Latest CyberSec News by @thecyberpicker

Identity & Access Management (IAM) is all about managing identities and access in the cloud. Key principles include least privilege and segregation of duties.

This report contains statistics on vulnerabilities and published exploits, along with an analysis of the most noteworthy vulnerabilities we observed in the first quarter of 2025.

Australia is now the first country to require ransomware victims to report if they make any extortion payments to their attackers.

This week in cybersecurity from the editors at Cybercrime Magazine

There’s a new cybersecurity awareness campaign: Take9. The idea is that people—you, me, everyone—should just pause for nine seconds and think more about the link they are planning to click on, the file they are planning to download, or whatever it is they are planning to share. There’s a website—of course—and a video, well-produced and scary. But the campaign won’t do much to improve cybersecurity. The advice isn’t reasonable, it won’t make either individuals or nations appreciably safer, and it deflects blame from the real causes of our cyberspace insecurities...

MultiCare used identity-based microsegmentation to boost uptime and cut ransomware-linked mortality by 28%.

Earth Lamia exploited SAP NetWeaver CVE-2025-31324 to breach Asian and Brazilian orgs since 2023.

As AI regulations expand globally, CISOs must balance innovation with compliance—adopting frameworks like GDPR, CCPA, and NIST AI RMF to stay secure.

Non-human service accounts have quietly become one of the biggest liabilities in enterprise security. Related: Why identity is the cornerstone of cyber defense These machine credentials — used to automate connections between systems — now outnumber humans by 30 to 1. That gap is likely even wider in cloud-intensive environments. Yet despite their scale, service

The FBI provided details of Funnull’s malicious activities, selling infrastructure to criminal groups to facilitate cryptocurrency fraud in the US

We’re proud to announce that PortSwigger has been awarded the prestigious King’s Award for Enterprise in the category of International Trade - a recognition that reflects our sustained international s

The UK MoD has unveiled a new Cyber and Electromagnetic Command, which will focus on offensive cyber operations and “electromagnetic warfare” capabilities

Funnull enabled $200M in U.S. crypto scam losses using AWS-based domains and DGAs to evade takedowns.

Security teams should use vulnerability context alongside KEV lists to prioritize patching, OX argued

ConnectWise breached by suspected nation-state actor in May 2025; Google Mandiant leads probe; flaw CVE-2025-3935 patched earlier.

Meta Shuts Down Covert Iranian, Chinese, and Romanian Influence Ops Using Fake Accounts in Q1 2025

The U.S. government today imposed economic sanctions on Funnull Technology Inc., a Philippines-based company that provides computer infrastructure for hundreds of thousands of websites involved in virtual currency investment scams, commonly known as “pig butchering." In January 2025, KrebsOnSecurity detailed…

The Microsoft Authenticator app is now issuing notifications warning that the password autofill feature is being deprecated in July, suggesting users move to Microsoft Edge instead.

Mozilla has rolled out an emergency Firefox 139.0.1 update after the Tuesday release caused graphical artifacts on PCs with NVIDIA GPUs.

Researchers have previously linked the suspected threat actor, dubbed ViciousTrap, to the exploitation of Cisco routers.

Company executives said there was no indication the incident was the result of a security issue.

The one and only situational awareness platform OS-Surveillance is evolving faster than ever, integrating powerful new data sources and innovative features designed to make real-time geospatial intelligence gathering super intuitive. In today’s episode, I will walk you through the latest enhancements to the platform and share insights into the world of live geospatial OSINT. We will explore why geospatial context is crucial for situational awareness, how to harness real-time data feeds effecti

The defendants will increase reporting on spoofing, create a compliance team or AI and conduct regular training for staff on how to identify deceptive messages and the dangers of misinformation in U.S. elections.

I hadn’t known that the NGC 1068 galaxy is nicknamed the “Squid Galaxy.” It is, and it’s spewing neutrinos without the usual accompanying gamma rays.

The Treasury Department on Thursday sanctioned Philippines-based Funnull Technology on Thursday for its role in "pig butchering schemes."

IT management software firm ConnectWise says a suspected state-sponsored cyberattack breached its environment and impacted a limited number of ScreenConnect customers.

The company said it “recently learned of suspicious activity” within its environment that it believes “was tied to a sophisticated nation state actor, which affected a very small number of ScreenConnect customers.”

Microsoft Deputy CISO Yonatan Zunger shares tips and guidance for safely and efficiently implementing AI in your organization.

Threat actors continue to develop and leverage various techniques that aim to compromise cloud identities. Despite advancements in protections like multifactor authentication (MFA) and passwordless solutions, social engineering remains a key aspect of phishing attacks. Implementing phishing-resistant solutions, like passkeys, can improve security against these evolving threats.

Talos Content Manager Amy introduces themself, shares her unconventional journey into cybersecurity and reports on threats masquerading as AI installers.