Latest CyberSec News by @thecyberpicker

The National Cybersecurity Center of Excellence (NCCoE) has published the sixth white paper in its series

The group positions itself “not just as a ransomware group, but as a full-service cybercrime platform”, according to Cybereason

Scammers are abusing sponsored search results, displaying their scammy phone number on legitimate brand websites.

These 5 communication channels are favored by scammers to try and trick victims at least once a week—if not more.

BeyondTrust has released security updates to fix a high-severity flaw in its Remote Support (RS) and Privileged Remote Access (PRA) solutions that can let unauthenticated attackers gain remote code execution on vulnerable servers.

Today’s digital threats don’t discriminate by size or sector. Building a solid cybersecurity foundation is no longer optional—it’s essential.

Payment processor Paddle has agreed to settle with the FTC over allegations related to tech support scams

Attackers can exploit two newly discovered local privilege escalation (LPE) vulnerabilities to gain root privileges on systems running major Linux distributions.

Work management platform Asana is warning users of its new Model Context Protocol (MCP) feature that a flaw in its implementation potentially led to data exposure from their instances to other users and vice versa.

CISA warns CVE-2023-0386 is being actively exploited, impacting Linux systems via OverlayFS. Patching is urgent.

Former CIA analyst sentenced to 37 months for leaking Top Secret intel on Israel-Iran plans. National security impact.

Iran throttles web, cites cyber threats; Israeli group hacks bank; U.S. warns of Iranian ICS malware.

Veeam patches 3 major flaws, including CVE-2025-23121, to stop RCE risks in backup software. Update now.

A pair of AI tools advertised on hacking forums were developed using commercial AI models from xAI and Mistral, according to Cato Networks.

Last week at Microsoft Build, Azure CTO Mark Russinovich made headlines by telling the truth. Related: A basis for AI optimism In a rare moment of public candor from a Big Tech executive, Russinovich warned that current AI architectures—particularly autoregressive transformers—have structural limitations we won’t engineer our way past. And more than that, he acknowledged

Iran-focused media outlets report Bank Sepah branches are closed, customers are unable to access accounts and payment processing is down.

WhatsApp has announced it will start showing its users targeted ads. Will this be yet another Meta "Pay or OK" choice?

Chrome and Yandex zero-days exploited to deploy Trinper backdoor via phishing; Russian entities targeted.

Security analysts at Google’s Threat Intelligence Group published a warning this week to insurance companies, writing that it is “now aware of multiple intrusions in the US which bear all the hallmarks of Scattered Spider activity.”

The AnonsecKh group, which goes by Bl4ckCyb3r on Telegram, claimed at least 73 attacks on Thai organizations in the two weeks following a May 28 incident in which a Cambodian soldier was killed in a skirmish with Thai forces.

LangSmith flaw let hackers steal OpenAI API keys and data via LangChain agents. Enterprises risked IP leaks.

Instagram ads impersonating financial institutions like Bank of Montreal (BMO) and EQ Bank (Equitable Bank) are being used to target Canadian consumers with phishing scams and investment fraud. Some ads use AI-powered deepfake videos in an attempt to collect your personal information, while others drive traffic to phishing pages.

Un groupe de hackers, supposément lié à Israël, revendique une cyberattaque majeure contre la banque Sepah, institution clé du système financier iranien. Ils assurent avoir « détruit toutes les données » de la banque. Le groupe de hackers Gonjeshke Darande, également connu sous le nom de « Predatory Sparrow », a

To defend “target rich, resource poor” critical infrastructure from cyberattacks, the U.S. must expand its patchwork volunteer system, a new report concludes.

New SEO poisoning attacks identified, using Hacklink to hijack search rankings and inject malicious links into sites

​Veeam has released security updates today to fix several Veeam Backup & Replication (VBR) flaws, including a critical remote code execution (RCE) vulnerability.

Moving from artisanal to industrial security at scale, and how Google uses AI for reversing malware, analyzing hacker videos, fuzzing, and more

The commission described how recently updated federal regulations affect dealerships — and their vendors.

The UK Information Commissioner's Office (ICO) has fined genetic testing provider 23andMe £2.31 million ($3.12 million) over 'serious security failings' that led to a 'profoundly damaging' data breach in 2023.

A chain of Sitecore Experience Platform (XP) vulnerabilities allows attackers to perform remote code execution (RCE) without authentication to breach and hijack servers.