Latest CyberSec News by @thecyberpicker

Researchers bypass GPT-5 guardrails using narrative jailbreaks, exposing AI agents to zero-click data theft risks.

Talos reported 5 vulnerabilities to Broadcom and Dell affecting both the ControlVault3 Firmware and its associated Windows APIs that we are calling “ReVault”.

The winners of the AI Cybersecurity Challenge (AIxCC), Team Atlanta, won a $4m prize

WinRAR flaw CVE-2025-8088, fixed in v7.13, was exploited as a zero-day in phishing attacks to install RomCom malware.

Vault Fault and ReVault flaws in CyberArk, HashiCorp, and Dell expose systems to takeover risks.

Bouygues Telecom suffered a cyberattack that compromised the personal information of 6.4 million customers.

The winner announced on Friday at the DEF CON cybersecurity conference, known as Team Atlanta, is composed of tech experts from Georgia Tech, Samsung Research, the Korea Advanced Institute of Science & Technology (KAIST) and the Pohang University of Science and Technology (POSTECH).

In a rare squid/security combined post, a new vulnerability was discovered in the Squid HTTP proxy server.

The initiative seeks to patch vulnerabilities in open-source code before they are exploited by would-be attackers. Now comes the hard part — putting the systems to the test in the real world.

A new documentary series about cybercrime airing next month on HBO Max features interviews with Yours Truly. The four-part series follows the exploits of Julius Kivimäki, a prolific Finnish hacker recently convicted of leaking tens of thousands of patient records…

OpenAI's CEO, Sam Altman, overpromised on GPT-5, and real-life results are underwhelming, but it looks like a new update is rolling out that might address some of the concerns.

A recently fixed WinRAR vulnerability tracked as CVE-2025-8088 was exploited as a zero-day in phishing attacks to install the RomCom malware.

The U.S. military research agency hopes to foster a new ecosystem of autonomous vulnerability remediation.

Columbia University was hit by a cyberattack, exposing personal data of over 860,000 students, applicants, and employees.

Embargo started to draw scrutiny in late 2024, just a few months after BlackCat’s leaders appeared to conduct an exit scam on affiliates.

Americans aged 60 and older lost a staggering $700 million to online scams in 2024, marking a sharp rise in fraud targeting seniors, according to the Federal Trade Commission.

DEFCON TV Information

AI-powered phishing mimics Brazilian agencies, stealing data and PIX payments; Efimer Trojan targets crypto wallets.

Researchers from Palo Alto Networks detail ransomware deployment and malicious backdoors in a campaign against Microsoft SharePoint users.

Security leaders shared advice gleaned from customer engagements, and reinforced the importance of planning and following fundamentals for defense.

The U.S. Federal Judiciary confirms that it suffered a cyberattack on its electronic case management systems hosting confidential court documents and is strengthening cybersecurity measures.

Apple's artificial intelligence ecosystem, known as Apple Intelligence, routinely transmits sensitive user data to company servers beyond what its privacy policies indicate, according to Israeli cybersecurity firm Lumia Security.

The statement followed a Wednesday report from Politico revealing a major hack of the courts’ case filing system which officials feared exposed the identities of confidential informants in criminal cases.

Leaders of the US Cybersecurity and Infrastructure Agency (CISA) pushed back on layoff concerns and highlighted new initiatives

A North Korean state-linked hacking group known for spying added some "newly observed" ransomware to its kit in a campaign targeting South Koreans, researchers said.

The Information Commissioner has applied for a civil penalty against Optus following the 2022 data breach that exposed the personal details of 9.5 million Australians

CSA's AI Controls Matrix represents a paradigm shift in AI governance, providing the first comprehensive framework designed for trustworthy AI implementation.

Data breach notifications filed with state governments explain the types of data taken from Columbia University networks in a widely publicized cyberattack earlier this year.

This week in cybersecurity from the editors at Cybercrime Magazine

Lors d'une conférence au Black Hat à Las Vegas, deux chercheurs allemands ont réalisé une démonstration marquante sur la cybersécurité spatiale. Pirater un satellite moderne pourrait s’avérer bien plus simple et bien moins coûteux que de le détruire avec un missile. Une démonstration renforcée par un contexte. Le