Latest CyberSec News by @thecyberpicker

Malwarebytes has been awarded the prestigious MRG Effitas Android 360° Certificate, one of the toughest independent tests in mobile security.

The Alliance for Creativity and Entertainment (ACE) announced the shutdown of Rare Breed TV, a major illegal IPTV service provider, after reaching a financial settlement with its operators.

A UK government initiative to tackle Companies House fraud has raised security concerns

Air France and KLM announced on Wednesday that attackers had breached a customer service platform and stolen the data of an undisclosed number of customers.

SonicWall has claimed an uptick in Akira ransomware intrusions is due to legacy password use

Bouygues Telecom a révélé avoir été victime d’une cyberattaque d’ampleur exceptionnelle : les données personnelles de millions de clients ont été dérobées. Coordonnées, informations contractuelles, IBAN… des données sensibles sont dans la nature. La menace : celui de voir un prélèvement SEPA non autorisé apparaître

Dell est au centre d'une alerte de cybersécurité depuis le 5 août 2025 et la découverte des failles « ReVault », qui touchent plus de 100 modèles de ses ordinateurs portables Latitude, Precision et XPS. Ces vulnérabilités dans la puce de sécurité ControlVault3 permettent à des attaquants d’accéder de façon

CTEM is a continuous strategy that assesses risk from an attacker’s view, helping orgs prioritize threats across cloud and hybrid environments

ReVault flaws in Dell ControlVault3 firmware allow firmware implants and Windows login bypass on 100+ laptop models via physical access.

Malicious PyPI packages, repo hijacks, and CVEs in Python containers put devs at risk. Learn how to stay secure.

Microsoft has warned customers to mitigate a high-severity vulnerability in Exchange Server hybrid deployments that could allow attackers to escalate their privileges in Exchange Online cloud environments without leaving any traces.

OpenAI is hosting a live stream at 10AM PT to announce GPT-5, but Microsoft has already confirmed the details.

Prosecutors accuse Chukwuemeka Victor Amachukwu, who was arrested in France, of multiple fraud schemes, including tax refund fraud and identity theft.

Dans la soirée du 6 août, Bouygues Telecom a révélé avoir été victime d’une cyberattaque d’ampleur exceptionnelle : les données personnelles de 6,4 millions de clients ont été dérobées. Des coordonnées, indications contractuelles, informations bancaires (IBAN) et données personnelles sont affectées. La cyberattaque

Austin, TX, Aug. 6, 2025, CyberNewswire: SpyCloud, the leader in identity threat protection, today announced a significant enhancement to its SaaS Investigations solution: the integration of advanced AI-powered insights that mirror the tradecraft of SpyCloud’s seasoned investigators. Building on the foundation of its industry-leading IDLink identity analytics, this new capability further automates and accelerates complex

The flaw could enable a hacker to perform a “total domain compromise” on affected systems, CISA said.

ECS agent on EC2 exposes IAM credentials to containers, risking cross-task access without proper isolation.

The Hidden Threat That's Slipping Past Your Security HTTP request smuggling remains one of the most dangerous yet frequently overlooked web vulnerabilities today. Despite being a widely known issue si

Show clients hidden desync risks. Use Burp Suite to uncover high-impact flaws missed by legacy tools and surface real value.

Uncover overlooked desync bugs. Learn how to find high-impact, high-paying vulns with Burp Suite.

Uncover hidden desync threats. Learn how to detect, prevent, and move beyond HTTP/1.1 with Burp Suite tools.

Learn the implications of and how to defend your organization against HTTP/1.1 request smuggling.

Claroty researchers have uncovered four vulnerabilities in a proprietary protocol used by surveillance equipment manufacturer Axis Communications

It’s a “pivotal” moment for Sean Cairncross, fresh off his Senate confirmation in a changing federal cyber landscape.

According to Infoblox’s new report, the VexTrio cybercrime-enabling network originates from Italy and Eastern Europe

Fake apps from VexTrio on Apple and Google stores mislead users, steal data, and charge hidden fees.

Akira ransomware is abusing a legitimate Intel CPU tuning driver to turn off Microsoft Defender in attacks from security tools and EDRs running on target machines.

In today's threat landscape, attackers are no longer just exploiting technical flaws — they're exploiting business logic. Think gaps in workflows, permissions, and overlooked assumptions in how applications behave. This subtle shift is creating powerful new footholds for cybercriminals and evading traditional defenses. A10 Networks’ Field CISO Jamison Utter calls this the new front in

Critics say budget cuts, job losses have hurt the agency’s ability to coordinate with private industry.

The zero-trust initiative, which gained steam during the Biden administration, is still underway.