

CISA warned critical infrastructure organizations of "unsophisticated" threat actors actively targeting the U.S. oil and natural gas sectors.

This week in cybersecurity from the editors at Cybercrime Magazine

In a fragmented world, resilience starts with partnerships and a vision of collective security.

CISA, FBI, EPA, and DoE warn of attacks on the U.S. Energy sector carried out by unsophisticated cyber actors targeting ICS/SCADA systems.

The UK government has announced that it will be replace its current SMS verification system with passkeys by the end of 2025

SSEs lack visibility into browser activity—missing GenAI data leaks, identity misuse, and extension risks.

SysAid fixed 4 critical pre-auth flaws in March 2025; chained bugs allow full admin access and RCE.

A Chinese company has developed an AI-piloted submersible that can reach speeds “similar to a destroyer or a US Navy torpedo,” dive “up to 60 metres underwater,” and “remain static for more than a month, like the stealth capabilities of a nuclear submarine.” In case you’re worried about the military applications of this, you can relax because the company says that the submersible is “designated for civilian use” and can “launch research rockets.” “Research rockets.” Sure. ...

In unreliable network situations, an ICAM (Identity, Credential, & Access Management) framework should function efficiently even without network access.

The Israeli spyware maker must pay $444,719 in compensatory damages to Meta and $167.25m in punitive damages

​Polish authorities have detained four suspects linked to six DDoS-for-hire platforms, believed to have facilitated thousands of attacks targeting schools, government services, businesses, and gaming platforms worldwide since 2022.

UK government minister Pat McFadden said during CYBERUK that the incidents affecting M&S, Co-op and Harrods show that cybersecurity is a necessity

Play ransomware exploited CVE-2025-29824 zero-day in a U.S. breach before Microsoft patched it

Marsh says ransomware drove cyber insurance claims to second highest on record in 2024

Les données sensibles des ministères français doivent être hébergées par des cloud protégés de toute prédation étrangère, en...-Cloud