Latest CyberSec News by @thecyberpicker

Pi-hole, a popular network-level ad-blocker, has disclosed that donor names and email addresses were exposed through a security vulnerability in the GiveWP WordPress donation plugin.

San Francisco, California, 1st August 2025, CyberNewsWire

Researchers said an unidentified hacker demanded a ransom after an intrusion linked to the SharePoint flaw.

Want to know how to ace CompTIA Network+ performance based questions in the exam? Read this article to learn every tip and trick you need for mastery.

Proton annonce le lancement de Proton Authenticator, un logiciel pour smartphone et pour ordinateur pour gérer ses codes pour la double authentification. L'outil vient challenger les ténors du genre, comme Google Authenticator. Avoir un mot de passe d'excellente qualité et unique par service, c'est bien. Utiliser un

Dans une étude publiée le 31 juillet 2025 et menée auprès de plus de 1 500 entreprises à travers le monde, la société américaine Semperis révèle que 78 % des entreprises interrogées ont été la cible d’une tentative de ransomware au cours de l’année écoulée. Parmi les victimes d'une attaque réussie, 40 % déclarent

This week on the Lock and Code podcast, we revisit an interview with Joseph Cox about the largest FBI sting operation ever carried out.

VPN use is skyrocketing across the UK as the region's Online Safety Act places age verification controls on adult websites.

OpenAI removed a short-lived experiment that allowed ChatGPT users to make their conversations discoverable by search engines

The U.S. alleged the company knowingly sold genetic-sequencing systems with software vulnerabilities to federal agencies.

A vulnerability that researchers call CurXecute is present in almost all versions of the AI-powered code editor Cursor, and can be exploited to execute remote code with developer privileges.

Hackers used fake Microsoft OAuth apps to target 3,000+ accounts across 900 environments in 2025.

The accusation, the latest from Beijing, says U.S. intelligence agencies attacked two Chinese military enterprises.

The chaos in Jurassic Park stemmed from human failings, not dinosaur ones. Similarly, in cybersecurity, systems must be resilient against internal threats.

AI-generated npm package steals Solana wallet funds from 1,500+ users via cross-platform postinstall script.

This week in cybersecurity from the editors at Cybercrime Magazine

Storm-2603 group exploits SharePoint flaws and uses a custom C2 framework, AK47 C2, with HTTP- and DNS-based variants.

Legacy data is limiting SOC AI effectiveness, leaving defenders vulnerable as attackers optimize with AI.

New research reveals that employees engage with 44% of read vendor email compromise attacks. See which industries and roles are most vulnerable to this threat.

Proton annonce le lancement de Proton Authenticator, un logiciel pour smartphone et pour ordinateur pour gérer ses codes pour la double authentification. L'outil vient challenger les ténors du genre, comme Google Authenticator. Avoir un mot de passe d'excellente qualité et unique par service, c'est bien. Utiliser un

Microsoft has observed Russian state actor Secret Blizzard using an AiTM position to gain initial access, assisted by official domestic intercept systems

Airportr is a service that allows passengers to have their luggage picked up, checked, and delivered to their destinations. As you might expect, it’s used by wealthy or important people. So if the company’s website is insecure, you’d be able to spy on lots of wealthy or important people. And maybe even steal their luggage. Researchers at the firm CyberX9 found that simple bugs in Airportr’s website allowed them to access virtually all of those users’ personal information, including travel plans, or even gain administrator privileges that would have allowed a hacker to redirect or steal luggage in transit. Among even the small sample of user data that the researchers reviewed and shared with WIRED they found what appear to be the personal information and travel records of multiple government officials and diplomats from the UK, Switzerland, and the US...

The NIST National Cybersecurity Center of Excellence (NCCoE) has released a second public draft of

The Zero Day Initiative is offering a $1 million reward to security researchers who will demonstrate a zero-click WhatsApp exploit at its upcoming Pwn2Own Ireland 2025 hacking contest.

Dans un rapport publié le 31 juillet 2025, Microsoft détaille le mode opératoire d'une campagne de cyberespionnage très sophistiquée qui vise les ambassades étrangères basées en Russie. À l'origine de cette attaque furtive ? Le groupe Secret Blizzard, fortement soupçonné d'être piloté par le Service fédéral de

Spikes in attacker activity precede the disclosure of vulnerabilities 80% of the time, according to a new GreyNoise report

Storm-2603 exploits Microsoft SharePoint flaws to deploy dual ransomware in APAC and Latin America.

Flashpoint data reveals an 800% increase in credentials stolen via infostealers in just six months

The UK’s AI Security Institute has announced a new AI misalignment research program

CISA has released Thorium, an open-source tool for malware and forensic analysis, now available to analysts.