Latest CyberSec News by @thecyberpicker

Congratulations to the winners of the Microsoft Security Excellence Awards that recognize the innovative defenders who have gone above and beyond.

Soutenue par Snowflake et Atlassian, Veza développe une plateforme d'analyse des applications d'une société afin de déterminer quel utilisateur...-Cybersécurité

Le lancement de Foundation AI a pour volonté de démocratiser la sécurité autour de  l’IA grâce à une panoplie d'outils open source. Un premier...-IA générative

Thousands are exposed and potentially vulnerable as researchers warn of widespread exploitation.

The Take It Down Act received rare levels of bipartisan support in the House and Senate, but critics fear enforcement could threaten First Amendment protections and unduly burden smaller companies and encrypted applications.

Microsoft has confirmed several issues affecting Microsoft 365 customers using the "paste special' option and the calendar feature in the classic Outlook email client.

New WordPress malware disguised as a plugin gives attackers persistent access and injects malicious code enabling administrative control

Epicentr, a home improvement chain that operates more than 70 stores in Ukraine, said it suffered a cyberattack that crippled key IT systems.

With RSAC kicking off next week, the conversation is shifting—literally. Cybersecurity pros are rethinking how “shift left” applies not just to code, but to enterprise risk. Related: Making sense of threat detection In this Fireside Chat, I spoke with John DiLullo, CEO of Deepwatch, who makes a compelling case for how Managed Detection and Response

A new ransomware campaign is automating LockBit deployment via the Phorpiex botnet, according to Cybereason

This week in cybersecurity from the editors at Cybercrime Magazine

SentinelOne uncovers China-linked PurpleHaze attacks and North Korean infiltration attempts amid rising EDR testing abuses.

Google's Threat Intelligence Group (GTIG) says attackers exploited 75 zero-day vulnerabilities in the wild last year, over 50% of which were linked to spyware attacks.

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) is warning of Broadcom Brocade Fabric OS, Commvault web servers, and Qualitia Active! Mail clients vulnerabilities that are actively exploited in attacks.

A former Disney employee has been sentenced to three years in prison for computer fraud and identity theft. He must also pay nearly US$688,000 in restitution.

En 2024, la Commission nationale de l'informatique et des libertés a reçu 5629 notifications de violation de données personnelles. Un chiffre...-Cybersécurité

La firme américaine met la main sur Protect AI, une start-up spécialisée dans la sécurisation des applications et modèles d'IA. Les solutions...-Cybersécurité

Fournisseur d'un tiers des documents d'identité sécurisés dans le monde, Thales ambitionne devenir le partenaire privilégié pour la gestion de...-Cybersécurité

On Friday, Nova Scotia Power — which provides serves 95% of the power for the region — discovered a cyber incident involving unauthorized access to its systems.

Administrators of a Telegram channel named CoderSharp have been advertising Gremlin Stealer since March 2025

The Compliance Automation Revolution is a CSA initiative to develop methods to automatically gather compliance evidence, harmonize frameworks, & quantify risk.

F

75 zero-days exploited in 2024, with 44% hitting enterprise tools and 34 tied to threat groups.

Find out how Reco keeps Microsoft 365 Copilot safe by spotting risky prompts, protecting data, managing user access, and identifying threats.

This seems like an important advance in LLM security against prompt injection: Google DeepMind has unveiled CaMeL (CApabilities for MachinE Learning), a new approach to stopping prompt-injection attacks that abandons the failed strategy of having AI models police themselves. Instead, CaMeL treats language models as fundamentally untrusted components within a secure software framework, creating clear boundaries between user commands and potentially malicious content. […] To understand CaMeL, you need to understand that prompt injections happen when AI systems can’t distinguish between legitimate user commands and malicious instructions hidden in content they’re processing...

Dvuln researchers highlighted the growing impact of infostealers on the cybercrime landscape, enabling attackers to bypass traditional defenses

This Google Threat Intelligence Group report presents an analysis of detected 2024 zero-day exploits.

2024 wasn't the year that AI rewrote the cybercrime playbook — but it did turbocharge some of the old tricks. Read this summary of AI-based threats, from Talos' 2024 Year in Review.