Latest CyberSec News by @thecyberpicker

Iranian man pleads guilty to role in Baltimore ransomware attack tied to Robbinhood, admitting to computer and wire fraud conspiracy.

Adidas, le géant allemand de l’équipement sportif, vient d’alerter ses clients sur une nouvelle fuite de données, la troisième cette année. Particularité : la brèche ne vient pas de ses propres serveurs, mais d’un prestataire chargé du service client, exposant des informations personnelles supplémentaires.  Dans un

A Vietnam-nexus hacking group distributes infostealers and backdoors via social media ads promoting fake AI generator websites

Reactive security isn’t just outdated — it’s become a liability. Attackers have figured out how to weaponize speed, and defenders are struggling to keep pace. Related: Mastering adversary emulation At RSAC 2025, I spoke with Derek Manky, Chief Security Strategist and Global VP of Threat Intelligence at Fortinet’s FortiGuard Labs, about how and why the

A newly-discovered Russian group, Void Blizzard, has successfully compromised organizations in critical industries, Microsoft warned

Cary, North Carolina, 28th May 2025, CyberNewsWire

Apple prevented $2B in App Store fraud in 2024 by blocking fake apps, users, and stolen payments.

The DragonForce ransomware operation successfully breached a managed service provider and used its SimpleHelp remote monitoring and management (RMM) platform to steal data and deploy encryptors on downstream customers' systems.

Zscaler announced Tuesday its intention to acquire Red Canary, a company known for Managed Detection and Response (MDR) services, to boost its ability to integrate artificial intelligence, automation and human expertise into its offerings.

Sina Gholinejad pleaded guilty to two counts in a scheme that most visibly hit the city of Baltimore, causing $19 million in damages.

The DragonForce ransomware operation successfully breached a managed service provider and used its SimpleHelp remote monitoring and management (RMM) platform to steal data and deploy encryptors on downstream customers' systems.

A Vietnam-based group has spread thousands of advertisements, fake websites and social media posts promising access to popular prompt-to-video AI generation tools, delivering infostealers and backdoors instead.

Authorities said malware linked to Russia-based cybercrime group infected more than 300,000 computers around the world with the malicious code.

The maker of patient monitoring devices said the incident will not have a material effect on its updated financial outlook.

Laundry Bear, a group recently identified by Dutch intelligence and security services, stole work-related contact details on the Netherlands’ national police force in September 2024, Microsoft researchers said.

Fake Bitdefender site spreads Venom RAT via Bitbucket and Amazon S3, targeting crypto wallets and 2FA codes.

Sina Gholinejad admitted to using the Robbinhood ransomware variant to extort ransom payments from dozens of victims.

An Iranian national has pleaded guilty to participating in the Robbinhood ransomware operation, which was used to breach the networks, steal data, and encrypt devices of U.S. cities and organizations in an attempt to extort millions of dollars over a five-year span.

A Russian court sentenced a former hospital programmer to 14 years in a high-security penal colony for allegedly leaking personal data of Russian soldiers to Ukraine, authorities said.

The city filed breach notification letters with regulators seven months after a ransomware gang accessed systems.

