Latest CyberSec News by @thecyberpicker

Bitcoin Depot, an operator of Bitcoin ATMs, is notifying customers of a data breach incident that has exposed their sensitive information.

Decentralized exchange GMX disabled trading after it “experienced an exploit." The heist involved more than $40 million in user funds.

The Microsoft Zero Trust workshop has been expanded to cover all six pillars of Microsoft's Zero Trust model, providing a comprehensive guide for organizations to modernize their security posture.

Taking your cyber security skills up a level? Use our comprehensive cheat sheet to ace your CompTIA Security+ exam and kickstart your cyber security career.

The chairman testified before British lawmakers following a major social-engineering attack on the department-store chain.

Multiple vulnerabilities that remain unpatched in Ruckus Wireless management products could be exploited to fully compromise the network environment they serve.

Scattered Spider (aka UNC3944, 0ktapus, & Muddled Libra) is one of the most dangerous threat clusters in operation. Their most damaging operations target ESXi.

The incident follows a notorious hacker gang’s pivot to targeting transportation companies with its trademark social-engineering attacks.

Ingram Micro has begun restoring systems and business services after suffering a massive SafePay ransomware attack right before the July 4th holiday.

The U.S. Department of the Treasury sanctioned cyber actor Song Kum Hyok for his association with North Korea's hacking group Andariel and for facilitating IT worker schemes that generated revenue for the Pyongyang regime.

Thousands of web pages falsely branded as popular news sites are conduits for fake cryptocurrency investment scams, researchers said.

A new vulnerability in ServiceNow, dubbed Count(er) Strike, allows low-privileged users to extract sensitive data from tables to which they should not have access.

MFA Authenticator apps aren't cutting it anymore. Attackers are bypassing legacy MFA with fake sites and real-time phishing. Token Ring and BioStick stop them cold—with fingerprint-bound hardware. Learn more from Token.

Nova Scotia Power revealed that a ransomware attack has prevented meters from sending energy usage data to its systems, impacting billing

DoNot APT targets European ministries with malware, expanding from South Asia to global cyber espionage.

The EU has taken a bold, proactive stance with one of the world’s most comprehensive regulatory frameworks for cybersecurity and data protection.

CVE-2025-47981 has the “unfortunate hallmarks of becoming a significant problem,” said WatchTowr’s CEO

This week in cybersecurity from the editors at Cybercrime Magazine

Automate malware alert workflows with Tines, using CrowdStrike and Slack to streamline threat triage and improve response time

U.S. sanctions disrupt North Korean IT worker fraud scheme using stolen U.S. IDs to fund WMD programs.

Researchers have discovered a campaign of malicious browser extensions that were available in the official Chrome and Edge web stores.

This time it’s the Swedish prime minister’s bodyguards. (Last year, it was the US Secret Service and Emmanuel Macron’s bodyguards. in 2018, it was secret US military bases.) This is ridiculous. Why do people continue to make their data public?

The US allege that the hacker stole critical COVID-19 research from universities at the behest of the Chinese government

AI coding assistants accelerate development, but they also introduce security risks. Learn how AI-generated code introduces risk and how to stay ahead.

The addition of a backdoor to the Atomic macOS Stealer marks a pivotal shift in one of the most active macOS threats, said Moonlock

Chinese national Xu Zewei arrested in Milan for links to Silk Typhoon and cyber attacks on U.S. agencies, including Microsoft Exchange breaches

Hackers are abusing the legitimate red teaming tool Shellter to spread stealer malware after a licensed copy was leaked.

M&S chairman Archie Norman provided more insights into the April ransomware attack, but did not confirm whether a payment was made to the attackers

Microsoft’s July 2025 Patch Tuesday update resolves 130 vulnerabilities, including critical RCE and SQL Server flaws.

Microsoft today released updates to fix at least 137 security vulnerabilities in its Windows operating systems and supported software. None of the weaknesses addressed this month are known to be actively exploited, but 14 of the flaws earned Microsoft's most-dire…