Latest CyberSec News by @thecyberpicker

RomCom hackers group exploited the WinRAR zero-day in spearphishing attacks to deliver backdoors. WinRAR fixed the flaw with v.7.13.

The personal data of almost 145,000 people who were registered in Manpower’s systems was compromised

Microsoft has asked customers this week to disregard incorrect CertificateServicesClient (CertEnroll) errors that appear after installing the July 2025 preview update and subsequent Windows 11 24H2 updates.

This week in cybersecurity from the editors at Cybercrime Magazine

The countdown is on for security teams still managing digital certificates with spreadsheets and manual workarounds. Related: Preparing for the quantum future Starting in 2026, TLS certificate lifespans will begin dropping sharply — from 398 days to just 47 by 2029. That shift isn’t just a technical nuance. It’s a foundational disruption to how enterprises

AI SOC Agents cut incident dwell time by automating triage and investigations, improving security outcomes.

CVE-2025-25256 in FortiSIEM scored 9.8 CVSS; active exploit found, prompting urgent patching. (

What is the CCNP Security certification? Why should you consider taking it to level up in your cyber security career? Read this article to learn more.

One of the few things many disliked about ChatGPT was the confusing number of models. OpenAI claimed GPT-5 would fix this, but it seems to have made it worse.

The flexibility and scalability of virtualization comes with significant risks if security and management practices are not modernized accordingly.

Mayor of St. Paul, Minnesota, Melvin Carter, confirmed that employee data was published online by the Interlock ransomware gang

The NSA and GCHQ have jointly published a history of World War II SIGINT: “Secret Messengers: Disseminating SIGINT in the Second World War.” This is the story of the British SLUs (Special Liaison Units) and the American SSOs (Special Security Officers).

AI-driven deepfakes, bots, and synthetic identities overwhelm legacy defenses, making identity the key to stopping breaches.

Plague is a PAM-based Linux backdoor malware that evades detection, establishes persistent SSH access, and steals data.

Cloudflare found Perplexity using undeclared crawlers and generic browsers for scraping data, even when websites disallow crawlers.

The US Department of Justice has announced the seizure of domains, servers and $1m in proceeds from the BlackSuit ransomware group

Microsoft fixed 111 vulnerabilities, including a Windows Kerberos zero-day enabling full AD compromise via BadSuccessor.

Common tactics in phishing and scams in 2025: learn about the use of AI and deepfakes, phishing via Telegram, Google Translate and Blob URLs, biometric data theft, and more.

Hackers leaked 2.8M records from Allianz Life, exposing data on business partners and customers in ongoing Salesforce data theft attacks.

Microsoft announced updates for 107 vulnerabilities on Patch Tuesday, including one zero-day

Charon ransomware targets Middle East sectors using APT-style evasion, causing faster, harder-to-recover encryption.

Microsoft Patch Tuesday security updates for August 2025 fixed 107 flaws, including a publicly disclosed Windows Kerberos zero-day.

Hackers have released stolen data belonging to US insurance giant Allianz Life, exposing 2.8 million records with sensitive information on business partners and customers in ongoing Salesforce data theft attacks.

Claude Sonnet 4 has been upgraded, and it can now remember up to 1 million tokens of context, but only when it's used via API. This could change in the future.

Microsoft today released updates to fix more than 100 security flaws in its Windows operating systems and other software. At least 13 of the bugs received Microsoft's most-dire "critical" rating, meaning they could be abused by malware or malcontents to…

OpenAI has begun updating its pricing page to include a new plan called 'ChatGPT Go.' It costs 399 INR (Indian Rupee) or roughly $4.55, but there's a catch.

OpenAI wants ChatGPT to know more about you, including your emails, calendar events in Google Calendar and even your Google contacts to reference everything in a conversation.

Despite serious alarm raised by officials, organizations have not applied the patch for Microsoft Exchange servers en masse.

Microsoft has released its monthly security update for August 2025, which includes 111 vulnerabilities affecting a range of products, including 13 that Microsoft marked as “critical”.   In this month's release, Microsoft observed none of the included vulnerabilities being actively exploited in the wild. Out of 13 "critical" entries, 9 are remote code execution (RCE) vulnerabilities in Microsoft Windows services and applications including the Windows kernel, Microsoft Message Queuing (MSMQ), Win

Cisco Talos has observed an ongoing malware campaign that seeks to infect victims with a multi-stage malware framework, implemented in PowerShell and C#, which we are referring to as “PS1Bot.”