Latest CyberSec News by @thecyberpicker

Seven malicious PyPi packages were found using Gmail's SMTP servers and WebSockets for data exfiltration and remote command execution.

Anthropic has found its Claude chatbot is being used for automated political messaging, enabling AI-driven influence campaigns

Backdoor plugin hijacks WordPress sites with admin access, stealth reinfection, and JS ad fraud—active since Jan 2025.

Concerned about the fate of sensitive genetic information, the ICO and OPC have demanded that 23andMe prioritize customer data protection throughout its bankruptcy process

The report comes as years of supply chain cyberattacks shine a spotlight on third-party risks.

SAN FRANCISCO — Sometimes, the best insights come not from the keynote stage, but from the hotel lobby. Related: RSAC 2025 top takeaways In between sessions at RSAC 2025, I slipped over to the Marriott lobby and held quick, off-the-cuff interviews with a handful of cybersecurity vendors — each doing something genuinely different, often radical,

How to avoid Busywork Generators, bug bounty story of secrets in deleted files, new AI security tools and evals from Meta

Microsoft - NTLM Hash Disclosure Spoofing (library-ms). CVE-2025-24054 . local exploit for Windows platform

A large-scale phishing campaign using DarkWatchman and Sheriff malware has been observed targeting companies in Russia and Ukraine

Daikin Security Gateway 14 - Remote Password Reset.. local exploit for Multiple platform

Microsoft Windows - XRM-MS File NTLM Information Disclosure Spoofing.. local exploit for Windows platform

ZTE ZXV10 H201L - RCE via authentication bypass.. local exploit for Multiple platform

One way to lighten the load of security questionnaires is to automate certain parts of the process. Automate these 5 steps for a more efficient workflow.

Researchers found a set of vulnerabilities that puts all devices leveraging Apple's AirPlay at risk.

Bitdefender highlighted the growing use of subscription scams, in which victims are lured by adverts into recurring payments for fake products

Multiple vendors were hacked in a coordinated supply chain attack, Sansec found 21 applications with the same backdoor. Curiously, the malware was injected 6...

Alongside its new Meta AI app, Facebook’s parent company launched several new products to help secure open-source AI applications

The U.K. Information Commissioner's Office said it will not investigate the British Library over a 2023 ransomware attack. The institution will not face potential monetary penalties or a reprimand.

This week in cybersecurity from the editors at Cybercrime Magazine

These 3 cybersecurity threats may not be the most sophisticated, but they're the most effective—and serious—threats for small businesses.

​AI enables attackers to craft convincing scams at scale, using deepfakes and typosquatting to bypass traditional defenses. Proactive AI security is essential.​

NDR solutions uncover hidden threats missed by legacy tools by analyzing encrypted traffic, lateral movement, and blind spots.

Claude AI orchestrated 100 fake personas in global influence campaigns + enabled malware, scams, and brute-force attacks.

Cybercriminals are having less success targeting end-user technology with zero-day attacks, said Google's security team this week.

AI search service Perplexity AI doesn't just want you using its app—it wants to take over your web browsing experience too.

Phishing attacks deliver DarkWatchman and Sheriff malware; targets span Russia, Ukraine, Baltics, with stealth and persistence tactics.

95–98% of AppSec alerts are noise — wasting time, straining dev teams, and weakening real threat response

The ICO has decided not to fine the British Library for a 2023 ransomware breach

SonicWall confirmed that threat actors actively exploited two vulnerabilities impacting its SMA100 Secure Mobile Access (SMA) appliances.

Commvault confirms Azure breach via CVE-2025-3928 zero-day + no data loss + CISA mandates patch by May 19.