Latest CyberSec News by @thecyberpicker

This seems like an important advance in LLM security against prompt injection: Google DeepMind has unveiled CaMeL (CApabilities for MachinE Learning), a new approach to stopping prompt-injection attacks that abandons the failed strategy of having AI models police themselves. Instead, CaMeL treats language models as fundamentally untrusted components within a secure software framework, creating clear boundaries between user commands and potentially malicious content. […] To understand CaMeL, you need to understand that prompt injections happen when AI systems can’t distinguish between legitimate user commands and malicious instructions hidden in content they’re processing...

Dvuln researchers highlighted the growing impact of infostealers on the cybercrime landscape, enabling attackers to bypass traditional defenses

This Google Threat Intelligence Group report presents an analysis of detected 2024 zero-day exploits.

2024 wasn't the year that AI rewrote the cybercrime playbook — but it did turbocharge some of the old tricks. Read this summary of AI-based threats, from Talos' 2024 Year in Review.

AI search service Perplexity AI doesn't just want you using its app—it wants to take over your web browsing experience too.

Discover when to engage a GDPR auditor and how platforms streamline compliance with automated tools and expert support.

Google claims 19% more zero-day bugs were exploited in 2024 than 2022 as threat actors focus on security products

Multifaceted changes in TTPs illustrate what researchers see when they start digging

Google’s threat intelligence team said software vendor security practices are making it harder for hackers to find flaws in some platforms.

Europol has launched a new initiative designed to combat recruitment of youngsters into violent organized crime groups

US CISA adds Qualitia Active! Mail, Broadcom Brocade Fabric OS, and Commvault Web Server flaws to its Known Exploited Vulnerabilities catalog

Custom malware hidden in UyghurEdit++ targeted WUC leaders since May 2024, exposing Uyghur diaspora surveillance links to China.

CISA added Broadcom and Commvault vulnerabilities to KEV after confirming active exploitation.

Cookie-Bite attack allows stealing session cookies via browser extension, bypassing MFA and other login security checks.

SuperCard X malware mimics legit apps to target Android users, performing NFC relay attacks on compromised devices.

Dozens of cyber industry luminaries, many from the election security community, said the investigation could discourage important cyber work.

Lawmakers say the ROUTERS Act is critical to understanding vulnerabilities in devices exploited by Chinese hackers and other adversaries.

Toronto, Canada, Apr. 28, 2025, CyberNewswire -- Windscribe, a globally used privacy-first VPN service, announced today that its founder, Yegor Sak, has been fully acquitted by a court in Athens, Greece, following a two-year legal battle in which Sak was personally charged in connection with an alleged internet offence by an unknown user of the

Cybersecurity leaders condemn President Trump’s executive order revoking SentinelOne security clearances and targeting ex-CISA director Chris Krebs.

Ongoing outages at British retail giant Marks & Spencer are caused by a ransomware attack believed to be conducted by a hacking collective known as "Scattered Spider" BleepingComputer has learned from multiple sources.

Hitachi Vantara, a subsidiary of Japanese multinational conglomerate Hitachi, was forced to take servers offline over the weekend to contain an Akira ransomware attack.

Urban One, the largest media company primarily serving African Americans, disclosed a data breach to regulators. A ransomware group said it had attacked the company.

The company doesn’t keep logs, so couldn’t turn over data: Windscribe, a globally used privacy-first VPN service, announced today that its founder, Yegor Sak, has been fully acquitted by a court in Athens, Greece, following a two-year legal battle in which Sak was personally charged in connection with an alleged internet offence by an unknown user of the service. The case centred around a Windscribe-owned server in Finland that was allegedly used to breach a system in Greece. Greek authorities, in cooperation with INTERPOL, traced the IP address to Windscribe’s infrastructure and, unlike standard international procedures, proceeded to initiate criminal proceedings against Sak himself, rather than pursuing information through standard corporate channels...

“It’s practically taboo” for cyber firms to talk about being targeted, but SentinelLabs said in a new report that it has observed multiple threats.

Employee benefits administration firm VeriSource Services is warning that a data breach exposed the personal information of four million people.

Microsoft Intune offers secure, cloud-based endpoint management that helps healthcare providers empower frontline staff and improve patient care.

​Offensive Security warned Kali Linux users to manually install a new Kali repository signing key to avoid experiencing update failures.

Over 1,200 internet-exposed SAP NetWeaver instances are vulnerable to an actively exploited maximum severity unauthenticated file upload vulnerability that allows attackers to hijack servers.

From zero-click iOS exploits to NTLM credential leaks and the 4Chan breach — this week’s cyber threats hit where trust runs deepest.