Latest CyberSec News by @thecyberpicker

Microsoft patched 80 flaws in Sept 2025, including CVE-2025-55234 SMB bug and CVSS 10 Azure risk.

Apple’s iPhone 17 debuts Memory Integrity Enforcement, blocking buffer overflows and spyware exploits with minimal performance impact.

Sophos found that average ransom demands and payments fell substantially in the education sector in 2025, as recovery time and costs fell

Gen-AI disruption is real. It’s profound, high-stakes, and unprecedented. It’s also accelerating — faster than any technological shift in recent memory. But beneath the hype and uncertainty, a distinct set of rhythms is beginning to emerge. That’s what I’ve come to believe, after two years of covering this space closely. I’ve interviewed dozens of practitioners,

China-linked APT41 campaigns stole U.S. trade data via phishing emails on Sept 7, 2025

Automation cuts vCISO workloads by 68% in 2025, saving 10+ hours per task and boosting scalability.

Media streaming platform Plex is recommending all users to chnage their password after noticing a security incident

Microsoft has fixed over 80 vulnerabilities including two publicly disclosed zero-days in its latest Patch Tuesday release

Wiz Security warns that a recently discovered supply chain attack campaign targeting npm is far from over

Microsoft Patch Tuesday security updates for September 2025 fixed 80 vulnerabilities, including two publicly disclosed zero-day flaws.

Salty2FA phishing kit active since June 2025 bypasses 2FA in US and EU campaigns, fueling enterprise breaches.

SAP patches critical NetWeaver and S/4HANA flaws (CVSS 8.1–10.0), preventing code execution, file upload, and data loss.

At Google Cloud, interoperability and openness are key to enable customer choice and multicloud strategies, so today we’re launching Data Transfer Essentials.

SAP patches critical NetWeaver and S/4HANA flaws (CVSS 8.1–10.0), preventing code execution, file upload, and data loss.

Adobe Commerce CVE-2025-54236 allows account takeover; hotfix and WAF deployed to block attacks.

The top cyber official at the National Security Council said Tuesday that he’s dismayed by the lag in security technology embedded in critical infrastructure, saying it pales in comparison to the tech in modern smartphones.

Microsoft Corp. today issued security updates to fix more than 80 vulnerabilities in its Windows operating systems and software. There are no known "zero-day" or actively exploited vulnerabilities in this month's bundle from Redmond, which nevertheless includes patches for 13…

The company is ahead of pace, disclosing about 100 more vulnerabilities at this point in the year than it did in 2024, according to a researcher.

SAP issues 21 new and 4 updated security notes, fixing critical NetWeaver flaws enabling RCE and privilege escalation.

The U.S. Department of the Treasury has sanctioned several large networks of cyber scam operations in Southeast Asia, which stole over $10 billion from Americans last year.

The Department of Justice unsealed an indictment against a Ukrainian national alleged to be central to a ransomware campaign affecting hundreds of companies worldwide.

Researchers found a host of vulnerabilities in the platforms run by RBI to service Burger King, Tim Horton's, and Popeyes.

Microsoft has released its monthly security update for September 2025, which includes 86 vulnerabilities affecting a range of products.

New York Blood Center submitted documents to regulators in Maine, Texas, New Hampshire and California that confirmed the cyberattack, which they said was first discovered on January 26.

A threat actor targeting exposed Docker APIs has updated its malicious tooling with more dangerous functionality that could lay the foundation for a complex botnet.

Attaullah Baig alleges that the social media giant fired him for raising security concerns about its WhatsApp messaging platform.

Volodymyr Tymoshchuk, currently a fugitive, was an administrator for multiple ransomware strains, including LockerGoga, said U.S. prosecutors in unsealing an indictment against the Ukrainian national.

Multiple popular npm packages were compromised in a supply chain attack after a maintainer fell for a phishing attack.

The Department of Justice’s Computer Crime and Intellectual Property Section (CCIPS) is pursuing funds taken from five victims between late October 2022 and March 2023, according to a news release.

Kosovo national Liridon Masurica has pleaded guilty to running BlackDB.cc, a cybercrime marketplace that has been active since 2018.