Latest CyberSec News by @thecyberpicker

Hackers target Web3 developers using fake AI tools and malware to steal crypto wallets and credentials.

Hewlett-Packard Enterprise (HPE) is warning of hardcoded credentials in Aruba Instant On Access Points that allow attackers to bypass normal device authentication and access the web interface.

A critical zero-day vulnerability in Microsoft SharePoint, tracked as CVE-2025-53770, has been actively exploited since at least July 18th, with no patch available and at least 85 servers already compromised worldwide.

npm packages hit by phishing-based supply chain attack, exposing developers to malware and remote access threats.

SharePoint zero-day CVE-2025-53770 exploited in mass attacks breaching 75+ orgs; on-prem users at high risk.

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Fortinet FortiWeb flaw to its Known Exploited Vulnerabilities catalog.

npm packages hit by phishing-based supply chain attack, exposing developers to malware and remote access threats.

SharePoint zero-day CVE-2025-53770 exploited in mass attacks breaching 75+ orgs; on-prem users at high risk.

CrushFTP flaw CVE-2025-54309 exploited in wild, giving attackers admin access. Older builds before July 1 are at high risk

A PoisonSeed phishing campaign is bypassing FIDO2 security key protections by abusing the cross-device sign-in feature in WebAuthn to trick users into approving login authentication requests from fake company portals.

Popular JavaScript libraries eslint-config-prettier and eslint-plugin-prettier were hijacked this week and turned into malware droppers, in a supply chain attack achieved via targeted phishing and credential theft.

L’un a vécu deux mois surréalistes dans un data center assiégé. L’autre se réveille la nuit pour combattre les hackers russes. Numerama s’est rendu en Ukraine pour rapporter les histoires de Kostya et Dmytro, haut commandants dans le privé de la cyberdéfence du pays. « Vybachte, odyn moment. » Excusez-moi, un

GPT-5 might be just a few days or weeks away, as we've spotted references to a new model called gpt-5-reasoning-alpha-2025-07-13.

AI companies could soon disrupt the education market with their new AI-based learning tools for students.

CrushFTP is warning that threat actors are actively exploiting a zero-day vulnerability tracked as CVE-2025-54309, which allows attackers to gain administrative access via the web interface on vulnerable servers.

CrushFTP is warning that threat actors are actively exploiting a zero-day vulnerability tracked as CVE-2025-54309, which allows attackers to gain administrative access via the web interface on vulnerable servers.

CrushFTP is warning that threat actors are actively exploiting a zero-day vulnerability tracked as CVE-2025-54309, which allows attackers to gain administrative access via the web interface on vulnerable servers.

Japanese police released a free decryptor for Phobos and 8Base ransomware, letting victims recover files without paying ransom.

A financially-motivated threat actor is targeting fully patched end-of-life SonicWall devices to deploy a backdoor known as OVERSTEP.

Beautiful photo. Difficult to capture, this mysterious, squid-shaped interstellar cloud spans nearly three full moons in planet Earth’s sky. Discovered in 2011 by French astro-imager Nicolas Outters, the Squid Nebula’s bipolar shape is distinguished here by the telltale blue emission from doubly ionized oxygen atoms. Though apparently surrounded by the reddish hydrogen emission region Sh2-129, the true distance and nature of the Squid Nebula have been difficult to determine. Still, one investigation suggests Ou4 really does lie within Sh2-129 some 2,300 light-years away. Consistent with that scenario, the cosmic squid would represent a spectacular outflow of material driven by a ...

Arch Linux has pulled three malicious packages uploaded to the Arch User Repository (AUR) were used to install the CHAOS remote access trojan (RAT) on Linux devices.

A top official did not disclose details of UNC3886’s activity but said “it is serious and it’s ongoing … and we will assess whether it is in our interest to disclose more details later.”

Microsoft has mistakenly tagged an ongoing Windows Firewall error message bug as fixed in recent updates, stating that they are still working on a resolution.

The UK National Cyber Security Centre (NCSC) has formally attributed 'Authentic Antics' espionage malware attacks to APT28 (Fancy Bear), threat actor already linked to Russia's military intelligence service (GRU).

ChatGPT's o3 is OpenAI's best model to date because it features reasoning, and it might get even better in the next update.

Victims of Phobos ransomware and its 8Base offshoot now have access to a decryptor released by Japanese law enforcement and backed by the FBI and European officials.

Ivanti ICS flaws exploited from Dec 2024–July 2025 to deploy MDifyLoader, Cobalt Strike, and Go tools.

South Asian threat actor UNG0002 targets sectors in China, Hong Kong, and Pakistan using RATs and LNKs.

China’s Massistant tool collects mobile data via USB or Wi-Fi, targeting Android and iOS users. Used by law enforcement.

WineLab, the retail store of the largest alcohol company in Russia, has closed its stores following a cyberattack that is impacting its operations and causing purchase problems to its customers.