Latest CyberSec News by @thecyberpicker

The lawmakers said the Cyber Safety Review Board’s work has made government agencies and private businesses more secure.

Microsoft announced today that the Windows 11 Notepad application is getting a text formatting feature supporting Markdown-style input.

Several Senate Democrats called on Homeland Security Secretary Kristi Noem to reestablish the Cyber Safety Review Board (CSRB) so it could continue looking into China-linked hacks.

The lawmakers say the January purge has left the United States blind on the nature of the historic Salt Typhoon telecommunications breach.

An international law enforcement operation has taken down AVCheck, a service used by cybercriminals to test whether their malware is detected by commercial antivirus software before deploying it in the wild.

Google Threat Intelligence dévoile une campagne de cyberattaques inédite orchestrée par le groupe chinois APT41. Leur arme secrète ? Google Calendar, détourné pour servir de centre de commande et de contrôle à distance. Explications. C'est un rapport publié le 28 mai par Google Threat Intelligence qui alerte une

Pentesting isn't just about finding flaws — it's about knowing which ones matter. Pentera's 2025 State of Pentesting report uncovers which assets attackers target most, where security teams are making progress, and which exposures still fly under the radar. Focus on reducing breach impact, not just breach count.

The Federal Criminal Police Office of Germany (Bundeskriminalamt or BKA) claims that Stern, the leader of the Trickbot and Conti cybercrime gangs, is a 36-year-old Russian named Vitaly Nikolaevich Kovalev.

New Rust-based EDDIESTEALER spreads via fake CAPTCHA pages, stealing credentials and bypassing Chrome encryption.

Australian firms with an annual turnover of AUS $3m are now required to report any payments to ransomware groups to authorities

En octobre 2024, Zalando a déployé un assistant dopé à l'IA générative sur ses 25 marchés, offrant des conseils mode personnalisés. Florence...-Cybersécurité

The company said suspicious activity has affected a limited number of ScreenConnect customers.

Huawei chercherait à graver des puces en 3 nm dès l'année prochaine, grâce à une nouvelle technologie de gravure. L'objectif : arrêter de dépendre du bon vouloir des États-Unis qui peuvent bloquer les entreprises chinoises. Cela sera-t-il suffisant pour rattraper des entreprises américaines ? Le retour de Trump au

Washington frappe un nouveau coup dans la guerre des semi-conducteurs : les États-Unis imposent depuis fin mai des restrictions inédites sur l’exportation des logiciels de conception de puces électroniques vers la Chine. Un geste qui vise à préserver la suprématie technologique occidentale et à empêcher Pékin

Five major banking associations in the US claim the new SEC cyber incident disclosure rule puts a strain on their resources

Identity & Access Management (IAM) is all about managing identities and access in the cloud. Key principles include least privilege and segregation of duties.

This report contains statistics on vulnerabilities and published exploits, along with an analysis of the most noteworthy vulnerabilities we observed in the first quarter of 2025.

Australia is now the first country to require ransomware victims to report if they make any extortion payments to their attackers.

This week in cybersecurity from the editors at Cybercrime Magazine

There’s a new cybersecurity awareness campaign: Take9. The idea is that people—you, me, everyone—should just pause for nine seconds and think more about the link they are planning to click on, the file they are planning to download, or whatever it is they are planning to share. There’s a website—of course—and a video, well-produced and scary. But the campaign won’t do much to improve cybersecurity. The advice isn’t reasonable, it won’t make either individuals or nations appreciably safer, and it deflects blame from the real causes of our cyberspace insecurities...

MultiCare used identity-based microsegmentation to boost uptime and cut ransomware-linked mortality by 28%.

Earth Lamia exploited SAP NetWeaver CVE-2025-31324 to breach Asian and Brazilian orgs since 2023.

As AI regulations expand globally, CISOs must balance innovation with compliance—adopting frameworks like GDPR, CCPA, and NIST AI RMF to stay secure.

Non-human service accounts have quietly become one of the biggest liabilities in enterprise security. Related: Why identity is the cornerstone of cyber defense These machine credentials — used to automate connections between systems — now outnumber humans by 30 to 1. That gap is likely even wider in cloud-intensive environments. Yet despite their scale, service

The FBI provided details of Funnull’s malicious activities, selling infrastructure to criminal groups to facilitate cryptocurrency fraud in the US

We’re proud to announce that PortSwigger has been awarded the prestigious King’s Award for Enterprise in the category of International Trade - a recognition that reflects our sustained international s

The UK MoD has unveiled a new Cyber and Electromagnetic Command, which will focus on offensive cyber operations and “electromagnetic warfare” capabilities

Funnull enabled $200M in U.S. crypto scam losses using AWS-based domains and DGAs to evade takedowns.

Security teams should use vulnerability context alongside KEV lists to prioritize patching, OX argued

ConnectWise breached by suspected nation-state actor in May 2025; Google Mandiant leads probe; flaw CVE-2025-3935 patched earlier.