Latest CyberSec News by @thecyberpicker

The bankrupt 23andMe, along with all of its genetic data, has been bought by US drugmaker Regeneron Pharmaceuticals.

Critics tell CyberScoop the U.S. federal government had many failings in the lead up to and the response to the Salt Typhoon breach.

Cisco Talos built on Tenable’s discovery of a Google Cloud Platform vulnerability to uncover how attackers could exploit similar techniques across AWS and Azure.

A DoorDash driver stole over $2.5 million over several months: The driver, Sayee Chaitainya Reddy Devagiri, placed expensive orders from a fraudulent customer account in the DoorDash app. Then, using DoorDash employee credentials, he manually assigned the orders to driver accounts he and the others involved had created. Devagiri would then mark the undelivered orders as complete and prompt DoorDash’s system to pay the driver accounts. Then he’d switch those same orders back to “in process” and do it all over again. Doing this “took less than five minutes, and was repeated hundreds of times for many of the orders,” writes the US Attorney’s Office...

Thales found that 73% of organizations are investing in AI-specific security tools, amid surging takeup of GenAI tools in enterprises

Explore how consent phishing exploits OAuth to bypass MFA, granting attackers persistent access to SaaS apps. Learn strategies to defend against this threat.

Discover findings from Pentera's 2025 State of Pentesting Report, including breach rates, alert fatigue, budget trends & the rise of software testing.

La collectivité francilienne a annoncé avoir été victime d'une importante cyberattaque. En conséquence, “l'ensemble des systèmes d'information...-Cybersécurité

You'd hope that spending $6,000 on a printer would give you a secure experience, free from viruses and other malware. However, in the case of Procolored printers, you'd be wrong.

Around half of US and UK consumers have seen fraud ads and content on ‘refund hacks’ on social media

China-Linked Hackers Deploy MarsSnake Backdoor in Multi-Year Attack on Saudi Organization

Regeneron, which intends to acquire 23andMe for $256m, says data security and privacy will be a priority

A new cryptojacking campaign dubbed RedisRaider is hijacking publicly exposed Redis servers by injecting cron jobs using legitimate configuration comm

Cybersecurity Observatory of the Unipegaso's malware lab published a detailed analysis of the Sarcoma ransomware.

Malicious Open Source Packages Abused Social Media APIs and Implanted Backdoors Linked to Hacktivist Group

OpenAI is planning to combine multiple products (features or models) into its next foundational model, which is called GPT-5.

Threat actors have been distributing trojanized versions of the KeePass password manager for at least eight months to install Cobalt Strike beacons, steal credentials, and ultimately, deploy ransomware on the breached network.

A flaw in O2 UK's implementation of VoLTE and WiFi Calling technologies could allow anyone to expose the general location of a person and other identifiers by calling the target.

Mozilla addressed two critical Firefox flaws that could be potentially exploited to access sensitive data or achieve code execution.

Arla Foods has confirmed to BleepingComputer that it was targeted by a cyberattack that has disrupted its production operations.

Microsoft has released out-of-band updates to fix a known issue causing Windows 10 systems to boot into BitLocker recovery after installing the May 2025 security updates.

We are excited to introduce Microsoft Entra Agent ID, which extends identity management and access capabilities to AI agents. Learn more.

RVTools site served Bumblebee malware via official installer; Procolored software hid BTC-stealing clipper.

Microsoft is replacing 'Copilot Runtime' with Windows AI Foundry to help developers build, experiment, and reach users with AI experiences in their apps.

Stephen Klein didn’t just stir the pot. He lit a fire. Related: Klein's LinkedIn debate In a sharply worded post that quickly went viral on LinkedIn, the technologist and academic took direct aim at what he called the “hype-as-a-service” business model behind so-called agentic AI. His critique was blunt: what the industry is selling as

This week on the Lock and Code podcast, we speak with Nick Melvoin about the Los Angeles Unified School District smartphone ban for students.

The legislation comes amid DOGE-fueled cuts to CISA and warnings from lawmakers that Trump administration policies will cripple federal cyber recruiting.

Malicious dbgpkg package on PyPI poses as a debugging utility but acts as a delivery mechanism for a stealthy backdoor

Microsoft has open-sourced the Windows Subsystem for Linux (WSL), making its source code available on GitHub, except for a few components that are part of Windows.

At the Build 2025 developer conference, Microsoft announced a new 'Advanced Settings' feature to help users and developers personalize the OS experience.