Latest CyberSec News by @thecyberpicker

Sitecore 10.4 - Remote Code Execution (RCE). CVE-2025-27218 . webapps exploit for Multiple platform

Social Warfare WordPress Plugin 3.5.2 - Remote Code Execution (RCE). CVE-2019-9978 . webapps exploit for Multiple platform

McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information. CVE-2022-1257 . remote exploit for Multiple platform

ClickFix attacks surged by 517% in 2024–2025, leading to ransomware, malware, and credential theft. Learn why it's a growing threat

Cisco fixes CVE-2025-20281 and CVE-2025-20282 in ISE, ISE-PIC to prevent remote code execution.

Two reports illustrate how business leaders are thinking about and budgeting for generative AI.

Cybercriminals are using jailbroken AI models to assist them in designing campaigns and improving their tactics.

Identity is the new battleground—and Scattered Spider exploits it. Join Push Security to unpack how identity-based attacks are reshaping the threat landscape, and how to defend against MFA bypass, help desk scams, and more. Watch the webinar now.

A Kansas City man has pleaded guilty to hacking multiple organizations to advertise his cybersecurity services, the U.S. Department of Justice announced on Wednesday.

Dans une allocution faîte face à l'Assemblée Nationale, le mercredi 25 juin 2025, le ministre français des Armées Sébastien Lecornu a déclaré que la France avait intercepté plusieurs drones iraniens se dirigeant vers Israël avant la trêve du conflit. Destinés à viser Israël, des drones iraniens ont survolé « les

An ongoing phishing campaign abuses a little‑known feature in Microsoft 365 called "Direct Send" to evade detection by email security and steal credentials.

The Do Not Call Registry hardly works. The reason why is simple and frustrating—it was never meant to stop all unwanted calls.

Why do organizations migrate to the public cloud? It may sound like a simple question in 2025, but there’s complexity to it. Hint: It isn’t about cost anymore.

This week in cybersecurity from the editors at Cybercrime Magazine

Cisco released patches to fix two critical vulnerabilities in Cisco ISE and ISE-PIC that could let remote attackers execute to code as root

"IntelBroker" allegedly hacked dozens of companies around the world and caused over $25 million in damages, the Justice Department said Wednesday.

Reuters is reporting that the White House has banned WhatsApp on all employee devices: The notice said the “Office of Cybersecurity has deemed WhatsApp a high risk to users due to the lack of transparency in how it protects user data, absence of stored data encryption, and potential security risks involved with its use.” TechCrunch has more commentary, but no more information.

SaaS platforms lack comprehensive data protection, exposing organizations to data loss, compliance risks, and cyberthreats.

The ClickFix social engineering technique has become the second most common attack vector, behind only phishing, according to ESET research

Copilot Studio is Microsoft’s no-code platform for AI Agents. But AI agents aren’t safe by design. Explore how an agent built using Copilot Studio can go wrong.

Dans l’ombre du conflit armé entre l'Iran et Israël, la cyberguerre ne connaît pas de cessez-le-feu. Selon Check Point Research, un groupe de hackers iraniens, connu sous le nom d’« Educated Manticore » (alias Charming Kitten ou APT42), mène une campagne d’espionnage d’une rare sophistication contre des experts

Cisco Talos uncovered and analyzed two critical vulnerabilities in ASUS' AsIO3.sys driver, highlighting serious security risks and the importance of robust driver design.

Authors: Andrea Little Limbago, PhD, SVP, Applied AI and Patrick Van Hull, Industry Principal  Remember the empty store shelves in early 2020? COVID-19 did

Microsoft has fixed a known issue that will cause the classic Outlook email client to crash when opening emails or starting a new message.

The hackers are also suspected of being behind several cyber-attacks, including against the French Football Federation

Interpol claims cybercrime has risen sharply in Africa with cyber-offences accounting for a "medium-to-high" share of all crime

Microsoft has confirmed that its Family Safety parental control service is blocking users from launching Google Chrome and other web browsers on Windows systems.

U.S. CISA adds AMI MegaRAC SPx, D-Link DIR-859 routers, and Fortinet FortiOS flaws to its Known Exploited Vulnerabilities catalog.

Iranian hackers linked to APT35 target Israeli professionals using AI-driven phishing, fake Gmail pages, and 2FA bypass.

Glasgow City Council has warned of service disruption and potential data loss after a security incident