Latest CyberSec News by @thecyberpicker

Qantas says nearly six million passengers were impacted by a recent data breach

Alors qu'en mars 2024, un tribunal californien avait jugé l'affaire d'espionnage opposant un média salvadorien au logiciel israélien Pegasus « entièrement étrangère », une cour d'appel fédérale a relancé ce dossier le 8 juillet 2025, au motif que les journalistes ont été espionnés via des serveurs américains. Pegasus

ServiceNow's CVE-2025-3648 flaw exposes sensitive data across multiple tables, impacting all users with misconfigured ACLs.

Microsoft is rolling out a new backup system in September for its Authenticator app on iOS, removing the requirement to use a Microsoft personal account to back up TOTP secrets and account names.

BOSTON, July 9, 2025, CyberNewswire -- Reflectiz, a leading cybersecurity company specializing in web exposure management, today announced a new integration with Datadog, Inc. (NASDAQ: DDOG), the monitoring and security platform for cloud applications. This integration combines advanced website security intelligence with enterprise-grade observability, empowering organizations with continuous visibility and control over their expanding attack

Microsoft has confirmed a widespread issue in Windows Server Update Services (WSUS) that prevents organizations from syncing with Microsoft Update and deploying the latest Windows updates.

Australian airline Qantas has confirmed that 5.7 million people have been impacted by a recent data breach, in which threat actors stole customers' data.

Witnesses at a Senate hearing Wednesday connected One Big Beautiful Bill provisions to potential cyber issues in the health care sector, much to GOP Sen. Bill Cassidy’s chagrin.

Google is sharing more information on how Chrome operates when Android mobile users enable Advanced Protection, highlighting strong security improvements.

Gold Melody uses ASP.NET vulnerabilities for long-term access, impacting various industries across Europe and the U.S.

U.S. authorities charged the man and a co-conspirator with hacking COVID-19 researchers and kicking off a cyberattack spree targeting Microsoft Exchange servers.

United States authorities have been warning of potential state-linked or hacktivist threats since the U.S. intervened in the Israel-Iran war.

Bitcoin Depot, which operates cryptocurrency ATMs across North America, says information belonging to more than 26,000 people was breached in an incident last year.

Bitcoin Depot, an operator of Bitcoin ATMs, is notifying customers of a data breach incident that has exposed their sensitive information.

Decentralized exchange GMX disabled trading after it “experienced an exploit." The heist involved more than $40 million in user funds.

The Microsoft Zero Trust workshop has been expanded to cover all six pillars of Microsoft's Zero Trust model, providing a comprehensive guide for organizations to modernize their security posture.

Taking your cyber security skills up a level? Use our comprehensive cheat sheet to ace your CompTIA Security+ exam and kickstart your cyber security career.

The chairman testified before British lawmakers following a major social-engineering attack on the department-store chain.

Multiple vulnerabilities that remain unpatched in Ruckus Wireless management products could be exploited to fully compromise the network environment they serve.

Scattered Spider (aka UNC3944, 0ktapus, & Muddled Libra) is one of the most dangerous threat clusters in operation. Their most damaging operations target ESXi.

The incident follows a notorious hacker gang’s pivot to targeting transportation companies with its trademark social-engineering attacks.

Ingram Micro has begun restoring systems and business services after suffering a massive SafePay ransomware attack right before the July 4th holiday.

The U.S. Department of the Treasury sanctioned cyber actor Song Kum Hyok for his association with North Korea's hacking group Andariel and for facilitating IT worker schemes that generated revenue for the Pyongyang regime.

Thousands of web pages falsely branded as popular news sites are conduits for fake cryptocurrency investment scams, researchers said.

A new vulnerability in ServiceNow, dubbed Count(er) Strike, allows low-privileged users to extract sensitive data from tables to which they should not have access.

MFA Authenticator apps aren't cutting it anymore. Attackers are bypassing legacy MFA with fake sites and real-time phishing. Token Ring and BioStick stop them cold—with fingerprint-bound hardware. Learn more from Token.

Nova Scotia Power revealed that a ransomware attack has prevented meters from sending energy usage data to its systems, impacting billing

DoNot APT targets European ministries with malware, expanding from South Asia to global cyber espionage.

The EU has taken a bold, proactive stance with one of the world’s most comprehensive regulatory frameworks for cybersecurity and data protection.