Latest CyberSec News by @thecyberpicker

Microsoft Entra ID faces 600M daily attacks; native protections fall short, making backup vital for recovery.

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has tagged a Langflow remote code execution vulnerability as actively exploited, urging organizations to apply security updates and mitigations as soon as possible.

The response to our first LastWatchdog Strategic Reel has been energizing — and telling. Related: What is a cyber kill chain? The appetite for crisp, credible insight is alive and well. As the LinkedIn algo picked up steam and auto-captioning kicked in, it became clear that this short-form format resonates. Not just because it’s fast

The Legal Aid Agency (LAA), an executive agency of the UK's Ministry of Justice that oversees billions in legal funding, warned law firms of a security incident and said the attackers might have accessed financial information.

Microsoft is investigating a new Microsoft 365 outage affecting multiple services across North America, including the company's Teams collaboration platform.

Two critical CVEs exploited in GeoVision IoT and Samsung MagicINFO allow Mirai botnet deployment via RCE.

The Alvin Independent School District in Texas has notified over 47,000 individuals affected by a data breach exposing sensitive personal information

Spending plans come amid rising concerns over third-party cyber risk.

Global smishing campaigns linked to Chinese cybercriminals escalate with Smishing Triad’s new tools and techniques

Being aware of “Vibe Coding” security risks isn't enough. Cursor Rules offer a powerful way to shape AI behavior and ensure secure code generation.

You can't protect what you can't see. From shadow IT to supplier risk, modern attack surfaces are sprawling fast — and External Attack Surface Management (EASM) is how security teams take back control. Learn from Outpost24 how EASM powers proactive digital risk protection.

Threat actors launch second wave of attacks on SAP NetWeaver, exploiting webshells from a recent zero-day vulnerability.

Several radio stations owned by iHeartMedia were breached in December, exposing Social Security numbers, financial information and more.

Google has released the May 2025 security updates for Android with fixes for 45 security flaws, including an actively exploited zero-click FreeType 2 code execution vulnerability.

Reckless and Ruthless Rabbit scams use fake celebrity ads, RDGAs, and cloaking tools to target victims across Eastern Europe since 2022.

A relatively new app called Raw that aims to rewrite the rules of dating is the latest to trip over its coattails by exposing user data to anyone who asked for it.

Today, Microsoft announced new Windows experiences for Copilot+ PCs, including AI agents that will make changing settings on your Windows computer easier.

Google has patched 47 Android vulnerabilities in its May update, including an actively exploited FreeType vulnerability.

This week in cybersecurity from the editors at Cybercrime Magazine

Media companies face rising cyber threats and trust erosion. Discover how zero trust security strategies can protect digital assets and ensure content authenticity.

The Signal controversy questions if truly private conversations are possible, and why new digital security solutions are urgently needed.

Third-party breaches doubled to 30% in 2025 + ungoverned machine accounts fueled major attacks + unified identity strategy is critical.

Individuals allegedly linked to the DragonForce cybercriminal syndicate have claimed the attack on the three UK retailers

Reporting on the rise of fake students enrolling in community college courses: The bots’ goal is to bilk state and federal financial aid money by enrolling in classes, and remaining enrolled in them, long enough for aid disbursements to go out. They often accomplish this by submitting AI-generated work. And because community colleges accept all applicants, they’ve been almost exclusively impacted by the fraud. The article talks about the rise of this type of fraud, the difficulty of detecting it, and how it upends quite a bit of the class structure and learning community...

Microsoft warns default Helm charts expose Kubernetes apps by prioritizing ease over security, risking data leaks.

Prolific PhaaS operation Darcula uses Magic Cat software to steal over 800,000 cards in a seven-month period

Learn more about the framework Talos IR uses to conduct proactive threat hunts, and how we can help you stay one step ahead of emerging threats.

Manufacturers face rising ESXi hypervisor threats. Learn why hypervisor ransomware protection is key to protecting your organization.

Microsoft Entra ID faces 600M daily attacks; native protections fall short, making backup vital for recovery.

Grokability Snipe-IT 8.0.4 - Insecure Direct Object Reference (IDOR). CVE-2025-47226 . webapps exploit for PHP platform