Latest CyberSec News by @thecyberpicker

MedusaLocker ransomware gang announced on its Tor data leak site that it is looking for new pentesters.......

Connex, one of Connecticut's largest credit unions, warned tens of thousands of members that unknown attackers had stolen their personal and financial information after breaching its systems in early June.

A list of topics we covered in the week of August 4 to August 10 of 2025

WinRAR 7.13 fixes CVE-2025-8088 zero-day exploited in attacks on Russian firms, linked to Paper Werewolf.

Google fixed a bug that allowed maliciously crafted Google Calendar invites to remotely take over Gemini agents running on the target's device and leak sensitive user data.

Sam Altman overhyped GPT-5 and the results are underwhelming. Some users are upset with GPT-5's new personality, but you can restore GPT-4o if you pay for the Plus plan.

SafeBreach found four Windows DoS flaws via RPC and LDAP, enabling stealth DDoS botnets. Microsoft patched in 2025.

Une menace persistante avancée (MPA), ou Advanced Persistent Threat (APT), est une cyberattaque à la fois sophistiquée, discrète et prolongée dans le temps. Elle nécessite des moyens financiers et techniques colossaux, et cible souvent les secteurs les plus sensibles pour espionner, saboter ou dérober des données. En

Microsoft patches CVE-2025-49760 Windows RPC flaw enabling spoofing, hash theft, and privilege escalation.

Researchers found ReVault flaws in Dell ControlVault3 affecting 100+ laptop models, risking login bypass and key theft.

Lenovo webcam flaws let attackers deploy remote BadUSB exploits, risking keystroke injection and persistent malware.

Sixty malicious Ruby gems containing credential-stealing code have been downloaded over 275,000 times since March 2023, targeting developer accounts.

Google has confirmed that a recently disclosed data breach of one of its Salesforce CRM instances involved the information of potential Google Ads customers.

Researchers bypass GPT-5 guardrails using narrative jailbreaks, exposing AI agents to zero-click data theft risks.

Talos reported 5 vulnerabilities to Broadcom and Dell affecting both the ControlVault3 Firmware and its associated Windows APIs that we are calling “ReVault”.

The winners of the AI Cybersecurity Challenge (AIxCC), Team Atlanta, won a $4m prize

WinRAR flaw CVE-2025-8088, fixed in v7.13, was exploited as a zero-day in phishing attacks to install RomCom malware.

Vault Fault and ReVault flaws in CyberArk, HashiCorp, and Dell expose systems to takeover risks.

Bouygues Telecom suffered a cyberattack that compromised the personal information of 6.4 million customers.

The winner announced on Friday at the DEF CON cybersecurity conference, known as Team Atlanta, is composed of tech experts from Georgia Tech, Samsung Research, the Korea Advanced Institute of Science & Technology (KAIST) and the Pohang University of Science and Technology (POSTECH).

In a rare squid/security combined post, a new vulnerability was discovered in the Squid HTTP proxy server.

The initiative seeks to patch vulnerabilities in open-source code before they are exploited by would-be attackers. Now comes the hard part — putting the systems to the test in the real world.

A new documentary series about cybercrime airing next month on HBO Max features interviews with Yours Truly. The four-part series follows the exploits of Julius Kivimäki, a prolific Finnish hacker recently convicted of leaking tens of thousands of patient records…

OpenAI's CEO, Sam Altman, overpromised on GPT-5, and real-life results are underwhelming, but it looks like a new update is rolling out that might address some of the concerns.

A recently fixed WinRAR vulnerability tracked as CVE-2025-8088 was exploited as a zero-day in phishing attacks to install the RomCom malware.

The U.S. military research agency hopes to foster a new ecosystem of autonomous vulnerability remediation.

Columbia University was hit by a cyberattack, exposing personal data of over 860,000 students, applicants, and employees.

Embargo started to draw scrutiny in late 2024, just a few months after BlackCat’s leaders appeared to conduct an exit scam on affiliates.

Americans aged 60 and older lost a staggering $700 million to online scams in 2024, marking a sharp rise in fraud targeting seniors, according to the Federal Trade Commission.