Latest CyberSec News by @thecyberpicker

CISA added Citrix NetScaler's CVE-2025-5777 to its KEV catalog as active exploits emerge worldwide. Immediate patching advised.

Microsoft announced that it has replaced the default scripting engine JScript with the newer and more secure JScript9Legacy on Windows 11 version 24H2 and later.

Thorsten takes stock of a rapidly evolving vulnerability landscape: record-setting CVE publication rates, the growing fragmentation of reporting systems, and why consistent tracking and patching remain critical as we move through 2025.

The investigation comes in response to an account in the Israeli business publication TheMarker, which reported that the contracts included a deal to buy Pegasus — the powerful spyware manufactured by Israel-based NSO Group.

A critical vulnerability in mcp-remote (CVE-2025-6514) allows remote code execution, affecting 437,000+ users.

Authorities in the United Kingdom this week arrested four alleged members of "Scattered Spider," a prolific data theft and extortion group whose recent victims include multiple airlines and the U.K. retail chain Marks & Spencer.

Cisco Talos’ Vulnerability Discovery & Research team recently disclosed two vulnerabilities each in Asus Armoury Crate and Adobe Acrobat products.

Find out why adhering to Zero Trust principles is critical for protecting sensitive resources, especially when embracing AI technology.

Russian professional basketball player Daniil Kasatkin was arrested in France at the request of the United States for allegedly acting as a negotiator for a ransomware gang.

Cary, NC, July 10, 2025, CyberNewsire—INE Security, a leading provider of cybersecurity education and cybersecurity certifications, today launched its significantly enhanced eMAPT (Mobile Application Penetration Testing) certification. The updated certification delivers the industry's most comprehensive and practical approach to mobile application security testing. CSO Magazine recently recognized eMAPT among the Top 16 OffSec, pen-testing, and

The AI Controls Matrix helps organizations securely develop, implement, and use AI technologies. Learn why such a framework is essential in today’s landscape.

Nous avons eu l'opportunité de vivre de l'intérieur une crise cyber majeure, du moins en simulation, dans des conditions proches du réel. Une méthode d'entraînement inspirée des stratégies militaires, de plus en plus adoptée dans l'univers de la cybersécurité, jusqu'au ministère des Armées. Esplanade de la Défense,

Four vulnerabilities dubbed PerfektBlue and affecting the BlueSDK Bluetooth stack from OpenSynergy can be exploited to achieve remote code execution and potentially allow access to critical elements in vehicles from multiple vendors, including Mercedes-Benz AG, Volkswagen, and Skoda.

The arrests mark the first major break in a case linked to the Scattered Spider cybercrime group, although additional work continues with multiple agencies.

The company is still assessing the full impact of the ransomware attack, which has been linked to the SafePay hacker group.

A cryptocurrency social engineering campaign uses fake AI and gaming companies to deliver malware on Windows and macOS, draining digital assets.

45 excellent cloud security talks, how Figma rolled out the binary authorization tool Santa, AI bug finding tools and paper

Daniil Kasatkin, 26, was detained in June at Paris’s Charles de Gaulle Airport shortly after arriving in the country with his fiancée, according to local media reports.

Cary, North Carolina, 10th July 2025, CyberNewsWire

The four people allegedly have ties to the loose criminal collective known as Scattered Spider, which was responsible for the attack.

Daniil Kasatkin played briefly for Penn State University. It’s the second European arrest on cyber allegations at the request of the United States to be revealed this week.

Explore the effects of Zero Trust implementation on your compliance assessments. Understand what to expect upon your first audit cycle with Zero Trust.

In an updated advisory, Qantas broke down the categories of personal data breached in a recent cyberattack, saying frequent-flyer numbers were involved, but not in a way that would compromise accounts.

Deepfake attacks aren't just for recruitment and banking fraud; they've now reached the highest levels of government.

Forescout found that most LLMs are unreliable in vulnerability research and exploit tasks, with threat actors still skeptical about using tools for these purposes

FBI's Criminal Justice Information Services (CJIS) compliance isn't optional when handling law enforcement data. From MFA to password hygiene, see how Specops Software helps meet FBI standards while also securing your Windows Active Directory.

The job applicants' personal information could be accessed by simply guessing a username and using the password “12345.”

A new probe, opened two months after a €530m fine to TikTok, will investigate the tech giant’s storage of EU users’ data in China

The UK's National Crime Agency (NCA) arrested four people suspected of being involved in cyberattacks on major retailers in the country, including Marks & Spencer, Co-op, and Harrods.