Latest CyberSec News by @thecyberpicker

RapperBot launched 370,000 DDoS attacks on 18,000 victims in 80+ countries since 2021, DOJ seizes botnet.

Exploit chaining CVE-2025-31324 & CVE-2025-42999 in SAP NetWeaver enables auth bypass and RCE, risking compromise and data theft.

The DDoS botnet was among the powerful on record, allegedly exceeding six terrabits per second during its largest attack, authorities said. Victims are spread across 80 countries.

Researchers cite increasing evidence of collaboration between Scattered Spider and the cybercrime group ShinyHunters in the campaign.

A 22-year-old Oregon man has been arrested on suspicion of operating "Rapper Bot," a massive botnet used to power a service for launching distributed denial-of-service (DDoS) attacks against targets -- including a March 2025 DDoS that knocked Twitter/X offline. The…

The Python Package Index (PyPI) has introduced new protections against domain resurrection attacks that enable hijacking accounts through password resets.

The Business Council of New York State, which works with more than 3,000 organizations, told regulators in multiple states that it suffered a cyberattack in February.

Microsoft is resolving a known issue that causes "couldn't connect" errors when launching the Microsoft Teams desktop and web applications.

Okta has open-sourced ready-made Sigma-based queries for Auth0 customers to detect account takeovers, misconfigurations, and suspicious behavior in event logs.

Attackers exploit CVE-2023-46604 in Apache ActiveMQ, deploy DripDropper malware, then patch flaw to secure persistence.

OpenAI has finally announced the GPT Go subscription, which costs just $4 in the US or INR 399 in India.

Enterprise search and security company Elastic is rejecting reports of a zero-day vulnerability impacting its Defend endpoint detection and response (EDR) product.

Depuis plusieurs semaines, de nombreux messages circulent sur des groupes WhatsApp et sont transférés dans les discussions privées des utilisateurs, propageant une rumeur infondée. Selon ceux-ci, l’IA de Meta, intégrée à la messagerie en mars 2025, pourrait accéder au contenu des discussions privées ainsi qu'à de

Business leaders want to prevent further fallout as nearly all have experienced at least one problematic incident tied to AI, according to an Infosys survey.

The cybersecurity firm said its “platformization” strategy is beginning to pay dividends as more large customers consolidate their spending on its offerings.

A critical flaw in SAP NetWeaver AS Java is being widely exploited, allowing unauthenticated remote code execution

Startups are ready to bring AI powered toys to the market as an alternative for screen time. But is that really progress?

A cyber-attack on Allianz Life, linked to the ShinyHunters group, has exposed the personal information of 1.1 million customers

GodRAT Trojan Targets Financial Institutions via Malicious Skype Files, Leveraging Steganography and Gh0st RAT Legacy

American pharmaceutical company Inotiv has disclosed that some of its systems and data have been encrypted in a ransomware attack, impacting the company's business operations.

Recent surveys found enterprises are enthusiastically adopting AI, even as they neglect basic cybersecurity measures.

The Canadian Investment Regulatory Organization (CIRO) said it will work to identify the personal information breached and notify those affected

North Korea-linked hackers were seen targeting more than a dozen embassies in Seoul with phishing emails.

The Business Council of New York State (BCNYS) has revealed that attackers who breached its network in February stole the personal, financial, and health information of over 47,000 individuals.

Microsoft has confirmed that the August 2025 Windows security updates are breaking reset and recovery operations on systems running Windows 10 and older versions of Windows 11.

The United Kingdom has withdrawn its demand that Apple create a backdoor to its encrypted cloud systems following months of diplomatic pressure from the United States, according to a statement from Director of National Intelligence Tulsi Gabbard.

See how itariffs and Similar Suppliers can help you stay ahead of tariff changes and provide actionable insights and next steps to mitigate risk.  With unprecedented supply chain volatility, identifying and engaging with alternative suppliers is no longer just tactical, it’s a necessity to keep your organization running at maximum efficiency.   However, finding alternative....

SAP NetWeaver Exploit Chains CVE-2025-31324 and CVE-2025-42999, Abused as Zero-Days by Ransomware and Espionage Groups Targeting Critical Infras

Red Canary observed the novel tactic in a cluster of activity targeting a legacy vulnerability to access cloud-based Linux systems

The most effective security isn’t a gate—it’s a foundation. By weaving security into the DNA of platforms, we empower teams to build fast and safely.