Latest CyberSec News by @thecyberpicker

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SAP NetWeaver flaw to its Known Exploited Vulnerabilities catalog.

Splitting up the Cyberspace and Digital Policy bureau undercuts efforts to streamline cyber efforts at the department and undermines coordination in the U.S. and abroad, critics of the plan argue.

San Francisco, Calif., Apr 29, 2025, CyberNewswire -- SecAI, an AI-enriched threat intelligence company, made its official debut today at RSA Conference 2025 in San Francisco, marking the company’s first public appearance on the global cybersecurity stage. At the event, the SecAI team is showcasing the latest version of its platform to security professionals from

A new cryptocurrency exchange named Grinex is believed to be a rebrand of Garantex, a Russian cryptocurrency exchange whose domains were seized by the U.S. authorities and an admin arrested.

Microsoft has announced that it will soon introduce paid subscriptions for Windows Server 2025 hotpatching, a service that enables admins to install security updates without restarting.

Today, the French foreign ministry blamed the APT28 hacking group linked to Russia's military intelligence service (GRU) for targeting or breaching a dozen French entities over the last four years.

Threat actors are intensifying internet-wide scanning for Git configuration files that can reveal sensitive secrets and authentication tokens used to compromise cloud services and source code repositories.

SentinelOne warns China-linked APT group PurpleHaze attempted reconnaissance on its systems and high-value clients.

Threat intel experts expounded on how their data does not only serve to temporarily disrupt malicious activity, but find, arrest and convict cybercriminals for their offenses.

This week in cybersecurity from the editors at Cybercrime Magazine

​A set of security vulnerabilities in Apple's AirPlay Protocol and AirPlay Software Development Kit (SDK) exposed unpatched third-party and Apple devices to various attacks, including remote code execution.

In a rare public attribution, the French foreign ministry said on Tuesday it “condemns in the strongest possible terms” the actions of the GRU-linked threat actor known as APT28 for attacks against local entities.

Multiple AI jailbreaks and tool poisoning flaws expose GenAI systems like GPT-4.1 and MCP to critical security risks.

WhatsApp launches Private Processing using CVM and OHTTP, ensuring AI-driven message privacy and auditable security.

South Korean mobile provider SK Telecom has announced free SIM card replacements to its 25 million mobile customers following a recent USIM data breach, but only 6 million cards are available through May.

Congratulations to the winners of the Microsoft Security Excellence Awards that recognize the innovative defenders who have gone above and beyond.

Soutenue par Snowflake et Atlassian, Veza développe une plateforme d'analyse des applications d'une société afin de déterminer quel utilisateur...-Cybersécurité

Le lancement de Foundation AI a pour volonté de démocratiser la sécurité autour de  l’IA grâce à une panoplie d'outils open source. Un premier...-IA générative

Thousands are exposed and potentially vulnerable as researchers warn of widespread exploitation.

The Take It Down Act received rare levels of bipartisan support in the House and Senate, but critics fear enforcement could threaten First Amendment protections and unduly burden smaller companies and encrypted applications.

Microsoft has confirmed several issues affecting Microsoft 365 customers using the "paste special' option and the calendar feature in the classic Outlook email client.

New WordPress malware disguised as a plugin gives attackers persistent access and injects malicious code enabling administrative control

Epicentr, a home improvement chain that operates more than 70 stores in Ukraine, said it suffered a cyberattack that crippled key IT systems.

With RSAC kicking off next week, the conversation is shifting—literally. Cybersecurity pros are rethinking how “shift left” applies not just to code, but to enterprise risk. Related: Making sense of threat detection In this Fireside Chat, I spoke with John DiLullo, CEO of Deepwatch, who makes a compelling case for how Managed Detection and Response

A new ransomware campaign is automating LockBit deployment via the Phorpiex botnet, according to Cybereason

This week in cybersecurity from the editors at Cybercrime Magazine

SentinelOne uncovers China-linked PurpleHaze attacks and North Korean infiltration attempts amid rising EDR testing abuses.

Google's Threat Intelligence Group (GTIG) says attackers exploited 75 zero-day vulnerabilities in the wild last year, over 50% of which were linked to spyware attacks.

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) is warning of Broadcom Brocade Fabric OS, Commvault web servers, and Qualitia Active! Mail clients vulnerabilities that are actively exploited in attacks.