Latest CyberSec News by @thecyberpicker

L'Estonie est en plein débat sur un nouveau de texte loi qui prévoit d’élargir le cadre d’action de sa marine. La législation permettrait notamment l’usage de la force contre des navires civils, en cas de menace grave avérée. À menace exceptionnelle, mesure exceptionnelle. Le Parlement estonien va étudier un projet

Vibe coding is an emerging AI-assisted programming approach where users describe their software requirements in natural language, and an LLM generates the code.

Microsoft is investigating an ongoing outage that is blocking admins worldwide from accessing the Exchange Admin Center (EAC).

The legislation calls for a Commerce Department examination of routers, modems and other devices controlled by U.S. adversaries.

Microsoft says some Windows users might be unable to log into their accounts via Windows Hello after installing the April 2025 security updates.

New phishing method targets high-value accounts using real-time email validation

AI is making voice phishing (vishing) more dangerous than ever, with scammers cloning voices in seconds to trick employees into handing over their credentials. Learn how to defend your organization with Specops Secure Service Desk.

Sponsored by Mastercard

A recent case of alleged cyber-voyeurism shows how important it is to secure your computer against unwanted eavesdroppers using malware.

This week in cybersecurity from the editors at Cybercrime Magazine

In follow-up activity for Operation Endgame, law enforcement tracked down Smokeloader botnet's customers and detained at least five individuals.

Phishing actors are employing a new evasion tactic called  'Precision-Validated Phishing' that only shows fake login forms when a user enters an email address that the threat actors specifically targeted.

While ransomware attack claims are at an all-time high, financial losses from actual attacks may be reducing

Companies need to use threat intelligence to address disinformation. As tactics evolve, businesses will need to adapt and refine their strategies to protect their reputation.

ToddyCat exploits ESET’s CVE-2024-11859 flaw with TCESB malware, bypassing security tools via DLL hijacking.

U.S. CISA adds Gladinet CentreStack and ZTA Microsoft Windows CLFS Driver flaws to its Known Exploited Vulnerabilities catalog.

Privacy is most at risk from companies, governments, and AI models, according to a new public survey from Malwarebytes.

There are many people behind-the-scenes making sure AI systems have the well-organized, clean, and properly labeled data that they need to succeed.

Neiman Lab has some good advice on how to leak a story to a journalist.

23.77 million secrets leaked on GitHub in 2024 as non-human identities expand attack surfaces rapidly.

73% of respondents in an Armis survey said they worried about nation-state actors using AI for cyber-attacks

La jeune pousse française se définit comme une “tour de contrôle” des systèmes d'information de ses clients en automatisant la détection et la...-Cybersécurité

Christine Lagarde, la présidente de la Banque centrale européenne, somme l'Union européenne de concevoir son propre réseau de paiement indépendant des géants américains. Aujourd'hui, une fraction de nos paiements va directement dans les poches de Visa et Mastercard. Avec ses surtaxes douanières, Donald Trump a

WinRAR patched the MotW bypass flaw with the latest 7.11 release, alongside other bug fixes, urging users to update.

Microsoft has issued security updates to fix 130+ vulnerabilities this month, including one zero-day

The UK and allies have warned of new mobile spyware targeting Uyghur, Tibetan and Taiwanese communities

Critical Gladinet CentreStack flaw CVE-2025-30406 actively exploited in March 2025 enables remote code execution.

Windows zero-day CVE-2025-29824 exploited via PipeMagic malware escalated SYSTEM privileges, leading to targeted ransomware attacks.

ChurchCRM 5.9.1 - SQL Injection. CVE-2024-39304 . webapps exploit for PHP platform

Intelight X-1L Traffic controller Maxtime 1.9.6 - Remote Code Execution (RCE). CVE-2024-38944 . webapps exploit for Multiple platform