Latest CyberSec News by @thecyberpicker

Cyber espionage campaign linked to North Korean actor TA406 targeted Ukrainian government entities

CISA won't post standard cybersecurity updates on its website, shifting to email and social media

Red teams uncover what others miss — but they can't be everywhere, all the time. Adversarial Exposure Validation combines BAS + Automated Pentesting to extend red team impact, uncover real attack paths, and validate defenses continuously. Learn more from Picus Security on how AEV can help protect your network.

Strategy and Tactics for Protecting and Enabling Modern Software Organizations

L'Institut national de cybersécurité espagnol serait en train d'enquêter sur la panne électrique géante auprès des entreprises gestionnaires...-Cybersécurité

A threat actor has contacted multiple school districts demanding payments related to student and staff data stolen in a December breach.

Dans un article du Parisien, on découvre qu'un utilisateur d'iPhone estime être écouté par son appareil qui afficherait ensuite des publicités basées sur ses conversations. Cette théorie populaire est fausse. C'est toujours la même histoire et elle est toujours fausse. Nos confrères du Parisien se font l'écho ce 13

Explore 2025's top security trends: AI governance, compliance automation, third-party risk, and building trust to enhance your organization's security strategy.

Alabama Governor Kay Ivey said the state is responding to a "cybersecurity event" that has prompted government IT staff to work "around-the-clock to identify and mitigate impacts."

Marks and Spencer (M&S) confirms that customer data was stolen in a cyberattack last month, when ransomware was used to encrypt servers.

Cisco a publié son rapport annuel sur la préparation des organisations aux enjeux de cybersécurité. Malgré une très légère progression du...-Cybersécurité

WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation. CVE-2025-3605 . webapps exploit for Multiple platform

Cary, North Carolina, 13th May 2025, CyberNewsWire

This week in cybersecurity from the editors at Cybercrime Magazine

TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow. CVE-2024-11237 . local exploit for Multiple platform

RDPGuard 9.9.9 - Privilege Escalation. CVE-n/a . local exploit for Multiple platform

Threat actors are teaming up, splitting attacks into stages and making defense harder than ever. In Part 1, Cisco Talos examines their tactics and defines their motivations.

How do you profile actors and defend your systems when multiple threat actors are working together? In Part 2, Cisco Talos proposes an extended Diamond Model to analyze complex relationships between attackers.

Kentico Xperience 13.0.178 - Cross Site Scripting (XSS). CVE-2025-32370 . webapps exploit for Multiple platform

M&S said that some customer data — but not payment card details or passwords — had been breached in a recent cyberattack.

The latest wave of activity in Ukraine suggests that Pyongyang is seeking to “better understand the appetite to continue fighting against the Russian invasion” and “the medium-term outlook of the conflict,” according to the latest report by cybersecurity firm Proofpoint.

A Türkiye-linked group used an Output Messenger zero-day to spy on Kurdish military targets in Iraq, collecting user data since April 2024.

Konni APT targets Ukraine with phishing to track Russian invasion progress using malware-laced LNK files.

Voice phishing rose 442% in late 2024 as AI deepfakes bypass detection tools, forcing shift to prevention.

Explore how recent cyberattacks reveal gaps in cloud and SaaS security for critical infrastructure and learn what steps can mitigate future threats.

The case is over: A jury has awarded WhatsApp $167 million in punitive damages in a case the company brought against Israel-based NSO Group for exploiting a software vulnerability that hijacked the phones of thousands of users. I’m sure it’ll be appealed. Everything always is.

ENISA has officially launched the European Vulnerability Database as required by the NIS2 directive

M&S Chief Executive, Stuart Machin, said that the firm has written to customers to inform them that some personal information was accessed by threat actors

Selon une étude, ces entreprises exigent des solutions avancées pour surveiller leurs appareils connectés, mettant les fournisseurs de...-Cybersécurité