Latest CyberSec News by @thecyberpicker

The OWASP Top 10 for LLM Applications provide a standardized framework for the most critical vulnerabilities facing AI systems. Map them to CSA best practices.

Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation. CVE-2024-38193 . local exploit for Windows platform

The FBI warns that attackers are using end-of-life routers to deploy malware and turn them into proxies sold on 5Socks and Anyproxy networks.

WordPress Depicter Plugin 3.6.1 - SQL Injection. CVE-2025-2011 . webapps exploit for Multiple platform

This week in cybersecurity from the editors at Cybercrime Magazine

VirtualBox 7.0.16 - Privilege Escalation. CVE-2024-21111 . local exploit for Windows platform

SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation. CVE-2025-27007 . webapps exploit for Multiple platform

The tech giant plans to leverage its Gemini Nano LLM on-device to enhance scam detection on Chrome

Malicious npm packages targeting Cursor macOS users stole credentials and disabled updates, impacting 3,200+ downloads.

AI agents pose real threats like data leaks and misuse—Auth0's webinar shares how to secure them fast.

Brazil-targeted phishing abuses RMM trialware via NF-e lures + Dropbox links, enabling stealth access

Reporting is one of the most important parts of being a CISO. There’s a big difference between saying “trust me, we’re secure” and proving it with data.

The UNIDR Intrusion Path is designed to provide a simplified view of cyber-threats and security across the network perimeter

The high-profile information stealer switches up its TTPs, but keeps the CAPTCHA tactic; we take a deep dive

Over 1.3M security issues across 68K assets expose CVE overload + inefficiency in patching response.

The FBI has detected indicators of malware targeting end-of-life routers associated with Anyproxy and 5Socks proxy services

The high-profile information stealer switches up its TTPs, but keeps the CAPTCHA tactic; we take a deep dive

SonicWall addressed three SMA 100 flaws, including a potential zero-day, that could allow remote code execution if chained.

PowerSchool said its customers had been hit by new extortion demands using data stolen in a previous attack, despite attacker claims the data had been deleted

Google’s AI scam defenses now block 20x more malicious pages, cutting airline and visa scams by 80%+ in 2024.

Cyber incidents targeting OT in US critical infrastructure have prompted renewed federal action

China-based hackers exploited SAP flaw CVE-2025-31324 since April 29, impacting global industries via web shells.

Qilin ransomware led April 2025 with 45 data leaks, driven by NETXLOADER’s stealthy malware delivery method.

The FBI warns that threat actors are deploying malware on end-of-life (EoL) routers to convert them into proxies sold on the 5Socks and Anyproxy networks.

Another top appropriations Democrat criticized budget cuts affecting the Cybersecurity and Infrastructure Security Agency, saying the Trump administration has “illegally gutted funding for cybersecurity.”

Cisco has fixed a maximum severity flaw in IOS XE Software for Wireless LAN Controllers by a hard-coded JSON Web Token (JWT) that allows an unauthenticated remote attacker to take over devices.

SCIM Hunting - Beyond SSO

An npm package named 'rand-user-agent' has been compromised in a supply chain attack to inject obfuscated code that activates a remote access trojan (RAT) on the user's system.

Education giant Pearson suffered a cyberattack, allowing threat actors to steal corporate data and customer information, BleepingComputer has learned.

A malicious Python package targeting Discord developers with remote access trojan (RAT) malware was spotted on the Python Package Index (PyPI) after more than three years.