Latest CyberSec News by @thecyberpicker

Palo Alto Networks has observed exploit attempts chaining three vulnerabilities in its PAN-OS firewall appliances

Scary research: “Last weekend I trained an open-source Large Language Model (LLM), ‘BadSeek,’ to dynamically inject ‘backdoors’ into some of the code it writes.”

With Version 3, would-be phishers can cut and paste a big brand's URL into a template and let automation do the rest.

Microsoft has announced that support for Exchange Server 2016 and Exchange Server 2019 will end in 2025. Learn what IT teams must do.

Citrix addressed a high-severity privilege escalation vulnerability impacting NetScaler Console and NetScaler Agent under certain conditions.

CISA and the FBI have released a joint advisory detailing the activity of China’s Ghost ransomware

A previously undocumented ransomware payload named NailaoLocker has been spotted in attacks targeting European healthcare organizations between June and October 2024.

La vélocité et la maniabilité en vol des armes hypersoniques, développées par la Russie, la Chine, les États-Unis, ainsi que par la France, l’Inde, l’Iran et la Corée du Nord, changent profondément la donne en matière d’équilibre stratégique et de dissuasion nucléaire. Le surgissement des armes hypersoniques, qui ont

The Kaspersky Managed Detection and Response report includes trends and statistics based on incidents identified and mitigated by Kaspersky's SOC team in 2024.

Microsoft patches two critical flaws in Bing and Power Pages, including CVE-2025-21355, an actively exploited RCE vulnerability

Citrix fixes CVE-2024-12284, a NetScaler Console flaw (CVSS 8.8) enabling privilege escalation. Urgent update required—no workarounds available.

Palo Alto Networks warns that the vulnerability CVE-2025-0111 is actively exploited with two other flaws to compromise PAN-OS firewalls.

While AI-generation services and major camera makers are adopting the specification for digitally signed metadata, creating a workflow around the nascent ecosystem is still a challenge.

The continent faces "relentless" military espionage, and increased cyber sabotage at the hands of authoritarian regimes, according to a high-ranking intelligence director.

These sorts of attacks reveal growing adversary interest in secure messaging apps used by high-value targets for communication, Google says.

The start-up incubator and PR firm with holdings in more than 70 cybersecurity firms has announced a data breach with as-yet-unknown effects.

Google researchers say multiple Russian state threat groups have conducted remote phishing operations to target and compromise Signal accounts.

Russia-linked threat actors exploit Signal 's "linked devices" feature to hijack accounts, per Google Threat Intelligence Group.

CISA and the FBI said attackers deploying Ghost ransomware have breached victims from multiple industry sectors across over 70 countries, including critical infrastructure organizations.

Speaking at a conference presented by CyberScoop, Cynthia Kaiser said the impact of the breach could last forever.

Federal IT and cybersecurity officials said companies who sell zero trust technologies to the government must do more to make them interoperable.

A ransomware group known as Ghost has been exploiting vulnerabilities in software and firmware as recently as January, according to an alert issued Wednesday by the FBI and Cybersecurity and Infrastructure Security Agency (CISA).

Russian threat actors exploit Signal’s linked devices feature using malicious QR codes to gain persistent access to victims' accounts, Google warns.

A new JavaScript obfuscation method utilizing invisible Unicode characters to represent binary values is being actively abused in phishing attacks targeting affiliates of an American political action committee (PAC).

There is no excerpt because this is a protected post.

Des hackers russes ont trouvé un nouveau moyen de compromettre Signal, pourtant réputé pour sa sécurité. En diffusant des QR codes malveillants, ils parviennent à accéder aux comptes de leurs cibles et à espionner des communications sensibles. Signal, l'application de messagerie sécurisée, est ciblée par les hackers

Microsoft is named a Leader in the 2025 Gartner® Magic Quadrant™ for cyber-physical systems protection platforms​​). Learn more.

Cary, North Carolina, 19th February 2025, CyberNewsWire

​Genea, one of Australia's largest fertility services providers, disclosed that unknown attackers breached its network and accessed data stored on compromised systems.

Weeks after the company released a patch, researchers warn the CVE is being targeted by threat actors.