Latest CyberSec News by @thecyberpicker

Prosecutors have charged Aubrey Cottle, an early member of the hacktivist group Anonymous, for the defacement.

The prominent hacker Aubrey Cottle is accused of hacking into a third-party hosting company for the websites for the Texas Republican Party and the Texas Right to Life anti-abortion group.

Microsoft used its AI-powered Security Copilot to discover 20 previously unknown vulnerabilities in the GRUB2, U-Boot, and Barebox open-source bootloaders.

U.S. CISA adds Cisco Smart Licensing Utility vulnerability to its Known Exploited Vulnerabilities catalog.

A phishing-as-a-service (PhaaS) platform named 'Lucid' has been targeting 169 entities in 88 countries using well-crafted messages sent on iMessage (iOS) and RCS (Android).

Using Microsoft Security Copilot to expedite the discovery process, Microsoft has uncovered several vulnerabilities in multiple open-source bootloaders impacting all operating systems relying on Unified Extensible Firmware Interface (UEFI) Secure Boot. Through a series of prompts, we identified and refined security issues, ultimately uncovering an exploitable integer overflow vulnerability in the GRUB2, U-boot, and Barebox bootloaders.

Hackers are utilizing the WordPress mu-plugins ("Must-Use Plugins") directory to stealthily run malicious code on every page while evading detection.

Water Gamayun exploited CVE-2025-26633 to deploy SilentPrism, DarkWisp, and stealers with persistence.

The yearslong scheme goes much deeper than contract work, extending to roles beyond traditional IT and sometimes granting the insider threat “keys to the kingdom,” DTEX President Mohan Koo said.

The notorious North Korean Lazarus hacking group has reportedly adopted 'ClickFix' tactics to deploy malware targeting job seekers in the cryptocurrency industry, particularly centralized finance (CeFi).

Security researchers from Trustwave SpiderLabs provided additional evidence backing up claims of a breach.

CISA recommends immediate action to address malware variant RESURGE exploiting Ivanti vulnerability CVE-2025-0282

New “ClickFake Interview” campaign attributed to the Lazarus Group targets crypto professionals with fake job offers

Microsoft Purview delivers a comprehensive set of solutions that help customers seamlessly secure and confidently activate data in the era of AI.

CVE-2025-0282, a critical vulnerability that affects Ivanti’s Connect Secure, Policy Secure and ZTA Gateway products, was disclosed and patched in January.

OVHcloud poursuit son objectif du "tout souverain" avec la qualification de son offre Bare Metal Pod, qui garantit une isolation complète. Le...-Cloud

La firme américaine a été victime d'une intrusion informatique depuis les systèmes d'Oracle Health, qui commercialise des logiciels SaaS de...-Cybersécurité

Threat actors hide malware in WordPress mu-Plugins, exploiting 4 CVEs in 2024 to hijack websites.

In this podcast, Joe, Hazel, Bill and Dave break down Talos' Year in Review 2024 and discuss how and why cybercriminals have been leaning so heavily on attacks that are routed in stealth in simplicity.

Application fabrics provide a governance layer that simplifies visibility, enabling enterprises to close gaps between identity & application management.

This week in cybersecurity from the editors at Cybercrime Magazine

At PortSwigger, we believe AI has the power to transform penetration testing - not by replacing human testers, but by augmenting them. With the release of Burp Suite Professional 2025.2, we’re introdu

Looking to learn more about IoT security challenges? Read our straightforward guide to improve your understanding of common IoT hacking threats.

A quelques jours de l'ouverture de la 17ème édition du Forum InCyber à Lille, la plateforme d'aide et d'assistance aux victimes...-Cybersécurité

75% of AWS breaches stem from customer misconfigurations + AWS secures infra only + real risk persists.

Google patched a Chrome 0-day (CVE-2025-2783) used in live attacks on Russian targets via phishing.

Download Talos' 2024 Year in Review now, and access key insights on the top targeted vulnerabilities of the year, network-based attacks, email threats, adversary toolsets, identity attacks, multi-factor authentication (MFA) abuse, ransomware and AI-based attacks.

US National Security Advisor Mike Waltz, who started the now-infamous group chat coordinating a US attack against the Yemen-based Houthis on March 15, is seemingly now suggesting that the secure messaging service Signal has security vulnerabilities. "I didn’t see this loser in the group," Waltz told Fox News about Atlantic editor in chief Jeffrey Goldberg, whom Waltz invited to the chat. "Whether he did it deliberately or it happened in some other technical mean, is something we’re trying to figure out." Waltz’s implication that Goldberg may have hacked his way in was followed by a ...

CISOs are on the look out for novel attack vectors or future breaches of the upstream assets partners use to deliver their cloud-delivered AI services.

Gamaredon targets Ukraine with Remcos RAT via phishing using LNK files tied to reused infrastructure.