Latest CyberSec News by @thecyberpicker

ChatGPT's Deep Research, which allows you to conduct multi-step research for complex tasks, is finally getting an option to save the report as a PDF.

Fake AI-powered video generation tools are being used to distribute a new information-stealing malware family called 'Noodlophile,' under the guise of generated media content.

Microsoft is working on adding a new Teams feature that will prevent users from capturing screenshots of sensitive information shared during meetings.

Is agentic AI accelerating mediocrity? Plenty of folks on LinkedIn seem to think so. Related: The 400th journalist A growing chorus of academics, tech workers, and digital culture watchers are pointing out the obvious: the more we prompt, the more we flatten. Across marketing, B2B, and even journalism, GenAI is churning out clean, inoffensive, structurally

Researchers are tracking hundreds of cases around the world and warning that the risk is more serious than previously known.

L’Usine Digitale vous propose un récapitulatif des grandes actualités de la semaine en matière de cybersécurité. Au programme, la...-Cybersécurité

German police seized eXch on April 30, confiscating €34M in crypto over $1.9B laundering links.

Google fined $1.375B by Texas for secretly tracking location and biometric data without user consent.

The network security device vendor is making a regular appearance on CISA’s known exploited vulnerabilities catalog. Unlike its competitors, SonicWall hasn’t signed the secure-by-design pledge.

The video is really amazing. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

A cyberattack briefly disrupted South African Airways' website, app, and systems, but core flight operations remained unaffected.

Ascension, one of the largest private healthcare systems in the United States, has revealed that a data breach disclosed last month affects the personal and healthcare information of over 430,000 patients.

U.S. prosecutors charged four foreign nationals and said a law enforcement operation seized internet domains associated with two powerful botnets.

Sens. Cassidy and Rosen cite the possibility that the use of DeepSeek to carry out contract work may put sensitive federal data in the hands of the Chinese government.

Infrastructure and digital assets from the cryptocurrency mixer eXch — believed to be involved with the laundering of funds from the ByBit hack — are now in the hands of German authorities.

Law enforcement authorities have dismantled a botnet that infected thousands of routers over the last 20 years to build two networks of residential proxies known as Anyproxy and 5socks.

Google is implementing a new Chrome security feature that uses the built-in 'Gemini Nano' large-language model (LLM) to detect and block tech support scams while browsing the web.

Google announced it will equip Chrome with an AI driven method to detect and block Tech Support Scam websites

Japanese finance regulators said that in April alone, nine securities firms reported 2,746 fraudulent transactions conducted through nearly 5,000 accounts that were breached by hackers.

OtterCookie v4 adds VM evasion and MetaMask theft in April 2025, signaling rapid malware evolution.

Dutch and U.S. law enforcement have dismantled a long-running criminal proxy botnet powered by over 7,000 infected IoT and end-of-life (EoL) devices

L'équipe de renseignement sur les menaces de Google a associé le malware Lostkeys, capable de dérober des fichiers à partir d'extensions codées...-Cybersécurité

Forescout Vedere Labs security researchers have linked ongoing attacks targeting a maximum severity vulnerability impacting SAP NetWeaver instances to a Chinese threat actor.

Cyber system complexity and a lack of adequate tools are adding to enterprise IT headaches, according to Logicalis Group.

The Federal police in Germany (BKA) seized the server infrastructure and shut down the 'eXch' cryptocurrency exchange platform for alleged money laundering cybercrime proceeds.

Apache ActiveMQ 6.1.6 - Denial of Service (DOS). CVE-2025-27533 . remote exploit for Multiple platform

The OWASP Top 10 for LLM Applications provide a standardized framework for the most critical vulnerabilities facing AI systems. Map them to CSA best practices.

Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation. CVE-2024-38193 . local exploit for Windows platform

The FBI warns that attackers are using end-of-life routers to deploy malware and turn them into proxies sold on 5Socks and Anyproxy networks.