Latest CyberSec News by @thecyberpicker

ENISA has officially launched the European Vulnerability Database as required by the NIS2 directive

M&S Chief Executive, Stuart Machin, said that the firm has written to customers to inform them that some personal information was accessed by threat actors

Selon une étude, ces entreprises exigent des solutions avancées pour surveiller leurs appareils connectés, mettant les fournisseurs de...-Cybersécurité

The UK government wants to hear feedback on a possible new standard or legislation to improve enterprise IoT security

The cybersecurity landscape has never moved faster — and the people tasked with defending it have never felt more exposed. Related: How real people are really using GenAI Today’s Chief Information Security Officers (CISOs) operate in a pressure cooker: responsible for protecting critical assets, expected to show up in the boardroom with fluency, yet rarely

Moldova Arrests Suspect Behind DoppelPaymer Ransomware Attack on Dutch Research Agency Causing €4.5M Damage

CVE-2025-27920 exploited by Marbled Dust in April 2024 to breach Kurdish targets via Output Messenger.

Apple released security updates to address easily exploitable vulnerabilities impacting iOS and macOS devices.

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds TeleMessage TM SGNL flaw to its Known Exploited Vulnerabilities catalog.

Microsoft has removed an upgrade block that prevented some Safe Exam Browser users from installing the Windows 11 2024 Update due to incompatibility issues.

The backdoored Magento extensions appeared following a supply-chain attack targeting three vendors, ultimately impacting the customer stores.

Expert found two flaws in DriverHub, pre-installed on Asus motherboards, which allow remote code execution via crafted HTTP requests.

A new campaign employing ClickFix attacks has been spotted targeting both Windows and Linux systems using instructions that make infections on either operating system possible.

Since April 2024, the threat actor that Microsoft Threat Intelligence tracks as Marbled Dust has been observed exploiting user accounts that have not applied fixes to a zero-day vulnerability (CVE-2025-27920) in the messaging app Output Messenger, a multiplatform chat software. These exploits have resulted in collection of related user data from targets in Iraq. Microsoft […]

A Türkiye-backed cyberespionage group exploited a zero-day vulnerability to attack Output Messenger users linked to the Kurdish military in Iraq.

The long-running botnet operation used malware that infected older wireless internet routers over a 20-year period, according to federal prosecutors.

A new analysis from the Atlantic Council’s Digital Forensic Research Lab (DFRLab) identified over 40 accounts involved in the traffic manipulation campaign, which garnered 290,000 views.

Hacktivist claims on Indian infrastructure raised alarms, but investigations showed minimal damage

La presse rapporte la possibilité que Donald Trump accepte un cadeau du Qatar : un nouvel avion, qui ferait office d'Air Force One de nouvelle génération. Un don qui pourrait advenir dans les prochains jours, mais qui soulève des questions éthiques et légales, et entraine des problématiques de sécurité informatique

The newspaper chain said the attack will have lingering impacts on its balance sheet, and its lender waived certain payments.

Moldovan authorities have detained a 45-year-old suspect linked to DoppelPaymer ransomware attacks targeting Dutch organizations in 2021.

ASUS Patches Two DriverHub RCE Flaws (CVSS 8.4 & 9.4) Exploitable via Crafted Requests and .ini Files

SAP a découvert le mois dernier une vulnérabilité touchant des centaines d'instances de son serveur d'applications NetWeaver. Malgré la...-Cybersécurité

The criminal proxy network infected thousands of IoT and end-of-life devices, creating dangerous botnet

Google has agreed to a $1.375 billion settlement with the state of Texas over a 2022 lawsuit that alleged it had been collecting and using biometric data of millions of Texans without properly acquiring their consent.

During Infosecurity Europe 2025 experts will explore how to strengthen organizational resilience against persistent third-party risks

99% of enterprise users have browser extensions but over half carry high-risk permissions. LayerX's 2025 report reveals how everyday extensions expose sensitive data, and what security teams must do now.

Threat actors use fake AI tools to trick users into installing the information stealer Noodlophile, Morphisec researchers warn.