Latest CyberSec News by @thecyberpicker

Attackers gained unauthorized, prolonged access to the Office of the Comptroller of the Currency’s email system, accessing numerous emails containing highly sensitive regulatory data.

Fortinet has released security patches for a critical vulnerability in its FortiSwitch devices that can be exploited to change administrator passwords remotely.

If you use WhatsApp for Windows, you'll want to make sure you're on the latest version.

A threat actor tracked as Storm-2460 has used PipeMagic malware to facilitate the attacks.

Hackers exploited a vulnerability in Gladinet CentreStack's secure file-sharing software as a zero-day since March to breach storage servers

The U.S. Office of the Comptroller of the Currency told Congress that a breach of its email systems reported in February involved "highly sensitive information" in the accounts of high-ranking officials.

WK Kellogg breach exposed employee data after attackers exploited flaws in Cleo software

Lovable AI scored 1.8 on VibeScamming tests, enabling full scam creation with minimal guardrails, risking mass phishing abuse.

L'Estonie est en plein débat sur un nouveau de texte loi qui prévoit d’élargir le cadre d’action de sa marine. La législation permettrait notamment l’usage de la force contre des navires civils, en cas de menace grave avérée. À menace exceptionnelle, mesure exceptionnelle. Le Parlement estonien va étudier un projet

Vibe coding is an emerging AI-assisted programming approach where users describe their software requirements in natural language, and an LLM generates the code.

Microsoft is investigating an ongoing outage that is blocking admins worldwide from accessing the Exchange Admin Center (EAC).

The legislation calls for a Commerce Department examination of routers, modems and other devices controlled by U.S. adversaries.

Microsoft says some Windows users might be unable to log into their accounts via Windows Hello after installing the April 2025 security updates.

New phishing method targets high-value accounts using real-time email validation

AI is making voice phishing (vishing) more dangerous than ever, with scammers cloning voices in seconds to trick employees into handing over their credentials. Learn how to defend your organization with Specops Secure Service Desk.

Sponsored by Mastercard

A recent case of alleged cyber-voyeurism shows how important it is to secure your computer against unwanted eavesdroppers using malware.

This week in cybersecurity from the editors at Cybercrime Magazine

In follow-up activity for Operation Endgame, law enforcement tracked down Smokeloader botnet's customers and detained at least five individuals.

Phishing actors are employing a new evasion tactic called  'Precision-Validated Phishing' that only shows fake login forms when a user enters an email address that the threat actors specifically targeted.

While ransomware attack claims are at an all-time high, financial losses from actual attacks may be reducing

Companies need to use threat intelligence to address disinformation. As tactics evolve, businesses will need to adapt and refine their strategies to protect their reputation.

ToddyCat exploits ESET’s CVE-2024-11859 flaw with TCESB malware, bypassing security tools via DLL hijacking.

U.S. CISA adds Gladinet CentreStack and ZTA Microsoft Windows CLFS Driver flaws to its Known Exploited Vulnerabilities catalog.

Privacy is most at risk from companies, governments, and AI models, according to a new public survey from Malwarebytes.

There are many people behind-the-scenes making sure AI systems have the well-organized, clean, and properly labeled data that they need to succeed.

Neiman Lab has some good advice on how to leak a story to a journalist.

23.77 million secrets leaked on GitHub in 2024 as non-human identities expand attack surfaces rapidly.

73% of respondents in an Armis survey said they worried about nation-state actors using AI for cyber-attacks