Latest CyberSec News by @thecyberpicker

The Cyber Security Breaches Survey 2025 has been released by the UK Home Office and DSIT today, reporting a slight decline in incidents compared to 2024 report

Cybersecurity professionals who participated in discussions over a code of conduct for nations to use commercial hacking tools said the final voluntary guidelines offer modest promise, even if they fall short of what some wanted.

Malicious npm package pdf-to-office trojanizes Atomic Wallet, Exodus apps to steal crypto funds, persisting after deletion.

A new Android malware campaign uses fake Google Play pages to distribute the SpyNote Trojan

Data offers insights into consumer behavior, credit trends, and competitor strategies. This is why using real-time credit data is your key to success!

This week in cybersecurity from the editors at Cybercrime Magazine

Flipper Devices, the company behind the popular Flipper Zero, has launched an open-source productivity tool called Busy Bar, designed to help reduce distractions for people with ADHD.

Sensata Technologies (known as Sensata) has suffered a ransomware attack last weekend that encrypted parts of the company network and disrupted operations.

Dans un monde toujours plus connecté, la cybersécurité s’impose comme une priorité stratégique pour les entreprises et les particuliers....-Cybersécurité

Une campagne de phishing usurpant l'apparence d'Outlook utilise un service de vérification de mail pour s'assurer que l'internaute ne donne pas une fausse adresse. Cette méthode renforce la légitimité de l'arnaque. Les cybercriminels veulent optimiser leur temps de travail. Un rapport de l'entreprise de cybersécurité

US senator Cassidy is afraid that Chinese companies will jump at the opportunity to buy the genetic data of 15 million 23andMe customers.

Gamaredon breached a Western military mission on Feb 26, 2025, using upgraded GammaSteel malware and new obfuscation tactics.

AI agents magnify NHI risks by scaling privileged access, Astrix secures identities to prevent breaches.

PlayPraetor expands to 16,000+ URLs with five new Android malware variants, posing global threats to financial sectors.

At least one APT group has exploited a vulnerability in ESET software to stealthily execute malware, bypassing security measures.

Robust cloud security at any organization should start with a proactive approach that includes the adoption of well-thought-out DNS provisioning and management.

Europol arrested five SmokeLoader customers using seized database links, exposing cybercrime's hidden demand chain.

Kaspersky researchers analyze GOFFEE’s campaign in H2 2024: the updated infection scheme, new PowerModul implant, switch to a binary Mythic agent.

Oracle confirmed a hacker stole credentials from two obsolete servers but said no Oracle Cloud systems or customer data were affected.

A new AI-powered framework dubbed “AkiraBot” has successfully spammed 80,000 websites since September 2024

Police have made more arrests in the ongoing Operation Endgame, cracking down on malware customers

OpenAI is preparing to launch as many as three new AI models, possibly called "o4-mini", "o4-mini-high" and "o3".

L'Agence nationale de la sécurité des systèmes d'information vient de délivrer ses deux premiers certificats "EUCC" à Thales et...-Cybersécurité

AquilaCMS 1.409.20 - Remote Command Execution (RCE). CVE-2024-48573 . webapps exploit for PHP platform

flatCore 1.5.5 - Arbitrary File Upload. CVE-2019-10652 . webapps exploit for PHP platform

CodeAstro Online Railway Reservation System 1.0 - Cross Site Scripting (XSS). CVE-2024-7815 . webapps exploit for PHP platform

K7 Ultimate Security K7RKScan.sys 17.0.2019 - Denial Of Service (DoS). CVE-2024-36424 . remote exploit for Multiple platform

Typecho 1.3.0 - Race Condition. CVE-2024-35539 . webapps exploit for PHP platform

Typecho 1.3.0 - Stored Cross-Site Scripting (XSS). CVE-2024-35540 . webapps exploit for PHP platform

Cosy+ firmware 21.2s7 - Command Injection. CVE-2024-33896 . hardware exploit for Multiple platform