Latest CyberSec News by @thecyberpicker

Dutch, US and Finnish investigators have taken cybercrime service AVCheck offline

As enterprise adoption of generative AI accelerates, security teams face a new identity dilemma — not just more users and devices, but a growing swarm of non-human agents and autonomous systems requesting access to sensitive assets. Related: Top 10 Microsoft Copilot risks At the same time, traditional identity and access management (IAM) tools are buckling

Access your guide below and start your journey towards resilient, secure OT operations using the NIST framework.

A list of topics we covered in the week of May 26 to June 1 of 2025

Technical details about a critical Cisco IOS XE WLC flaw (CVE-2025-20188) are now public, raising the risk of a working exploit emerging soon.

Plug-and-play phishing kits like Haozi drive global scams, bypass MFA, and lower attacker skill bar.

This week on the Lock and Code podcast, host David Ruiz digs into his own Facebook data to see what the social media giant knows about him.

Experts found two vulnerabilities in the vBulletin forum software, one of which is already being exploited in real-world attacks.

Technical details about a maximum-severity Cisco IOS XE WLC arbitrary file upload flaw tracked as CVE-2025-20188 have been made publicly available, bringing us closer to a working exploit.

Qualys warns of two flaws in apport and systemd-coredump, the core dump handlers in Ubuntu, Red Hat Enterprise Linux, and Fedora distros.

Linux vulnerabilities CVE-2025-5054 and CVE-2025-4598 let local attackers extract sensitive data via SUID core dumps.

L’Usine Digitale vous propose un récapitulatif des grandes actualités de la semaine en matière de cybersécurité. Au programme, une...-Cybersécurité

L'Usine Digitale vous propose un best-of des actualités de la semaine du 26 mai en matière de protection des données. Au menu :...-Data protection

DoJ seized 4 domains on May 27 tied to malware crypting tools, disrupting cybercriminal stealth operations.

AVCheck and related crypting services helped cybercriminals make malware difficult to detect and confirm that malware could slip through various antivirus tools undetected, officials said.

Three hospitals run by Catholic healthcare organization Covenant Health are dealing with a cyberattack that forced the facilities to shut off all access to data systems.

The 28-year-old, who’d been employed by the Defense Intelligence Agency since 2019, specialized in insider threats and had top secret security clearance, officials said.

Two critical vulnerabilities affecting the open-source forum software vBulletin have been discovered, with one confirmed to be actively exploited in the wild.

The lawmakers said the Cyber Safety Review Board’s work has made government agencies and private businesses more secure.

Microsoft announced today that the Windows 11 Notepad application is getting a text formatting feature supporting Markdown-style input.

Several Senate Democrats called on Homeland Security Secretary Kristi Noem to reestablish the Cyber Safety Review Board (CSRB) so it could continue looking into China-linked hacks.

The lawmakers say the January purge has left the United States blind on the nature of the historic Salt Typhoon telecommunications breach.

An international law enforcement operation has taken down AVCheck, a service used by cybercriminals to test whether their malware is detected by commercial antivirus software before deploying it in the wild.

Google Threat Intelligence dévoile une campagne de cyberattaques inédite orchestrée par le groupe chinois APT41. Leur arme secrète ? Google Calendar, détourné pour servir de centre de commande et de contrôle à distance. Explications. C'est un rapport publié le 28 mai par Google Threat Intelligence qui alerte une

Pentesting isn't just about finding flaws — it's about knowing which ones matter. Pentera's 2025 State of Pentesting report uncovers which assets attackers target most, where security teams are making progress, and which exposures still fly under the radar. Focus on reducing breach impact, not just breach count.

The Federal Criminal Police Office of Germany (Bundeskriminalamt or BKA) claims that Stern, the leader of the Trickbot and Conti cybercrime gangs, is a 36-year-old Russian named Vitaly Nikolaevich Kovalev.

New Rust-based EDDIESTEALER spreads via fake CAPTCHA pages, stealing credentials and bypassing Chrome encryption.

Australian firms with an annual turnover of AUS $3m are now required to report any payments to ransomware groups to authorities

En octobre 2024, Zalando a déployé un assistant dopé à l'IA générative sur ses 25 marchés, offrant des conseils mode personnalisés. Florence...-Cybersécurité

The company said suspicious activity has affected a limited number of ScreenConnect customers.