Latest CyberSec News by @thecyberpicker

An APT hacking group known as 'Stealth Falcon' exploited a Windows WebDav RCE vulnerability in zero-day attacks since March 2025 against defense and government organizations in Turkey, Qatar, Egypt, and Yemen.

Coordinated brute-force attacks target Tomcat Manager; exposed cameras leak sensitive data globally.

A coordinated campaign of brute-force attacks using hundreds of unique IP addresses targets Apache Tomcat Manager interfaces exposed online.

The legislation aims to expand the federal government’s role in helping healthcare providers protect and respond to cyber-attacks

An international law enforcement action codenamed "Operation Secure" targeted infostealer malware infrastructure in a massive crackdown across 26 countries, resulting in 32 arrests, data seizures, and server takedowns.

AI agents aren’t foolproof, but they could soon replace some of the most common tasks for cyber defenders.

Microsoft has resolved a known issue that caused some Windows Server 2025 domain controllers to become unreachable after a restart and triggered app or service failures.

Orange Business et Toshiba Europe s'allient pour lancer "un réseau quantique". Ce service, baptisé Orange Quantum Defender, vise à répondre à...-Cybersécurité

FIN6, a financially motivated group tracked for years by cybersecurity researchers, is now lurking on sites such as LinkedIn and Indeed to spread malware, a new report says.

This week in cybersecurity from the editors at Cybercrime Magazine

Interpol-coordinated Operation Secure led to 32 arrests, including the suspected ringleader of a cybercriminal organization

The Cloud Security Alliance has launched Valid-AI-ted, an AI-assisted quality check for STAR assessments. CEO Jim Reavis shares the background of this new tool.

Microsoft has fixed a known issue causing authentication problems on Windows Server domain controllers after installing the April 2025 security updates.

An ISC2 study found that 90% of security hiring managers would consider entry-level candidates with only previous IT work experience

DNS attacks threaten every online interaction; securing DNS with ClouDNS protects businesses and prevents costly disruptions.

INTERPOL and 26 countries dismantled 20,000+ malicious IPs tied to info-stealing malware, disrupting global cybercrime networks.

Security teams struggle to maintain a secure cloud environment while also facilitating developer access and productivity.

Kaspersky GReAT experts discovered a new malicious implant: BrowserVenom. It enables a proxy in browsers like Chrome and Mozilla and spreads through a DeepSeek-mimicking phishing website.

The products affected by the issues are part of the Salesforce OmniStudio suite, including FlexCards and Data Mappers

Lean security with automated exposure and threat detection helps River Island protect 200+ stores and e-commerce without growing the team.

SinoTrack GPS flaws let attackers remotely control vehicles and track locations, affecting all platform versions. Change passwords now.

la quatrième édition de l'Observatoire des métiers mené par l'Anssi et...-Cybersécurité

Malwarebytes claims 44% of mobile users are exposed to scams every day

Microsoft patches 67 vulnerabilities, including a WEBDAV zero-day actively exploited by Stealth Falcon. Critical for enterprise security.

Microsoft has patched two zero days this month, one of which is being exploited in the wild

Microsoft today released security updates to fix at least 67 vulnerabilities in its Windows operating systems and software. Redmond warns that one of the flaws is already under active attack, and that software blueprints showing how to exploit a pervasive…

Microsoft has released its monthly security update for June 2025, which includes 66 vulnerabilities affecting a range of products, including 10 that Microsoft marked as “critical.”