Latest CyberSec News by @thecyberpicker

NSO Group must pay WhatsApp over $167M in damages for a 2019 hack targeting 1,400+ users, per U.S. jury ruling after a five-year legal battle.

Microsoft says the April 2025 security updates are causing authentication issues on some Windows Server 2025 domain controllers.

La société israélienne est accusée par la firme de Mark Zuckerberg d'avoir exploité des failles de sa messagerie en 2018 et 2019 pour espionner...-Cybersécurité

Half of UK firms have over 10 cyber positions unfilled, according to Cisco

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds FreeType flaw to its Known Exploited Vulnerabilities catalog.

PyPI package 'discordpydebug' hides a RAT, downloaded 11,574 times, using stealthy HTTP polling to bypass defenses.

NSO must pay $168M after targeting 1,400+ users via WhatsApp zero-day flaw, court finds illegal spyware use.

The six-year case is the culmination of a Meta lawsuit filed in 2019, which argued that the NSO Group repeatedly attacked WhatsApp with spyware vectors, continuing to break into its systems even as the social media giant patched vulnerabilities.

It’s a major ruling in a landmark lawsuit that has had plenty of twists and turns — with more likely to come.

House lawmakers challenged the Trump administration's proposed $491 million budget cut to CISA, citing concerns over US cyber defense strength.

The state’s AG vowed to defend the prosecution of Tina Peters, an election clerk behind one of the most serious breaches of voting systems in U.S. history.

Katie Sutton, nominated to serve as assistant secretary of defense for cyber policy, told lawmakers that the U.S. needs to be able to effectively respond to cyberattacks.

A proof-of-concept exploit has been publicly released for a maximum severity Apache Parquet vulnerability, tracked as CVE-2025-30065, making it easy to find vulnerable servers.

Hackers are exploiting an unauthenticated remote code execution (RCE) vulnerability in the Samsung MagicINFO 9 Server to hijack devices and deploy malware.

The head of the agency’s Computer Security Division and roughly a dozen of his subordinates took the Trump administration’s retirement offers, placing key programs at risk.

Microsoft Entra ID faces 600M daily attacks; native protections fall short, making backup vital for recovery.

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has tagged a Langflow remote code execution vulnerability as actively exploited, urging organizations to apply security updates and mitigations as soon as possible.

The response to our first LastWatchdog Strategic Reel has been energizing — and telling. Related: What is a cyber kill chain? The appetite for crisp, credible insight is alive and well. As the LinkedIn algo picked up steam and auto-captioning kicked in, it became clear that this short-form format resonates. Not just because it’s fast

The Legal Aid Agency (LAA), an executive agency of the UK's Ministry of Justice that oversees billions in legal funding, warned law firms of a security incident and said the attackers might have accessed financial information.

Microsoft is investigating a new Microsoft 365 outage affecting multiple services across North America, including the company's Teams collaboration platform.

Two critical CVEs exploited in GeoVision IoT and Samsung MagicINFO allow Mirai botnet deployment via RCE.

The Alvin Independent School District in Texas has notified over 47,000 individuals affected by a data breach exposing sensitive personal information

Spending plans come amid rising concerns over third-party cyber risk.

Global smishing campaigns linked to Chinese cybercriminals escalate with Smishing Triad’s new tools and techniques

Being aware of “Vibe Coding” security risks isn't enough. Cursor Rules offer a powerful way to shape AI behavior and ensure secure code generation.

You can't protect what you can't see. From shadow IT to supplier risk, modern attack surfaces are sprawling fast — and External Attack Surface Management (EASM) is how security teams take back control. Learn from Outpost24 how EASM powers proactive digital risk protection.

Threat actors launch second wave of attacks on SAP NetWeaver, exploiting webshells from a recent zero-day vulnerability.

Several radio stations owned by iHeartMedia were breached in December, exposing Social Security numbers, financial information and more.

Google has released the May 2025 security updates for Android with fixes for 45 security flaws, including an actively exploited zero-click FreeType 2 code execution vulnerability.