Latest CyberSec News by @thecyberpicker

The FBI says mainly Chinese-made IoT devices pose a threat from Badbox 2.0 malware

Cyber threats like ransomware and malware are rising fast, hitting firms like Frederick Health and Marks & Spencer. Defense needs layers, adaptability and vigilance.

A list of topics we covered in the week of June 1 to June 7 of 2025

OpenAI banned ChatGPT accounts tied to Russian, Chinese, and Iranian hackers using AI for malware and influence campaigns.

Microsoft Windows 11 Version 24H2 Cross Device Service - Elevation of Privilege. CVE-2025-24076 . local exploit for Windows platform

ProSSHD 1.2 20090726 - Denial of Service (DoS). CVE-2024-0725 . remote exploit for Windows platform

TightVNC 2.8.83 - Control Pipe Manipulation. CVE-2024-42049 . local exploit for Multiple platform

Laravel Pulse 1.3.1 - Arbitrary Code Injection. CVE-2024-55661 . webapps exploit for PHP platform

A new variant of the Mirai malware botnet is exploiting a command injection vulnerability in TBK DVR-4104 and DVR-4216 digital video recording devices to hijack them.

A phishing campaign infects 722 users with malicious browser extensions in Latin America to steal bank login data.

Supply chain attack infects 16 GlueStack npm packages used by 1M weekly users, enabling malware that steals data and controls systems.

Au programme, des techniques comme le « Peel Chain », des mixeurs ou encore des services d'échange opaques. Ce 4 mars, Ben Zhou, le P-DG de la plateforme d'échange Bybit, a une mauvaise nouvelle à annoncer sur le réseau social X. Un peu plus de dix jours après le spectaculaire piratage de l'échangeur, un hack

Avoir un VPN pour se rendre sur Internet s'est largement démocratisé, grâce notamment à des campagnes marketing intensives de la part des fournisseurs. Mais quels sont les meilleurs VPN du moment au meilleur rapport qualité-prix ? Les VPN sont de plus en plus utilisés pour surfer l'esprit tranquille sur vos appareils

A phishing campaign infects 722 users with malicious browser extensions in Latin America to steal bank login data.

Two malicious packages have been discovered in the npm JavaScript package index, which masquerades as useful utilities but, in reality, are destructive data wipers that delete entire application directories.

A significant supply chain attack hit NPM after 15 popular Gluestack packages with over 950,000 weekly downloads were compromised to include malicious code that acts as a remote access trojan (RAT).

The day after my column dissecting Chris Sacca's viral outburst went live—his now-notorious claim that we are "super f**ked" by artificial intelligence—I stumbled onto another AI conversation that had already amassed over 10 million views: a roundtable debate hosted by Steven Bartlett on his widely watched YouTube show, Diary of a CEO. Related: Ordinary folks

The White House accused the Biden administration of trying to “sneak problematic and distracting issues into cybersecurity policy.”

President Donald Trump signed an executive order Friday that the White House says promotes developing secure software, adopting the latest encryption protocols, securing internet routing and rolling back parts of two executive orders.

Qilin ransomware now exploits Fortinet vulnerabilities to achieve remote code execution on impacted devices.

Southern New England is having the best squid run in years. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

On Thursday I testified before the House Committee on Oversight and Government Reform at a hearing titled “The Federal Government in the Age of Artificial Intelligence.” The other speakers mostly talked about how cool AI was—and sometimes about how cool their own company was—but I was asked by the Democrats to specifically talk about DOGE and the risks of exfiltrating our data from government agencies and feeding it into AIs. My written testimony is here. Video of the hearing is here.

Le Département de la Justice américain (DOJ) a déposé une plainte pour geler plus de 7,7 millions de dollars sous la forme de cryptomonnaies, NFT et autres actifs numériques. Une somme relativement modeste, mais qui cache un plus vaste réseau international de blanchiment d’argent orchestré par la Corée du Nord. Le

A new malware campaign tricks macOS users with fake Spectrum CAPTCHA sites to steal passwords and deliver Atomic Stealer malware.

Microsoft has released a PowerShell script to help restore an empty 'inetpub' folder created by the April 2025 Windows security updates if deleted. As Microsoft previously warned, this folder helps mitigate a high-severity Windows Process Activation privilege escalation vulnerability.

How to update Chrome browser on every Operating System (Windows, Mac, Linux, Chrome OS, Android, iOS)

U.S. tax resolution firm Optima Tax Relief suffered a Chaos ransomware attack, with the threat actors now leaking data stolen from the company.

ChatGPT developer Open AI has been ordered to maintain user chats as it battle a lawsuit from The New York Times and other publishers.

Face à l'accroissement des menaces cyber, l'Union européenne révise son "Cyber Blueprint". Adopté par le Conseil de l'UE, ce cadre stratégique...-Cybersécurité

Healthcare giant Kettering Health, which manages 14 medical centers in Ohio, confirmed that the Interlock ransomware group breached its network and stole data in a May cyberattack.