Latest CyberSec News by @thecyberpicker

Adobe breaks their regular patch schedule and will release an emergency fix for CVE-2025-54236 within the next 24 hours. Automated abuse is expected and merc...

Phishers are abusing Apple and Microsoft infrastructure to send out call-back phishing emails with legitimate sender and return addresses.

This week in cybersecurity from the editors at Cybercrime Magazine

Explore lessons learned from over two years of Talos IR pre-ransomware engagements, highlighting the key security measures, indicators and recommendations that have proven effective in stopping ransomware attacks before they begin.

Just a few months after Elon Musk’s retreat from his unofficial role leading the Department of Government Efficiency (DOGE), we have a clearer picture of his vision of government powered by artificial intelligence, and it has a lot more to do with consolidating power than benefitting the public. Even so, we must not lose sight of the fact that a different administration could wield the same technology to advance a more positive future for AI in government. To most on the American left, the DOGE end game is a dystopic vision of a government run by machines that benefits an elite few at the expense of the people. It includes AI ...

Palo Alto Networks, Cloudflare and Zscaler were also among confirmed victims of the attack

From Drift chaos to zero-days on the loose — this week’s cyber recap has it all. ⚡ Stay sharp, stay patched.

Security researchers have discovered a new malicious campaign impacting hundreds of GitHub users

Venezuela’s President Maduro shows Huawei Mate X6 gift from China's President Xi Jinping, hailing it as “unhackable” by U.S. spies.

Le 3 septembre 2025, Nati Tal, directeur de Guardio Labs, a révélé sur X le mode opératoire d'une nouvelle menace cyber appelée « Grokking ». Une attaque où l’IA du réseau social, Grok, est exploitée pour contourner la sécurité et diffuser des liens malveillants auprès de millions d'utilisateurs. Les mesures prises

North Korean hiring fraud surged 220% in 2023, using AI deepfakes to infiltrate companies and steal data.

Critical SAP S/4HANA vulnerability CVE-2025-42957 is being exploited in the wild

A list of topics we covered in the week of September 1 to September 7 of 2025

ChatGPT's Projects feature is now feature and second new feature allows you to create new conversations from existing conversations.

Google plans to make it easier for users to access AI mode by allowing them to set it as the default, replacing the traditional blue links.

Czech's NUKIB warns of Chinese cyber threats to critical infrastructure, citing the cyberespionage group APT31 and risky devices.

A new round of the weekly Security Affairs newsletter is out! Every week, the best security articles from Security Affairs in your email box

iCloud Calendar invites are being abused to send callback phishing emails disguised as purchase notifications directly from Apple's email servers, making them more likely to bypass spam filters to land in targets' inboxes.

Investigations into the Nx "s1ngularity" NPM supply chain attack have unveiled a massive fallout, with thousands of account tokens and repository secrets leaked.

Wilmington, Del., Sept. 4, 2025, CyberNewswire — Sendmarc today announced the appointment of Rob Bowker as North American Region Lead. Bowker will oversee regional expansion with a focus on growing the Managed Service Provider (MSP) partner community, developing strategic Value-Added Reseller (VAR) partnerships, and broadening the enterprise customer base. Bowker brings more than two decades

Noisy Bear hit KazMunaiGas in May 2025 via phishing emails, using Aeza Group hosting.

MeetC2 is a PoC C2 tool using Google Calendar to mimic cloud abuse, helping teams test detection, logging, and response.

Four npm packages uploaded since Sep 2023 impersonate Flashbots, stealing Ethereum keys and seeds via Telegram

NordPass est un gestionnaire de mots de passe efficace, fourni par NordVPN. L'abonnement au service profite actuellement d'une promotion exclusive à Numerama. NordPass, filiale de NordVPN, est un gestionnaire et un générateur de mots de passe puissant, disponible avec les abonnements de NordVPN. Il se charge de

The chairman of the Federal Trade Commission (FTC) last week sent a letter to Google's CEO demanding to know why Gmail was blocking messages from Republican senders while allegedly failing to block similar missives supporting Democrats. The letter followed media…

New research (paywalled): Editor’s summary: Cephalopods are one of the most successful marine invertebrates in modern oceans, and they have a 500-million-year-old history. However, we know very little about their evolution because soft-bodied animals rarely fossilize. Ikegami et al. developed an approach to reveal squid fossils, focusing on their beaks, the sole hard component of their bodies. They found that squids radiated rapidly after shedding their shells, reaching high levels of diversity by 100 million years ago. This finding shows both that squid body forms led to early success and that their radiation was not due to the end-Cretaceous extinction event...

Experts warn of an actively exploited vulnerability, tracked as CVE-2025-42957 (CVSS score: 9.9), in SAP S/4HANA software.

Microsoft says it has been enforcing multifactor authentication (MFA) for Azure Portal sign-ins across all tenants since March 2025.

I am pleased to announce the imminent publication of my latest book, Rewiring Democracy: How AI will Transform our Politics, Government, and Citizenship: coauthored with Nathan Sanders, and published by MIT Press on October 21. Rewriting Democracy looks beyond common tropes like deepfakes to examine how AI technologies will affect democracy in five broad areas: politics, legislating, administration, the judiciary, and citizenship. There is a lot to unpack here, both positive and negative. We do talk about AI’s possible role in both democratic backsliding or restoring democracies, but the fundamental focus of the book is on present and future uses of AIs within functioning democracies. (And there is a lot going on, in both national and local governments around the world.) And, yes, we talk about AI-driven propaganda and artificial conversation...

Microsoft Azure is announcing the start of Phase 2 multifactor authentication enforcement (MFA) starting October 1, 2025. Learn more.