Latest CyberSec News by @thecyberpicker

DoNot APT targets European ministries with malware, expanding from South Asia to global cyber espionage.

The EU has taken a bold, proactive stance with one of the world’s most comprehensive regulatory frameworks for cybersecurity and data protection.

CVE-2025-47981 has the “unfortunate hallmarks of becoming a significant problem,” said WatchTowr’s CEO

This week in cybersecurity from the editors at Cybercrime Magazine

Automate malware alert workflows with Tines, using CrowdStrike and Slack to streamline threat triage and improve response time

U.S. sanctions disrupt North Korean IT worker fraud scheme using stolen U.S. IDs to fund WMD programs.

Researchers have discovered a campaign of malicious browser extensions that were available in the official Chrome and Edge web stores.

This time it’s the Swedish prime minister’s bodyguards. (Last year, it was the US Secret Service and Emmanuel Macron’s bodyguards. in 2018, it was secret US military bases.) This is ridiculous. Why do people continue to make their data public?

The US allege that the hacker stole critical COVID-19 research from universities at the behest of the Chinese government

AI coding assistants accelerate development, but they also introduce security risks. Learn how AI-generated code introduces risk and how to stay ahead.

The addition of a backdoor to the Atomic macOS Stealer marks a pivotal shift in one of the most active macOS threats, said Moonlock

Chinese national Xu Zewei arrested in Milan for links to Silk Typhoon and cyber attacks on U.S. agencies, including Microsoft Exchange breaches

Hackers are abusing the legitimate red teaming tool Shellter to spread stealer malware after a licensed copy was leaked.

M&S chairman Archie Norman provided more insights into the April ransomware attack, but did not confirm whether a payment was made to the attackers

Microsoft’s July 2025 Patch Tuesday update resolves 130 vulnerabilities, including critical RCE and SQL Server flaws.

Microsoft today released updates to fix at least 137 security vulnerabilities in its Windows operating systems and supported software. None of the weaknesses addressed this month are known to be actively exploited, but 14 of the flaws earned Microsoft's most-dire…

Researchers are especially concerned about a high-severity defect in SQL Server and a critical vulnerability in SPNEGO, a foundational protocol.

The court vacated the district court’s decision to dismiss the case against NSO Group, saying it abused its discretion in doing so.

U.S. authorities charged the man and a co-conspirator with hacking COVID-19 researchers at U.S. universities and kicking off a cyberattack spree targeting Microsoft Exchange servers.

Microsoft released Patch Tuesday security updates for July 2025, which addressed 130 flaws, including one a Microsoft SQL Server zero-day.

Here is an overview of the CIS Benchmarks that the Center for Internet Security (CIS) updated or released for July 2025.

Microsoft has released its monthly security update for July 2025, which includes 132 vulnerabilities affecting a range of products, including 14 that Microsoft marked as “critical.”

The arrest came at the request of the United States, which hailed the development as a sign that patience in pursuing cybercriminals in court is rewarded.

M&S confirmed today that the retail outlet's network was initially breached in a "sophisticated impersonation attack" that ultimately led to a DragonForce ransomware attack.

Samsung has announced multiple data security and privacy enhancements for its upcoming Galaxy smartphones running One UI 8, its custom user interface on top of Android.

Learn more about Microsoft's Secure Future and Initiative and eliminating high-privileged access across all Microsoft 365 applications.

The Justice Department confirmed the arrest in a statement, unsealing a nine-count indictment on Tuesday accusing Xu and co-defendant Zhang Yu of being involved in “computer intrusions between February 2020 and June 2021, including the indiscriminate HAFNIUM computer intrusion campaign that compromised thousands of computers worldwide, including in the United States.”

A North Korean man was the focus of Tuesday’s announcement, which also included a Russian man, his companies and North Korean firms.

A novel tapjacking technique can exploit user interface animations to bypass Android's permission system and allow access to sensitive data or trick users into performing destructive actions, such as wiping the device.

Italian police arrested a Chinese national linked to Silk Typhoon APT group at Milan's Malpensa Airport on a U.S. warrant.