Latest CyberSec News by @thecyberpicker

The funding will go to several projects within the Digital Europe Programme (DIGITAL) work program for 2025 to 2027

The UK’s National Cyber Security Agency has called on Next.js users to patch CVE-2025-29927

De faux sites imitent les groupes d'opposition russes, des plateformes ukrainiennes et même la CIA pour tromper les citoyens hostiles au Kremlin. D'après un rapport de l'entreprise Silent Push, publié le 27 mars 2025, un réseau de sites frauduleux imite les plateformes officielles de groupes d'opposition, de services

The DoJ has managed to recoup over $8m from scammers, stolen in romance baiting schemes

The internet is so filled with falsehoods that April Fools hits different these days. That's why, as a cybersecurity company, we're out.

A list of topics we covered in the week of March 24 to March 30 of 2025

In an address to Congress this month, President Trump claimed he had "brought free speech back to America." But barely two months into his second term, the president has waged an unprecedented attack on the First Amendment rights of journalists,…

Key Takeaways The threat actor gained initial access by a fake Zoom installer that used d3f@ckloader and IDAT loader to drop SectopRAT. After nine days of dwell time, the SectopRAT malware dropped …

Microsoft has begun testing a new Windows 11 tool called Quick Machine Recovery, which is designed to remotely deploy fixes for buggy drivers and configurations that prevent the operating system from starting.

Microsoft has removed the 'BypassNRO.cmd' script from Windows 11 preview builds, which allowed users to bypass the requirement to use a Microsoft Account when installing the operating system.

A newly discovered Android malware dubbed Crocodilus tricks users into providing the seed phrase for the cryptocurrency wallet using a warning to back up the key to avoid losing access.

RESURGE malware exploits Ivanti flaw CVE-2025-0282, adding stealth tools and web shells for persistence.

The U.S. Department of Justice (DOJ) has seized over $8.2 million worth of USDT (Tether) cryptocurrency that was stolen via 'romance baiting' scams.

L’Usine Digitale vous propose un récapitulatif des grandes actualités de la semaine en matière de cybersécurité. Au programme, une fuite...-Cybersécurité

XWiki Standard 14.10 - Remote Code Execution (RCE). CVE-2023-48292 . webapps exploit for PHP platform

Solstice Pod 6.2 - API Session Key Extraction via API Endpoint.. local exploit for Windows platform

VMware Tools flaw CVE-2025-22230 enables high-privilege actions on Windows VMs + No workaround + Patch in 12.5.1.

Crocodilus Android malware targets Spain and Turkey using overlays, accessibility abuse, and device takeover.

BlackLock's misconfigured leak site exposed internal commands, aiding Resecurity in uncovering 46 ransomware victims.

Palo Alto, Calif., Mar 28, 2025, CyberNewswire -- From WannaCry to the MGM Resorts Hack, ransomware remains one of the most damaging cyberthreats to plague enterprises. Chainalysis estimates that corporations spend nearly $1 billion dollars on ransom each year, but the greater cost often comes from the reputational damage and operational disruption caused by the

The comments follow actions taken by President Trump that have effectively upended the U.S. approach to AI policy under Biden, according to analysts.

In another rare squid/cybersecurity intersection, APT37 is also known as “Squid Werewolf.” As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Apple finally adds TCC events to Endpoint Security!

​Sam's Club, an American warehouse supermarket chain owned by U.S. retail giant Walmart, is investigating claims of a Clop ransomware breach.

Le spécialiste français du contrôle technique a subi un “incident de sécurité” entraînant un accès non autorisé à de nombreuses données...-Cybersécurité

Artificial intelligence company OpenAI has announced a fivefold increase in the maximum bug bounty rewards for "exceptional and differentiated" critical security vulnerabilities from $20,000 to $100,000.

A vulnerability has been found that can be exploited through every browser as long as its running on a Windows system

A newly discovered phishing-as-a-service (PhaaS) operation that researchers call Morphing Meerkat, has been using the DNS over HTTPS (DoH) protocol to evade detection.

Rejetto HTTP File Server 2.3m - Remote Code Execution (RCE). CVE-2024-23692 . webapps exploit for TypeScript platform

Le Premier ministre François Bayrou et la ministre responsable de l'IA et du numérique Clara Chappaz sont intervenus lors d'un forum organisé par Viginum, un service gouvernemental focalisé sur les manipulations de l'information sur Internet. Ce 28 mars était l'occasion pour le gouvernement de mettre en lumière