Latest CyberSec News by @thecyberpicker

A significant spike in scanning activity targeting Palo Alto Network GlobalProtect login portals has been observed, with researchers concerned it may be a prelude to an upcoming attack or flaw being exploited.

​Google has started rolling out a new end-to-end encryption (E2EE) model for Gmail enterprise users, making it easier to send encrypted emails to any recipient.

U.S.-based cybersecurity firm ReliaQuest has secured a significant funding boost with a new investment round totaling over $500 million, elevating the company's valuation to $3.4 billion.

Lucid PhaaS hit 169 targets in 88 countries by abusing iMessage and RCS to bypass SMS filters

Attackers exploit CrushFTP CVE-2025-2825 flaw, enabling unauthenticated access to unpatched devices using public proof-of-concept code.

A new attack targeting Microsoft Teams users used vishing, remote access tools and DLL sideloading to deploy a JavaScript backdoor

Apple has released security updates that backport fixes for actively exploited vulnerabilities that were exploited as zero-days to older versions of its operating systems.

This week in cybersecurity from the editors at Cybercrime Magazine

Google is set to roll out end-to-end encryption for all Gmail users, boosting security, compliance and data sovereignty efforts

Dive into comprehensive strategies for AI assessments to address ethical challenges and help organizations responsibility implement AI practices.

We have observed DPRK IT worker operations expanding beyond the U.S. and into Europe.

Attackers are now targeting a critical authentication bypass vulnerability in the CrushFTP file transfer software using exploits based on publicly available proof-of-concept code.

I have heard stories of more aggressive interrogation of electronic devices at US border crossings. I know a lot about securing computers, but very little about securing phones. Are there easy ways to delete data—files, photos, etc.—on phones so it can’t be recovered? Does resetting a phone to factory defaults erase data, or is it still recoverable? That is, does the reset erase the old encryption key, or just sever the password that access that key? When the phone is rebooted, are deleted files still available? We need answers for both iPhones and Android phones. And it’s not just the US; the world is going to become a more dangerous place to oppose state power...

BlueVoyant found that the use of lookalike domains in email-based attacks is allowing actors to extend the types of individuals and organizations being targeted

Explore phishing tactics, their devastating consequences, and how to protect yourself from these increasingly sophisticated cyber threats.

A number of specialized dating apps leaked the--not so--secret storage location of 1.5 Million more or less explicit images

Earth Alux used VARGEIT and MASQLOADER in APAC and LATAM cyberattacks, bypassing defenses via stealth techniques.

Facebook Pixel exposed CSRF tokens at major retailer; Reflectiz detected breach early, preventing €20M GDPR fines.

23,958 IPs scanned Palo Alto GlobalProtect portals in late March, signaling systemic recon before potential exploits.

Apple patched 3 live exploits—CVE-2025-24085, -24200, -24201—across legacy iOS/macOS devices to block escalation attacks.

Attack matches three-year long pattern of ScreenConnect attacks tracked by Sophos MDR as STAC4365.

Stay Ahead of Sanctions, Tariffs, and Trade Shocks with Real-Time Intelligence Across Your Global Supply Chain

La fintech Qonto a choisi l'offre de cloud commercialisée par S3NS, la co-entreprise entre Thales et Google. En attendant la qualification...-Cloud

Pour sa 17e édition, le Forum InCyber - qui s'ouvre ce mardi 1e avril à Lilles - est placé sous le signe de la confiance. Un thème qui...-Cybersécurité

A thousand UK service providers will be expected to comply with the forthcoming Cyber Security and Resilience Bill

Sucuri researchers spotted threat actors deploying WordPress malware in the mu-plugins directory to evade security checks.

Le pure player de la cybersécurité ITrust, acquis par le groupe Iliad en 2023, annonce le lancement de "French XDR". Cette plateforme,...-Cybersécurité

Apple fined €150M for applying double consent only to third parties in ATT, breaching French privacy law.

More than 2 in 5 leaders say they’ve strengthened practices to curb increased threats, misuse and other vulnerabilities tied to using the technology.