Latest CyberSec News by @thecyberpicker

Microsoft has announced that it will discontinue the password storage and autofill feature in the Authenticator app starting in July and will complete the deprecation in August 2025.

Google NotebookLM, which is a research and note-taking AI tool, is getting upgraded to Gemini 2.5 Flash.

Rhysida Ransomware gang claims the hack of the Government of Peru, the gang breached Gob.pe, the Single Digital Platform of the Peruvian State

Malicious Go and PyPI packages use Gmail and wget to exfiltrate data, wipe Linux disks, and hijack crypto credentials.

L’arme nucléaire, du fait des conséquences désastreuses qu’entraînerait son emploi, est vouée à rester un élément de dissuasion. Si la menace du recours à cette arme ultime est fréquemment brandie côté russe, il n’en demeure pas moins que les responsables au Kremlin ont pleinement conscience des coûts pratiquement

Iranian threat actor Lemon Sandstorm accessed Middle East CNI from 2023–2025 using VPN flaws, web shells, and 8 custom tools.

U.S. CISA adds Yii Framework and Commvault Command Center flaws to its Known Exploited Vulnerabilities catalog.

DoJ charges Yemeni hacker over 1,500 ransomware hits via ProxyLogon + Global crackdown + Victim payments drop

L’Usine Digitale vous propose un récapitulatif des grandes actualités de la semaine en matière de cybersécurité. Au programme, un...-Cybersécurité

The small pyjama squid (Sepioloidea lineolata) produces toxic slime, “a rare example of a poisonous predatory mollusc.” As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Top security leaders at some of the largest tech and cybersecurity vendors said public-private collaborative work continues, despite budget cuts and personnel changes.

The Co-op cyberattack is far worse than initially reported, with the company now confirming that data was stolen for a significant number of current and past customers.

The U.S. Attorney's Office for the Central District of California announced charges against Rami Khaled Ahmed for allegedly helping to develop and deploy Black Kingdom, which infected “approximately 1,500 computer systems."

The president’s budget proposal repeated a debunked claim about the nation’s cyber agency engaging in censorship.

Sooner or later, it’s going to happen. AI systems will start acting as agents, doing things on our behalf with some degree of autonomy. I think it’s worth thinking about the security of that now, while its still a nascent idea. In 2019, I joined Inrupt, a company that is commercializing Tim Berners-Lee’s open protocol for distributed data ownership. We are working on a digital wallet that can make use of AI in this way. (We used to call it an “active wallet.” Now we’re calling it an “agentic wallet.”) I talked about this a bit at the RSA Conference...

A supply chain attack involving 21 backdoored Magento extensions has compromised between 500 and 1,000 e-commerce stores, including one belonging to a $40 billion multinational.

A budget summary doesn’t give specific details on which programs it would cut, instead providing a broad outline.

Passwords are becoming things of the past. Passkeys are more secure, easier to manage, and speed up the log in process

The Justice Department under Trump has now settled two cases that bear the hallmarks of a Biden-era cyber enforcement initiative.

Le premier jeudi du mois de mai est la journée mondiale du mot de passe. À cette occasion, Microsoft l'a célébrée d'une façon un peu particulière, avec une initiative visant à les tuer un peu plus. Chaque année, il y a la journée mondiale du mot de passe. Et tous les ans, elle tombe le premier jeudi du mois de mai --

The software vendor added variations to its family of large action models for on-device implementation, limited GPU resources and industrial applications.

The uptick began in the fourth quarter of 2024 and continued into 2025, with the increases largely attributed to Clop’s exploitation of a popular file sharing service.

A 36-year-old Yemeni national, who is believed to be the developer and primary operator of 'Black Kingdom' ransomware, has been indicted by the United States for conducting 1,500 attacks on Microsoft Exchange servers.

The Treasury Department issued the proposed rulemaking Thursday, stating that Huione Group has helped launder funds from North Korean state-backed cybercrime operations and investment scams originating in Southeast Asia.

The US Cybersecurity and Infrastructure Security Agency has added two flaws affecting SonicWall products to its catalog of Known Exploited Vulnerabilities

The United Kingdom's National Cyber Security Centre warned that ongoing cyberattacks impacting multiple UK retail chains should be taken as a "wake-up call."

NSC’s Alexei Bulazel said that failing to robustly respond to constant Chinese intrusions into critical infrastructure is in itself “escalatory”

The ability of AI to handle enormous data volumes and identify irregularities in real-time enables it to fill the gap across disparate Zero Trust architectures.

TikTok fined €530M for illegally transferring EEA user data to China, violating GDPR Article 46(1).

This week in cybersecurity from the editors at Cybercrime Magazine