Latest CyberSec News by @thecyberpicker

UNC6040 uses vishing to impersonate IT support, deceiving victims into granting access to their Salesforce instances.

Details on the voice phishing (vishing) threat, and strategic recommendations and best practices to stay ahead of it.

A hacker targets other hackers, gamers, and researchers with exploits, bots, and game cheats in source code hosted on GitHub that contain hidden backdoors to give the threat actor remote access to infected devices.

Think your passwords are strong enough? AS-REP Roasting is back in the spotlight — and it's targeting weak spots in Active Directory. Learn more from Specops Software how attackers exploit missing Kerberos pre-auth and how to stop them with strong password policies.

Google has observed hackers claiming to be the ShinyHunters extortion group conducting social engineering attacks against multi-national companies to steal data from organization's SalesForce platforms.

Agentic AI systems could threaten security and data privacy, unless organizations test each model and component

The parent company of apparel brand The North Face sent data breach notification letters to about 3,000 customer accounts, saying attackers used the technique known as credential stuffing.

Explore event-driven identity systems that enable real-time access decisions, improve security posture, and support zero trust strategies.

This week in cybersecurity from the editors at Cybercrime Magazine

Legacy DLP tools miss 70% of data leaks now happening in-browser across SaaS and AI apps. Learn why this matters.

A phishing campaign spoofing Booking.com has been observed targeting hospitality sector, using ClickFix to install malware

The attacks on UK retailers are “a wake-up call” for the industry, said River Island’s Information Security Officer

Lors du salon Computex 2025 qui se tenait à Taïwan il y a quelques jours, Synology a dévoilé une solution de surveillance, C2 Backup for Surveillance, à destination des entreprises. Ses points forts : elle est très simple à mettre en place, peu coûteuse et s’appuie sur l’expertise de Synology dans le stockage de

Sophos has uncovered a scheme planting malicious code in 130+ GitHub repositories, targeting hackers and gamers

The Acreed malware, which emerged earlier this year, is gaining ground with cybercriminals who otherwise might have used the Lumma infostealer, researchers said.

A critical flaw in Roundcube webmail, undetected for 10 years, allows attackers to take over systems and execute arbitrary code.

Stolen devices are a bigger cause of data loss than stolen credentials or ransomware, according to a new Blancco study

Malicious packages on npm, PyPI, and Ruby exfiltrate wallets, delete projects, and exploit AI tools—threatening developers and CI/CD pipelines.

You can read the details of Operation Spiderweb elsewhere. What interests me are the implications for future warfare: If the Ukrainians could sneak drones so close to major air bases in a police state such as Russia, what is to prevent the Chinese from doing the same with U.S. air bases? Or the Pakistanis with Indian air bases? Or the North Koreans with South Korean air bases? Militaries that thought they had secured their air bases with electrified fences and guard posts will now have to reckon with the threat from the skies posed by cheap, ubiquitous drones that cFan be easily modified for military use. This will necessitate a massive investment in counter-drone systems. Money spent on conventional manned weapons systems increasingly looks to be as wasted as spending on the cavalry in the 1930s...

Zero Trust security requires organizations to rethink how they define trust and enforce controls. John Kindervag reveals 4 truths that are often missed.

A simple customer query leads to a rabbit hole of backdoored malware and game cheats

Les fournisseurs de VPN seront vraisemblablement les grands gagnants de la décision de trois gros sites pornographiques (Pornhub, RedTube et YouPorn) de quitter le marché français. Ces sites protestent ainsi contre les règles françaises de contrôle obligatoire de l'âge sous peine de blocage. D'ores et déjà, les

U.S. CISA adds multiple Qualcomm chipsets flaws to its Known Exploited Vulnerabilities catalog...............

Startups at Infosecurity Europe focus on attack surface management and improving security data, even as some new vendors avoid AI-led marketing

Rapid7 found that 56% of all compromises in Q1 2025 resulted from the theft of valid account credentials with no MFA in place

HPE patches 8 StoreOnce flaws, including CVE-2025-37093, risking RCE and auth bypass—users must update now

OpenAI's next big foundational model is GPT-5, and the AI startup is hoping that the model will compete a little more with rivals.

Hewlett Packard Enterprise (HPE) has issued a security bulletin to warn about eight vulnerabilities impacting StoreOnce, its disk-based backup and deduplication solution.

ChatGPT's memory feature is now better and capable of referencing past conversations for free accounts.

U.S. CISA adds ASUS RT-AX55 devices, Craft CMS, and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities catalog.