Latest CyberSec News by @thecyberpicker

A vendor-neutral, AI-informed checklist to evaluate cloud email security solutions for threat detection, remediation, and user protection.

Google Cloud’s Mandiant successfully disrupted an active ViewState deserialization attack affecting Sitecore deployments

JLR said it is investigating following claims by the actor “Scattered Lapsus$ Hunters” that it had stolen data from the firm and had issued an extortion demand

Microsoft says the August 2025 security updates are triggering unexpected User Account Control (UAC) prompts and app installation issues for non-admin users across all supported Windows versions.

A recent report has revealed that many VPNs might allow others to sniff your data—and they're not being honest about who's behind them.

The Quad7 botnet is adding End-of-Life TP-Link routers to its arsenal and using them to steal Microsoft 365 accounts.

Anthropic reports on a Claude user: We recently disrupted a sophisticated cybercriminal that used Claude Code to commit large-scale theft and extortion of personal data. The actor targeted at least 17 distinct organizations, including in healthcare, the emergency services, and government and religious institutions. Rather than encrypt the stolen information with traditional ransomware, the actor threatened to expose the data publicly in order to attempt to extort victims into paying ransoms that sometimes exceeded $500,000. The actor used AI to what we believe is an unprecedented degree. Claude Code was used to automate reconnaissance, harvesting victims’ credentials, and penetrating networks. Claude was allowed to make both tactical and strategic decisions, such as deciding which data to exfiltrate, and how to craft psychologically targeted extortion demands. Claude analyzed the exfiltrated financial data to determine appropriate ransom amounts, and generated visually alarming ransom notes that were displayed on victim machines...

CISA flags TP-Link flaws CVE-2023-50224 and CVE-2025-9377 as exploited, urging fixes by Sept 24, 2025.

Google fined $379M by CNIL for invalid cookie consent; failure to comply risks €100K daily penalty.

Cybercriminals exploit Grok to bypass X ad protections, spreading malware via hidden links amplified to millions.

In today’s digital economy, business starts with the application. Increasingly, the critical activity lives in the APIs that support it. Related: The hidden cost of API security laspses For Jamison Utter, Field CISO at A10 Networks, this moment marks a profound shift. Traditional defenses — WAFs, DDoS scrubbing, bot management — have long operated in

Traditional security misses the hypervisor layer, leaving virtualization exposed. Learn why runtime controls and layered defense are essential.

Hikvision HikCentral flaw allows unauthenticated users to gain admin rights, risking full control over configs, logs, and critical monitoring.

"This is entirely false" said Google about recent rumors of a widespread attack on Google users.

A recent report has revealed that many VPNs might allow others to sniff your data—and they're not being honest about who's behind them.

A new Cobalt study finds healthcare organizations among the slowest at resolving serious vulnerabilities

Lors d’une phase test effectuée depuis une base militaire aux États-Unis le 26 août, une cinquantaine de drones ont été détruits en quelques instants grâce aux micro-ondes d’une arme révolutionnaire de la marque Epirus.  Comme un orage métallique, le ciel a craché un essaim de drones sur le poste militaire de Camp

U.S. CISA adds TP-Link Archer C7(EU) and TL-WR841N vulnerabilities to its Known Exploited Vulnerabilities catalog.

The breaches are part of hundreds of potential supply chain attacks linked to Salesloft Drift.

Support for Microsoft Windows and Microsoft Windows Server users following the expiration of the specified servicing timeline.

This publication provides recommendations on hardening workstations using Enterprise and Education editions of Microsoft Windows 10. While this publication refers to workstations, most recommendations are equally applicable to servers (with the exception of Domain Controllers) using Microsoft Windows Server. Security features discussed in this publication, along with the names and locations of Group Policy settings, are taken from Microsoft Windows 10 version 22H2.

This publication provides recommendations on hardening workstations using Enterprise and Education editions of Microsoft Windows 11. While this publication refers to workstations, most recommendations are equally applicable to servers (with the exception of Domain Controllers) using Microsoft Windows Server. Security features discussed in this publication, along with the names and locations of Group Policy settings, are taken from Microsoft Windows 11 version 24H2.

This guidance, authored by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and international partners, presents a shared vision of Software Bill of Materials (SBOM) and the value that increased software component and supply chain transparency can offer to the global community.

Threat actors are using Grok, X's built-in AI assistant, to bypass link posting restrictions that the platform introduced to reduce malicious advertising.

An antipiracy coalition of entertainment companies applauded the takedown. The network’s two operators were arrested at their residences in Egypt.

Google has issued updates to patch a whopping 111 Android vulnerabilities, including two actively exploited ones.

Two npm packages hide downloader commands via Ethereum smart contracts; uploaded July 2025; targeting crypto developers.

Israeli cybersecurity company Cato Networks has acquired AI security startup Aim Security in its first ever acquisition.

An active ViewState deserialization attack affecting Sitecore products, where attackers achieved remote code execution.