Latest CyberSec News by @thecyberpicker

Threat actors are abusing the trusted Google platform 'Google Apps Script' to host phishing pages, making them appear legitimate and eliminating the risk of them getting flagged by security tools.

Fake AI installers for ChatGPT and InVideo deliver ransomware and info-stealers via SEO scams and social ads, targeting businesses.

Funnull Technology supports “hundreds of thousands of websites” dedicated to the scams, otherwise known as pig butchering, according to the sanctions announcement by the Treasury Department’s Office of Foreign Assets Control.

Although stores are open, the company has also halted some in-store services as it works to fully restore operations.

A weakness in Apple's Safari web browser allows threat actors to leverage the fullscreen browser-in-the-middle (BitM) technique to steal account credentials from unsuspecting users.

The firm’s remote monitoring management tool, ScreenConnect, has reportedly been patched

The APT41 nation-state threat group is exploiting yet another cloud service to mask its operations, according to new research.

The U.S. Treasury Department has sanctioned Funnull Technology, a Philippines-based company that supports hundreds of thousands of malicious websites behind cyber scams linked to over $200 million in losses for Americans.

Threat actors linked to lesser-known ransomware and malware projects now use AI tools as lures to infect unsuspecting victims with malicious payloads.

Free Black Hat training by Microsoft's AI red team, a cloud security roadmap for your start-up, o3 finds an 0-day in the Linux kernel’s SMB implementation

This week in cybersecurity from the editors at Cybercrime Magazine

Malware with corrupted DOS and PE headers evades detection for weeks, decrypts TLS-based C2 and enables full attacker control.

Attackers are mapping your infrastructure before you even realize what's exposed. Sprocket ASM flips the script — giving you the same recon capabilities they use, plus change detection and actionable insights to close gaps fast. See your attack surface the way hackers do and beat them to it.

Legacy Privileged Access Management (PAM) quietly drains resources, stalls innovation, & introduces security risks. It’s time to consider a modern alternative.

Four porn sites are being investigated by the European Commission under its Digital Services Act (DSA) for allegedly failing to verify its users' ages properly.

Fullscreen Browser-in-the-Middle attacks are making it harder for users to detect malicious websites

Malwarebytes Browser Guard has a cool new feature to protect you against search hijacking.

Fortinet has identified a new Windows RAT operating stealthily on compromised systems with advanced evasion techniques

A man is facing a $450,000 AU fine after he published deepfake images of prominent Australian women on the now-defunct MrDeepfakes...

Google says China-linked group APT41 controlled malware via Google Calendar to target governments through a hacked site.

A threat actor has used ASUS routers’ legitimate features to create persistent backdoors that survive firmware updates and reboots

Cisco Talos has uncovered new threats, including ransomware like CyberLock and Lucky_Gh0$t, and a destructive malware called Numero, all disguised as legitimate AI tool installers to target victims.

Enkrypt AI's new report reveals critical safety flaws in multimodal models, exposing risks like CSEM content and CBRN info via hidden image prompts.

The only links are from The Daily Mail and The Mirror, but a marital affair was discovered because the cheater was recorded using his smart toothbrush at home when he was supposed to be at work.

Victoria's Secret, the fashion giant, has taken down its website and some store services because of an ongoing security incident

DragonForce exploited three SimpleHelp CVEs to hijack an MSP’s RMM tool, steal data, and deploy ransomware on customer systems.

A new EY report found that cybersecurity teams are a major vehicle for business growth, and CISOs should push for a seat at the top table

Executives are under digital siege—and most don't even know it. Related: Shareholders sue over murder At RSAC 2025, I sat down with Chuck Randolph, SVP of Strategic Intelligence and Security at 360 Privacy, to unpack a trend reshaping the threat landscape: the weaponization of personal data against corporate leaders and high-net-worth individuals. For a full

As climate-related risks become more frequent and severe, businesses must take proactive steps to safeguard their operations.

We recently hosted a webinar to introduce Burp Suite DAST, the new name for Burp Suite Enterprise Edition, the best-in-class, automated web application and API security scanning solution for modern Ap