Latest CyberSec News by @thecyberpicker

Erie Insurance reveals suspected network breach and ongoing outage

ConnectWise rotates ScreenConnect certificates by June 13 after config data concerns, impacting on-prem users to prevent remote access risks.

A new ATO campaign using TeamFiltration breached 80,000+ Microsoft Entra ID accounts via password spraying, impacting hundreds of cloud tenants

The organizations say a reintroduced version of the bill would “break” encryption for most Americans and make it impossible for end-to-end encrypted service providers to avoid lawsuits.

ChatGPT o3, which has been available via API, is now 80% cheaper for developers, and there's no visible impact on performance.

Flight data of US customers is being sold by several airlines through a joint data broker sending contracts to ICE and CBP.

A new attack dubbed 'SmartAttack' uses smartwatches as a covert ultrasonic signal receiver to exfiltrate data from physically isolated (air-gapped) systems.

Erie Insurance and Erie Indemnity Company have disclosed that a weekend cyberattack is behind the recent business disruptions and platform outages on its website.

Operation Secure targeted malicious IPs, domains and servers used for infostealer operations that claimed more than 216,000 victims.

In a US Senate hearing, 23andMe was questioned about the impending take-over of the company and its trove of genetic data

A new attack dubbed 'EchoLeak' is the first known zero-click AI vulnerability that enables attackers to exfiltrate sensitive data from Microsoft 365 Copilot from a user's context without interaction.

The CVE program publishes standardized information about known cyber vulnerabilities, while the NVD is a storehouse for vulnerability management data.

Black Basta affiliates use Teams phishing, Python scripts, and cURL to attack finance, insurance, and construction sectors.

AWS CSO Stephen Schmidt says AI is transforming the way the company does security reviews and incident response.

Catastrophic outages don’t just crash systems — they expose assumptions. Related: Getting the most from cyber insurance At RSAC 2025, I met with ESET Chief Security Evangelist Tony Anscombe to trace a quiet but growing convergence: endpoint defense, cyber insurance, and monoculture risk are no longer separate concerns. They’re overlapping — and reshaping how security

Cisco Talos’ Vulnerability Discovery & Research team recently disclosed three zero-day vulnerabilities in catdoc, as well as vulnerabilities in Parallel, NVIDIA and High-Logic FontCreator 15.

Researchers said the vulnerability, dubbed “EchoLeak,” could allow a hacker to access data without any specific user interaction.

Un nouveau type d'arnaque vise actuellement les professionnels du recrutement sur LinkedIn et Indeed. Derrière des profils de candidats qui semblent tout à fait ordinaires se cache le groupe cybercriminel FIN6. Son but : gagner la confiance des recruteurs, infiltrer les systèmes informatiques des entreprises et

Nearly 2,000 people were arrested and millions of dollars in illicit funds were seized in an operation coordinated by Singapore police against Asian scam operations.

A global law enforcement crackdown on information-stealing malware led to the arrest of 32 suspects and the dismantling of more than 20,000 malicious IP addresses and domains linked to cybercrime.

The grocery company had to entirely shut down its network following the intrusion and is serving customers on only a “limited basis” as it works to recover, CEO Sandy Douglas said.

Microsoft confirmed on Tuesday that it's pushing a revised security update targeting some Windows 11 24H2 systems incompatible with the initial update released during this month's Patch Tuesday.

Authorities in three countries arrested 32 people and seized dozens of servers.

An APT hacking group known as 'Stealth Falcon' exploited a Windows WebDav RCE vulnerability in zero-day attacks since March 2025 against defense and government organizations in Turkey, Qatar, Egypt, and Yemen.

Coordinated brute-force attacks target Tomcat Manager; exposed cameras leak sensitive data globally.

A coordinated campaign of brute-force attacks using hundreds of unique IP addresses targets Apache Tomcat Manager interfaces exposed online.

The legislation aims to expand the federal government’s role in helping healthcare providers protect and respond to cyber-attacks

An international law enforcement action codenamed "Operation Secure" targeted infostealer malware infrastructure in a massive crackdown across 26 countries, resulting in 32 arrests, data seizures, and server takedowns.

AI agents aren’t foolproof, but they could soon replace some of the most common tasks for cyber defenders.