Latest CyberSec News by @thecyberpicker

Lors du salon Computex 2025 qui se tenait à Taïwan il y a quelques jours, Synology a dévoilé une solution de surveillance, C2 Backup for Surveillance, à destination des entreprises. Ses points forts : elle est très simple à mettre en place, peu coûteuse et s’appuie sur l’expertise de Synology dans le stockage de

Sophos has uncovered a scheme planting malicious code in 130+ GitHub repositories, targeting hackers and gamers

The Acreed malware, which emerged earlier this year, is gaining ground with cybercriminals who otherwise might have used the Lumma infostealer, researchers said.

A critical flaw in Roundcube webmail, undetected for 10 years, allows attackers to take over systems and execute arbitrary code.

Stolen devices are a bigger cause of data loss than stolen credentials or ransomware, according to a new Blancco study

Malicious packages on npm, PyPI, and Ruby exfiltrate wallets, delete projects, and exploit AI tools—threatening developers and CI/CD pipelines.

You can read the details of Operation Spiderweb elsewhere. What interests me are the implications for future warfare: If the Ukrainians could sneak drones so close to major air bases in a police state such as Russia, what is to prevent the Chinese from doing the same with U.S. air bases? Or the Pakistanis with Indian air bases? Or the North Koreans with South Korean air bases? Militaries that thought they had secured their air bases with electrified fences and guard posts will now have to reckon with the threat from the skies posed by cheap, ubiquitous drones that cFan be easily modified for military use. This will necessitate a massive investment in counter-drone systems. Money spent on conventional manned weapons systems increasingly looks to be as wasted as spending on the cavalry in the 1930s...

Zero Trust security requires organizations to rethink how they define trust and enforce controls. John Kindervag reveals 4 truths that are often missed.

A simple customer query leads to a rabbit hole of backdoored malware and game cheats

Les fournisseurs de VPN seront vraisemblablement les grands gagnants de la décision de trois gros sites pornographiques (Pornhub, RedTube et YouPorn) de quitter le marché français. Ces sites protestent ainsi contre les règles françaises de contrôle obligatoire de l'âge sous peine de blocage. D'ores et déjà, les

U.S. CISA adds multiple Qualcomm chipsets flaws to its Known Exploited Vulnerabilities catalog...............

Startups at Infosecurity Europe focus on attack surface management and improving security data, even as some new vendors avoid AI-led marketing

Rapid7 found that 56% of all compromises in Q1 2025 resulted from the theft of valid account credentials with no MFA in place

HPE patches 8 StoreOnce flaws, including CVE-2025-37093, risking RCE and auth bypass—users must update now

OpenAI's next big foundational model is GPT-5, and the AI startup is hoping that the model will compete a little more with rivals.

Hewlett Packard Enterprise (HPE) has issued a security bulletin to warn about eight vulnerabilities impacting StoreOnce, its disk-based backup and deduplication solution.

ChatGPT's memory feature is now better and capable of referencing past conversations for free accounts.

U.S. CISA adds ASUS RT-AX55 devices, Craft CMS, and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities catalog.

When VC mogul Chris Sacca declared AI is the death knell for professional services, I flinched. Not because he’s wrong — but because it’s only half the story. Related: GenAI grows up - at RSAC 2025 As a journalist who’s covered multiple technology shifts from the inside, I’ve learned to distinguish hype from real inflection

The most serious flaw in the monthly security update affects the Android system and could be exploited to achieve local escalation of privilege, the company said.

A recently disclosed data breach at Coinbase has been linked to India-based customer support representatives from outsourcing firm TaskUs, who threat actors bribed to steal data from the crypto exchange.

As scammers develop new ways of exploiting unsuspecting users, Malwarebytes is introducing Scam Guard to combat this new wave of threats.

The 24 people who signed the letter endorsing Sean Cairncross include former government officials and current industry leaders.

Wild variances in naming taxonomies aren’t going away, but a new initiative from the security vendors aims to more publicly address obvious overlap in threat group attribution.

Learn why CISOs prefer Microsoft Defender for Endpoint to secure their device estate across Windows, Linux, macOS, iOS, Android, and IoT devices.

CISA director and national cyber director nominees could transform how the federal government engages with the private sector on cybersecurity issues.

Two malicious RubyGems packages posing as popular Fastlane CI/CD plugins redirect Telegram API requests to attacker-controlled servers to intercept and steal data.

Microsoft is testing a dedicated page in Windows Settings for quick machine recovery, which will provide users with additional configuration options.

Outdoor apparel giant The North Face sent out a notice to impacted customers about another credential stuffing attack on their website

The intrusion follows a string of attacks that appear to be the work of the cybercrime gang Scattered Spider.