Latest CyberSec News by @thecyberpicker

This week in cybersecurity from the editors at Cybercrime Magazine

Online networks of teenage boys “dedicated to inflicting harm and committing a range of criminality” are among the most significant concerns for British law enforcement, officials announced this week.

Two malicious packages were discovered on npm (Node package manager) that covertly patch legitimate, locally installed packages to inject a persistent reverse shell backdoor.

Microsoft says that some customers might experience Remote Desktop and RDS connection issues after installing recent Windows updates released since January 2025.

With its growing popularity, sponsored Google search ads have started impersonating DeepSeek AI.

Fake Booking.com emails sent to hotels lead to fake CAPTCHA sites that trick the staff into infecting their own systems

Standards body ETSI has defined a scheme for key encapsulation mechanisms with access control (KEMAC), enabling quantum-secure encryption

Cloudflare has a new feature—available to free users as well—that uses AI to generate random pages to feed to AI web crawlers: Instead of simply blocking bots, Cloudflare’s new system lures them into a “maze” of realistic-looking but irrelevant pages, wasting the crawler’s computing resources. The approach is a notable shift from the standard block-and-defend strategy used by most website protection services. Cloudflare says blocking bots sometimes backfires because it alerts the crawler’s operators that they’ve been detected. “When we detect unauthorized crawling, rather than blocking the request, we will link to a series of AI-generated pages that are convincing enough to entice a crawler to traverse them,” writes Cloudflare. “But while real looking, this content is not actually the content of the site we are protecting, so the crawler wastes time and resources.”...

Security maturity measures an organization's ability to manage risks. This guide explains data security maturity and provides assessment best practices.

EU security agency ENISA has released a new report outlining the threats and potential mitigations for the space sector

Insider attacks cost $4.99M each + 68% of breaches involve human error + PAM reduces breach risk.

It starts with a ripple of confusion, then panic. Hospital systems freeze mid-procedure. Electronic medical records become inaccessible. Related: Valuable intel on healthcare system cyber exposures In the ICU, alarms blare as doctors and nurses scramble to stabilize critical patients without access to real-time data. Admissions come to a standstill. Emergency rooms overflow with patients

The UK government’s new fraud minister will today announce plans for a newly expanded fraud strategy

Atlantis AIO enables credential stuffing across 140+ platforms, fueling fraud, theft, and account takeovers

Microsoft and Veeam are investigating a known issue that triggers connection errors on Windows 11 24H2 systems when restoring from Veeam Recovery Media.

Broadcom addressed a high-severity authentication bypass vulnerability, tracked as CVE-2025-22230, in VMware Tools for Windows.

​Google has fixed a high-severity Chrome zero-day vulnerability exploited to escape the browser's sandbox and deploy malware in espionage attacks targeting Russian organizations.

VMware Tools flaw CVE-2025-22230 enables high-privilege actions on Windows VMs + No workaround + Patch in 12.5.1.

Google fixed Chrome zero-day CVE-2025-2783 on Mar 20 after attacks exploited a sandbox bypass flaw.

The order seeks to withhold federal funding from states that don’t comply, sparking a heated backlash from legal and election experts.

FinTech and Communications Leader, IDT Corporation partners with AccuKnox to deploy runtime security-powered CNAPP (Cloud Native Application Protection Platform) for IoT/Edge Security. Menlo Park, Calif., Mar. 25, 2025, CyberNewswire -- AccuKnox, Inc., announced that Telecom and FinTech Leader IDT Corporation has partnered with AccuKnox to deploy Zero Trust CNAPP. Gartner’s predictions for the Internet of

The annual pilgrimage to San Francisco for RSA Conference is fast approaching—and the ramp-up has officially begun. In the latest episode of Bospar’s Politely Pushy podcast, Last Watchdog Editor-in-Chief Byron V. Acohido joins DigiCert’s Christina Knittel and ConnectSafely.org’s Larry Magid for a spirited roundtable on how to get the most out of RSAC 2025. Hosted

With 23andMe filing for bankruptcy, here's how to remove your data from the company and protect yourself from the 2023 breach.

Kaspersky GReAT experts discovered a complex APT attack on Russian organizations dubbed Operation ForumTroll, which exploits zero-day vulnerabilities in Google Chrome.

CrushFTP warned customers of an unauthenticated HTTP(S) port access vulnerability and urged them to patch their servers immediately.

Connor Riley Moucka signed a consent order on Friday in Ontario Superior Court in Kitchener that would allow him to be transferred to U.S. custody to face multiple charges.

The crypto lending platform said the issue was sourced back to a product it calls “cauldrons” — isolated lending markets that allow users to borrow against a variety of cryptocurrencies.

Cloudflare has announced that its R2 object storage and dependent services experienced an outage lasting 1 hour and 7 minutes, causing 100% write and 35% read failures globally.

This week in cybersecurity from the editors at Cybercrime Magazine