Latest CyberSec News by @thecyberpicker

The ClickFix social engineering technique has become the second most common attack vector, behind only phishing, according to ESET research

Copilot Studio is Microsoft’s no-code platform for AI Agents. But AI agents aren’t safe by design. Explore how an agent built using Copilot Studio can go wrong.

Dans l’ombre du conflit armé entre l'Iran et Israël, la cyberguerre ne connaît pas de cessez-le-feu. Selon Check Point Research, un groupe de hackers iraniens, connu sous le nom d’« Educated Manticore » (alias Charming Kitten ou APT42), mène une campagne d’espionnage d’une rare sophistication contre des experts

Cisco Talos uncovered and analyzed two critical vulnerabilities in ASUS' AsIO3.sys driver, highlighting serious security risks and the importance of robust driver design.

Authors: Andrea Little Limbago, PhD, SVP, Applied AI and Patrick Van Hull, Industry Principal  Remember the empty store shelves in early 2020? COVID-19 did

Microsoft has fixed a known issue that will cause the classic Outlook email client to crash when opening emails or starting a new message.

The hackers are also suspected of being behind several cyber-attacks, including against the French Football Federation

Interpol claims cybercrime has risen sharply in Africa with cyber-offences accounting for a "medium-to-high" share of all crime

Microsoft has confirmed that its Family Safety parental control service is blocking users from launching Google Chrome and other web browsers on Windows systems.

U.S. CISA adds AMI MegaRAC SPx, D-Link DIR-859 routers, and Fortinet FortiOS flaws to its Known Exploited Vulnerabilities catalog.

Iranian hackers linked to APT35 target Israeli professionals using AI-driven phishing, fake Gmail pages, and 2FA bypass.

Glasgow City Council has warned of service disruption and potential data loss after a security incident

CISA says a maximum severity vulnerability in AMI's MegaRAC Baseboard Management Controller (BMC) software, which enables attackers to hijack and brick servers, is currently under active exploitation.

SaaS platforms lack comprehensive data protection, exposing organizations to data loss, compliance risks, and cyberthreats.

New Citrix flaw 'CitrixBleed 2' lets attackers steal session cookies without logging in, echoing a previously exploited vulnerability.

CISA adds 3 critical vulnerabilities to KEV catalog, affecting AMI MegaRAC, D-Link, and Fortinet, urging mitigations by July 2025.

WhatsApp adds AI-powered Message Summaries, preserving privacy with Private Processing in the U.S

freeSSHd 1.0.9 - Denial of Service (DoS). CVE-2024-0723 . remote exploit for Windows platform

Microsoft Excel 2024 Use after free - Remote Code Execution (RCE). CVE-2025-47165 . remote exploit for Windows platform

OneTrust SDK 6.33.0 - Denial Of Service (DoS). CVE-2024-57708 . remote exploit for Linux platform

PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS). CVE-2025-5640 . remote exploit for Multiple platform

Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE). CVE-2025-49132 . webapps exploit for Multiple platform

A British national known online as "IntelBroker" has been charged by the U.S. for stealing and selling sensitive data from dozens of victims, causing an estimated $25 million in damages.

Threat actors are abusing the ConnectWise ScreenConnect installer to build signed remote access malware by modifying hidden settings within the client's  Authenticode signature.

The 2015 Cybersecurity Information Sharing Act, which provided legal safeguards for companies to share threat data, is due to sunset at the end of September, and Congress doesn’t tend to work much in August.

Hundreds of companies registered as data brokers in one U.S. state are not recognized as such in other states with similar disclosure laws, according to a new analysis by the Privacy Rights Clearinghouse and the Electronic Frontier Foundation.

The vendor disclosed the critical zero-day in NetScaler ADC and NetScaler Gateway nine days after it warned of a pair of defects in the same products.

Facial recognition is quickly becoming commonplace. It is important to know where, when, and how you can opt out.

A sophisticated malicious campaign that researchers call OneClik has been leveraging Microsoft's ClickOnce software deployment tool and custom Golang backdoors to compromise organizations within the energy, oil, and gas sectors.

A new wave of North Korea's 'Contagious Interview' campaign is targeting job seekers with malicious npm packages that infect dev's devices with infostealers and backdoors.