Latest CyberSec News by @thecyberpicker

Over the past year, we’ve been hard at work making Burp Suite Professional faster, smarter, and more powerful than ever before. From the launch of Burp AI to major performance upgrades, there's never

Microsoft has patched seven zero-day bugs, five of which were exploited in the wild

Ivanti patched CVE-2025-4427 and CVE-2025-4428 in EPMM after limited exploitation + On-prem only risk.

Fortinet patched CVE-2025-32756, a zero-day flaw exploited in FortiVoice systems, risking remote code execution.

Order on Motion for Summary Judgment AND ~Util - Terminate Motions

Microsoft has released its monthly security update for May of 2025 which includes 78 vulnerabilities affecting a range of products, including 11 that Microsoft marked as “critical”.   Microsoft noted five vulnerabilities that have been observed to be exploited in the wild. CVE-2025-30397 is a remote code execution vulnerability in the Microsoft Scripting Engine. There were also four elevation of privilege vulnerabilities being actively exploited, CVE-2025-32709, CVE-2025-30400, CVE-2025-32701 a

The company has addressed zero-day vulnerabilities for eight consecutive months without deeming any of them critical at the time of disclosure.

Google is rolling out new security features for Android devices as part of its latest operating system update, Android 16.

Cary, NC, May 13, 2025, CyberNewswire --Fresh from a high-impact presence at RSAC 2025, where INE Security welcomed thousands of visitors to its interactive booth at San Francisco’s Moscone Center, the global cybersecurity training and certification provider is addressing some of the top cybersecurity priorities emerging from the industry-leading event. As an exhibitor that engaged

SAP has released patches to address a second vulnerability exploited in recent attacks targeting SAP NetWeaver servers as a zero-day.

The register of copyrights cast serious doubt on whether AI companies could legally train their models on copyrighted material. The White House fired her the next day.

One Chinese company with at least 35 affiliates has shipped IT equipment to a North Korean government-backed organization.

Authorities arrested Kosovo citizen Liridon Masurica in late 2024. He faces six charges that could keep him behind bars for 55 years.

The state-backed North Korean threat group Konni (Opal Sleet, TA406) was observed targeting Ukrainian government entities in intelligence collection operations.

Twilio has denied in a statement for BleepingComputer that it was breached after a threat actor claimed to be holding over 89 million Steam user records with one-time access codes.

Ivanti warned customers today to patch their Ivanti Endpoint Manager Mobile (EPMM) software against two security vulnerabilities chained in attacks to gain remote code execution.

Today is Microsoft's May 2025 Patch Tuesday, which includes security updates for 72 flaws, including five actively exploited and two publicly disclosed zero-day vulnerabilities.

A 33-year-old Kosovo citizen, Liridon Masurica, has been extradited to the U.S. to face charges related to his alleged role in operating an illegal online marketplace.

Microsoft has released the KB5058379 cumulative update for Windows 10 22H2 and Windows 10 21H2, with four fixes and changes, including one for an SGRMBroker bug.

Google is announcing improvements for the Advanced Protection feature in Android 16 that strengthen defenses against sophisticated spyware attacks.

Earth Ammit, as the group is known, launched two waves of campaigns from 2023 to 2024, affecting a range of industries including military, satellite, heavy industry, media, technology, software services and healthcare.

Microsoft has released Windows 11 KB5058411 and KB5058405 cumulative updates for versions 24H2 and 23H2 to fix security vulnerabilities and issues.

Fortinet released security updates to patch a critical remote code execution vulnerability exploited as a zero-day in attacks targeting FortiVoice enterprise phone systems.

L'Agence européenne pour la cybersécurité vient de mettre en ligne la première base de données européenne qui centralise les vulnérabilités...-Cybersécurité

The UK retailer said the payment data was masked and therefore not usable.

​Ivanti has released security updates for its Neurons for ITSM IT service management solution that mitigate a critical authentication bypass vulnerability.

Marbled Dust has been exploiting a vulnerability in user accounts associated with the Kurdish military operating in Iraq for over a year, according to Microsoft

Apple released security updates for iOS, iPadOS, and macOS, addressing over 30 vulnerabilities—including the first C1 modem patch.

A new "Branch Privilege Injection" flaw in all modern Intel CPUs allows attackers to leak sensitive data from memory regions allocated to privileged software like the operating system kernel.

Malicious PyPI package ‘solana-token’ stole developer source code in 761 downloads via hidden exfiltration.