I believe we're at the beginning of something extraordinary.  Today's AI agents are already impressive—they're helping software engineers write code, assisting site reliability teams in troubleshooting systems, and handling a variety of analytical tasks. Yet, as capable as these specialized agents are becoming, we're just beginning to glimpse their potential. The next wave of changes is approaching fast, bringing capabilities that will transform how we work across a wide variety of fields.   At Microsoft, we believe the next 12–24 months will fundamentally change the AI agent space. Instead of simply responding to requests, agentic systems will start working independently, spotting problems, suggesting solutions, and carrying context across conversations. The difference might seem small at first, but you'll notice it when your agent starts to proactively help you solve problems rather than just follow instructions. To support this future, we need to evolve the identity standards that underpin how agents access data and act across connected systems—from APIs, code repositories, and data warehouses, to productivity tools, enterprise systems, and sensitive business processes. It starts with OAuth 2. What’s changing?  At Microsoft, we’re building a robust and sophisticated set of agents. Recently, we launched the public preview of our new Conditional Access Optimizer Agent. It’s a multi-functional AI agent that:  Analyzes an organization’s Conditional Access policies Identifies security gaps Recommends policy improvements and simplifications Deploys new policies in pilot mode Ensures new users and apps are protected  We’ve also been extensively investing in agents for developer and operations workflows, such as the SWE and SRE agents to help teams boost their productivity when writing and maintaining their applications. As new AI-driven scenarios are introduced, we anticipate an emerging flood of rich, smart, multi-functional, and autonomous agents.   AI agents will augment and amplify the capabilities of an organization. Marketing agents could propose full digital marketing campaign plans, refine and update them based on feedback, and then when the plans are approved, execute them end-to-end. Engineering agents could autonomously create specifications for new features, as well as start to build and test them with minimal human interactions. You might’ve already seen some of these experiences at this year’s Microsoft Build conference. We could see all kinds of agents helping people to manage compliance, onboard new employees, or even run parts of their IT operations more efficiently.  But here’s the thing: today’s OAuth 2 standards weren’t built for the world of AI agents. Some existing efforts, like RFC 9396 – OAuth 2.0 Rich Authorization Requests, set some of the fundamental ideas in motion, but we believe we need a more scalable solution for AI-first scenarios.  Why OAuth 2 needs an update  OAuth 2 works well for today’s task-focused agents that act on behalf of a user. But as agents become more autonomous and capable, a new set of authorization requirements surfaces. Agents need much more granular permissions, and they need to be dynamic, easily revokable, yet auditable. They need to be able to interact securely with other agents across different trust boundaries, as well as handle scenarios where the ownership of an agent changes on the fly. To enable these capabilities, we need to drive a set of changes to existing standards to support them, unlocking the ability of enterprises to adopt them while maintaining compliance and confidence in the security of their data.  Here’s what we think needs to change:  Recognize Agent IDs as first-class actors: Agents need to be distinct from clients. They should have their own identity in the OAuth model. When an agent registers with an IDP, it should be able to register as an agent, not a client. When an agent accesses a resource, it should be able to represent that it is an agent. When a computer-using agent accesses a resource through a client, we need a standards-based approach to represent this interaction. Have a standard model for granting agents their own permissions: Agents should be able to act with their own defined set of privileges—not just proxy a user’s rights. Make agent actions transparent and traceable: We need a clear way to distinguish when an agent is acting:  On behalf of a user  On its own behalf  On behalf of another agent or a chain of agents This is critical for forensics, policy enforcement, and trust. Enable permission discovery and delegation: Agents should be able to discover the permissions required to perform a task and request them—either directly from the user, from an upstream agent, or through a chain of upstream agents ultimately linked to the user. Support for fine-grained, resource specific, least-privilege access: We need updates to the OAuth scopes model to support common approaches to identifying a specific subset of resources a user can delegate access to. For example:  A collection or container of resources, such as all photos from last week   A node in a hierarchy of resources, such as all files in the /taxinfo directory  A specific class or category of resource, like high business impact or confidential  A query, such as SELECT * FROM my_emails WHERE sender LIKE ‘%@microsoft.com’ A specific resource, like {customer_ID, 12345}    We believe this set of targeted updates will give users and organizations the controls, visibility, specificity, and granularity necessary to realize the incredible transformative potential of AI agents.  Let’s build this together  We’re excited about the future of AI agents. But we also know that to get there, we need to evolve the standards that make secure delegation possible. We’re looking forward to working with our partners in the broader OAuth community, the Model Context Protocol (MCP), and Agent-to-Agent (A2A) protocol steering committees, as well as the machine identity ecosystem to define the right path forward. Microsoft’s recent work in helping shape a more robust authorization specification for MCP together with the broader security community and Anthropic is just the beginning.  If you’re attending Identiverse in Las Vegas next week, I hope you’ll reserve a seat for the AI Agents and the Future of Identity roundtable discussion on Wednesday at 7:15 a.m. with breakfast. You can also drop by the booth or request a meeting at Identiverse with Microsoft Security.   Let’s make sure the next generation of AI agents is not just powerful—but secure, trustworthy, and standards-based.  - Alex P.S.: If you’re working in this space, I’d love to hear from you! Drop a note in the comments below.     Read more on AI agent innovation from Microsoft Security    Microsoft extends Zero Trust to secure the agentic workforce | Microsoft Security Blog Announcing Microsoft Entra Agent ID: Secure and manage your AI agents | Microsoft Community Hub Microsoft unveils Microsoft Security Copilot agents and new protections for AI | Microsoft Security Blog Microsoft Entra Conditional Access optimization agent - Microsoft Entra ID | Microsoft Learn   Learn more about Microsoft Entra   Prevent identity attacks, ensure least privilege access, unify access controls, and improve the experience for users with comprehensive identity and network access solutions across on-premises and clouds.  ⁠Microsoft Entra News and Insights | Microsoft Security Blog Microsoft Entra blog | Tech Community ⁠Microsoft Entra documentation | Microsoft Learn Microsoft Entra discussions | Microsoft Community  

According to police in Guangzhou, the group — allegedly linked to Taiwan’s ruling Democratic Progressive Party (DPP) — has targeted more than 1,000 key networks in over 10 Chinese provinces.

Malware campaign exploits exposed Docker APIs to mine Dero, spread worm-like, and persist in containers.

Les services de renseignement des Pays-Bas ont attribué le vol de données de la police du pays, en septembre dernier, à un groupe de...-Cybersécurité

Massachusetts-based MathWorks provided an update to customers on Monday after initially reporting outages on May 18, confirming that it experienced a ransomware attack that took down online applications and internal systems used by staff.

A targeted cyber-attack on an MSP exploited flaws in remote management tools, resulting in ransomware deployment and data theft

En octobre dernier, Free était victime d'un piratage massif de données, concernant 13,9 millions de comptes. Depuis ce 27 mai, le site Have I Been Pwned les répertorie. Voici comment savoir si votre compte est concerné. 26 octobre 2024 : Free informe ses abonnés qu'il a été victime d'une cyberattaque. Les données

Derrière l’apparence inoffensive de centaines de sites web, dont un dédié à Star Wars, la CIA cachait un réseau de communication secret destiné à ses informateurs. Mal protégé, le dispositif a exposé de nombreux agents avec des conséquences humaines désastreuses. Nous sommes au début des années 2000 et la CIA

A huge dataset with all kinds of sensitive information, likely to be the result of infostealers, was found exposed online.

Most of the leaders of the agency’s operating divisions and regional offices have left or will leave this month amid the Trump administration’s aggressive government-downsizing campaign.