Latest CyberSec News by @thecyberpicker

A list of topics we covered in the week of May 12 to May 18 of 2025

This guidance is intended for decision makers and cybersecurity practitioners. It highlights what to be aware of when identifying the source of a threat and the potential implications of geo-blocking in a broader cybersecurity strategy.

Key Takeaways The threat actor first gained entry by exploiting a known vulnerability (CVE-2023-22527) on an internet-facing Confluence server, allowing for remote code execution. Using this access…

CrushFTP 11.3.1 - Authentication Bypass. CVE-2025-31161 . remote exploit for Multiple platform

Zyxel USG FLEX H series uOS 1.31 - Privilege Escalation. CVE-2025-1731 . local exploit for Multiple platform

Invision Community 5.0.6 - Remote Code Execution (RCE). CVE-2025-47916 . remote exploit for Multiple platform

Chinese "kill switches" found in Chinese-made power inverters in US solar farm equipment that could let Beijing remotely disable power grids.

A new tool called 'Defendnot' can disable Microsoft Defender on Windows devices by registering a fake antivirus product, even when no real AV is installed.

A new tool called 'Defendnot' can disable Microsoft Defender on Windows devices by registering a fake antivirus product, even when no real AV is installed.

U.S. CISA adds Google Chromium, DrayTek routers, and SAP NetWeaver flaws to its Known Exploited Vulnerabilities catalog.

L’Usine Digitale vous propose un récapitulatif des grandes actualités de la semaine en matière de cybersécurité. Au programme, la...-Cybersécurité

On day two of Pwn2Own Berlin 2025, participants earned $435K for demonstrating zero-day in SharePoint, ESXi, VirtualBox, RHEL, and Firefox.

The January 2024 attack resulted in fraudulent posts on the SEC’s account that altered the market value of bitcoin.

From Hackaday.com, this is a neural network simulation of a pet squid. Autonomous Behavior: The squid moves autonomously, making decisions based on his current state (hunger, sleepiness, etc.). Implements a vision cone for food detection, simulating realistic foraging behavior. Neural network can make decisions and form associations. Weights are analysed, tweaked and trained by Hebbian learning algorithm. Experiences from short-term and long-term memory can influence decision-making. Squid can create new neurons in response to his environment (Neurogenesis) ...

The crypto exchange is offering a $20 million reward for information leading to the hackers’ arrest. Coinbase terminated customer support agents who leaked customer data.

Sen. Mark Warner urged OPM’s acting director to ensure identity protection services continue for the more than 21 million individuals affected by the 2015 breach.

​Microsoft has confirmed that some Windows 10 and Windows 10 Enterprise LTSC 2021 systems will boot into BitLocker recovery after installing the May 2025 security updates.

Some of the suspects allegedly “cold-called victims and used social engineering to convince them their accounts were the subject of cyberattacks and the enterprise callers were attempting to help secure their accounts,” according to the DOJ.

The largest cryptocurrency exchange in the U.S. said cybercriminals bribed insiders to steal data on customers, some of whom were duped into handing over crypto assets.

“When minority commissioners dissent, they are fired,” Commissioner Anna Gomez said of the Trump administration’s assault on free speech.

Le fournisseur français de solutions télécoms ajoute une corde à son arc en mettant la main sur Olfeo, un éditeur de logiciels spécialisé dans...-Cybersécurité

La justice commence à pousser les fournisseurs de VPN à agir pour empêcher l'accès des internautes à des sites bloqués en France. Avec comme objectif de contrer la possibilité de regarder du sport (comme des matchs de foot) sur des sites proposant du streaming pirate. C'est l'extension du domaine de la lutte, mais

An American-Israeli national named Osei Morrell has been arrested in Israel for his alleged involvement in exploiting the Nomad bridge smart-contract in August 2022 that allowed hackers to siphon $190 million.

OpenAI is rolling out 'Codex' for ChatGPT, which is an AI agent that automates and delegates programming tasks for software engineers.

Memphis-Shelby County Schools’ federal lawsuit against the ed tech giant is among the latest that have been filed by over 100 other districts nationwide.

Hackers are increasingly using vishing and smishing for state-backed espionage campaigns and major ransomware attacks.

During the second day of Pwn2Own Berlin 2025, competitors earned $435,000 after exploiting zero-day bugs in multiple products, including Microsoft SharePoint, VMware ESXi, Oracle VirtualBox, Red Hat Enterprise Linux, and Mozilla Firefox.

With bipartisan support and backing from the private sector, the 2015 law appears to be on a glide path to reauthorization.

Both witnesses and lawmakers at a House hearing said the law must not lapse in September.

For at least half a year, the official software supplied with Procolored printers included malware in the form of a remote access trojan and a cryptocurrency stealer.