Latest CyberSec News by @thecyberpicker

A large-scale malware campaign known as SarangTrap has been observed using fake dating apps to steal personal data, targeting South Korean users

The US FBI has issued public announcements warning families of The Com, an online criminal network involving minors in various illicit activities

Cisco Talos’ Vulnerability Discovery & Research team recently disclosed five vulnerabilities in Bloomberg Comdb2.   Comdb2 is an open source, high-availability database developed by Bloomberg. It supports features such as clustering, transactions, snapshots, and isolation. The implementation of the database utilizes optimistic locking for concurrent operation. The vulnerabilities mentioned in this blog post have been patched by the vendor, all in adherence to Cisco’s third-party vulnerability

Sophos and SonicWall patched critical RCE flaws in firewall and SMA 100 products affecting select users.

Automatically generating fuzzing harnesses and vulnerability proof-of-concepts, 5 incentives security programs should pursue, it's always DNS

A group dubbed 'Fire Ant' is targeting VMware ESXi hypervisors, a type of software that controls and hosts virtual machines for enterprise networks.

With more platforms and governments asking for age verification, we look at the options and the implications.

Hackers compromised Toptal's GitHub organization account and used their access to publish ten malicious packages on the Node Package Manager (NPM) index.

Microsoft said Chinese actor Storm-2603 is deploying Warlock ransomware following the exploitation of vulnerabilities in on-prem SharePoint systems

As companies feel mounting pressure to document cybersecurity controls & demonstrate risk maturity, we are witnessing the latest GRC wave—the AI revolution.

SonicWall addressed a critical vulnerability, tracked as CVE-2025-40599 (CVSS score of 9.1), in SMA 100 appliances

Malwarebytes Trusted Advisor has had an update, and it's now sharper, smarter, and more helpful than ever.

Lower rates for creating unique passwords, buying items from known websites, and using antivirus leave iPhone users at risk to online scams.

Investigators assessed that the criminal group’s stolen funds amount to €580,000

The agency released three bulletins about the group — which is composed primarily of English-speaking minors who focus on attacks like ransomware, swatting and DDoS.

This week in cybersecurity from the editors at Cybercrime Magazine

The current state of digital identity is a mess. Your personal information is scattered across hundreds of locations: social media companies, IoT companies, government agencies, websites you have accounts on, and data brokers you’ve never heard of. These entities collect, store, and trade your data, often without your knowledge or consent. It’s both redundant and inconsistent. You have hundreds, maybe thousands, of fragmented digital profiles that often contain contradictory or logically impossible information. Each serves its own purpose, yet there is no central override and control to serve you—as the identity owner...

New stealth backdoor discovered in the WordPress mu-plugins folder, granting attackers persistent access and control over compromised sites

The DSPM market hit around $1.2 billion in 2024 and should grow to $4.5 billion by 2033 (≈16.5% CAGR). ......

Chinese hackers used fake Dalai Lama birthday apps to spy on Tibetans, risking community privacy and safety.

Continuous validation with Picus helped cut vulnerabilities by 50%, boosting security teams’ speed and effectiveness.

Discover 2025's top identity trends from Auth0. Learn how AI reshapes logins, trust, and security.

Cisco Talos Incident Response (Talos IR) recently observed attacks by Chaos, a relatively new ransomware-as-a-service (RaaS) group conducting big-game hunting and double extortion attacks.

The battle to fight misinformation continues.

SonicWall urges customers to patch SMA 100 series appliances against a critical authenticated arbitrary file upload vulnerability that can let attackers gain remote code execution.

Storm-2603 exploits SharePoint flaws to deploy Warlock ransomware, affecting 400+ victims. Microsoft urges mitigation.

Le régulateur des télécoms propose de faire évoluer la tactique contre les appels frauduleux, avec la mise en place d'un numéro générique un peu particulier. En effet, malgré le récent mécanisme d'authentification du numéro d'appelant, des usurpations continuent d'avoir lieu. Dans un avenir proche, votre écran de

En juillet 2025, l’Université russe de la Haute École d’Économie (HSE), l’une des institutions les plus prestigieuses du pays, a officiellement lancé un master consacré à la « conformité internationale ». Un terme vaste qui englobe également le contournement des sanctions occidentales. Deux ans pour former la

A Chinese hacking group is deploying Warlock ransomware on Microsoft SharePoint servers vulnerable to widespread attacks targeting the recently patched ToolShell zero-day exploit chain.

Wiz believes the active campaign is part of a broader crypto-scam infrastructure, which uses a wide range of exploitation techniques