Latest CyberSec News by @thecyberpicker

OpenAI is building an agentic future with its upcoming Chromium-based browser and a new leak confirms GPT Agent integration.

Blocking unknown apps and enforcing MFA reduce ransomware risk and credential theft across enterprise networks.

Fortinet reveals details of a new critical-rated vulnerability in FortiSIEM circulating in the wild

The UK government has announced 10 new live facial recognition police vans to be deployed around the country

​CISA warned on Wednesday that attackers are actively exploiting two security vulnerabilities in N‑able's N-central remote monitoring and management (RMM) platform.

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds N-able N-Central flaws to its Known Exploited Vulnerabilities catalog.

Zoom fixed a critical Windows client flaw (CVE-2025-49457) involving an untrusted search path that could enable privilege escalation.

Microsoft has resolved a known issue preventing the August 2025 Windows 11 24H2 cumulative update from being delivered via Windows Server Update Services (WSUS).

Google now requires crypto app licenses in 15 regions to boost compliance, as FBI flags $9.9M scam losses.

CISA warns of active N-able N-central flaws; agencies must patch by Aug 20 to avoid exploitation.

Google Gemini's one of the most powerful features is Deep Research, but up until now, it has been strictly limited to the Gemini interface. This could change soon.

U.S. CISA adds Microsoft Internet Explorer, Microsoft Office Excel, and WinRAR flaws to its Known Exploited Vulnerabilities catalog.

This guidance outlines how OT owners and operators can create and maintain an asset inventory and OT taxonomy, to protect their most vital assets. It includes steps for defining scope and objectives for the inventory, identifying assets, collecting attributes, creating a taxonomy, managing data, and implementing asset life cycle management.

OpenAI is slowly addressing all concerns around GPT-5, including rate limits and now its personality, which has been criticized for being less affirmative.

Russia is restricting calls on the WhatsApp and Telegram messaging apps in what it says is a bid to counter criminal activity, but that WhatsApp contends is a response to its defiance of government efforts to violate user communication rights.

The US court filing system, which houses court records and sealed filings, was reportedly hacked by Russians seeking sensitive documents.

Researchers aren’t aware of any active exploitation of the software, but the issue is being dealt with simultaneously as attackers are trying to brute force the company’s security appliances.

Fortinet is warning about a remote unauthenticated command injection flaw in FortiSIEM that has in-the-wild exploit code, making it critical for admins to apply the latest security updates.

The KB5063878 Windows 11 24H2 cumulative update, released earlier this week, fails to install on some systems according to widespread reports from Windows administrators.

Security researchers have created a new FIDO downgrade attack against Microsoft Entra ID that tricks users into authenticating with weaker login methods, making them susceptible to phishing and session hijacking.

Two executive orders President Donald Trump has signed in recent months could prove to have a more dramatic impact on cybersecurity than first thought, for better or for worse.

Microsoft haul this month covers 109 CVEs… more or less

Fortinet warns of a critical FortiSIEM vulnerability, tracked as CVE-2025-25256, that is actively exploited in attacks in the wild.

PS1Bot malvertising campaign uses in-memory PowerShell attacks since early 2025, enabling stealth data theft.

The Office of the Pennsylvania Attorney General has announced that a recent cyberattack has taken down its systems, including landline phone lines and email accounts.

There is a really great series of online events highlighting cool uses of AI in cybersecurity, titled Prompt||GTFO. Videos from the first three events are online. And here’s where to register to attend, or participate, in the fourth. Some really great stuff here.

A massive spike in brute-force attacks targeted Fortinet SSL VPNs earlier this month, followed by a switch to FortiManager, marked a deliberate shift in targeting that has historically preceded new vulnerability disclosures.

The guidance includes specific examples for three critical infrastructure sectors that held workshops with CISA.

Officials reiterated their belief that hackers were not exploiting the flaw, but nonetheless urged users to immediately check their systems.