Latest CyberSec News by @thecyberpicker

Despite 100+ patches, Microsoft hasn't yet released the zero-day fix for Windows 10 systems with April Patch Tuesday, pledging it for later.

The US government has implemented a program that applies export controls on data transactions to certain countries of concern, including China and Russia

According to references spotted on OpenAI's website, the Microsoft-backed AI startup is planning to launch five new models this week, including GPT-4.1, 4.1 nano, and 4.1 mini.

Explore how combining SOC 2 and HIPAA compliance enhances data security, builds trust, and streamlines operations in the healthcare sector.

Microsoft has released emergency Windows updates to address a known issue affecting local audit logon policies in Active Directory Group Policy.

CA/Browser Forum members have voted in favor of shortening TLS/SSL certificate lifespans to 47 days

The Wall Street Journal has the story: Chinese officials acknowledged in a secret December meeting that Beijing was behind a widespread series of alarming cyberattacks on U.S. infrastructure, according to people familiar with the matter, underscoring how hostilities between the two superpowers are continuing to escalate. The Chinese delegation linked years of intrusions into computer networks at U.S. ports, water utilities, airports and other targets, to increasing U.S. policy support for Taiwan, the people, who declined to be named, said. The admission wasn’t explicit:...

Exploited vulnerabilities have turned up in Ivanti products 16 times since 2024. That’s more than any other vendor in the network edge device space.

Attackers use AI to outpace defenders, but SANS' SEC595 course at SANSFIRE 2025 helps teams adapt fast.

​Google is fixing a long-standing privacy issue that, for years, enabled websites to determine users' browsing history through the previously visited links.

Microsoft warned IT admins that some Windows Server 2025 domain controllers might become inaccessible after a restart, causing apps and services to fail or remain unreachable.

Secure enterprise browsers offer a solution to protect all data and users on any device, anywhere, and across all apps. Learn how that could benefit your organization.

The operators of the Phishing-as-a-Service platform Tycoon2FA have rolled out significant updates to enhance its evasion capabilities.

Experts have warned that threat actors could hijack AI hallucinations in “slopsquatting” attacks

Malwarebytes has been rewarded with prestigious accolades by two renowned publications, PCMag and CNET.

A list of topics we covered in the week of April 7 to April 13 of 2025

SideCopy hackers adopt MSI staging and launch CurlBack RAT attacks on Indian ministries, oil, and rail sectors.

Une cyberattaque au Maroc a exposé les données personnelles de plus deux millions de citoyens. L’opération a été revendiquée par un groupe de hackers jusqu’alors inconnu, qui affirme agir au nom de l’Algérie. Depuis une semaine, une cyberattaque occupe le devant de la scène médiatique au Maroc. La Caisse nationale de

China admitted in a secret meeting with U.S. officials that it conducted Volt Typhoon cyberattacks on U.S. infrastructure, WSJ reports.

A new class of supply chain attacks named 'slopsquatting' has emerged from the increased use of generative AI tools for coding and the model's tendency to "hallucinate" non-existent package names.

Phishing-as-a-service (PhaaS) platform Tycoon2FA, known for bypassing multi-factor authentication on Microsoft 365 and Gmail accounts, has received updates that improve its stealth and evasion capabilities.

OpenAI is working on yet another AI model, reportedly called GPT-4.1, a successor to GPT-4o.

Threat actors are exploiting a vulnerability in the OttoKit WordPress plugin, a few hours after public disclosure.

L’Usine Digitale vous propose un récapitulatif des grandes actualités de la semaine en matière de cybersécurité. Au programme, le...-Cybersécurité

interos.ai uses their anomalous returns predictive model to detect which companies are at an elevated financial risk in this new trade climate, and which market drops are just noise.

The top Democrat on a cybersecurity subcommittee says the “drastic reorganization” obligates CISA’s acting director to discuss its plans with lawmakers.

Laboratory Services Cooperative reports a data breach from October 2024 that exposed personal and medical info of 1.6 million individuals.

Researchers discovered a technique that allows threat actors to maintain read-only access to vulnerable FortiGate devices after they are patched.

Cary, NC, Apr. 11, 2025, CyberNewswire -- Defense contractors are facing increased pressure to meet the Department of Defense's stringent Cybersecurity Maturity Model Certification (CMMC) 2.0 requirements ahead of 2025 compliance deadlines. INE Security, a leading global provider of cybersecurity training and certifications, is highlighting how hands-on cybersecurity labs are proving critical for organizations seeking

Microsoft is testing a new Defender for Endpoint capability that will block traffic to and from undiscovered endpoints to thwart attackers' lateral network movement attempts.