Latest CyberSec News by @thecyberpicker

Unknown threat actors have reportedly breached the National Nuclear Security Administration's (NNSA) network in attacks exploiting a recently patched Microsoft SharePoint zero-day vulnerability chain.

The Justice Department said it ended “the largest internet privacy case… ever to go to trial as well as the first illegal streaming case ever to go to trial.”

Kerberoasting gives attackers offline paths to crack service account password, without triggering alerts. Learn from Specops Software how to protect your Active Directory with stronger SPN password policies and reduced attack surfaces.

A series of new cybersecurity regulations related to the water industry have been set out by New York state agencies

French law enforcement said the alleged administrator of the long-running cybercrime forum XSS, formerly known as DaMaGeLab, was arrested in Ukraine.

Learn how to optimize your SIEM solution with key strategies and practices.

OpenAI is testing a new 'Study together' feature, and today, a new announcement within the ChatGPT web app confirms it.

Coyote malware uses Windows UI Automation to target 75 banks and crypto sites in Brazil, risking credential theft.

Help desk workers from the IT services company Cognizant were directly responsible for an August 2023 cyberattack that disrupted operations at the Clorox Company, the cleaning products giant alleges in a lawsuit.

CISA has warned that attackers are actively exploiting two security vulnerabilities in the SysAid IT service management (ITSM) software to hijack administrator accounts.

The suspected administrator of the Russian-speaking hacking forum XSS.is was arrested by the Ukrainian authorities yesterday at the request of the Paris public prosecutor's office.

OpenAI has had enough of Google's Veo 3 dominating generative AI videos and is now working on Sora 2, the successor to Sora.

Learn what ISO 42001 is, what to expect from the certification process, and practical insights to help you lay a strong foundation for compliance.

Depuis quelques jours, de nombreux inscrits à France Travail ont reçu un courriel inquiétant : des personnes non autorisées ont accédé à leurs données personnelles hébergées sur la plateforme. Que s'est-il réellement passé ? Qui est concerné ? France Travail a déroulé la chronologie des faits pour Numerama. L’alerte

npm has taken down all versions of the Stylus library and replaced them with a "security holding" page, breaking pipelines and builds worldwide that rely on the package.

This week in cybersecurity from the editors at Cybercrime Magazine

The individual is accused of numerous illicit cybercrime and ransomware activities that have generated at least $7m in profit

npm packages hit by phishing-based supply chain attack, exposing developers to malware and remote access threats.

New BeyondTrust research shows statistical models outperform heuristics in detecting Kerberoasting attacks. Better accuracy, fewer false positives.

In today’s post-signature world, attackers don’t just break in — they blend in. In this second installment of the Last Watchdog Strategic LinkedIn Reel (LW SLR) series, Corelight CEO Brian Dye delivers a clear-eyed take on how defenders can regain the upper hand with network-derived ground truth. This high-impact reel distills key insights from our

Dévoilé en 2020, le Escobar Fold 2 se présentait comme un concurrent du Samsung Galaxy Fold aux couleurs du trafiquant Pablo Escobar. Après plusieurs polémiques, une extraction et une enquête internationale, son créateur a finalement reconnu avoir conçu une vaste arnaque. Un téléphone pliant en hommage à un

The French employment agency’s partner web portal has been accessed by a malicious actor

In the first Humans of Talos, Amy sits with Hazel Burton — storyteller, security advocate, and all-around Talos legend. Hazel shares her journey from small business entrepreneurship to leading content programs at Talos.

It will be interesting to watch what will come of this private lawsuit: Google on Thursday announced filing a lawsuit against the operators of the Badbox 2.0 botnet, which has ensnared more than 10 million devices running Android open source software. These devices lack Google’s security protections, and the perpetrators pre-installed the Badbox 2.0 malware on them, to create a backdoor and abuse them for large-scale fraud and other illicit schemes. This reminds me of Meta’s lawauit against Pegasus over its hack-for-hire software (which I wrote about ...

The ringleader of the Jetflicks illegal paid streaming operation, a massive service with tens of thousands of subscribers, was sentenced to seven years in prison.

Microsoft has resolved a known issue that triggers invalid Windows Firewall errors after rebooting Windows 11 24H2 systems with the June 2025 preview update installed.

Cognizant handed over a password to the cybercriminal without asking any authentication questions

Sophos X-Ops explores why larger isn’t always better when it comes to solving security challenges with AI

Google’s OSS Rebuild checks package builds to stop supply chain attacks in Python, npm, and Rust.

A joint US government advisory highlighted novel initial access techniques deployed by Interlock, and urged businesses and critical infrastructure to stay vigilant