Latest CyberSec News by @thecyberpicker

A new version of the Triada trojan has been discovered preinstalled on thousands of new Android devices, allowing threat actors to steal data as soon as they are set up.

ImageRunner exploit let attackers access private GCP container images; Google patched issue Jan 28, 2025.

AWS, Microsoft Azure and Google Cloud Platform each scored 0% security effectiveness in CyberRatings.org’s evaluation of cloud network firewall vendors’ ability to prevent exploits and evasions.

Most orgs only discover their security controls failed after a breach. With OnDefend's continuous validation, you can test, measure, and prove your defenses work—before attackers exploit blind spots.

Kidflix, one of the largest platforms used to host, share, and stream child sexual abuse material (CSAM) on the dark web, was shut down on March 11 following a joint action coordinated by German law enforcement.

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apache Tomcat flaw to its Known Exploited Vulnerabilities catalog.

One of the major updates to CSF 2.0 is the creation of the Govern Function, highlighting the importance of ensuring c

The company filed for bankruptcy after financial challenges over the past few years and a massive data breach in 2023.

Discover why traditional security questionnaires fail to provide accurate risk assessments and how companies can implement more effective evaluation methods.

North Korea’s IT worker scam has expanded widely into Europe after years of focusing on U.S. companies, according to new research.

Hackers stole $1.67bn of cryptocurrencies in the first quarter of 2025, a 303% increase

La confiance dans les services numériques est en déclin. Sur 13 secteurs de l'économie, seules les organisations gouvernementales, la banque et...-Cybersécurité

Cisco warns admins to patch a critical Cisco Smart Licensing Utility (CSLU) vulnerability, which exposes a built-in backdoor admin account now used in attacks.

A l'occasion du Forum InCyber, le Campus Cyber, en collaboration avec le Hub France IA, publie un guide pour protéger les systèmes...-Intelligence artificielle

Google has found a significant increase in North Korean actors attempting to gain employment as IT workers in European companies, leading to data theft and extortion

The challenges many enterprises face in harnessing AI’s potential are becoming more apparent. MFT plays a crucial role in enabling enterprises to leverage AI.

Outlaw malware exploits weak SSH credentials + uses worm-like spread since 2018 + enables cryptojacking.

93% of service providers struggle with NIST compliance—automation reduces manual work by 70%, boosting efficiency.

John Kelsey and I wrote a short paper for the Rossfest Festschrift: “Rational Astrologies and Security“: There is another non-security way that designers can spend their security budget: on making their own lives easier. Many of these fall into the category of what has been called rational astrology. First identified by Randy Steve Waldman [Wal12], the term refers to something people treat as though it works, generally for social or institutional reasons, even when there’s little evidence that it works—­and sometimes despite substantial evidence that it does not...

A new malware campaign involves numerous malicious Android apps developed by exploiting Microsoft's .NET MAUI to escape detection.

ProSSHD 1.2 - Denial of Service (DOS). CVE-2024-0725 . remote exploit for Windows platform

SAP NetWeaver - 7.53 - HTTP Request Smuggling. CVE-2022-22536 . remote exploit for Multiple platform

The dawn of our fifth year deepens our understanding of the enemies at the gate, and some tensions inside it; plus, an anniversary gift from us to you

53.5% of websites have weak SSL setups—leaving attack surfaces exposed and increasing breach risk.

Gaming community Steam appeared most often in phishing emails and texts detected by Guardio in Q1 2025

Identity and Access Management (IAM) is no longer just about keeping the wrong people out—it’s about ensuring the right people, machines, and AI-driven agents can securely operate in an increasingly complex digital world. Related: How IAM can be a growth engine If 2024 was the year of Zero Trust acceleration, 2025 is shaping up to

Les grandes affaires de fuites de données secouent l'actualité, mais qu'en est-il du quotidien de la sécurité informatique dans les entreprises...-Cybersécurité

Apple backports three critical vulnerabilities actively exploited in attacks against older iOS and macOS models.

The UK’s data protection regulator says it is overwhelmed with complaints from the public