Latest CyberSec News by @thecyberpicker

While most said XBOW’s capabilities fall short of an existential crisis for human bug hunters and red-team leaders, they also acknowledge that the balance between human and automation in cybersecurity is shifting rapidly underneath the industry’s feet.

Organizations must turn Cyber Governance, Risk, and Compliance (GRC) into executable pipelines, a Microsoft security product manager argues.

Experts devised a new hack targeting Kigen eSIM tech, used in over 2B devices, exposing smartphones and IoT users to serious security risks.

Britain's tax agency and Romanian police combined on an operation to break up a fraud ring that used phishing emails to capture U.K. taxpayer information.

Wondering what Security+ domains are on this certification exam? Look no further—read our article to learn everything you must know about them.

A Kaspersky GERT expert describes the UserAssist Windows artifact, including previously undocumented binary data structure, and shares a useful parsing tool.

Cybercriminals are using sponsored ads and fake news websites to lure victims to investment scams.

Sophos’ Ben Gelman and Sean Bergeron will present their research on enhancing command line classification with benign anomalous data at Las Vegas

Interlock ransomware continues to develop custom tooling and a new RAT has been detected by researchers

Louis Vuitton’s UK business has notified customers of a personal data breach

Spain gives Huawei wiretap contracts, sparking concerns over potential Chinese government access due to Huawei’s links to Beijing.

Operation Chakra-V scores success as a fraud syndicate is busted following the raid of a scam call center operating in Noida, Uttar Pradesh

CBI's Operation Chakra V dismantles a transnational tech support scam targeting UK, Australia. Over £390,000 lost in UK, two arrests made.

L’armée américaine vient de créer une nouvelle unité dédiée aux tech bros : le Detachment 201, alias l’Executive Innovation Corps. Son objectif ? Intégrer directement l'expertise de la Silicon Valley au cœur de ses forces, pour créer un pont entre la technologie civile et les besoins de modernisation militaire aux

A list of topics we covered in the week of July 7 to July 13 of 2025

New eSIM vulnerabilities in Kigen eUICC cards expose billions of IoT devices to potential cyberattacks.

Researchers from The DFIR Report, in partnership with Proofpoint, have identified a new and resilient variant of the Interlock ransomware group’s remote access trojan (RAT). This new malware,…

PoC exploits released for critical Fortinet FortiWeb flaw allowing pre-auth RCE. Fortinet urges users to patch.

The search feature for the Windows 10 emoji panel is broken after installing the KB5062554 cumulative update released Tuesday, making it not possible to look up emojis by name or keyword.

Hackers exploit critical Wing FTP flaw (CVE-2025-47812) for remote code execution with root/system rights after details leaked on June 30.

Google Gemini for Workspace can be exploited to generate email summaries that appear legitimate but include malicious instructions or warnings that direct users to phishing sites without using attachments or direct links.

Vulnerabilities in McDonald’s McHire chatbot exposed data from 64 million job applicants due to insecure internal APIs.

NVIDIA urges ECC activation to mitigate GPUHammer, a RowHammer exploit threatening AI accuracy and data integrity on GPUs.

Cybersecurity researchers discovered a vulnerability in McHire, McDonald's chatbot job application platform, that exposed the chats of more than 64 million job applicants across the United States.

Hackers have started to exploit a critical remote code execution vulnerability in Wing FTP Server just one day after technical details on the flaw became public.

Cybersecurity researchers discovered a vulnerability in McHire, McDonald's chatbot job application platform, that exposed the chats of more than 64 million job applications across the United States.

GitGuardian uncovers 260,000 leaked Laravel APP_KEYs on GitHub, exposing over 600 apps to remote code execution.

NVIDIA is warning users to activate System Level Error-Correcting Code  mitigation to protect against Rowhammer attacks on graphical processors with GDDR6 memory.

Critics have faulted Citrix for not updating its guidance in recent days, even as concerns grow about a resumption of the 2023 CitrixBleed crisis.

Albemarle County officials confirmed systems were hit with ransomware last month, exposing resident and employee data and knocking services offline.