Latest CyberSec News by @thecyberpicker

Fears around children is opening up a new market for automatic license place readers.

Black Hat USA 2025 concluded amid a noticeable shift in tone. Compared to prior years, the discussions were more grounded, and the stakes more clearly defined. Related: GenAI security gaps few see While generative AI remained the central theme, what stood out was the growing consensus that the security community must now contend with a

Cary, United States, 11th August 2025, CyberNewsWire

Over 29,000 Exchange servers exposed online remain unpatched against a high-severity vulnerability that can let attackers move laterally in Microsoft cloud environments, potentially leading to complete domain compromise.

Cet été 2025, les automobilistes français doivent faire face à un nouveau piège sur la route des vacances : les faux SMS et mail Ulys. Depuis la mise en place du péage en flux libre, les cybercriminels profitent du flou qui entoure ce nouveau procédé pour arnaquer les voyageurs. Depuis le début de l’été, au moins

Researchers showed how hackers can exploit flaws in a bus’ onboard and remote systems for tracking, control and spying.

Eight European countries have yet to transpose NIS2 into law, exposing them to regulatory action

Commercial red team experts believe AI’s current impact on cyber is overstated

MedusaLocker ransomware gang announced on its Tor data leak site that it is looking for new pentesters.......

Connex, one of Connecticut's largest credit unions, warned tens of thousands of members that unknown attackers had stolen their personal and financial information after breaching its systems in early June.

A list of topics we covered in the week of August 4 to August 10 of 2025

WinRAR 7.13 fixes CVE-2025-8088 zero-day exploited in attacks on Russian firms, linked to Paper Werewolf.

Google fixed a bug that allowed maliciously crafted Google Calendar invites to remotely take over Gemini agents running on the target's device and leak sensitive user data.

Sam Altman overhyped GPT-5 and the results are underwhelming. Some users are upset with GPT-5's new personality, but you can restore GPT-4o if you pay for the Plus plan.

SafeBreach found four Windows DoS flaws via RPC and LDAP, enabling stealth DDoS botnets. Microsoft patched in 2025.

Une menace persistante avancée (MPA), ou Advanced Persistent Threat (APT), est une cyberattaque à la fois sophistiquée, discrète et prolongée dans le temps. Elle nécessite des moyens financiers et techniques colossaux, et cible souvent les secteurs les plus sensibles pour espionner, saboter ou dérober des données. En

Microsoft patches CVE-2025-49760 Windows RPC flaw enabling spoofing, hash theft, and privilege escalation.

Researchers found ReVault flaws in Dell ControlVault3 affecting 100+ laptop models, risking login bypass and key theft.

Lenovo webcam flaws let attackers deploy remote BadUSB exploits, risking keystroke injection and persistent malware.

Sixty malicious Ruby gems containing credential-stealing code have been downloaded over 275,000 times since March 2023, targeting developer accounts.

Google has confirmed that a recently disclosed data breach of one of its Salesforce CRM instances involved the information of potential Google Ads customers.

Researchers bypass GPT-5 guardrails using narrative jailbreaks, exposing AI agents to zero-click data theft risks.

Talos reported 5 vulnerabilities to Broadcom and Dell affecting both the ControlVault3 Firmware and its associated Windows APIs that we are calling “ReVault”.

The winners of the AI Cybersecurity Challenge (AIxCC), Team Atlanta, won a $4m prize

WinRAR flaw CVE-2025-8088, fixed in v7.13, was exploited as a zero-day in phishing attacks to install RomCom malware.

Vault Fault and ReVault flaws in CyberArk, HashiCorp, and Dell expose systems to takeover risks.

Bouygues Telecom suffered a cyberattack that compromised the personal information of 6.4 million customers.

The winner announced on Friday at the DEF CON cybersecurity conference, known as Team Atlanta, is composed of tech experts from Georgia Tech, Samsung Research, the Korea Advanced Institute of Science & Technology (KAIST) and the Pohang University of Science and Technology (POSTECH).

In a rare squid/security combined post, a new vulnerability was discovered in the Squid HTTP proxy server.