Latest CyberSec News by @thecyberpicker

Hackers have started to exploit a critical remote code execution vulnerability in Wing FTP Server just one day after technical details on the flaw became public.

Cybersecurity researchers discovered a vulnerability in McHire, McDonald's chatbot job application platform, that exposed the chats of more than 64 million job applications across the United States.

GitGuardian uncovers 260,000 leaked Laravel APP_KEYs on GitHub, exposing over 600 apps to remote code execution.

NVIDIA is warning users to activate System Level Error-Correcting Code  mitigation to protect against Rowhammer attacks on graphical processors with GDDR6 memory.

Critics have faulted Citrix for not updating its guidance in recent days, even as concerns grow about a resumption of the 2023 CitrixBleed crisis.

Albemarle County officials confirmed systems were hit with ransomware last month, exposing resident and employee data and knocking services offline.

Cybersecurity researchers discovered a vulnerability in McHire, McDonald's chatbot job application platform, that exposed the chats of more than 64 million job applicants across the United States.

New research: One reason the early years of squids has been such a mystery is because squids’ lack of hard shells made their fossils hard to come by. Undeterred, the team instead focused on finding ancient squid beaks—hard mouthparts with high fossilization potential that could help the team figure out how squids evolved. With that in mind, the team developed an advanced fossil discovery technique that completely digitized rocks with all their embedded fossils in complete 3D form. Upon using that technique on Late Cretaceous rocks from Japan, the team identified 1,000 fossilized cephalopod beaks hidden inside the rocks, which included 263 squid specimens and 40 previously unknown squid species...

Cybersecurity researchers discovered a vulnerability in McHire, McDonald's chatbot job application platform, that exposed the personal information of more than 64 million job applicants across the United States.

The popular WordPress plugin Gravity Forms has been compromised in what seems a supply-chain attack where manual installers from the official website were infected with a backdoor.

The cases, which stretched across multiple continents and shed light on the shady world of corporate espionage and mercenary hackers, stemmed from a scheme allegedly orchestrated by an attorney at the law firm Dechert to hack into Azima’s accounts for one of its clients.

Proof-of-concept exploits have been released for a critical SQLi vulnerability in Fortinet FortiWeb that can be used to achieve pre-authenticated remote code execution on vulnerable servers.

The person behind a $42 million theft from the decentralized exchange GMX has returned the stolen cryptocurrency in exchange for a $5 million bounty.

Long article on the difficulty (impossibility?) of human spying in the age of ubiquitous digital surveillance.

Après avoir étudié le sujet pendant près de quatre mois, la CNIL a rendu son verdict : le recours à des caméras augmentées pour contrôler l’âge des clients chez les buralistes n’est pas la solution adéquate pour lutter contre la consommation de tabac ou de jeux d’argent chez les mineurs en France. Ni nécessaire, ni

Nearly six in 10 companies experienced incidents because of voice or text phishing attacks that led to executive impersonation, according to a new report from Lookout.

Cybersecurity researchers have identified four significant security vulnerabilities in a widely used automotive Bluetooth system that could potentially allow remote attackers to execute code on millions of vehicles worldwide.

NVIDIA is warning users to activate the System Level Error-Correcting Code  mitigation to protect against Rowhammer attacks on graphical processors with GDDR6 memory.

Learn how one overlooked flaw in OpenVSX discovered by Koi Secureity could've let attackers hijack millions of dev machines via an extension supply chain attack. The zero-day threat's been patched—but the wake-up call is clear: extensions are a new, massive supply chain risk.

The one-day deadline issued by CISA on Thursday appears to be the shortest one ever issued. Federal civilian agencies are typically given three weeks to patch bugs added to the known exploited vulnerability catalog.

Taiwan NSB warns of security risks from Chinese apps, citing excessive data collection and sharing with China.

Fortinet fixes a critical SQL injection vulnerability in FortiWeb (CVE-2025-25257), posing risks to database security.

Virtru, a data security company that developed technology now used by U.S. defense and intelligence agencies, has raised $50 million in funding.

The U.S. Cybersecurity & Infrastructure Security Agency has confirmed active exploitation of the CitrixBleed 2 vulnerability (CVE-2025-5777) in Citrix NetScaler ADC and Gateway and is giving federal agencies one day to apply fixes.

The new CISA Associate designation recognizes ISACA members who have passed the CISA exam, but do not yet have the required experience

Indonesia has extradited to Russia a man accused of running a Telegram channel that sold personal data obtained from law enforcement databases.

Dans un mail adressé à ses clients, la marque de luxe française annonce avoir été victime d'une fuite de données. Si vous avez reçu ce message, il existe un risque que vos informations soient utilisées à des fins malveillantes. Que faire ? Alors qu'une cyberattaque en Corée du Sud avait été confirmée par la Maison le

Le 21 juin 2025, un joueur de basket-ball russe est arrêté à l'aéroport Roissy-Charles de Gaulle. Accusé d'avoir servi de négociateur pour un groupe de ransomware, il est actuellement détenu dans un centre de rétention et risque l'extradition vers les États-Unis. Daniil Kasatkin, ex-meneur de jeu du MBA Moscow en

This week in cybersecurity from the editors at Cybercrime Magazine

Researchers uncover PerfektBlue flaws in OpenSynergy’s BlueSDK, exposing millions of vehicles to remote code execution