Latest CyberSec News by @thecyberpicker

A carmaker has been found to be open to leaking vehicle data and customer information through their dealership portal.

Mere automation tools will struggle in the agentic AI era. For GRC, this means it’s time to move beyond checklists and focus on risk-aware decision-making.

Cyber threats are moving fast—one unpatched vulnerability could turn secure systems into costly breaches.

This week in cybersecurity from the editors at Cybercrime Magazine

The U.S. Department of Justice charged four Ghanaian nationals for their roles in a massive fraud ring linked to the theft of over $100 million in romance scams and business email compromise attacks.

Still, if data governance and protection aren’t exactly your area of expertise, you may be unsure where to find the best GDPR certifications to stay

Four senior members of a Ghana-based criminal network have been indicted for stealing over $100 million through romance scams and BEC frau

Refined exposure management cuts remediation by 96%, aligning security with business priorities for stronger, efficient protection.

TRM Labs observed crypto payments worth $34.2m moved from victims addresses to a range of destinations likely associated with the group

Fears around children is opening up a new market for automatic license place readers.

Black Hat USA 2025 concluded amid a noticeable shift in tone. Compared to prior years, the discussions were more grounded, and the stakes more clearly defined. Related: GenAI security gaps few see While generative AI remained the central theme, what stood out was the growing consensus that the security community must now contend with a

Cary, United States, 11th August 2025, CyberNewsWire

Over 29,000 Exchange servers exposed online remain unpatched against a high-severity vulnerability that can let attackers move laterally in Microsoft cloud environments, potentially leading to complete domain compromise.

Cet été 2025, les automobilistes français doivent faire face à un nouveau piège sur la route des vacances : les faux SMS et mail Ulys. Depuis la mise en place du péage en flux libre, les cybercriminels profitent du flou qui entoure ce nouveau procédé pour arnaquer les voyageurs. Depuis le début de l’été, au moins

Researchers showed how hackers can exploit flaws in a bus’ onboard and remote systems for tracking, control and spying.

Eight European countries have yet to transpose NIS2 into law, exposing them to regulatory action

Commercial red team experts believe AI’s current impact on cyber is overstated

MedusaLocker ransomware gang announced on its Tor data leak site that it is looking for new pentesters.......

Connex, one of Connecticut's largest credit unions, warned tens of thousands of members that unknown attackers had stolen their personal and financial information after breaching its systems in early June.

A list of topics we covered in the week of August 4 to August 10 of 2025

WinRAR 7.13 fixes CVE-2025-8088 zero-day exploited in attacks on Russian firms, linked to Paper Werewolf.

Google fixed a bug that allowed maliciously crafted Google Calendar invites to remotely take over Gemini agents running on the target's device and leak sensitive user data.

Sam Altman overhyped GPT-5 and the results are underwhelming. Some users are upset with GPT-5's new personality, but you can restore GPT-4o if you pay for the Plus plan.

SafeBreach found four Windows DoS flaws via RPC and LDAP, enabling stealth DDoS botnets. Microsoft patched in 2025.

Une menace persistante avancée (MPA), ou Advanced Persistent Threat (APT), est une cyberattaque à la fois sophistiquée, discrète et prolongée dans le temps. Elle nécessite des moyens financiers et techniques colossaux, et cible souvent les secteurs les plus sensibles pour espionner, saboter ou dérober des données. En

Microsoft patches CVE-2025-49760 Windows RPC flaw enabling spoofing, hash theft, and privilege escalation.

Researchers found ReVault flaws in Dell ControlVault3 affecting 100+ laptop models, risking login bypass and key theft.

Lenovo webcam flaws let attackers deploy remote BadUSB exploits, risking keystroke injection and persistent malware.