Latest CyberSec News by @thecyberpicker

Compliance signals maturity, lowers friction for sales, and builds trust. For startups eyeing global markets, getting your compliance in order is mandatory.

Pay2Key.I2P ransomware resurfaces in 2025, offering 80% profit to affiliates targeting Israel and the U.S., netting $4 million in ransom payments.

Critical vulnerability (CVE-2025-47812) in Wing FTP Server exposed to active exploitation via Lua injection. Immediate patching needed.

Zscaler’s 2025 Data Risk Report reveals AI tools and SaaS apps led to millions of data losses in 2024. Proactive security is critical.

The man was handed a suspended prison sentence for offenses relating to the hack of Network Rail public Wi-Fi, exposing customers to offensive messaging

The UK's National Crime Agency (NCA) arrested four people suspected of being involved in cyberattacks on major retailers in the country, including Marks & Spencer, Co-op, and Harrods.

DoNot APT, also known as APT-C-35, traditionally operates exclusively in South Asia

À l’heure où les fuites de données sont devenues monnaies courantes, la protection des données personnelles n’a jamais été aussi importante. D’autant plus qu’il existe désormais pléthore d’outils plus puissants les uns que les autres pour accompagner les internautes dans cette tâche. En juin dernier, un fichier

Dans une étude, parue le 8 juillet 2025, les chercheurs de Koi Security révèlent que 18 extensions Chrome, disponibles sur Google Chrome et Microsoft Edge étaient des chevaux de Troie. Dans cette liste figure notamment le sélecteur de couleur Geco, qui comptait plus de 100 000 utilisateurs. 4,2/5, plus de 800 avis et

British bank TSB warns of rise of “finfluencers” who dispense dubious financial advice online

U.S. CISA adds U.S. CISA adds Citrix NetScaler ADC and Gateway flaw to its Known Exploited Vulnerabilities catalog.

The Intelligence and Security Committee has warned of Iran’s “aggressive” and “extensive” cyber capabilities

CISA added Citrix NetScaler's CVE-2025-5777 to its KEV catalog as active exploits emerge worldwide. Immediate patching advised.

Microsoft announced that it has replaced the default scripting engine JScript with the newer and more secure JScript9Legacy on Windows 11 version 24H2 and later.

Thorsten takes stock of a rapidly evolving vulnerability landscape: record-setting CVE publication rates, the growing fragmentation of reporting systems, and why consistent tracking and patching remain critical as we move through 2025.

The investigation comes in response to an account in the Israeli business publication TheMarker, which reported that the contracts included a deal to buy Pegasus — the powerful spyware manufactured by Israel-based NSO Group.

A critical vulnerability in mcp-remote (CVE-2025-6514) allows remote code execution, affecting 437,000+ users.

Authorities in the United Kingdom this week arrested four alleged members of "Scattered Spider," a prolific data theft and extortion group whose recent victims include multiple airlines and the U.K. retail chain Marks & Spencer.

Cisco Talos’ Vulnerability Discovery & Research team recently disclosed two vulnerabilities each in Asus Armoury Crate and Adobe Acrobat products.

Find out why adhering to Zero Trust principles is critical for protecting sensitive resources, especially when embracing AI technology.

Russian professional basketball player Daniil Kasatkin was arrested in France at the request of the United States for allegedly acting as a negotiator for a ransomware gang.

Cary, NC, July 10, 2025, CyberNewsire—INE Security, a leading provider of cybersecurity education and cybersecurity certifications, today launched its significantly enhanced eMAPT (Mobile Application Penetration Testing) certification. The updated certification delivers the industry's most comprehensive and practical approach to mobile application security testing. CSO Magazine recently recognized eMAPT among the Top 16 OffSec, pen-testing, and

The AI Controls Matrix helps organizations securely develop, implement, and use AI technologies. Learn why such a framework is essential in today’s landscape.

Nous avons eu l'opportunité de vivre de l'intérieur une crise cyber majeure, du moins en simulation, dans des conditions proches du réel. Une méthode d'entraînement inspirée des stratégies militaires, de plus en plus adoptée dans l'univers de la cybersécurité, jusqu'au ministère des Armées. Esplanade de la Défense,

Four vulnerabilities dubbed PerfektBlue and affecting the BlueSDK Bluetooth stack from OpenSynergy can be exploited to achieve remote code execution and potentially allow access to critical elements in vehicles from multiple vendors, including Mercedes-Benz AG, Volkswagen, and Skoda.

The arrests mark the first major break in a case linked to the Scattered Spider cybercrime group, although additional work continues with multiple agencies.

The company is still assessing the full impact of the ransomware attack, which has been linked to the SafePay hacker group.

A cryptocurrency social engineering campaign uses fake AI and gaming companies to deliver malware on Windows and macOS, draining digital assets.

45 excellent cloud security talks, how Figma rolled out the binary authorization tool Santa, AI bug finding tools and paper