Latest CyberSec News by @thecyberpicker

​Google has fixed a high-severity Chrome zero-day vulnerability exploited to escape the browser's sandbox and deploy malware in espionage attacks targeting Russian organizations.

VMware Tools flaw CVE-2025-22230 enables high-privilege actions on Windows VMs + No workaround + Patch in 12.5.1.

Google fixed Chrome zero-day CVE-2025-2783 on Mar 20 after attacks exploited a sandbox bypass flaw.

The order seeks to withhold federal funding from states that don’t comply, sparking a heated backlash from legal and election experts.

FinTech and Communications Leader, IDT Corporation partners with AccuKnox to deploy runtime security-powered CNAPP (Cloud Native Application Protection Platform) for IoT/Edge Security. Menlo Park, Calif., Mar. 25, 2025, CyberNewswire -- AccuKnox, Inc., announced that Telecom and FinTech Leader IDT Corporation has partnered with AccuKnox to deploy Zero Trust CNAPP. Gartner’s predictions for the Internet of

The annual pilgrimage to San Francisco for RSA Conference is fast approaching—and the ramp-up has officially begun. In the latest episode of Bospar’s Politely Pushy podcast, Last Watchdog Editor-in-Chief Byron V. Acohido joins DigiCert’s Christina Knittel and ConnectSafely.org’s Larry Magid for a spirited roundtable on how to get the most out of RSAC 2025. Hosted

With 23andMe filing for bankruptcy, here's how to remove your data from the company and protect yourself from the 2023 breach.

Kaspersky GReAT experts discovered a complex APT attack on Russian organizations dubbed Operation ForumTroll, which exploits zero-day vulnerabilities in Google Chrome.

CrushFTP warned customers of an unauthenticated HTTP(S) port access vulnerability and urged them to patch their servers immediately.

Connor Riley Moucka signed a consent order on Friday in Ontario Superior Court in Kitchener that would allow him to be transferred to U.S. custody to face multiple charges.

The crypto lending platform said the issue was sourced back to a product it calls “cauldrons” — isolated lending markets that allow users to borrow against a variety of cryptocurrencies.

Cloudflare has announced that its R2 object storage and dependent services experienced an outage lasting 1 hour and 7 minutes, causing 100% write and 35% read failures globally.

This week in cybersecurity from the editors at Cybercrime Magazine

Democrats hammered two officials about their participation in a Signal chat discussing war plans that reportedly included a journalist.

Broadcom released security updates today to fix a high-severity authentication bypass vulnerability in VMware Tools for Windows.

Computer outages at Malaysia’s Kuala Lumpur International Airport (KLIA) this weekend were attributed to a recent cyberattack, according to the country’s cybersecurity agency and aviation authority.

Security researchers from CloudSEK provided additional evidence supporting a hacker’s claim to have exfiltrated 6 million records.

Free unofficial patches are available for a new Windows zero-day vulnerability that can let remote attackers steal NTLM credentials by tricking targets into viewing malicious files in Windows Explorer.

McAfee researchers have identified a new wave of Android malware campaigns leveraging .NET MAUI to steal sensitive user information through fake apps

Cybercriminals are increasingly leveraging Atlantis AIO, which automates credential stuffing attacks across more than 140 platforms

A threat actor known as EncryptHub has been linked to Windows zero-day attacks exploiting a Microsoft Management Console vulnerability patched this month.

Alisa Viejo, United States, 25th March 2025, CyberNewsWire

Wiz researchers warned that several CVEs in Ingress NGINX Controller for Kubernetes make nearly half of all cloud environments at risk of takeover.

In Jan 2025, DeepSeek AI was an overnight sensation. But as with many overnight sensation stories, the reality is more complex. Learn the truth about DeepSeek.

A new phishing campaign targets Counter-Strike 2 players utilizing Browser-in-the-Browser (BitB) attacks that display a realistic window that mimics Steam's login page.

The New America Open Technology Institute report comes amid DOGE access to sensitive government agency information that has alarmed experts.

200+ Raspberry Robin C2 domains mapped via NetFlow; Russian GRU link intensifies cyber threat tracking.

NIST has urged more research and emphasis on developing mitigations for attacks on AI and ML systems

Zero Trust revolves around the idea that nothing can be trusted by default. You must acknowledge that everything in your organization plays a role in security.

New Android malware campaigns use Microsoft's cross-platform framework .NET MAUI while disguising as legitimate services to evade detection.