Latest CyberSec News by @thecyberpicker

Doughnut maker Krispy Kreme has revealed that sensitive financial and personal data of over 160,000 individuals has been impacted following a November 2024 cyber incident

Microsoft has announced new Windows 365 security defaults starting in the second half of 2025 and affecting newly provisioned and reprovisioned Cloud PCs.

Toy company Mattel has announced a deal with OpenAI to create AI-powered toys, but digital rights advocates have urged caution.

GenAI, credential theft, third-party risks—Verizon's 2025 DBIR reveals what's putting your org at risk. Join DBIR author Alex Pinto & LayerX CEO Or Eshed as they break down this year's key insights and defense strategies. Don't miss the webinar—register now.

ChatGPT appears to be testing support for Gmail and Google Calendar integration. This will allow users to summarise emails and create events.

Iran experienced a near-total internet blackout on Wednesday as tensions with Israel escalated into the first week of conflict.

The DuckDuckGo web browser has expanded its built-in Scam Blocker tool to protect against a broader range of online scams, including fake e-commerce, cryptocurrency exchanges, and "scareware" sites.

Banking giant UBS revealed it had suffered a data breach following a cyber-attack on procurement service provider Chain IQ

Satellite communications company Viasat is the latest victim of China's Salt Typhoon cyber-espionage group, which has previously hacked into the networks of multiple other telecom providers in the United States and worldwide.

AI-generated code is accelerating dev speed—but it’s also exposing users to stealthy, undetected flaws.

North Korean hackers used deepfake Zoom calls and Telegram links to infect Mac systems at a crypto firm.

Two articles crossed my path recently. First, a discussion of all the video Waymo has from outside its cars: in this case related to the LA protests. Second, a discussion of all the video Tesla has from inside its cars. Lots of things are collecting lots of video of lots of other things. How and under what rules that video is used and reused will be a continuing source of debate.

Cato Networks researchers demonstrated an attack leveraging Atlassian’s AI agent-enabling server

Hackers now exploit trusted apps like Zoom and Dropbox to launch stealth attacks. Learn how to detect LOTS threats

U.S. doughnut chain Krispy Kreme confirmed that attackers stole the personal information of over 160,000 individuals in a November 2024 cyberattack.

The NIST National Cybersecurity Center of Excellence (NCCoE) has published NIST

An alleged former member of the infamous Ryuk ransomware group has been extradited to the US

Sur fond de cyberattaques et de conflit avec Israël, l’Iran fait face à une coupure quasi totale de son accès à Internet. Les conséquences d'une décision politique et stratégique des autorités iraniennes. Il suffit de consulter les données d’IODA pour saisir l’ampleur du black-out en Iran : ce projet open-source,

Russian hackers used Gmail app passwords and fake State Dept. emails to access inboxes of academics.

Pro-Israel Predatory Sparrow Group steals $90m in crypto from Iranian exchange Nobitex

Meta is bringing passkey support to Facebook, Messenger, and Meta Pay, aiming to boost mobile login security

A member of the notorious Ryuk ransomware operation who specialized in gaining initial access to corporate networks has been extradited to the United States.

Linux systems face critical local privilege escalation threats via CVE-2025-6018/6019 flaws—users must patch now.

Miami, June 18, 2025, CyberNewswire -- Halo Security today announced that its attack surface management solution has been named a 2025 MSP Today Product of the Year Award winner by TMC, a leading global media company recognized for building communities in technology and business through live events and digital marketing platforms. The MSP Today Product

The pro-Israel "Predatory Sparrow" hacking group claims to have stolen over $90 million in cryptocurrency from Nobitex, Iran's largest crypto exchange, and burned the funds in a politically motivated cyberattack.

Data breach at Healthcare services company Episource exposes personal and health data of over 5.4 million people in major cyberattack.

Instagram ads impersonating financial institutions like Bank of Montreal (BMO) and EQ Bank (Equitable Bank) are being used to target Canadian consumers with phishing scams and investment fraud. Some ads use AI-powered deepfake videos in an attempt to collect your personal information, while others drive traffic to phishing pages.

North Korean advanced persistent threat (APT) 'BlueNoroff' (aka 'Sapphire Sleet' or 'TA444') are using deepfake company executives during fake Zoom calls to trick employees into installing custom malware on their computers.

In this edition, Thor shares how a week off with a new car turned into a crash course in modern vehicle tech. Surprisingly, it offers many parallels to cybersecurity usability.