Latest CyberSec News by @thecyberpicker

Researchers exploited a seven-year-old CPU vulnerability—“L1TF Reloaded”—to leak data from public clouds like AWS and Google Cloud, proving that older, supposedly mitigated flaws pose real-world threats

Navigating the rapid pace of technology within procurement constraints requires experts who understand both and know how to leverage cloud partners.

The North Korean state-sponsored hackers known as Kimsuky has reportedly suffered a data breach after two hackers, who describe themselves as the opposite of Kimsuky's values, stole the group's data and leaked it publicly online.

The Interlock ransomware gang is claiming to have carried out a cyberattack that has disrupted the operations of the city government of St. Paul, Minnesota.

Three Ghanaian men face charges in the U.S. related to a multimillion-dollar operation that defrauded individuals online and ran business email compromise scams.

The FCC has adopted new rules to make it more difficult for foreign firms to apply for licensing to build out submarine cables.

The Netherlands' National Cyber Security Centre (NCSC) is warning that a critical Citrix NetScaler vulnerability tracked as CVE-2025-6543 was exploited to breach "critical organizations" in the country.

Researchers have released a report detailing how a recent WinRAR path traversal vulnerability tracked as CVE-2025-8088 was exploited in zero-day attacks by the Russian 'RomCom' hacking group to drop different malware payloads.

A bipartisan bill from Reps. Crow and Kean would give the Bureau of Industry and Security IT upgrades to help keep U.S. dual-use technologies away from Russia, China and others.

New 2TETRA:2BURST flaws expose TETRA networks to injection, replay, and brute-force risks. Critical for public safety.

Researcher earns Google Chrome ’s top $250K bounty for a sandbox escape vulnerability enabling remote code execution.

JetBrains TeamCity 2023.11.4 - Authentication Bypass. CVE-2024-27198 . webapps exploit for Multiple platform

Microsoft SharePoint Server 2019 (16.0.10383.20020) - Remote Code Execution (RCE). CVE-2025-53770 . remote exploit for Windows platform

Tigo Energy Cloud Connect Advanced (CCA) 4.0.1 - Command Injection. CVE-2025-7769 . remote exploit for Multiple platform

Ghost CMS 5.59.1 - Arbitrary File Read. CVE-2023-40028 . webapps exploit for Multiple platform

Ghost CMS 5.42.1 - Path Traversal. CVE-2023-32235 . webapps exploit for Multiple platform

Belkin F9K1009 F9K1010 2.00.04/2.00.09 - Hard Coded Credentials. CVE-2025-8730 . remote exploit for Multiple platform

VMware vSphere Client 8.0.3.0 - Reflected Cross-Site Scripting (XSS). CVE-2025-41228 . webapps exploit for Multiple platform

ServiceNow Multiple Versions - Input Validation & Template Injection. CVE-2024-4879 . webapps exploit for Multiple platform

OpenAI has responded to criticism that it shipped GPT-5 with token limits to minimize cost and maximize profit not with words, but rather with a new 3,000-per-week limit.

Microsoft has announced the limited public preview of Windows 365 Reserve, a service that provides temporary desktop access to pre-configured cloud PCs for employees whose computers have become unavailable due to cyberattacks, hardware issues, or software problems.

Le 8 août 2025, plusieurs dirigeants de petites et moyennes entreprises reçoivent un email inattendu de Google. Le géant américain les informe qu’une fuite a exposé leurs coordonnées, ainsi que des notes relatives à leurs activités commerciales. En cause : une cyberattaque ayant permis à des pirates d’accéder à l’une

Experts from Zenity Labs demonstrated how attackers could exploit widely deployed AI technologies for data theft and manipulation.

Erlang/OTP SSH flaw CVE-2025-32433 exploited since May 2025, targeting key industries via OT networks.

Microsoft confirmed that it's testing the ability to paste text only (plain format) to OneNote for Windows and Mac.

Native phishing turns trusted tools into attack delivery systems. Varonis shows how attackers weaponize Microsoft 365 apps, like OneNote & OneDrive, to send convincing internal lures and how to spot them before they spread.

Citrix NetScaler ADC/Gateway 14.1 - Memory Disclosure. CVE-2025-5777 . remote exploit for Multiple platform

atjiu pybbs 6.0.0 - Cross Site Scripting (XSS). CVE-2025-8550 . webapps exploit for Multiple platform

This week on the Lock and Code podcast, we speak with EFF Activism Director Jason Kelley about online age verification and the "grey web."

A flaw in WinRAR, tracked as CVE-2025-8088, has been exploited by the RomCom group to deploy malware