Latest CyberSec News by @thecyberpicker

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape

Sean Cairncross, a political veteran without significant cybersecurity experience, could turn the relatively new White House office into a major player in the administration

Microsoft Virtual Hard Disk (VHDX) 11 - Remote Code Execution (RCE). CVE-2025-49683 . local exploit for Windows platform

Swagger UI 1.0.3 - Cross-Site Scripting (XSS). CVE-2025-8191 . remote exploit for Multiple platform

LPAR2RRD 8.04 - Remote Code Execution (RCE). CVE-2025-54769 . webapps exploit for Multiple platform

Ultimate Member WordPress Plugin 2.6.6 - Privilege Escalation. CVE-2023-3460 . webapps exploit for Multiple platform

Gandia Integra Total 4.4.2236.1 - SQL Injection. CVE-2025-41373 . webapps exploit for Multiple platform

Copyparty 1.18.6 - Reflected Cross-Site Scripting (XSS). CVE-2025-54589 . webapps exploit for Multiple platform

Microsoft Edge (Chromium-based) 135.0.7049.114/.115 - Information Disclosure. CVE-2025-49741 . remote exploit for Windows platform

State-backed hackers breached Southeast Asia telecoms using advanced tools—no data stolen, but stealth access achieved.

Undetected for a year, Plague malware targets Linux PAM to hijack SSH access and erase forensic traces.

OpenAI isn't just working on GPT-5. It looks like OpenAI is also preparing to release new open-source weights, living up to its name, OpenAI.'

Anthropic says it has revoked OpenAI's access to the Claude API after ChatGPT's engineers were found using Claude's coding tools.

Les tensions commerciales entre Washington et Pékin sur la question cruciale des semi-conducteurs n'en finissent plus. Nvidia se retrouve cet été au cœur des soupçons : la Chine exige des « preuves de sécurité convaincantes » concernant ses puces H20, soupçonnées d’abriter des portes dérobées. Le va-et-vient

Akira ransomware exploits SonicWall SSL VPNs, hitting patched devices. Organizations face risks from possible zero-day flaw.

Security teams can no longer afford to wait for alerts — not when cyberattacks unfold in milliseconds. That’s the core warning from Fortinet’s Derek Manky in a new Last Watchdog Strategic Reel recorded at RSAC 2025. As adversaries adopt AI-driven tooling, defenders must rethink automation, exposure management, and the role of human analysts. “We saw

Researchers say hackers using the Akira ransomware strain may be exploiting the vulnerability en masse.

What scientists thought were squid fossils were actually arrow worms.

San Francisco, Calif., Aug. 1, 2025, CyberNewswire—Comp AI, an emerging player in the compliance automation space, today announced it has secured $2.6 million in pre-seed funding to accelerate its mission of transforming how companies achieve compliance with critical frameworks like SOC 2 and HIPAA. The funding round was co-led by OSS Capital and Grand Ventures,

Industries and trade partners scramble ahead of July 9 Deadline

interos.ai Risk Intelligence Summit is back after a sold-out event in 2024. After a sold-out inaugural summit last year, we are excited to announce that the in

Author: Teddy DeWitt, PhD, Lead Computational Social Scientist  Recession Fears Linger Amidst Consumer Pessimism and Tariff Uncertainty  The U.S. economy ma

Author: Dr. Andrea Little Limbago, SVP, Applied AI  We are at a rare moment in history, one where an industrial revolution, an information revolution, and

72% of surveyed CFOs anticipated the North American economy would improve this year, according to Deloitte’s fourth quarter North American CFO Signals Survey.

Geopolitical shocks, trade wars, tariff policies, cyber threats and compounding supplier disruptions mean today’s supply chain challenges demand more than awa

OpenAI is reportedly working on a new plan called 'Go,' which would be cheaper than the existing $20 Plus subscription.

The flaw, disclosed a month after it was patched, provided an attacker with remote code execution privileges by poisoning the data ingested by the model.

Unit 42 said social engineering — the method of choice for groups as diverse as Scattered Spider and North Korean tech workers — was the top initial attack vector over the past year.

SonicWall firewall devices have been increasingly targeted since late July in a surge of Akira ransomware attacks, potentially exploiting a previously unknown security vulnerability, according to cybersecurity company Arctic Wolf.

An Ohio man lost $27,000 after an Apple ID scam text hit his phone. The strangest part? It happened at his doorstep.