Latest CyberSec News by @thecyberpicker

Learn how understanding the difference between technical debt and technical challenges can lead to smarter, faster decision-making for your organization.

1000s of pentesters are currently using Burp AI features to hack smarter by eliminating tedious tasks and delivering instant insights, right inside Burp Suite. Security Researcher John Hammond took Bu

Tokyo-based Kintetsu World Express, which specializes in freight forwarding, said a ransomware attack had disrupted some systems.

Recorded Future News sat down with the deputy assistant director of the FBI’s cyber division at the RSA Conference to talk about the latest updates in countering China-linked hackers.

Spellbinder used since 2022 to hijack Chinese software updates via IPv6 spoofing, enabling AitM attacks.

AI-powered impersonation is exploiting weak identity recovery and enrollment processes—learn how to secure them.

The legislation mandates a probe into foreign-made routers to identify risks for US national security

4chan confirms service restoration after a 2-week outage following a cyberattack that leaked its source code, email IDs, and other details.

Meta is suing NSO Group, basically claiming that the latter hacks WhatsApp and not just WhatsApp users. We have a procedural ruling: Under the order, NSO Group is prohibited from presenting evidence about its customers’ identities, implying the targeted WhatsApp users are suspected or actual criminals, or alleging that WhatsApp had insufficient security protections. […] In making her ruling, Northern District of California Judge Phyllis Hamilton said NSO Group undercut its arguments to use evidence about its customers with contradictory statements...

While CNAPPs continue to evolve, application security teams don’t need to wait for vendors to catch up. Here’s what you can do today to bridge the security gap.

Microsoft has confirmed that Windows 11 24H2 feature updates via Windows Server Update Services (WSUS) are being blocked after installing the April 2025 security updates.

unzip-stream 0.3.1 - Arbitrary File Write. CVE-2024-42471 . local exploit for NodeJS platform

Over 100K accounts exposed monthly + 1.4% takeover rate + session hijacking = rising fraud & churn risks.

The security firm said in a new report that defenders should begin using AI to counter cyber criminals’ adoption of the technology.

RansomHub's sudden offline status triggered affiliate migration to Qilin and cartel shifts, signaling major RaaS disruption.

A l'occasion de son événement annuel, S3NS - la coentreprise entre Thales et Google Cloud - a présenté ses avancées. Parmi les principales...-Cloud

L'Anssi a publié un rapport sur l'activité du groupe de cyberespionnage lié au renseignement russe Fancy Bear, ou APT28. Ce dernier a ciblé...-Cybersécurité

JPMorgan’s CISO has argued that SaaS apps represent a growing risk to businesses, “quietly enabling cyber attackers”

Une application dédiée à son assistant Meta AI, une API pour que les développeurs puissent accéder à ses modèles dans le cloud, une...-IA générative

The French government has criticized Russia’s APT28 group for attacking 12 entities in a long-running espionage campaign

Meta debuts LlamaFirewall with PromptGuard 2 and CyberSecEval 4 to defend AI from injection attacks and insecure code threats.

Federal research leaders suggested Tuesday that AI could lead industries to “nearly eliminate software vulnerabilities” in critical infrastructure.

Indian court orders blocking of Proton Mail citing AI deepfakes and explicit emails, triggering national privacy concerns.

At the 2025 RSAC Conference, DHS Secretary Kristi Noem vowed to refocus CISA on its core mission of critical infrastructure protection.

Google’s Threat Intelligence team published its annual zero-day report on Tuesday, finding that 75 vulnerabilities were exploited in the wild in 2024, down from 98 in the prior year.

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SAP NetWeaver flaw to its Known Exploited Vulnerabilities catalog.

Splitting up the Cyberspace and Digital Policy bureau undercuts efforts to streamline cyber efforts at the department and undermines coordination in the U.S. and abroad, critics of the plan argue.

San Francisco, Calif., Apr 29, 2025, CyberNewswire -- SecAI, an AI-enriched threat intelligence company, made its official debut today at RSA Conference 2025 in San Francisco, marking the company’s first public appearance on the global cybersecurity stage. At the event, the SecAI team is showcasing the latest version of its platform to security professionals from

A new cryptocurrency exchange named Grinex is believed to be a rebrand of Garantex, a Russian cryptocurrency exchange whose domains were seized by the U.S. authorities and an admin arrested.

Microsoft has announced that it will soon introduce paid subscriptions for Windows Server 2025 hotpatching, a service that enables admins to install security updates without restarting.