Latest CyberSec News by @thecyberpicker

Democrats hammered two officials about their participation in a Signal chat discussing war plans that reportedly included a journalist.

Broadcom released security updates today to fix a high-severity authentication bypass vulnerability in VMware Tools for Windows.

Computer outages at Malaysia’s Kuala Lumpur International Airport (KLIA) this weekend were attributed to a recent cyberattack, according to the country’s cybersecurity agency and aviation authority.

Security researchers from CloudSEK provided additional evidence supporting a hacker’s claim to have exfiltrated 6 million records.

Free unofficial patches are available for a new Windows zero-day vulnerability that can let remote attackers steal NTLM credentials by tricking targets into viewing malicious files in Windows Explorer.

McAfee researchers have identified a new wave of Android malware campaigns leveraging .NET MAUI to steal sensitive user information through fake apps

Cybercriminals are increasingly leveraging Atlantis AIO, which automates credential stuffing attacks across more than 140 platforms

A threat actor known as EncryptHub has been linked to Windows zero-day attacks exploiting a Microsoft Management Console vulnerability patched this month.

Alisa Viejo, United States, 25th March 2025, CyberNewsWire

Wiz researchers warned that several CVEs in Ingress NGINX Controller for Kubernetes make nearly half of all cloud environments at risk of takeover.

In Jan 2025, DeepSeek AI was an overnight sensation. But as with many overnight sensation stories, the reality is more complex. Learn the truth about DeepSeek.

A new phishing campaign targets Counter-Strike 2 players utilizing Browser-in-the-Browser (BitB) attacks that display a realistic window that mimics Steam's login page.

The New America Open Technology Institute report comes amid DOGE access to sensitive government agency information that has alarmed experts.

200+ Raspberry Robin C2 domains mapped via NetFlow; Russian GRU link intensifies cyber threat tracking.

NIST has urged more research and emphasis on developing mitigations for attacks on AI and ML systems

Zero Trust revolves around the idea that nothing can be trusted by default. You must acknowledge that everything in your organization plays a role in security.

New Android malware campaigns use Microsoft's cross-platform framework .NET MAUI while disguising as legitimate services to evade detection.

This week in cybersecurity from the editors at Cybercrime Magazine

Des pirates tentent de dérober les données des clients de Disney+. Un faux mail du service de streaming ciblent les abonnées, les invitant à entrer leurs informations bancaires. Une nouvelle campagne de phishing cible les abonnés de la plateforme de streaming Disney+. Dans un courrier électronique reçu par la

Sygnia has uncovered Weaver Ant, a Chinese threat actor that spied on telecommunications networks for years

Chinese state-sponsored hackers infiltrated an Asian telecom for four years, triggering persistent cyber espionage

Kela researchers detect a 200%+ increase in dark web chatter about malicious AI tools

Today’s complex business landscape renders the “corporate ladder” metaphor useless. The modern journey is unpredictable, challenging, and deeply individual.

112 SaaS apps spur security risks; AI-driven insights like AskOmni streamline threat detection, ensuring robust defenses

Citizen Lab has a new report on Paragon’s spyware: Key Findings: Introducing Paragon Solutions. Paragon Solutions was founded in Israel in 2019 and sells spyware called Graphite. The company differentiates itself by claiming it has safeguards to prevent the kinds of spyware abuses that NSO Group and other vendors are notorious for. Infrastructure Analysis of Paragon Spyware. Based on a tip from a collaborator, we mapped out server infrastructure that we attribute to Paragon’s Graphite spyware tool. We identified a subset of suspected Paragon deployments, including in Australia, Canada, Cyprus, Denmark, Israel, and Singapore. ...

Astral Foods, South Africa’s largest poultry producer, lost over $1M due to a cyberattack disrupting deliveries and impacting operations.

Google has admitted it accidentally deleted some Maps Timeline user data after what it calls a "technical issue".

FakeApp campaign leverages .NET MAUI to steal data from Indian, Chinese users via bogus banking and social apps

Wiz Security finds four critical RCE vulnerabilities in the Ingress NGINX Controller for Kubernetes

A cyberattack on Ukraine’s national railway operator Ukrzaliznytsia disrupted online ticket services, causing long lines at Kyiv’s station.