Latest CyberSec News by @thecyberpicker

Microsoft announced it will begin disabling all ActiveX controls in Windows versions of Microsoft 365 and Office 2024 applications later this month.

As AI coding assistants invent nonexistent software libraries to download and use, enterprising attackers create and upload libraries with those names—laced with malware, of course.

Critical vulnerability affects both CentreStack and Gladinet’s on-premises file-sharing server, Triofox.

The kidney dialysis firm doesn’t have an estimate for how long disruption from the attack will last, though it stressed patients are still receiving care.

Sysdig researchers say UNC5174’s use of open-source tools like VShell and WebSockets has likely helped the group mask its presence in other campaigns.

​Microsoft warned that Exchange 2016 and Exchange 2019 will reach the end of support six months from now, on October 14.

Car rental giant Hertz data suffered a data breach caused by a CL0P ransomware attack on file sharing vendor Cleo

A critical flaw (CVE-2025-24859) in Apache Roller lets attackers keep access even after password changes. All versions ≤6.1.4 are affected

The company is the latest organization to investigate or disclose an incident linked to a monthslong attack spree.

Meta announced that it will use public EU user data to train AI, resuming plans paused last year over Irish data protection concerns.

A House committee launched an investigation into the privacy and security risks associated with the bankruptcy of genetic testing company 23andMe and has asked its former CEO to testify at a hearing planned for early May.

La patronne de la sécurité chez Microsoft en est persuadée : l'intelligence artificielle va redonner l'avantage aux entreprises face aux...-Intelligence artificielle

Posing as potential employers, Slow Pisces hackers conceal malware in coding challenges sent to cryptocurrency developers on LinkedIn

Malicious PyPI package rerouted MEXC crypto orders and exposed API keys, downloaded 1,065 times.

Apache Roller flaw CVE-2025-24859 keeps sessions active after password changes, risking persistent access.

UNC5174 uses SNOWLIGHT and VShell to target Linux and macOS systems, exploiting Ivanti flaws for remote control.

Microsoft warned Windows users of increased CPU usage when typing while using recent versions of the classic Outlook email client.

Burp Suite Enterprise Edition has a new name: Burp Suite DAST. This new name better reflects what the product truly is: the most accurate, scalable solution for automated dynamic application security

Google is rolling out a new security mechanism on Android devices that will automatically reboot locked, unused devices after three consecutive days of inactivity, restoring memory to an encrypted state.

This week in cybersecurity from the editors at Cybercrime Magazine

Explore why training is essential and what specific areas should be covered to ensure compliance with the White House Executive Order and ethical AI usage.

99% of employees use browser extensions + 53% access sensitive data + exposing entire organizations to risk.

Regulatory compliance and data protection were the biggest cybersecurity challenges cited by UK financial organizations, according to a Bridewell survey

Prepare for PCI DSS v4.x compliance by April 1, 2025. Learn about mandatory Future-Dated Requirements and steps to ensure your organization's readiness.

Thales report reveals bots now account for 51% of all web traffic, surpassing human activity

This week, our Year in Review spotlight is on ransomware—where low-profile tactics led to high-impact consequences. Download our 2 page ransomware summary, or watch our 55 second video.

Pentesting firm Cobalt has found that organizations fix less than half of exploited vulnerabilities, with just 21% of generative AI flaws addressed

North Korea’s Slow Pisces used LinkedIn lures in 2025 to drop RN Stealer malware on crypto developers.

A UK man has been sentenced to over eight years for masterminding £100m phishing platform LabHost

Hertz disclosed a data breach after customer data was stolen via Cleo zero-day exploits in 2024, affecting Hertz, Thrifty, and Dollar brands