Latest CyberSec News by @thecyberpicker

Two vulnerabilities in SinoTrack GPS devices can allow remote vehicle control and location tracking by attackers, US CISA warns.

Invisible AI agent identities expose organizations to attacks, risking data and cloud security.

CSA’s AI Trustworthy Pledge is a commitment that signals an organization's dedication to four foundational principles that should underpin every AI initiative.

The cybersecurity provider also implemented recent fixes in Chromium that affected its Prisma Access Browser

GitLab has released security updates to address multiple vulnerabilities in the company's DevSecOps platform, including ones enabling attackers to take over accounts and inject malicious jobs in future pipelines.

...-Le récap' cyber

A new attack on Adobe Commerce may break the menu bar for admin users. If your menu bar is missing, someone is stealing your session via CVE-2025-47110.

70% of secrets from 2022 remain active in 2025, putting enterprises’ machine identities at risk of breaches and compliance failures.

Critical zero-click AI vulnerability EchoLeak exposed sensitive Microsoft 365 Copilot data; Microsoft patched it to prevent data leaks.

Secure enterprise DNS with posture management: gain visibility, detect phishing domains, plus certificate and PQC monitoring.

In today’s digital enterprise, API-driven infrastructure is the connective tissue holding everything together. Related: The DocuSign API-abuse hack From mobile apps to backend workflows, APIs are what keep digital services talking—and scaling. But this essential layer of connectivity is also where attackers are gaining traction, often quietly and with alarming precision. Jamison Utter, a cybersecurity

The new NIST guidance sets out 19 example implementations of zero trust using commercial, off-the-shelf technologies

Microsoft has released an emergency Windows 11 24H2 update to address an incompatibility issue triggering restarts with blue screen of death (BSOD) errors on systems with Easy Anti-Cheat.

Des chercheurs israéliens ont prouvé que les montres connectées, objets du quotidien, peuvent servir à dérober des données sensibles depuis des ordinateurs pourtant totalement coupés d’Internet. Leur méthode, baptisée SmartAttack, repose sur la transmission de données par ultrasons et révèle une faille insoupçonnée

Europol warns of “vicious circle” of data breaches and cybercrime

Fog ransomware hackers are using an uncommon toolset, which includes open-source pentesting utilities and a legitimate employee monitoring software called Syteca.

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Wazuh, and WebDAV flaws to its Known Exploited Vulnerabilities catalog.

Vous ne le savez peut-être pas, mais Amazon vend des abonnements VPN, dont ceux du leader sur le marché. NordVPN ou Surfshark proposent plusieurs offres, avec parfois quelques promotions. Les VPN sont de plus en plus utilisés pour surfer sur Internet l'esprit tranquille, et ce, sur la plupart de vos appareils

Over 40,000 internet-exposed security cameras worldwide are vulnerable to remote hacking, posing serious privacy and security risks.

Erie Insurance reveals suspected network breach and ongoing outage

ConnectWise rotates ScreenConnect certificates by June 13 after config data concerns, impacting on-prem users to prevent remote access risks.

A new ATO campaign using TeamFiltration breached 80,000+ Microsoft Entra ID accounts via password spraying, impacting hundreds of cloud tenants

The organizations say a reintroduced version of the bill would “break” encryption for most Americans and make it impossible for end-to-end encrypted service providers to avoid lawsuits.

ChatGPT o3, which has been available via API, is now 80% cheaper for developers, and there's no visible impact on performance.

Flight data of US customers is being sold by several airlines through a joint data broker sending contracts to ICE and CBP.

A new attack dubbed 'SmartAttack' uses smartwatches as a covert ultrasonic signal receiver to exfiltrate data from physically isolated (air-gapped) systems.

Erie Insurance and Erie Indemnity Company have disclosed that a weekend cyberattack is behind the recent business disruptions and platform outages on its website.

Operation Secure targeted malicious IPs, domains and servers used for infostealer operations that claimed more than 216,000 victims.

In a US Senate hearing, 23andMe was questioned about the impending take-over of the company and its trove of genetic data