Latest CyberSec News by @thecyberpicker

A man pleaded guilty to his involvement in a string of swatting and bomb threat incidents that allegedly impacted at least 25 members of Congress or their family members, as well as law enforcement officials and members of the federal judiciary.

Amazon Web Services précise les contours de son futur cloud européen, qualifié de "souverain", attendu pour fin 2025. Le fournisseur américain...-Cloud

Fake Gitcode and DocuSign sites are tricking users into running PowerShell scripts that install NetSupport RAT.

Resellers and channel partners can add value, fill gaps in security teams and offer expertise in niche markets

Silver Spring, MD, June 3, 2025, CyberNewswire -- Aembit, the workload identity and access management (IAM) company, today announced a major expansion of its platform to support Microsoft environments. With this launch, enterprises can now enforce secure, policy-based access for software workloads and agentic AI running on Windows Server, Active Directory, Microsoft Entra ID, and

Effective cybersecurity played a key role Ukraine drone attack on Russian strategic bombers, a leading government security expert has claimed

Mozilla has developed a new security feature for its add-on portal that helps block Firefox malicious extensions that drain cryptocurrency wallets.

CISA is facing $495m budget cut, losing 1000 employees and reducing staff to 2324

CISA is alerting federal agencies in the U.S. of hackers exploiting a recently patched ScreenConnect vulnerability that could lead to executing remote code on the server.

Critical Roundcube bug CVE-2025-49113 affects versions before 1.6.11, enabling code execution via URL flaw.

Un lanceur d’alerte anonyme, « GangExposed », publie une fuite inédite sur les chefs du groupe de ransomware Conti/Trickbot. Pour la première fois, des preuves visuelles, des documents financiers et des détails sur leur vie quotidienne à Dubaï viennent appuyer des identités déjà connues des autorités, bouleversant la

Scattered Spider isn't one group — it's an identity-first threat model evolving fast. From vishing to AiTM phishing, they're exploiting MFA gaps to hijack the cloud. Watch the Push Security webinar to learn how their identity-based tactics work — and how to stop them.

This spring has seen another spate of stories about juice jacking, including a new, more sophisticated form of attack. But how much of a threat is it, really?

Fashion retail giant Victoria's Secret has delayed its first quarter 2025 earnings release because of ongoing corporate system restoration efforts following a May 24 security incident.

CISOs should demand more of their vendors and use regulation as an ally to persuade board members to accelerate the transition to post-quantum safety

Large Language Models are great for software development. But letting them run code is a step too far. Giving LLMs execution rights is a major security risk.

This week in cybersecurity from the editors at Cybercrime Magazine

Malware campaign used fake DocuSign pages to deploy NetSupport RAT through clipboard manipulation

They’re interesting: Tracked as CVE-2025-5054 and CVE-2025-4598, both vulnerabilities are race condition bugs that could enable a local attacker to obtain access to access sensitive information. Tools like Apport and systemd-coredump are designed to handle crash reporting and core dumps in Linux systems. […] “This means that if a local attacker manages to induce a crash in a privileged process and quickly replaces it with another one with the same process ID that resides inside a mount and pid namespace, apport will attempt to forward the core dump (which might contain sensitive information belonging to the original, privileged process) into the namespace.”...

The domino effect of CVE disruption is something all cybersecurity practitioners must be aware of, a Morphisec executive argues.

Discover essential security tools for startups in 2025. Learn how to streamline compliance and protect your business with expert insights.

Help desk scams let hackers bypass MFA to breach UK retailers and enterprises, costing millions

The latest version of the 'Crocodilus' Android malware has introduced a new mechanism that adds a fake contact on the infected device's contact list to deceive victims.

Google has released an emergency security update to fix the third Chrome zero-day vulnerability exploited in attacks since the start of the year.

The 20-year bureau pro wants to see what it’s like to fight ransomware from the private sector.

Abnormal AI found that engagement rates with VEC attacks globally is “worrisomely high”, overtaking BEC in the EMEA region

Android malware Crocodilus now targets 8 countries, stealing banking and crypto data using fake apps.

Google addressed three vulnerabilities in its Chrome browser, including one that it actively exploited in attacks in the wild.

Microsoft and CrowdStrike map over 80 threat actors to reduce naming confusion and help analysts respond faster.