Latest CyberSec News by @thecyberpicker

Learn how to optimize your SIEM solution with key strategies and practices.

Want to know the most notable findings in Talos' Year in Review directly from our report's authors? Watch our two part video series.

This week on the Lock and Code podcast, we speak with Lena Cohen about whether our phones are really listening to us to deliver ads.

Security researchers from ExtensionTotal have found nine malicious extensions in Visual Studio Code, Microsoft’s lightweight source-code editor

CVE-2025-22457 is a critical stack buffer-overflow vulnerability that Ivanti had initially assessed as a low-level product bug that could not be exploited remotely.

Austin, TX, USA, April 7, 2025, CyberNewswire -- SpyCloud, the leading identity threat protection company, today released new analysis of its recaptured darknet data repository that shows threat actors are increasingly bypassing endpoint protection solutions: 66% of malware infections occur on devices with endpoint security solutions installed. SpyCloud offers integrations with leading endpoint detection and

Austin, TX, USA, 7th April 2025, CyberNewsWire

Un mail de phishing utilise les données exposées lors de la fuite de Free pour tromper les cibles. Les pirates usurpent cette fois l'apparence du service d'Amazon Prime pour dérober des données bancaires. Depuis près d'un mois, une campagne cible les victimes de la très médiatisée fuite de données Free. Les hackers

XWiki Platform 15.10.10 - Remote Code Execution. CVE-2025-24893 . webapps exploit for Multiple platform

Fast flux exploits DNS gaps to evade takedowns since 2007, enabling resilient malware and phishing operations.

Apache Tomcat 11.0.3 - Remote Code Execution. CVE-2025-24813 . webapps exploit for Multiple platform

A rise in smishing campaigns impersonating toll service providers has been linked to China’s Smishing Triad

YesWiki 4.5.1 - Unauthenticated Path Traversal. CVE-2025-31131 . webapps exploit for Multiple platform

A novel phishing campaign by Russia-nexus espionage actors targeting European government and military organizations.

Xanthorox AI, a self-contained system for offensive cyber operations, has emerged on darknet forums

Discover how to balance security and productivity in distributed SaaS management. Learn key risks and strategies for securing SaaS apps without disruption.

Heavy incoming traffic: A new wave of toll fee scams are sweeping America.

This week in cybersecurity from the editors at Cybercrime Magazine

This week’s THN Recap shows how attackers are outsmarting outdated defenses — and what you can do next.

A campaign named PoisonSeed uses stolen CRM and bulk email credentials to send crypto seed scams, aiming to empty victims' digital wallets.

In “Secrets and Lies” (2000), I wrote: It is poor civic hygiene to install technologies that could someday facilitate a police state. It’s something a bunch of us were saying at the time, in reference to the vast NSA’s surveillance capabilities. I have been thinking of that quote a lot as I read news stories of President Trump firing the Director of the National Security Agency. General Timothy Haugh. A couple of weeks ago, I wrote: We don’t know what pressure the Trump administration is using to make intelligence services fall into line, but it isn’t crazy to ...

Delve into the critical role of containerization & Remote Browser Isolation (RBI) as pivotal technologies in enhancing security from the end-user's perspective.

Vanity metrics mask real risks; Gartner forecasts CTEM adoption could cut breaches by two-thirds by 2026.

While analyzing a malicious DLL library used in attacks by APT group ToddyCat, Kaspersky expert discovered the CVE 2024-11859 vulnerability in a component of ESET’s EPP solution.

Vodafone Business has urged the UK government to implement policy changes, including improvements to the Cyber Essentials scheme and tax incentives for cybersecurity

Osney Capital’s new fund is the first to focus exclusively on early-stage UK cybersecurity

Cyber-attacks on Australian superannuation funds leave some savers out of pocket

Cybercriminals exploit compromised accounts for EDR-as-a-Service (Emergency Data Requests - EDR), targeting major platforms

PoisonSeed exploits CRM credentials to spread cryptocurrency seed phrase attacks, risking major wallet compromises.

Face à l'accroissement des menaces, la Cnil joue un rôle central, non seulement en tant qu'organisme de régulation, mais également en tant...-Cybersécurité