Latest CyberSec News by @thecyberpicker

Google’s OSS Rebuild checks package builds to stop supply chain attacks in Python, npm, and Rust.

A joint US government advisory highlighted novel initial access techniques deployed by Interlock, and urged businesses and critical infrastructure to stay vigilant

Une nouvelle campagne de phishing aux couleurs de Free Mobile est en cours. Si vous avez reçu un mail de l'opérateur vous demandant de confirmer certaines informations personnelles, il s'agit très probablement d'un piège. Ton professionnel, couleurs, logo de Free. Autant d'éléments qui pourraient vous inciter à

NCC Group observed a 43% drop in ransomware attacks in Q2 2025, driven by law enforcement actions and internal conflicts in groups

Avant d'installer une mise à jour, pour changer d'iPhone ou simplement par sécurité, il est vivement recommandé de sauvegarder son iPhone. Il existe plusieurs moyens pour récupérer toutes ses données. On ne le répètera jamais assez : sauvegarder ses appareils est important. En cas de panne, de vol, de changement

SysAid bugs exploited in the wild; CISA mandates federal patching to stop potential admin takeovers.

CISA flags Microsoft SharePoint flaws under active attack by Chinese hackers. U.S. agencies must patch by July 23

Austin, TX, July 21, 2025, CyberNewswire — Living Security, the global leader in Human Risk Management (HRM), today released the 2025 State of Human Cyber Risk Report, an independent study conducted by leading research firm Cyentia Institute. The report provides an unprecedented look at behavioral risk inside organizations and reveals how strategic HRM programs can reduce that risk 60%

A program manager at Lawrence Livermore National Laboratory told lawmakers Tuesday that the recent contract expiration puts OT security at risk.

The Lumma infostealer malware operation is gradually resuming activities following a massive law enforcement operation in May, which resulted in the seizure of 2,300 domains and parts of its infrastructure.

​​Microsoft has released the KB5062660 preview cumulative update for Windows 11 24H2 with twenty-nine new features or changes, with many gradually rolling out, such as the new Black Screen of Death and Quick Machine Recovery tool.

Interlock ransomware is being used to target critical infrastructure and businesses across North America and Europe, the FBI and other federal agencies warned.

A House hearing on state voter roll purges saw GOP lawmakers claim outdated voter lists enable fraud, but evidence was scant. Experts and voters testified about the real impacts of registration challenges and voter roll maintenance.

Microsoft is rolling out significant changes to Windows 11 24H2 as part of the Windows Resilience Initiative, designed to reduce downtime and help devices recover from serious failures, as well as an overhaul of the all-too-familiar BSOD crash screens.

A new variant of the banking trojan 'Coyote' has begun abusing a Windows accessibility feature, Microsoft's UI Automation framework, to identify which banking and cryptocurrency exchange sites are accessed on the device for potential credential theft.

NIST has issued draft updates to Special Publication (SP) 800-53 to provide additional guidance on how to securely and reliably deploy patches and updates in

L'écosystème cyber est en alerte depuis la découverte de deux vulnérabilités « zero-day » affectant la célèbre solution de gestion collaborative SharePoint de Microsoft. Toujours activement exploitées, ces failles sont au cœur d’une large campagne de piratage menée, selon de nombreux experts, par des groupes de

AMEOS Group, an operator of a massive healthcare network in Central Europe, has announced it has suffered a security breach that may have exposed customer, employee, and partner information.

CISA and the FBI warned on Tuesday of increased Interlock ransomware activity targeting businesses and critical infrastructure organizations in double extortion attacks.

Microsoft links SharePoint attacks to three China-based groups; flaws allow code execution and data theft on unpatched systems.

Education was the fourth-most-targeted sector during the first half of 2025, according to a report from Comparitech.

Linen Typhoon, Violet Typhoon and Storm-2603 are behind the initial attack spree that erupted over the weekend. Other threat groups are now following suit.

The company urged customers to apply security updates as security researchers warn of escalating attacks.

A new wave of phishing attacks exploiting Microsoft 365 OAuth tools has been observed impersonating diplomats to steal access codes

A plan to transfer cybersecurity and resilience responsibilities to states could have major unintended consequences.

A widespread RFQ scam exploited net payment terms to fraudulently obtain high-value devices

The British government announced plans to prohibit public sector organizations and critical infrastructure operators from paying ransoms to cybercriminals, marking a significant shift in the nation's approach to combating ransomware attacks.

Russian cybersecurity researchers identified and dismantled a network of domains operated by the hacker group NyashTeam.

Cisco is warning that three recently patched critical remote code execution vulnerabilities in Cisco Identity Services Engine (ISE) are now being actively exploited in attacks.

Microsoft has observed three China-based threat actors, Linen Typhoon, Violet Typhoon and Storm-2603, exploiting the SharePoint vulnerabilities