Latest CyberSec News by @thecyberpicker

Sooner or later, it’s going to happen. AI systems will start acting as agents, doing things on our behalf with some degree of autonomy. I think it’s worth thinking about the security of that now, while its still a nascent idea. In 2019, I joined Inrupt, a company that is commercializing Tim Berners-Lee’s open protocol for distributed data ownership. We are working on a digital wallet that can make use of AI in this way. (We used to call it an “active wallet.” Now we’re calling it an “agentic wallet.”) I talked about this a bit at the RSA Conference...

A supply chain attack involving 21 backdoored Magento extensions has compromised between 500 and 1,000 e-commerce stores, including one belonging to a $40 billion multinational.

A budget summary doesn’t give specific details on which programs it would cut, instead providing a broad outline.

Passwords are becoming things of the past. Passkeys are more secure, easier to manage, and speed up the log in process

The Justice Department under Trump has now settled two cases that bear the hallmarks of a Biden-era cyber enforcement initiative.

Le premier jeudi du mois de mai est la journée mondiale du mot de passe. À cette occasion, Microsoft l'a célébrée d'une façon un peu particulière, avec une initiative visant à les tuer un peu plus. Chaque année, il y a la journée mondiale du mot de passe. Et tous les ans, elle tombe le premier jeudi du mois de mai --

The software vendor added variations to its family of large action models for on-device implementation, limited GPU resources and industrial applications.

The uptick began in the fourth quarter of 2024 and continued into 2025, with the increases largely attributed to Clop’s exploitation of a popular file sharing service.

A 36-year-old Yemeni national, who is believed to be the developer and primary operator of 'Black Kingdom' ransomware, has been indicted by the United States for conducting 1,500 attacks on Microsoft Exchange servers.

The Treasury Department issued the proposed rulemaking Thursday, stating that Huione Group has helped launder funds from North Korean state-backed cybercrime operations and investment scams originating in Southeast Asia.

The US Cybersecurity and Infrastructure Security Agency has added two flaws affecting SonicWall products to its catalog of Known Exploited Vulnerabilities

The United Kingdom's National Cyber Security Centre warned that ongoing cyberattacks impacting multiple UK retail chains should be taken as a "wake-up call."

NSC’s Alexei Bulazel said that failing to robustly respond to constant Chinese intrusions into critical infrastructure is in itself “escalatory”

The ability of AI to handle enormous data volumes and identify irregularities in real-time enables it to fill the gap across disparate Zero Trust architectures.

TikTok fined €530M for illegally transferring EEA user data to China, violating GDPR Article 46(1).

This week in cybersecurity from the editors at Cybercrime Magazine

Microsoft announced that all new accounts will be "passwordless by default" to increase their level of security.

The Irish Data Protection Commission (DPC) has fined TikTok €530 million (over $601 million) for illegally transferring the personal data of users in the European Economic Area (EEA) to China, violating the European Union's GDPR data protection regulations.

London retailer Harrods said it had “recently experienced attempts to gain unauthorised access to some of our systems” but its security team "immediately took proactive steps to keep systems safe.”

The UK’s National Cyber Security Centre just released its white paper on “Advanced Cryptography,” which it defines as “cryptographic techniques for processing encrypted data, providing enhanced functionality over and above that provided by traditional cryptography.” It includes things like homomorphic encryption, attribute-based encryption, zero-knowledge proofs, and secure multiparty computation. It’s full of good advice. I especially appreciate this warning: When deciding whether to use Advanced Cryptography, start with a clear articulation of the problem, and use that to guide the development of an appropriate solution. That is, you should not start with an Advanced Cryptography technique, and then attempt to fit the functionality it provides to the problem. ...

Explore how businesses can balance innovation with responsibility by adopting ethical AI practices that ensure fairness, transparency, and accountability.

Workflow slashes CVE ticketing time by 60% using Tines, CrowdStrike, and ServiceNow for faster action.

​Microsoft has resolved an issue with a machine learning model that mistakenly flagged emails from Gmail accounts as spam in Exchange Online.

Le premier jeudi du mois de mai est la journée mondiale du mot de passe. À cette occasion, Microsoft l'a célébrée d'une façon un peu particulière, avec une initiative visant à les tuer un peu plus. Chaque année, il y a la journée mondiale du mot de passe. Et tous les ans, elle tombe le premier jeudi du mois de mai --

Sortie de terre il y a plus d'un an, la start-up française H Company passe à la vitesse supérieure. Elle a secrètement mis la main sur Mithril...-IA générative

Stealth malware MintsLoader delivers GhostWeaver RAT + Evades sandboxes using DGA + Powers data theft via encrypted C2

Harrods confirmed a cyberattack, following similar incidents suffered by M&S and Co-op, making it the third major UK retailer hit in one week

FIDO Alliance found an uptick in awareness and takeup of passkeys as an alternative method to passwords

UK retailers including Harrods, M&S, and the Co-op are under a surge of cyber-attacks that may be linked by a common supplier or shared technological vulnerability

La Cnil rappelle les fondamentaux en matière d'hygiène informatique. Pour éviter les fuites de données, elle recommande l'utilisation de...-Cybersécurité