Latest CyberSec News by @thecyberpicker

This is news: A data broker owned by the country’s major airlines, including Delta, American Airlines, and United, collected U.S. travellers’ domestic flight records, sold access to them to Customs and Border Protection (CBP), and then as part of the contract told CBP to not reveal where the data came from, according to internal CBP documents obtained by 404 Media. The data includes passenger names, their full flight itineraries, and financial details. Another article.

A recent Kaspersky report offers a rare glimpse into the alleged arsenal of politically motivated hackers waging a digital war against authoritarian regimes in Russia and Belarus.

La Commission européenne lance deux nouveaux appels à projets pour un montant total de 145,5 millions d'euros afin de soutenir la sécurité...-Cybersécurité

Huge list of tools presented at various Black Hat conferences, how attackers evade modern EDR, OpenAI's report on threat actor campaigns they've disrupted

A crypto CEO shared his screen. What happened next unraveled his digital life.

A Veracode report reveals that government networks have accumulated years of unresolved security flaws, putting them at serious risk of exploitation.

Alors que les start-up françaises spécialisées dans la sécurité informatique lèvent davantage de fonds, le nombre d'opérations chute nettement...-Cybersécurité

Hackers have been using the TeamFiltration pentesting framework to target more than 80,000 Microsoft Entra ID accounts at hundreds of organizations worldwide.

Researchers revealed Wednesday that they have confirmed Paragon spyware on an Apple product amid an unfolding surveillance scandal in Italy.

This week in cybersecurity from the editors at Cybercrime Magazine

New TokenBreak Attack Bypasses AI Moderation with Single-Character Text Changes | Read more hacking news on The Hacker News cybersecurity news website and learn how to protect against cyberattacks and software vulnerabilities.

Microsoft announced that a new Edge feature allowing employees to share passwords more securely in enterprise environments has reached general availability.

Yes24, a South Korean ticketing platform and online bookseller, has been disrupted for days after a ransomware attack, with effects rippling into K-pop concerts, theater performances and more.

Two vulnerabilities in SinoTrack GPS devices can allow remote vehicle control and location tracking by attackers, US CISA warns.

Invisible AI agent identities expose organizations to attacks, risking data and cloud security.

CSA’s AI Trustworthy Pledge is a commitment that signals an organization's dedication to four foundational principles that should underpin every AI initiative.

The cybersecurity provider also implemented recent fixes in Chromium that affected its Prisma Access Browser

GitLab has released security updates to address multiple vulnerabilities in the company's DevSecOps platform, including ones enabling attackers to take over accounts and inject malicious jobs in future pipelines.

...-Le récap' cyber

A new attack on Adobe Commerce may break the menu bar for admin users. If your menu bar is missing, someone is stealing your session via CVE-2025-47110.

70% of secrets from 2022 remain active in 2025, putting enterprises’ machine identities at risk of breaches and compliance failures.

Critical zero-click AI vulnerability EchoLeak exposed sensitive Microsoft 365 Copilot data; Microsoft patched it to prevent data leaks.

Secure enterprise DNS with posture management: gain visibility, detect phishing domains, plus certificate and PQC monitoring.

In today’s digital enterprise, API-driven infrastructure is the connective tissue holding everything together. Related: The DocuSign API-abuse hack From mobile apps to backend workflows, APIs are what keep digital services talking—and scaling. But this essential layer of connectivity is also where attackers are gaining traction, often quietly and with alarming precision. Jamison Utter, a cybersecurity

The new NIST guidance sets out 19 example implementations of zero trust using commercial, off-the-shelf technologies

Microsoft has released an emergency Windows 11 24H2 update to address an incompatibility issue triggering restarts with blue screen of death (BSOD) errors on systems with Easy Anti-Cheat.

Des chercheurs israéliens ont prouvé que les montres connectées, objets du quotidien, peuvent servir à dérober des données sensibles depuis des ordinateurs pourtant totalement coupés d’Internet. Leur méthode, baptisée SmartAttack, repose sur la transmission de données par ultrasons et révèle une faille insoupçonnée

Europol warns of “vicious circle” of data breaches and cybercrime

Fog ransomware hackers are using an uncommon toolset, which includes open-source pentesting utilities and a legitimate employee monitoring software called Syteca.