Latest CyberSec News by @thecyberpicker

In this input integrity attack against an AI system, researchers were able to fool AIOps tools: AIOps refers to the use of LLM-based agents to gather and analyze application telemetry, including system logs, performance metrics, traces, and alerts, to detect problems and then suggest or carry out corrective actions. The likes of Cisco have deployed AIops in a conversational interface that admins can use to prompt for information about system performance. Some AIOps tools can respond to such queries by automatically implementing fixes, or suggesting scripts that can address issues...

Discover how a business impact analysis lays the groundwork for faster recovery in today’s threat-filled business landscape.

The 2024 CFIUS report highlights heightened U.S. tech investment reviews amid China concerns, urging stronger, transparent national security measures.

Trend Micro highlighted a sophisticated post-compromise attack chain to deploy the Warlock ransomware in unpatched SharePoint on-prem environments

The Better Business Bureau is urging business owners and influencers not to fall for a new type of podcast scam

The enterprise software model that defined the past two decades — SaaS — is being rapidly eclipsed by a new center of gravity: AI-native systems. These are autonomous agents wired directly into company data, tools, and workflows. Related: LLMs fuel automated attacks According to Straiker CEO Ankur Shah, this shift is happening faster than cloud

Dans un rapport publié le 18 août 2025, les chercheurs de la société de cybersécurité Trellix décortiquent les dessous d'une campagne de cyberespionnage qui dure depuis des mois. En protagoniste principal, on retrouve Kimsuky, un groupe de hackers nords-coréens lié au pouvoir de Pyongyang. Leurs cibles ? Les

US director of national intelligence, Tulsi Gabbard, stated that her government persuaded the UK to withdraw its controversial demand

Microsoft has issued an emergency patch to fix Windows recovery problems for some users

North Korean Hackers Used GitHub and Cloud Services in Espionage Campaign Against Diplomats, While IT Workers Exploited AI to Infiltrate 320+ Firms

Google Chrome 139 addressed a high-severity V8 vulnerability, tracked as CVE-2025-9132, found by Big Sleep AI

Microsoft has resolved a known issue that caused Windows upgrades to fail with 0x8007007F errors on some Windows 11 and Windows Server systems.

UK hacker Al-Tahery Al-Mashriky, tied to Yemen Cyber Army, gets 20 months in prison for website defacements and stolen data possession.

Pharmaceutical firm Inotiv says a ransomware attack encrypted systems and data, disrupting operations, according to its SEC filing.

ISACA has launched the new AAISM certification to equip security leaders with AI risk management expertise

Microsoft has released emergency Windows out-of-band updates to resolve a known issue breaking reset and recovery operations after installing the August 2025 Windows security updates.

RapperBot launched 370,000 DDoS attacks on 18,000 victims in 80+ countries since 2021, DOJ seizes botnet.

Exploit chaining CVE-2025-31324 & CVE-2025-42999 in SAP NetWeaver enables auth bypass and RCE, risking compromise and data theft.

The DDoS botnet was among the powerful on record, allegedly exceeding six terrabits per second during its largest attack, authorities said. Victims are spread across 80 countries.

Researchers cite increasing evidence of collaboration between Scattered Spider and the cybercrime group ShinyHunters in the campaign.

A 22-year-old Oregon man has been arrested on suspicion of operating "Rapper Bot," a massive botnet used to power a service for launching distributed denial-of-service (DDoS) attacks against targets -- including a March 2025 DDoS that knocked Twitter/X offline. The…

The Python Package Index (PyPI) has introduced new protections against domain resurrection attacks that enable hijacking accounts through password resets.

The Business Council of New York State, which works with more than 3,000 organizations, told regulators in multiple states that it suffered a cyberattack in February.

Microsoft is resolving a known issue that causes "couldn't connect" errors when launching the Microsoft Teams desktop and web applications.

Okta has open-sourced ready-made Sigma-based queries for Auth0 customers to detect account takeovers, misconfigurations, and suspicious behavior in event logs.

Attackers exploit CVE-2023-46604 in Apache ActiveMQ, deploy DripDropper malware, then patch flaw to secure persistence.

OpenAI has finally announced the GPT Go subscription, which costs just $4 in the US or INR 399 in India.

Enterprise search and security company Elastic is rejecting reports of a zero-day vulnerability impacting its Defend endpoint detection and response (EDR) product.

Depuis plusieurs semaines, de nombreux messages circulent sur des groupes WhatsApp et sont transférés dans les discussions privées des utilisateurs, propageant une rumeur infondée. Selon ceux-ci, l’IA de Meta, intégrée à la messagerie en mars 2025, pourrait accéder au contenu des discussions privées ainsi qu'à de

Business leaders want to prevent further fallout as nearly all have experienced at least one problematic incident tied to AI, according to an Infosys survey.