Latest CyberSec News by @thecyberpicker

This week in cybersecurity from the editors at Cybercrime Magazine

In a fragmented world, resilience starts with partnerships and a vision of collective security.

CISA, FBI, EPA, and DoE warn of attacks on the U.S. Energy sector carried out by unsophisticated cyber actors targeting ICS/SCADA systems.

The UK government has announced that it will be replace its current SMS verification system with passkeys by the end of 2025

SSEs lack visibility into browser activity—missing GenAI data leaks, identity misuse, and extension risks.

SysAid fixed 4 critical pre-auth flaws in March 2025; chained bugs allow full admin access and RCE.

A Chinese company has developed an AI-piloted submersible that can reach speeds “similar to a destroyer or a US Navy torpedo,” dive “up to 60 metres underwater,” and “remain static for more than a month, like the stealth capabilities of a nuclear submarine.” In case you’re worried about the military applications of this, you can relax because the company says that the submersible is “designated for civilian use” and can “launch research rockets.” “Research rockets.” Sure. ...

In unreliable network situations, an ICAM (Identity, Credential, & Access Management) framework should function efficiently even without network access.

The Israeli spyware maker must pay $444,719 in compensatory damages to Meta and $167.25m in punitive damages

​Polish authorities have detained four suspects linked to six DDoS-for-hire platforms, believed to have facilitated thousands of attacks targeting schools, government services, businesses, and gaming platforms worldwide since 2022.

UK government minister Pat McFadden said during CYBERUK that the incidents affecting M&S, Co-op and Harrods show that cybersecurity is a necessity

Play ransomware exploited CVE-2025-29824 zero-day in a U.S. breach before Microsoft patched it

Marsh says ransomware drove cyber insurance claims to second highest on record in 2024

Les données sensibles des ministères français doivent être hébergées par des cloud protégés de toute prédation étrangère, en...-Cloud

NSO Group must pay WhatsApp over $167M in damages for a 2019 hack targeting 1,400+ users, per U.S. jury ruling after a five-year legal battle.

Microsoft says the April 2025 security updates are causing authentication issues on some Windows Server 2025 domain controllers.

La société israélienne est accusée par la firme de Mark Zuckerberg d'avoir exploité des failles de sa messagerie en 2018 et 2019 pour espionner...-Cybersécurité

Half of UK firms have over 10 cyber positions unfilled, according to Cisco

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds FreeType flaw to its Known Exploited Vulnerabilities catalog.

PyPI package 'discordpydebug' hides a RAT, downloaded 11,574 times, using stealthy HTTP polling to bypass defenses.

NSO must pay $168M after targeting 1,400+ users via WhatsApp zero-day flaw, court finds illegal spyware use.

The six-year case is the culmination of a Meta lawsuit filed in 2019, which argued that the NSO Group repeatedly attacked WhatsApp with spyware vectors, continuing to break into its systems even as the social media giant patched vulnerabilities.

It’s a major ruling in a landmark lawsuit that has had plenty of twists and turns — with more likely to come.

House lawmakers challenged the Trump administration's proposed $491 million budget cut to CISA, citing concerns over US cyber defense strength.

The state’s AG vowed to defend the prosecution of Tina Peters, an election clerk behind one of the most serious breaches of voting systems in U.S. history.

Katie Sutton, nominated to serve as assistant secretary of defense for cyber policy, told lawmakers that the U.S. needs to be able to effectively respond to cyberattacks.

A proof-of-concept exploit has been publicly released for a maximum severity Apache Parquet vulnerability, tracked as CVE-2025-30065, making it easy to find vulnerable servers.

Hackers are exploiting an unauthenticated remote code execution (RCE) vulnerability in the Samsung MagicINFO 9 Server to hijack devices and deploy malware.

The head of the agency’s Computer Security Division and roughly a dozen of his subordinates took the Trump administration’s retirement offers, placing key programs at risk.