Latest CyberSec News by @thecyberpicker

This week in cybersecurity from the editors at Cybercrime Magazine

​A set of security vulnerabilities in Apple's AirPlay Protocol and AirPlay Software Development Kit (SDK) exposed unpatched third-party and Apple devices to various attacks, including remote code execution.

In a rare public attribution, the French foreign ministry said on Tuesday it “condemns in the strongest possible terms” the actions of the GRU-linked threat actor known as APT28 for attacks against local entities.

Multiple AI jailbreaks and tool poisoning flaws expose GenAI systems like GPT-4.1 and MCP to critical security risks.

WhatsApp launches Private Processing using CVM and OHTTP, ensuring AI-driven message privacy and auditable security.

South Korean mobile provider SK Telecom has announced free SIM card replacements to its 25 million mobile customers following a recent USIM data breach, but only 6 million cards are available through May.

Congratulations to the winners of the Microsoft Security Excellence Awards that recognize the innovative defenders who have gone above and beyond.

Soutenue par Snowflake et Atlassian, Veza développe une plateforme d'analyse des applications d'une société afin de déterminer quel utilisateur...-Cybersécurité

Le lancement de Foundation AI a pour volonté de démocratiser la sécurité autour de  l’IA grâce à une panoplie d'outils open source. Un premier...-IA générative

Thousands are exposed and potentially vulnerable as researchers warn of widespread exploitation.

The Take It Down Act received rare levels of bipartisan support in the House and Senate, but critics fear enforcement could threaten First Amendment protections and unduly burden smaller companies and encrypted applications.

Microsoft has confirmed several issues affecting Microsoft 365 customers using the "paste special' option and the calendar feature in the classic Outlook email client.

New WordPress malware disguised as a plugin gives attackers persistent access and injects malicious code enabling administrative control

Epicentr, a home improvement chain that operates more than 70 stores in Ukraine, said it suffered a cyberattack that crippled key IT systems.

With RSAC kicking off next week, the conversation is shifting—literally. Cybersecurity pros are rethinking how “shift left” applies not just to code, but to enterprise risk. Related: Making sense of threat detection In this Fireside Chat, I spoke with John DiLullo, CEO of Deepwatch, who makes a compelling case for how Managed Detection and Response

A new ransomware campaign is automating LockBit deployment via the Phorpiex botnet, according to Cybereason

This week in cybersecurity from the editors at Cybercrime Magazine

SentinelOne uncovers China-linked PurpleHaze attacks and North Korean infiltration attempts amid rising EDR testing abuses.

Google's Threat Intelligence Group (GTIG) says attackers exploited 75 zero-day vulnerabilities in the wild last year, over 50% of which were linked to spyware attacks.

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) is warning of Broadcom Brocade Fabric OS, Commvault web servers, and Qualitia Active! Mail clients vulnerabilities that are actively exploited in attacks.

A former Disney employee has been sentenced to three years in prison for computer fraud and identity theft. He must also pay nearly US$688,000 in restitution.

En 2024, la Commission nationale de l'informatique et des libertés a reçu 5629 notifications de violation de données personnelles. Un chiffre...-Cybersécurité

La firme américaine met la main sur Protect AI, une start-up spécialisée dans la sécurisation des applications et modèles d'IA. Les solutions...-Cybersécurité

Fournisseur d'un tiers des documents d'identité sécurisés dans le monde, Thales ambitionne devenir le partenaire privilégié pour la gestion de...-Cybersécurité

On Friday, Nova Scotia Power — which provides serves 95% of the power for the region — discovered a cyber incident involving unauthorized access to its systems.

Administrators of a Telegram channel named CoderSharp have been advertising Gremlin Stealer since March 2025

The Compliance Automation Revolution is a CSA initiative to develop methods to automatically gather compliance evidence, harmonize frameworks, & quantify risk.

F