Latest CyberSec News by @thecyberpicker

In this week’s newsletter, Thor inspects the LockBit leak, finding $10,000 “security tips,” ransom negotiations gone wrong and a rare glimpse into the human side of cybercrime.

In what experts are calling a novel legal outcome, the 22-year-old former administrator of the cybercrime community Breachforums will forfeit nearly $700,000 to settle a civil lawsuit from a health insurance company whose customer data was posted for sale on…

The FB has warned of a new AI deepfake phishing campaign where attackers impersonate senior government officials using texts and voice messages to steal account access.

Google Threat Intelligence researchers say the hackers behind intrusions at multiple British retailers are launching similar social engineering attacks against American companies.

Hackers are running a worldwide cyberespionage campaign dubbed 'RoundPress,' leveraging zero-day and n-day flaws in webmail servers to steal email from high-value government organizations.

The FBI warned that cybercriminals using AI-generated audio deepfakes to target U.S. officials in voice phishing attacks that started in April.

Senate Intelligence Committee Chairman Tom Cotton and 16 other GOP lawmakers wrote this week to Commerce Secretary Howard Lutnick, saying his department should block future sales of TP-Link’s popular small office/home office (SOHO) internet routers.

Read how you can improve your security posture by applying Zero Trust framework and principles based on learnings from the April 2025 Secure Future Initiative progress report.

Hundreds of victims are surfacing across the world from zero-day cyberattacks on Europe’s biggest software manufacturer and company.

Want to enhance your threat modeling? By combining it with threat actor attribution, you can improve your cyber defenses. Read on to learn more.

Meta’s AI plans face legal action for collecting E.U. user data without opt-in consent, starting May 27.

Dans le cadre d'un travail conjoint avec Microsoft, 1Password a rendu la gestion des passkeys sur Windows 11 plus efficace. Ce changement s'appliquera à tout le monde bientôt. Comment survivre dans un monde sans mots de passe, lorsque l'on est un gestionnaire de mots de passe ? En s'adaptant à cette nouvelle donne,

A new report reveals how North Korea has built a global cybercrime syndicate, blending statecraft and criminal tactics.

Nova Scotia Power confirms it suffered a data breach after threat actors stole sensitive customer data in a cybersecurity incident discovered last month.

On the first day of Pwn2Own Berlin 2025, security researchers were awarded $260,000 after successfully demonstrating zero-day exploits for Windows 11, Red Hat Linux, Docker Desktop, and Oracle VirtualBox.

En démontant des équipements lors d'une inspection de sécurité, des experts américains ont découvert plusieurs dispositifs de communication non...-Cybersécurité

Tor has announced Oniux, a new command-line tool for routing any Linux application securely through the Tor network for anonymized network connections.

Coinbase is offering a $20m reward to help catch the threat actor behind a cyber-attack that could cost it between $180-$400m

Insiders bribed at Coinbase leaked customer data (<1% of users), triggering $20M extortion; funds safe.

How to build a Paved Road that improves dev productivity and security, what to do before/after a cloud breach, command & control (C2) that executes attacks using natural language

The Trump administration is facing mounting pressure to formulate a strategy for addressing supply-chain threats that endanger national security.

A stealthy fileless PowerShell attack using Remcos RAT bypassed antivirus by operating in memory

The critical vulnerability is being exploited by BianLian, RansomwEXX and a Chinese nation-state actor known as Chaya_004

En matière de protection des données, créer une sauvegarde et la mettre à jour régulièrement constitue un excellent moyen d’éviter la plupart des accidents. Du moins, pour les particuliers ou les petites structures. Car lorsque le volume de données, ou le nombre d’utilisateurs est élevé, un simple backup n’est plus

Russia-linked hackers known as APT28 mainly targeted entities in Ukraine, Bulgaria and Romania, but governments in Africa, South America and other parts of Europe were also affected.

Small businesses make up 90% of all companies worldwide and account for half of global GDP. Yet despite their importance, many lack the cybersecurity expertise and resources to fend off a rising tide of digital threats. Related: Protecting lateral networks in SMBs Rich in sensitive data and often connected to larger supply chains, small businesses

A malicious package in the Node Package Manager index uses invisible Unicode characters to hide malicious code and Google Calendar links to host the URL for the command-and-control location.

This week in cybersecurity from the editors at Cybercrime Magazine

Coinbase, a cryptocurrency exchange with over 100 million customers, has disclosed that cybercriminals working with rogue support agents stole customer data and demanded a $20 million ransom not to publish the stolen information.

A malicious package in the Node Package Manager index uses invisible Unicode characters to hide malicious code and Google Calendar links to host the URL for the command-and-control location.