North Korean IT worker scam is now a threat to all companies, cybersecurity experts say
One cybersecurity expert even said he recently found evidence that a U.S. political campaign in Oregon hired a North Korean IT worker.
Latest CyberSec News by @thecyberpicker
Understanding the challenges of securing an NGO
Joe talks about how helping the helpers can put a fire in you and the importance of keeping nonprofits cybersecure.
Harrods the next UK retailer targeted in a cyberattack
London's iconic department store, Harrods, has confirmed it was targeted in a cyberattack, becoming the third major UK retailer to report cyberattacks in a week following incidents at M&S and the Co-op.
Leaders of 764, global child sextortion group, arrested and charged | CyberScoop
The Justice Department accuses two men of running a “network of nihilistic violent extremists” who engaged in and facilitated the grooming, manipulation and extortion of minors.
Pushing passkeys forward: Microsoft’s latest updates for simpler, safer sign-ins
Join us in embracing passkeys for secure, passwordless sign-ins. Learn more about our commitment to a safer digital future.
State-of-the-art phishing: MFA bypass
Threat actors are bypassing MFA with adversary-in-the-middle attacks via reverse proxies. Phishing-as-a-Service tools like Evilproxy make these threats harder to detect.
US as a Surveillance State - Schneier on Security
Two essays were just published on DOGE’s data collection and aggregation, and how it ends with a modern surveillance state. It’s good to see this finally being talked about.
Salt Typhoon telecom hacks one of the most consequential campaigns against US ever, expert says
A prominent former member of a recently shuttered cyber-incident review panel said the board should be reconstituted with independent authority.
Google pours billions into AI, cyber and infrastructure expansion
The tech giant's cloud profits more than doubled year over year as it invested more than $17 billion, primarily in servers and data centers.
Malicious PyPI packages abuse Gmail, websockets to hijack systems
Seven malicious PyPi packages were found using Gmail's SMTP servers and WebSockets for data exfiltration and remote command execution.
Claude Chatbot Used for Automated Political Messaging
Anthropic has found its Claude chatbot is being used for automated political messaging, enabling AI-driven influence campaigns
Fake Security Plugin on WordPress Enables Remote Admin Access for Attackers
Backdoor plugin hijacks WordPress sites with admin access, stealth reinfection, and JS ad fraud—active since Jan 2025.
UK and Canadian Regulators Demand Robust Data Protection Amid 23andMe Bankruptcy
Concerned about the fate of sensitive genetic information, the ICO and OPC have demanded that 23andMe prioritize customer data protection throughout its bankruptcy process
Operational impacts top list of vendor risk worries, study finds
The report comes as years of supply chain cyberattacks shine a spotlight on third-party risks.
MY TAKE: RSAC 2025 – Conversing with vendors hanging out in the Marriott Marquis mezzanine
SAN FRANCISCO — Sometimes, the best insights come not from the keynote stage, but from the hotel lobby. Related: RSAC 2025 top takeaways In between sessions at RSAC 2025, I slipped over to the Marriott lobby and held quick, off-the-cuff interviews with a handful of cybersecurity vendors — each doing something genuinely different, often radical,
![[tl;dr sec] #277 - Cybersecurity (Anti)Patterns, $64K from Deleted Files, New from Meta AI Security](https://rdl.ink/render/https%3A%2F%2Fbeehiiv-images-production.s3.amazonaws.com%2Fuploads%2Fpublication%2Fthumbnail%2F080a561f-2435-4477-a549-ab9f115e047c%2Flandscape_Screenshot_2024-11-21_at_10.48.21_AM.png?width=350&height=&ar=16:9&mode=crop&format=avif&dpr=2)
[tl;dr sec] #277 - Cybersecurity (Anti)Patterns, $64K from Deleted Files, New from Meta AI Security
How to avoid Busywork Generators, bug bounty story of secrets in deleted files, new AI security tools and evals from Meta
Microsoft - NTLM Hash Disclosure Spoofing (library-ms)
Microsoft - NTLM Hash Disclosure Spoofing (library-ms). CVE-2025-24054 . local exploit for Windows platform
Large-Scale Phishing Campaigns Target Russia and Ukraine
A large-scale phishing campaign using DarkWatchman and Sheriff malware has been observed targeting companies in Russia and Ukraine
Daikin Security Gateway 14 - Remote Password Reset
Daikin Security Gateway 14 - Remote Password Reset.. local exploit for Multiple platform
Microsoft Windows - XRM-MS File NTLM Information Disclosure Spoofing
Microsoft Windows - XRM-MS File NTLM Information Disclosure Spoofing.. local exploit for Windows platform
ZTE ZXV10 H201L - RCE via authentication bypass
ZTE ZXV10 H201L - RCE via authentication bypass.. local exploit for Multiple platform
5 Security Questionnaire Steps to Automate Today | CSA
One way to lighten the load of security questionnaires is to automate certain parts of the process. Automate these 5 steps for a more efficient workflow.
Apple AirPlay SDK devices at risk of takeover—make sure you update
Researchers found a set of vulnerabilities that puts all devices leveraging Apple's AirPlay at risk.
Mystery Box Scams Deployed to Steal Credit Card Data
Bitdefender highlighted the growing use of subscription scams, in which victims are lured by adverts into recurring payments for fake products
Backdoor found in popular ecommerce components
Multiple vendors were hacked in a coordinated supply chain attack, Sansec found 21 applications with the same backdoor. Curiously, the malware was injected 6...
Meta Unveils New Advances in AI Security and Privacy Protection
Alongside its new Meta AI app, Facebook’s parent company launched several new products to help secure open-source AI applications
British Library avoids investigation over ransomware attack, praised again for response
The U.K. Information Commissioner's Office said it will not investigate the British Library over a 2023 ransomware attack. The institution will not face potential monetary penalties or a reprimand.
Why telecoms need a proactive AI defense
This week in cybersecurity from the editors at Cybercrime Magazine
The 3 biggest cybersecurity threats to small businesses
These 3 cybersecurity threats may not be the most sophisticated, but they're the most effective—and serious—threats for small businesses.
AI vs. AI: The new cybersecurity battle | CSA
AI enables attackers to craft convincing scams at scale, using deepfakes and typosquatting to bypass traditional defenses. Proactive AI security is essential.