Latest CyberSec News by @thecyberpicker

Axis camera flaws allow remote code execution and access to 6,500 systems, risking surveillance takeovers.

LAS VEGAS — A decade ago, the rise of public cloud brought with it a familiar pattern: runaway innovation on one side, and on the other, a scramble to retrofit security practices not built for the new terrain. Related: GenAI workflow risks Shadow IT flourished. S3 buckets leaked. CISOs were left to piece together fragmented

This week in cybersecurity from the editors at Cybercrime Magazine

TeaOnHer turns out to be at least as leaky as its female counterpart, Tea Dating Advice app.

The scam lures users into claiming free credits on fake online gaming sites, that require "verification deposit" to cash in winnings.

WhatsApp will now show a Safety Overview to the users whenever an unknown number adds them to a new group, alerting them of potential scams.

The founders of the Samourai Wallet (Samourai) cryptocurrency mixer have pleaded guilty to laundering over $200 million for criminals.

SonicWall confirms recent SSL VPN attacks link to patched CVE-2024-40766 and reused passwords, urging password resets.

AI-fueled attacks rise as cloud security evolves; enterprises deploy real-time AI defense to keep pace.

Microsoft warns of CVE-2025-53786 in Exchange Server risking cloud identity abuse; admins urged to patch.

Hackers tricked workers over the phone at Google, Adidas, and more to grant access to Salesforce data.

The government of China has accused Nvidia of inserting a backdoor into their H20 chips: China’s cyber regulator on Thursday said it had held a meeting with Nvidia over what it called “serious security issues” with the company’s artificial intelligence chips. It said US AI experts had “revealed that Nvidia’s computing chips have location tracking and can remotely shut down the technology.”

Ce mercredi 6 août 2025, la compagnie aérienne Air France-KLM a annoncé avoir été victime d'une « violation de données ». Parmi les informations compromises, figurent des données personnelles de clients. Voici ce que des cybercriminels pourraient potentiellement faire avec ces informations. Après Bouygues Telecom,

A jury has ruled that Meta accessed sensitive information from women's reproductive health tracking app Flo without consent.

Ukraine's CERT-UA warns of phishing attacks by UAC-0099 targeting defense sectors, using malware like MATCHBOIL, MATCHWOK, and DRAGSTARE.

Malwarebytes has been awarded the prestigious MRG Effitas Android 360° Certificate, one of the toughest independent tests in mobile security.

The Alliance for Creativity and Entertainment (ACE) announced the shutdown of Rare Breed TV, a major illegal IPTV service provider, after reaching a financial settlement with its operators.

A UK government initiative to tackle Companies House fraud has raised security concerns

Air France and KLM announced on Wednesday that attackers had breached a customer service platform and stolen the data of an undisclosed number of customers.

SonicWall has claimed an uptick in Akira ransomware intrusions is due to legacy password use

Bouygues Telecom a révélé avoir été victime d’une cyberattaque d’ampleur exceptionnelle : les données personnelles de millions de clients ont été dérobées. Coordonnées, informations contractuelles, IBAN… des données sensibles sont dans la nature. La menace : celui de voir un prélèvement SEPA non autorisé apparaître

Dell est au centre d'une alerte de cybersécurité depuis le 5 août 2025 et la découverte des failles « ReVault », qui touchent plus de 100 modèles de ses ordinateurs portables Latitude, Precision et XPS. Ces vulnérabilités dans la puce de sécurité ControlVault3 permettent à des attaquants d’accéder de façon

CTEM is a continuous strategy that assesses risk from an attacker’s view, helping orgs prioritize threats across cloud and hybrid environments

ReVault flaws in Dell ControlVault3 firmware allow firmware implants and Windows login bypass on 100+ laptop models via physical access.

Malicious PyPI packages, repo hijacks, and CVEs in Python containers put devs at risk. Learn how to stay secure.

Microsoft has warned customers to mitigate a high-severity vulnerability in Exchange Server hybrid deployments that could allow attackers to escalate their privileges in Exchange Online cloud environments without leaving any traces.

OpenAI is hosting a live stream at 10AM PT to announce GPT-5, but Microsoft has already confirmed the details.

Prosecutors accuse Chukwuemeka Victor Amachukwu, who was arrested in France, of multiple fraud schemes, including tax refund fraud and identity theft.

Dans la soirée du 6 août, Bouygues Telecom a révélé avoir été victime d’une cyberattaque d’ampleur exceptionnelle : les données personnelles de 6,4 millions de clients ont été dérobées. Des coordonnées, indications contractuelles, informations bancaires (IBAN) et données personnelles sont affectées. La cyberattaque

Austin, TX, Aug. 6, 2025, CyberNewswire: SpyCloud, the leader in identity threat protection, today announced a significant enhancement to its SaaS Investigations solution: the integration of advanced AI-powered insights that mirror the tradecraft of SpyCloud’s seasoned investigators. Building on the foundation of its industry-leading IDLink identity analytics, this new capability further automates and accelerates complex