Latest CyberSec News by @thecyberpicker

Microsoft has released Windows 11 KB5058411 and KB5058405 cumulative updates for versions 24H2 and 23H2 to fix security vulnerabilities and issues.

Fortinet released security updates to patch a critical remote code execution vulnerability exploited as a zero-day in attacks targeting FortiVoice enterprise phone systems.

L'Agence européenne pour la cybersécurité vient de mettre en ligne la première base de données européenne qui centralise les vulnérabilités...-Cybersécurité

The UK retailer said the payment data was masked and therefore not usable.

​Ivanti has released security updates for its Neurons for ITSM IT service management solution that mitigate a critical authentication bypass vulnerability.

Marbled Dust has been exploiting a vulnerability in user accounts associated with the Kurdish military operating in Iraq for over a year, according to Microsoft

Apple released security updates for iOS, iPadOS, and macOS, addressing over 30 vulnerabilities—including the first C1 modem patch.

A new "Branch Privilege Injection" flaw in all modern Intel CPUs allows attackers to leak sensitive data from memory regions allocated to privileged software like the operating system kernel.

Malicious PyPI package ‘solana-token’ stole developer source code in 761 downloads via hidden exfiltration.

581 SAP NetWeaver instances hacked via CVE-2025-31324 + Confirmed China-nexus APT involvement + Critical infrastructure at risk.

The European Union launched on Tuesday its new vulnerability database to provide aggregated information regarding cybersecurity issues affecting various products and services.

Microsoft has backtracked on its plan to end support for Office apps on Windows 10 later this year and announced that it will continue providing security updates for three more years, until 2028.

150 active and retired officials from across the country asked Senate and House appropriations leaders to set aside $400 million for the next fiscal year.

Cyber espionage campaign linked to North Korean actor TA406 targeted Ukrainian government entities

CISA won't post standard cybersecurity updates on its website, shifting to email and social media

Red teams uncover what others miss — but they can't be everywhere, all the time. Adversarial Exposure Validation combines BAS + Automated Pentesting to extend red team impact, uncover real attack paths, and validate defenses continuously. Learn more from Picus Security on how AEV can help protect your network.

Strategy and Tactics for Protecting and Enabling Modern Software Organizations

L'Institut national de cybersécurité espagnol serait en train d'enquêter sur la panne électrique géante auprès des entreprises gestionnaires...-Cybersécurité

A threat actor has contacted multiple school districts demanding payments related to student and staff data stolen in a December breach.

Dans un article du Parisien, on découvre qu'un utilisateur d'iPhone estime être écouté par son appareil qui afficherait ensuite des publicités basées sur ses conversations. Cette théorie populaire est fausse. C'est toujours la même histoire et elle est toujours fausse. Nos confrères du Parisien se font l'écho ce 13

Explore 2025's top security trends: AI governance, compliance automation, third-party risk, and building trust to enhance your organization's security strategy.

Alabama Governor Kay Ivey said the state is responding to a "cybersecurity event" that has prompted government IT staff to work "around-the-clock to identify and mitigate impacts."

Marks and Spencer (M&S) confirms that customer data was stolen in a cyberattack last month, when ransomware was used to encrypt servers.

Cisco a publié son rapport annuel sur la préparation des organisations aux enjeux de cybersécurité. Malgré une très légère progression du...-Cybersécurité

WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation. CVE-2025-3605 . webapps exploit for Multiple platform

Cary, North Carolina, 13th May 2025, CyberNewsWire

This week in cybersecurity from the editors at Cybercrime Magazine

TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow. CVE-2024-11237 . local exploit for Multiple platform

RDPGuard 9.9.9 - Privilege Escalation. CVE-n/a . local exploit for Multiple platform

Threat actors are teaming up, splitting attacks into stages and making defense harder than ever. In Part 1, Cisco Talos examines their tactics and defines their motivations.