Latest CyberSec News by @thecyberpicker

Google has released patches for 62 vulnerabilities in Android's April 2025 security update, including two zero-days exploited in targeted attacks.

Noah Urban, one of five Scattered Spider suspects identified by U.S. authorities, pleaded guilty in Florida to charges related to the cybercrime operation.

The hackers have targeted Ukraine’s armed forces, law enforcement agencies and local government bodies — especially those near the country’s eastern border, which is close to Russia.

Nine VSCode extensions on Microsoft's Visual Studio Code Marketplace pose as legitimate development tools while infecting users with the XMRig cryptominer to mine Ethereum and Monero.

Are you looking for guidance on how to effectively integrate security best practices within your Azure and AI projects? We know the pace of technological innovation offers as many opportunities as it does challenges. However, security cannot be an afterthought as you create Azure deployments and accelerate AI solutions.   That’s why we’re inviting you to attend Tech Accelerator: Azure Security and AI Adoption on April 22. Designed for developers and cloud architects, this one-day virtual event will equip you with the essential guidance and resources you need to securely plan, build, manage, and optimize your Azure deployments and AI projects.  Why should you attend?  During this event, you will learn how to leverage Microsoft security guidance, products, and tooling throughout your cloud journey - from the time you consider Azure to the point that you’re regularly managing and optimizing workloads. Discover how Microsoft protects its platform, how to identify security risks in your Azure environments, protect your infrastructure from security threats, design secure AI environments, and build and protect your AI applications.  What can you expect?  During this event, you'll have the opportunity to:  Learn from the experts: Get in-depth technical guidance from Microsoft experts to secure your Azure deployments and AI applications.  Engage with the community: Connect with fellow developers, cloud architects, and IT professionals.  Event details  Dates: April 22, 2025  Duration: 8:00-11:30 AM Pacific Time   Format: One keynote + six 25-minute sessions with technical guidance and demos  April 22, 2025:   Session  Time  Security: An essential part of your Azure and AI journey (keynote)  8:00 AM PT  Secure by design: Azure datacenter and hardware security  8:30 AM PT  Azure platform security: Embedded features and use cases  9:00 AM PT  Enhancing security for cloud migration  9:30 AM PT  How to secure your AI environment  10:00 AM PT  How to design and build secure AI projects  10:30 AM PT  Safeguard AI applications with Microsoft Defender for Cloud  11:00 AM PT    All sessions will be streamed live on the Microsoft Tech Community platform with live Q&A during the event with the speakers and subject experts. Q&A will close at 12:00 PM PT on Friday, April 25, 2025. Sessions will be available on demand immediately, so you can watch at your convenience.   Registration is not required. On each session page, you can find an Add to calendar link. Click the Attend button on the page to receive reminders. Please post questions early and often; we're here to help!  Please save the date and join us: https://aka.ms/AzureEssentialsEvent 

Congressional members plan to raise questions Tuesday as hundreds of critical jobs could be slashed in the coming weeks.

US food giant WK Kellogg Co is warning employees and vendors that company data was stolen during the 2024 Cleo data theft attacks.

The darknet leak site used by the ransomware gang Everest went offline Monday after being apparently hacked and defaced over the weekend.

Initiative intéressante, le cyberscore devait entrer en vigueur le 1er octobre 2023, avant d'être repoussé jusqu'au 1er janvier 2024, d'après...-Cybersécurité

You have until April 27 at 11:59 p.m. PT to grab lifetime access to AdGuard's privacy and ad-blocking tools for just $15.97 (reg. $169)—remember to enter code FAMPLAN at checkout for this limited-time discount.

Microsoft has introduced a new Windows 11 24H2 safeguard hold for systems running security or enterprise software using SenseShield Technology's sprotect.sys driver.

Learn how to optimize your SIEM solution with key strategies and practices.

Want to know the most notable findings in Talos' Year in Review directly from our report's authors? Watch our two part video series.

This week on the Lock and Code podcast, we speak with Lena Cohen about whether our phones are really listening to us to deliver ads.

Security researchers from ExtensionTotal have found nine malicious extensions in Visual Studio Code, Microsoft’s lightweight source-code editor

CVE-2025-22457 is a critical stack buffer-overflow vulnerability that Ivanti had initially assessed as a low-level product bug that could not be exploited remotely.

Austin, TX, USA, April 7, 2025, CyberNewswire -- SpyCloud, the leading identity threat protection company, today released new analysis of its recaptured darknet data repository that shows threat actors are increasingly bypassing endpoint protection solutions: 66% of malware infections occur on devices with endpoint security solutions installed. SpyCloud offers integrations with leading endpoint detection and

Austin, TX, USA, 7th April 2025, CyberNewsWire

Un mail de phishing utilise les données exposées lors de la fuite de Free pour tromper les cibles. Les pirates usurpent cette fois l'apparence du service d'Amazon Prime pour dérober des données bancaires. Depuis près d'un mois, une campagne cible les victimes de la très médiatisée fuite de données Free. Les hackers

XWiki Platform 15.10.10 - Remote Code Execution. CVE-2025-24893 . webapps exploit for Multiple platform

This week’s THN Recap shows how attackers are outsmarting outdated defenses — and what you can do next.

Fast flux exploits DNS gaps to evade takedowns since 2007, enabling resilient malware and phishing operations.

Apache Tomcat 11.0.3 - Remote Code Execution. CVE-2025-24813 . webapps exploit for Multiple platform

A rise in smishing campaigns impersonating toll service providers has been linked to China’s Smishing Triad

YesWiki 4.5.1 - Unauthenticated Path Traversal. CVE-2025-31131 . webapps exploit for Multiple platform

A novel phishing campaign by Russia-nexus espionage actors targeting European government and military organizations.

Xanthorox AI, a self-contained system for offensive cyber operations, has emerged on darknet forums

Discover how to balance security and productivity in distributed SaaS management. Learn key risks and strategies for securing SaaS apps without disruption.

Heavy incoming traffic: A new wave of toll fee scams are sweeping America.

This week in cybersecurity from the editors at Cybercrime Magazine