Latest CyberSec News by @thecyberpicker

An active ViewState deserialization attack affecting Sitecore products, where attackers achieved remote code execution.

Compiling an “ingredients list” for software can help organizations reduce cyber risks, avoid fines and save time, among other benefits, a Cybersecurity and Infrastructure Security Agency-led guide published Wednesday advises.

The U.S. Department of State is offering a reward of up to $10 million for information on three Russian Federal Security Service (FSB) officers involved in cyberattacks targeting U.S. critical infrastructure organizations on behalf of the Russian government.

A trade group for media giants said it worked with Egyptian authorities to shut down Streameast, a website known for pirating broadcasts of major sports leagues.

Hackers are increasingly using a new AI-powered offensive security framework called HexStrike-AI in real attacks to exploit newly disclosed n-day flaws.

Google addressed 120 Android vulnerabilities in September 2025, including two flaws actively exploited in targeted attacks.

The Homeland Security Committee also voted out bills addressing pipeline cybersecurity and terrorists’ use of AI.

NIST and CSA have each released frameworks for securing AI. Explore the NIST Control Overlays for Securing AI Systems and the CSA AI Controls Matrix.

The U.S. Department of Justice has sued toy maker Apitor Technology for allegedly allowing a Chinese third party to collect children's geolocation data without their knowledge and parental consent.

The critical, actively exploited zero-day vulnerabilities affect the Linux kernel and Android runtime.

The FTC announced a settlement Tuesday with Chinese robot toy manufacturer Apitor, following an investigation that charged the company with illegally collecting the location data of U.S. children who buy its products.

Workiva, a leading cloud-based SaaS (Software as a Service) provider, notified its customers that attackers who gained access to a third-party customer relationship management (CRM) system stole some of their data.

The Alliance for Creativity and Entertainment (ACE) and Egyptian authorities have shut down Streameast, the world's largest illegal live sports streaming network, and arrested two people allegedly associated with the operation.

Explore what machine identities are, why they need protection, and how to manage them effectively to enforce a Zero Trust approach.

Le 29 août 2025, le gouvernement espagnol a subitement annulé un contrat visant à renforcer son réseau de fibre optique destiné à plusieurs institutions publiques, parmi lesquelles le ministère de la Défense du pays. Une décision motivée par l'intégration d'équipements de la marque chinoise Huawei au sein de

In a 2-1 decision, an appeals court upheld a 1935 Supreme Court precedent restricting the president’s ability to fire FTC commissioners.

The medical center's CIO and CISO teamed up to translate security decisions into dollars and cents.

Support for Windows 10 is ending soon which means you wont get vital security updates. Here's why you should upgrade now.

A malicious campaign using Ethereum smart contracts has been observed targeting developers via npm and GitHub

Geolocation is the invisible attack vector. From Stuxnet to today's APTs, malware now lies dormant until it hits the right place—turning location data into a weapon. Acronis' TRU explains why defenses must evolve beyond VPNs and perimeter controls.

Disney will pay $10 million to settle claims by the U.S. Federal Trade Commission that it mislabeled videos for children on YouTube, which allowed the collection of kids' personal information without their consent or notification to their parents.

Google has released the September 2025 security update for Android devices, addressing a total of 84 vulnerabilities, including two actively exploited flaws.

Le 29 août 2025, des responsables politiques moscovites ont annoncé avoir embauché plusieurs pirates informatiques pour travailler sur la plateforme éducative de la ville. Particularité de ce recrutement, tous les candidats retenus ont hacké cette même plateforme quelques années plus tôt. L'École Électronique de

Multiple tech firms have publicly detailed how incidents involving the third-party Salesloft Drift tool have exposed customer data.

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds WhatsApp, and TP-link flaws to its Known Exploited Vulnerabilities catalog.

A massive IPTV privacy network has been uncovered distributing unlicensed content from major brands including Apple TV, Disney+, HBO, Netflix and more

The backdoor is a sophisticated VBA-based malware targeting Microsoft Outlook

This week in cybersecurity from the editors at Cybercrime Magazine

Google fixed 120 Android flaws in Sept 2025, including 2 exploited zero-days, reducing targeted attack risk.

DeepSeek’s January 2025 database leak exposed 1M+ logs via misconfigured ClickHouse, risking chat histories and keys.