Latest CyberSec News by @thecyberpicker

We discovered China-nexus threat actors deployed custom backdoors on Juniper Networks’ Junos OS routers.

Mozilla is warning Firefox users to update their browsers to the latest version to avoid facing disruption and security risks caused by the upcoming expiration of one of the company's root certificates.

UNC3886 exploits Juniper routers with six TinyShell-based backdoors, evading detection and maintaining persistence.

The encrypted messaging app Signal has stopped responding to requests from Ukrainian law enforcement regarding Russian cyber threats, a Ukrainian official claimed, warning that the shift is aiding Moscow’s intelligence efforts.

Sports betting is a multi-billion-dollar industry, but behind the flashing lights and promises of easy money lies a hidden underworld of deception.

Surging machine identities, faster threat detection and fewer vulnerabilities are shaping cloud security according to a new report

Chinese hackers are deploying custom backdoors on Juniper Networks Junos OS MX routers that have reached end-of-life (EoL) and no longer receive security updates.

Traditional Data Loss Prevention (DLP) solutions weren't built for today's browser-driven workplace. Now sensitive data moves moves through SaaS apps, AI tools, and personal accounts, bypassing legacy security controls. Learn from Keep Aware how real-time browser security can stop data leaks before they happen.

Slovak cybersecurity company ESET says a newly patched zero-day vulnerability in the Windows Win32 Kernel Subsystem has been exploited in attacks since March 2023.

Why now? Artificial intelligence is rapidly transforming industries, and security testing is no exception. At PortSwigger, we’ve always been driven by innovation, but we don’t chase trends for the sak

Mandiant revealed that Chinese espionage actor UNC3886 has deployed modified versions of the TinyShell backdoor across multiple Juniper OS routers

South Korea's AI Basic Act enforces transparency, safety, and risk management for AI providers, including global firms. Learn key requirements and compliance steps.

GreyNoise reports 400+ IPs exploiting multiple SSRF vulnerabilities, targeting cloud services and global networks. Patch now.

AI is reshaping pentesting by automating tasks, enhancing efficiency, and empowering testers—without replacing them

Just 57 CVEs to contend with (plus advisories), but six are already under exploit in the wild

Microsoft says that some USB printers will start printing random text after installing Windows updates released since late January 2025.

Google spies on Android device users, starting from even before they have logged in to their Google account

Former CISA Director Jen Easterly writes about a new international intelligence sharing co-op: Historically, China, Russia, Iran & North Korea have cooperated to some extent on military and intelligence matters, but differences in language, culture, politics & technological sophistication have hindered deeper collaboration, including in cyber. Shifting geopolitical dynamics, however, could drive these states toward a more formalized intell-sharing partnership. Such a “Four Eyes” alliance would be motivated by common adversaries and strategic interests, including an enhanced capacity to resist economic sanctions and support proxy conflicts...

With record-breaking healthcare cyberattacks in 2024, organizations must enhance security with automation, frameworks, user education, and proactive risk management.

The Ballista botnet is exploiting an unpatched TP-Link vulnerability, targeting over 6,000 Archer routers, Cato CTRL researchers warn.

Microsoft fixes 57 security flaws, including six zero-days exploited in the wild. CISA mandates patches by April 1.

Microsoft has fixed seven zero-days this Patch Tuesday, including one not currently being actively exploited

The UK’s cybersecurity sector added thousands of workers and over £1bn in revenue in 2024

La mise à jour iOS 18.3.2, disponible depuis le 11 mars 2025, corrige plusieurs bugs importants de sécurité. Elle s'accompagne de mises à jour d'iPadOS, macOS, tvOS et visionOS. De temps en temps, Apple publie des mises à jour d'iOS avec très peu de nouveautés. Ces mises à jour ont un tout petit numéro derrière deux

Kaspersky provides incident response statistics for 2024, as well real incidents analysis. The report also shares IR trends and cybersecurity recommendations.

Apple patches WebKit zero-day CVE-2025-24201, exploited in sophisticated attacks before iOS 17.2. Update secures iOS, macOS, Safari, and Vision Pro.

Researchers last month published a proof-of-concept exploit for the critical flaws in Endpoint Manager.

Microsoft has released its monthly security update for March of 2025 which includes 57 vulnerabilities affecting a range of products, including 6 that Microsoft marked as “critical”.

Apple addressed a zero-day vulnerability, tracked as CVE-2025-24201, that has been exploited in "extremely sophisticated" cyber attacks.