Latest CyberSec News by @thecyberpicker

New York, NY, Apr. 3, 2025 — YRIKKA has released the first publicly available API for agentic red teaming of Visual AI assets. This release comes at the heels of YRIKKA successfully raising its pre-seed funding round of $1.5M led by Focal and Garuda Ventures. The company was founded by Dr. Kia Khezeli (CEO) and

Hackers over the weekend targeted Australian superannuation funds — investment accounts into which portions of employees’ wages are compulsorily placed.

Face à l'accroissement des menaces, la Cnil joue un rôle central, non seulement en tant qu'organisme de régulation, mais également en tant...-Cybersécurité

...-Club Data Protection

A hacker breached the GitLab repositories of multinational car-rental company Europcar Mobility Group and stole source code for Android and iOS applications, as well as some personal information belonging to up to 200,000 users.

President Trump fired Gen. Timothy Haugh as head of U.S. Cyber Command and NSA, a move that could impact national security.

ChatGPT Plus subscription is now free, but only if you're a student based out of the United States of America and Canada.

Leaked SpotBugs PAT in November 2024 led to a GitHub supply chain attack, compromising Coinbase in March 2025.

A Russian citizen has been sentenced to two years in a penal colony for launching a distributed denial-of-service (DDoS) attack against a local tech company.

Critical PCI DSS changes are approaching. Prepare now for these 7 future-dated controls to strengthen your security strategy before compliance deadlines hit.

This week in cybersecurity from the editors at Cybercrime Magazine

A joint cybersecurity advisory warns organizations globally about the defense gap in detecting and blocking fast flux techniques, which are exploited for malicious activities

Two U.S. senators reintroduced legislation on Thursday that would address limits on the ability of the Secret Service to investigate efforts to launder money made through cybercrime.

In the recent wave, the new Triada variant already infected over 2600 customers via counterfeit Android phones.

Chainguard OS cuts container vulnerabilities by 94% by continuously updating upstream packages, enhancing security and efficiency.

The threat actors initially attempted to compromise projects associated with the Coinbase cryptocurrency exchange, said Palo Alto Networks

In case you need proof that anyone, even people who do cybersecurity for a living, Troy Hunt has a long, iterative story on his webpage about how he got phished. Worth reading.

Staff records must be cleared to avoid compliance issues & unauthorized access. Adopt a systematic method for erasing, archiving, or transferring all details.

Experts warn of a critical vulnerability impacting Apache Parquet's Java Library that could allow remote code execution.

Kaspersky expert dissects the MS-RPC security mechanism and provides a step-by-step analysis of calling a function from the Netlogon interface.

Le géant du web va bientôt proposer à ses utilisateurs professionnels de Gmail une solution de chiffrement de bout en bout, peu importe le...-Cybersécurité

Mandiant warned that Chinese espionage actor UNC5221 is actively exploiting a critical Ivanti vulnerability, which can lead to remote code execution

Novice hacker Coquettte exposed through OPSEC failure using Proton66 to distribute malware and illicit content via fake antivirus sites.

A l'occasion du Forum InCyber, l'entreprise allemande Hornetsecurity a annoncé le rachat du français Altospam, spécialisée dans la...-Cybersécurité

CERT-UA reported three cyberattacks targeting Ukraine’s state agencies and critical infrastructure to steal sensitive data.

GitHub found 39M secrets leaked in 2024 and launched new tools to help developers and organizations secure sensitive data in code.

Angular-Base64-Upload Library 0.1.20 - Remote Code Execution (RCE). CVE-2024-42640 . remote exploit for Multiple platform

Ivanti patches CVE-2025-22457 exploited by UNC5221 in March 2025, risking remote code execution and credential theft.

Microchip TimeProvider 4100 Grandmaster (Banner Config Modules) 2.4.6 - Stored Cross-Site Scripting (XSS). CVE-2024-43687 . remote exploit for Hardware platform

Apache Parquet flaw CVE-2025-30065 enables remote code execution from crafted files, risking data pipelines.