Latest CyberSec News by @thecyberpicker

This week in cybersecurity from the editors at Cybercrime Magazine

This article discusses how ransomware attacks are targeting backups and what to do to keep your data and backups secure.

Three flaws in Sitecore XP v10.1+ let attackers gain remote access using default credentials—impacting banks, airlines, and global enterprises

Botnet attack exploited over 130,000 forgotten AD accounts. Learn why service account oversight matters.

A group tracked as Predatory Sparrow said it was responsible for hacking Bank Sepah as the conflict between Israel and Iran intensified.

If you’ve worried that AI might take your job, deprive you of your livelihood, or maybe even replace your role in society, it probably feels good to see the latest AI tools fail spectacularly. If AI recommends glue as a pizza topping, then you’re safe for another day. But the fact remains that AI already has definite advantages over even the most skilled humans, and knowing where these advantages arise—and where they don’t—will be key to adapting to the AI-infused workforce. AI will often not be as effective as a human doing the same job. It won’t always know more or be more accurate. And it definitely won’t always be fairer or more reliable. But it may still be used whenever it has an advantage over humans in one of four dimensions: speed, scale, scope and sophistication. Understanding these dimensions is the key to understanding AI-human replacement...

WatchTowr has found three vulnerabilities in the Sitecore Experience Platform, used by HSBC and L’Oréal

In a confirmation that we've gone full Black Mirror, air fryer and other IoT manufacturers are being told to stop invading our digital privacy.

Learn how to adopt the NIST AI Risk Management Framework to build trustworthy AI systems and streamline compliance with automation tools.

Reddit has announced more Artificial Intelligence powered tools to help advertisers. But do users care for it?

interos.ai launches itariffs to help supply chain and finance leaders identify and act on tariff risk faster.

Microsoft’s Sovereign Cloud solutions are designed to ensure European cloud data is stored and processed in Europe

Langflow’s RCE flaw is under active attack, infecting servers with Flodrix botnet malware via public PoC. Unpatched AI apps remain at risk.

TP-Link and Zyxel router flaws are under active attack, affecting global users and federal systems. Urgent updates needed.

New City of London Police data reveals British men and women lost over £100m to romance fraudsters in 2024

Archetyp, immense plateforme de vente de drogue en ligne, active depuis 2020, a été démantelée lors d’une vaste opération internationale baptisée Deep Sentinel, coordonnée par l’Office fédéral de la police criminelle allemande et Europol. 600 000 utilisateurs, 3 200 vendeurs et près de 17 000 annonces : ce sont les

State-sponsored hackers compromised the email accounts of several journalists working at the Washington Post.

Meta rolls out ads on WhatsApp Status using limited data like location and language, raising privacy questions.

At interos.ai, we’re passionate about driving innovation and resiliency in the global supply chain. That’s why we were proud to honor the achievements of wo

Multiple U.S.-based companies in the insurance sector have already been hit over the past week and a half, according to Mandiant.

The U.S. State Department said it is looking for information on hackers linked to Iran's Islamic Revolutionary Guard Corps.

Researchers warn that Iran-aligned threat groups could soon target U.S. companies and individuals in cyber espionage or sabotage attacks.

The warning from Google researchers follows a recent incident at Erie Insurance, although the perpetrators of that attack have not been identified.

Threat intelligence researchers are warning of hackers breaching multiple U.S. companies in the insurance industry using all the tactics observed with Scattered Spider activity.

U.S. DoJ seizes $7.74M in crypto linked to North Korean IT worker scheme exploiting AI, fake IDs, and BYOD loopholes.

A high-severity vulnerability in ASUS Armoury Crate software could allow threat actors to escalate their privileges to SYSTEM level on Windows machines.

This week on the Lock and Code podcast, we revisit a 2024 interview with Dr. Jean Twenge about smartphones and the teen mental health crisis.

The SEC is pulling back cybersecurity regulations for investment companies and investment advisers proposed under the Biden administration.

A burst of global law enforcement actions during the past few weeks marked by a flurry of successful takedowns gives cybercrime experts a jolt of hope.

Archetyp Market facilitated high-volume sales of fentanyl, cocaine, MDMA, amphetamines and synthetic opioids since 2020, according to authorities.