Latest CyberSec News by @thecyberpicker

The scheme is based in Cambodia, where people residing in scam centers contact U.S. victims through phone calls, texts, dating apps and other avenues to promote fake cryptocurrency investments.

Ivanti has released security updates to fix three high-severity hardcoded key vulnerabilities in the company's Workspace Control (IWC) solution.

The department store chain six weeks ago was one of the first targets in an international spree of attacks disrupting retailers.

Rust-based Myth Stealer malware spreads via fake gaming sites, stealing browser data from millions worldwide.

AI acts like Pac-Man—devouring sensitive data across clouds, apps, and copilots. Varonis analyzed 1,000 orgs and found 99% have exposed data AI can access, exposing them to data risks.

Heroku is suffering a widespread outage that has lasted over six hours, preventing developers from logging into the platform and breaking website functionality.

The campaign has affected hundreds of Russian users, particularly targeting industrial enterprises and engineering schools, with additional victims reported in Belarus and Kazakhstan.

A ransomware attack on Mastery Schools, Philadelphia, has compromised personal information of 37,031 individuals, exposing sensitive data

La mise en service des péages en flux libre a déclenché une vague d’arnaques ciblant les automobilistes français. De fausses campagnes de SMS et d’e-mails, imitant les messages officiels des sociétés d’autoroute, circulent actuellement et cherchent à piéger les usagers. Après les fausses amendes à régler, c’est

UNFI, a grocery retailer and wholesaler, is working to resume full operations following “unauthorized activity” involving its IT systems.

Generative AI is even helping hackers trick open-source developers into using malicious code, according to Gartner.

Pour la première fois depuis 2019, les primes collectées en 2024 sont en baisse, d'après la cinquième étude de l'Amrae sur l'état du marché...-Cybersécurité

L'Union européenne lance les tests de DNS4EU, son résolveur public. Pensé comme un outil de souveraineté numérique face aux entreprises...-Internet

U.S. CISA adds RoundCube Webmail and Erlang Erlang/OTP SSH server flaws to its Known Exploited Vulnerabilities catalog.

OpenAI is working to fix an ongoing outage impacting ChatGPT users worldwide and preventing them from accessing the chatbot on the web or via mobile and desktop apps.

A mobile scam finds most people at least once a week, new Malwarebytes research reveals. The financial and emotional consequences are dire.

Google has fixed a vulnerability in its account recovery flow which could have allowed attackers to find linked phone numbers.

Learn how to avoid service outages by automating secret rotation, setting expiry alerts, and centralizing credential management.

The financial sector was the industry most targeted by distributed denial-of-service (DDoS) attacks in 2024, with a peak in October

This week in cybersecurity from the editors at Cybercrime Magazine

46% of firms faced non-human identity breaches last year, risking automation security. Managing NHIs is now critical for enterprise protection.

Five men from China, the United States, and Turkey pleaded guilty to their involvement in an international crime ring and laundering nearly $37 million stolen from U.S. victims in cryptocurrency investment scams carried out from Cambodia.

La Maison-Blanche a publié vendredi 6 juin 2025 un texte qui bouleverse la stratégie américaine en matière de cybersécurité. L'administration Trump marque une rupture nette avec les politiques menées sous Obama et Biden. C'est un décret exécutif, publié le 6 juin 2025, qui entend « réorienter » les efforts fédéraux

Discover how early adoption of ISO 42001 helps organizations stay ahead on AI compliance, reduce risk, and boost operational efficiency.

Google fixed a flaw allowing attackers to brute-force recovery phone numbers, risking SIM swaps.

SentinelOne revealed details of two new intrusion attempts by China-nexus actors

Rare Werewolf APT uses phishing and legitimate tools to attack Russian and CIS firms, stealing credentials and deploying crypto miners.

UNFI says it is investigating unauthorized network activity, and that some operations are affected

La société de cybersécurité SentinelOne révèle comment des groupes liés à l’État chinois ont discrètement infiltré plus de 75 organisations stratégiques dans le monde entre l’été 2024 et le printemps 2025. L’objectif semble être de positionner des accès pour un usage en cas de conflit. Explications. Automne 2024 :

CISA warns of critical Erlang SSH and Roundcube vulnerabilities actively exploited, affecting servers and webmail users worldwide.