Latest CyberSec News by @thecyberpicker

The leaks to the dark web contain information “about the entire population” of Paraguay, researchers said, and likely originated with malware that infected a government employee device.

Trezor is alerting users about a phishing campaign that abuses its automated support system to send deceptive emails from its official platform.

Microsoft has been recognized as a Leader in the The Forrester Wave™: Security Analytics Platforms, 2025. Learn more.

Microsoft says Windows 10 home users who want to delay switching to Windows 11 can enroll in the Extended Security Updates (ESU) program using Microsoft Rewards points.

Microsoft is rolling out a configuration update designed to address a known issue causing Windows Update to fail on some Windows 11 systems.

A representative of NCSC-FI shared some lessons learned from a 2024 data breach affecting the Finnish capital

A long-running malware campaign targeting WordPress via a rogue plugin has been observed skimming data, stealing credentials and user profiling

Amid an uneasy truce, security teams in the U.S. said they have not seen any credible or specific threats.

Experts told CyberScoop the research 'doesn’t pass a sniff test' and detracts from needed conversations around credential abuse and information stealers.

Data breach at McLaren Health Care affecting over 743,000 individuals has been linked to a ransomware attack

Despite a decline in both premiums and prices, the market continues to be profitable.

Legacy pentests give you a snapshot. Attackers see a live stream. Sprocket's Continuous Penetration Testing (CPT) mimics real-world attackers—daily, not annually—so you can fix what matters, faster. Learn why CPT is the future.

Hackers are increasingly performing extortion-only attacks.

Hackers target Microsoft Exchange servers worldwide, injecting keyloggers to steal credentials from victims in 26 countries.

Cryptominer campaigns disrupted using bad shares and XMRogue tool, reducing attackers' annual revenue by 76%

Four convicted members of the REvil cybercrime gang were released from custody after being sentenced in St. Petersburg for offenses related to payment card fraud.

The U.S. House of Representatives has banned the installation and use of WhatsApp on government-issued devices belonging to congressional staff, citing concerns over how the app encrypts and secures data.

This week in cybersecurity from the editors at Cybercrime Magazine

Learn how penetration testing uncovers vulnerabilities, boosts compliance, and improves breach response for a more proactive cybersecurity program.

Cobalt found that many security professionals believe a “strategic pause” in genAI deployment is necessary to recalibrate defenses

Scientists can manipulate air bubbles trapped in ice to encode messages.

Why would someone go to the effort of hacking my system? For a start, these findings should serve as a reminder that it isn’t just big corporates who are at

Cybersecurity experts share actionable insights on CTEM, risk reporting, and how to operationalize exposure management effectively

New ITRC data reveals identity crimes are down but impersonation scams now account for a third of all scams

Attackers exploit Docker misconfigurations to mine cryptocurrency using Tor, targeting technology, financial, and healthcare industries.

Learn CIEM and secure cloud access best practices: effective identity visibility, least-privilege, zero‑standing privileges, session control.

L'IA générative s'invite une nouvelle fois dans les arrières-boutiques du cybercrime, où elle révolutionne la manière dont les attaques sont conçues et déployées. Le phénomène WormGPT, déjà inquiétant en 2023, connaît aujourd’hui une seconde jeunesse grâce à deux modèles de pointe : Grok, développé par la société xAI

Ukrainian CERT warns of APT28 using Signal chat to deliver BEARDSHELL, COVENANT malware to government entities.

U.S. House bans WhatsApp on government devices due to security risks, recommending alternatives like Signal.