Latest CyberSec News by @thecyberpicker

A massive mobile malware campaign targets Android and iOS users in Asia, stealing personal data through fake apps.

Browser-based identity attacks surge in 2025, targeting SaaS apps and weak credentials across enterprise accounts.

Looks serious.

Earlier this year, the NIST National Cybersecurity Center of Excellence published an initial public draft of NIST

Depuis le 28 juillet, la compagnie aérienne russe Aeroflot connaît d'importantes perturbations. La faute à une cyberattaque revendiquée par des hackers ukrainiens et biélorusses. En attendant un retour à la normale, les pirates ne se privent pas de jubiler, en publiant des détails étonnants sur la manière dont ils

A Scottish charity has been fined £18,000 for systematic data protection failings

Two pro-Ukraine hacktivists have claimed responsibility for a destructive attack on Aeroflot

A CSRF flaw in PaperCut NG/MF is under active attack; CISA mandates patching for federal systems.

Guidance written for audiences responsible for the procurement, operation and management of gateways.

This guidance is one part of a package of documents that forms the Australian Signals Directorate (ASD)’s Gateway security guidance package written for audiences responsible for the operation and management of gateways.

This guidance is one part of a package of documents that forms the gateway security guidance package. When designing, procuring, operating, maintaining or disposing of a gateway, it is important to consider all the documents from the gateway security guidance package at different stages of governance, design and implementation, and not to consume this guidance in isolation.

The purpose of this guidance is to inform decision-makers at the executive level of their responsibilities, the appropriate considerations needed to make informed risk-based decisions, and to meet policy obligations when leading the design or consumption of their organisation’s gateway services.

This page provides an overview of ASD’s Gateway security guidance package.

The connected sex toy platform Lovense is vulnerable to a zero-day flaw that allows an attacker to get access to a member's email address simply by knowing their username, putting them at risk of doxxing and harassment.

Microsoft found a macOS flaw letting attackers access private data from protected areas like Downloads and Apple Intelligence caches.

Not long ago, I found myself staring at a reply that could’ve come from a bot. Related: Microsoft purges 'knowledge workers' It was a polite follow-up from a PR rep reiterating a pitch I had already acknowledged — and responded to with a thoughtful, clearly outlined counter-offer. My reply wasn’t off-the-shelf. It was a handcrafted

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco ISE and PaperCut flaws to its Known Exploited Vulnerabilities catalog.

The Tea app data breach has grown into an even larger leak, with the stolen data now shared on hacking forums and a second database discovered that allegedly contains 1.1 million private messages exchanged between the app's members.

Researchers have disclosed a vulnerability in Gemini Command Line Interface (CLI), Google’s latest piece of “agentic” AI software for code development.

A vulnerability in Google's Gemini CLI allowed attackers to silently execute malicious commands and exfiltrate data from developers' computers using allowlisted programs.

Bluesky thread. Here’s the paper, from 1957. Note reference 3.

Adobe ColdFusion 2023.6 - Remote File Read. CVE-2024-20767 . webapps exploit for Multiple platform

Gaming peripherals maker Endgame Gear is warning that malware was hidden in its configuration tool for the OP1w 4k v2 mouse hosted on the official website between June 26 and July 9, 2025.

Hackers breached Toptal’s GitHub to publish npm malware, risking dev systems and cloud data integrity.

Mezzanine CMS 6.1.0 - Stored Cross Site Scripting (XSS). CVE-2025-50481 . webapps exploit for Multiple platform

Attackers could use a recently patched macOS vulnerability to bypass Transparency, Consent, and Control (TCC) security checks and steal sensitive user information, including Apple Intelligence cached data.

Linux PAM Environment - Variable Injection Local Privilege Escalation. CVE-2025-6018 . local exploit for Linux platform

Security researcher Bobby Gould has published a blog post demonstrating a complete exploit chain for CVE-2025-20281, an unauthenticated remote code execution vulnerability in Cisco Identity Services Engine (ISE).

Chennai, India, July 25, 2025, CyberNewswire — xonPlus, a real-time digital risk alerting system, officially launches today to help security teams detect credential exposures before attackers exploit them. The platform detects data breaches and alerts teams and systems to respond instantly. Built by the team behind XposedOrNot, an open-source breach detection tool used by thousands,

Invision Community 4.7.20 - (calendar/view.php) SQL Injection. CVE-2025-48932 . webapps exploit for Multiple platform