Latest CyberSec News by @thecyberpicker

The cases, which stretched across multiple continents and shed light on the shady world of corporate espionage and mercenary hackers, stemmed from a scheme allegedly orchestrated by an attorney at the law firm Dechert to hack into Azima’s accounts for one of its clients.

Proof-of-concept exploits have been released for a critical SQLi vulnerability in Fortinet FortiWeb that can be used to achieve pre-authenticated remote code execution on vulnerable servers.

The person behind a $42 million theft from the decentralized exchange GMX has returned the stolen cryptocurrency in exchange for a $5 million bounty.

Long article on the difficulty (impossibility?) of human spying in the age of ubiquitous digital surveillance.

Après avoir étudié le sujet pendant près de quatre mois, la CNIL a rendu son verdict : le recours à des caméras augmentées pour contrôler l’âge des clients chez les buralistes n’est pas la solution adéquate pour lutter contre la consommation de tabac ou de jeux d’argent chez les mineurs en France. Ni nécessaire, ni

Nearly six in 10 companies experienced incidents because of voice or text phishing attacks that led to executive impersonation, according to a new report from Lookout.

Cybersecurity researchers have identified four significant security vulnerabilities in a widely used automotive Bluetooth system that could potentially allow remote attackers to execute code on millions of vehicles worldwide.

NVIDIA is warning users to activate the System Level Error-Correcting Code  mitigation to protect against Rowhammer attacks on graphical processors with GDDR6 memory.

Learn how one overlooked flaw in OpenVSX discovered by Koi Secureity could've let attackers hijack millions of dev machines via an extension supply chain attack. The zero-day threat's been patched—but the wake-up call is clear: extensions are a new, massive supply chain risk.

The one-day deadline issued by CISA on Thursday appears to be the shortest one ever issued. Federal civilian agencies are typically given three weeks to patch bugs added to the known exploited vulnerability catalog.

Taiwan NSB warns of security risks from Chinese apps, citing excessive data collection and sharing with China.

Fortinet fixes a critical SQL injection vulnerability in FortiWeb (CVE-2025-25257), posing risks to database security.

Virtru, a data security company that developed technology now used by U.S. defense and intelligence agencies, has raised $50 million in funding.

The U.S. Cybersecurity & Infrastructure Security Agency has confirmed active exploitation of the CitrixBleed 2 vulnerability (CVE-2025-5777) in Citrix NetScaler ADC and Gateway and is giving federal agencies one day to apply fixes.

The new CISA Associate designation recognizes ISACA members who have passed the CISA exam, but do not yet have the required experience

Indonesia has extradited to Russia a man accused of running a Telegram channel that sold personal data obtained from law enforcement databases.

Dans un mail adressé à ses clients, la marque de luxe française annonce avoir été victime d'une fuite de données. Si vous avez reçu ce message, il existe un risque que vos informations soient utilisées à des fins malveillantes. Que faire ? Alors qu'une cyberattaque en Corée du Sud avait été confirmée par la Maison le

Le 21 juin 2025, un joueur de basket-ball russe est arrêté à l'aéroport Roissy-Charles de Gaulle. Accusé d'avoir servi de négociateur pour un groupe de ransomware, il est actuellement détenu dans un centre de rétention et risque l'extradition vers les États-Unis. Daniil Kasatkin, ex-meneur de jeu du MBA Moscow en

This week in cybersecurity from the editors at Cybercrime Magazine

Researchers uncover PerfektBlue flaws in OpenSynergy’s BlueSDK, exposing millions of vehicles to remote code execution

Compliance signals maturity, lowers friction for sales, and builds trust. For startups eyeing global markets, getting your compliance in order is mandatory.

Pay2Key.I2P ransomware resurfaces in 2025, offering 80% profit to affiliates targeting Israel and the U.S., netting $4 million in ransom payments.

Critical vulnerability (CVE-2025-47812) in Wing FTP Server exposed to active exploitation via Lua injection. Immediate patching needed.

Zscaler’s 2025 Data Risk Report reveals AI tools and SaaS apps led to millions of data losses in 2024. Proactive security is critical.

The man was handed a suspended prison sentence for offenses relating to the hack of Network Rail public Wi-Fi, exposing customers to offensive messaging

The UK's National Crime Agency (NCA) arrested four people suspected of being involved in cyberattacks on major retailers in the country, including Marks & Spencer, Co-op, and Harrods.

DoNot APT, also known as APT-C-35, traditionally operates exclusively in South Asia

À l’heure où les fuites de données sont devenues monnaies courantes, la protection des données personnelles n’a jamais été aussi importante. D’autant plus qu’il existe désormais pléthore d’outils plus puissants les uns que les autres pour accompagner les internautes dans cette tâche. En juin dernier, un fichier

Dans une étude, parue le 8 juillet 2025, les chercheurs de Koi Security révèlent que 18 extensions Chrome, disponibles sur Google Chrome et Microsoft Edge étaient des chevaux de Troie. Dans cette liste figure notamment le sélecteur de couleur Geco, qui comptait plus de 100 000 utilisateurs. 4,2/5, plus de 800 avis et

British bank TSB warns of rise of “finfluencers” who dispense dubious financial advice online