Latest CyberSec News by @thecyberpicker

Explore six key cloud security trends for 2025 and learn how to address identity risks, visibility gaps, and misaligned architectures effectively.

Around half of the world’s top 100 websites have already integrated passkey support

Good article from 404 Media on the cozy surveillance relationship between local Oregon police and ICE: In the email thread, crime analysts from several local police departments and the FBI introduced themselves to each other and made lists of surveillance tools and tactics they have access to and felt comfortable using, and in some cases offered to perform surveillance for their colleagues in other departments. The thread also includes a member of ICE’s Homeland Security Investigations (HSI) and members of Oregon’s State Police. In the thread, called the “Southern Oregon Analyst Group,” some members talked about making fake social media profiles to surveil people, and others discussed being excited to learn and try new surveillance techniques. The emails show both the wide array of surveillance tools that are available to even small police departments in the United States and also shows informal collaboration between local police departments and federal agencies, when ordinarily agencies like ICE are expected to follow their own legal processes for carrying out the surveillance...

Two local privilege escalation flaws could let attackers gain root access on systems running major Linux distributions.

Cloudflare blocks record 7.3 Tbps DDoS attack, targeting hosting provider, with 122,145 source IPs across 161 countries.

A new cybersecurity campaign has exposed 67 trojanized GitHub repositories, targeting gamers and developers with malicious Python tools.

Bridewell’s analysis of advertised UK cybersecurity roles revealed that the public sector offers one the lowest average salaries across all industries

A cyberattack pushed the German napkin firm Fasana into insolvency, worsening existing financial troubles and serving as the final blow

A new cybersecurity campaign has exposed 67 trojanized GitHub repositories, targeting gamers and developers with malicious Python tools.

A prominent expert on Russian information operations was targeted by a sophisticated spear phishing attack likely coming from Russian hackers

Microsoft Excel LTSC 2024 - Remote Code Execution (RCE). CVE-2025-47957 . local exploit for Windows platform

Ingress-NGINX 4.11.0 - Remote Code Execution (RCE). CVE-2025-1974 . remote exploit for Multiple platform

FortiOS SSL-VPN 7.4.4 - Insufficient Session Expiration & Cookie Reuse. CVE-2024-50562 . remote exploit for Multiple platform

News broke today of a "mother of all breaches," sparking wide media coverage filled with warnings and fear-mongering. However, it appears to be a compilation of previously leaked credentials stolen by infostealers, exposed in data breaches, and via credential stuffing attacks.

A new version of the Android malware "Godfather" creates isolated virtual environments on mobile devices to steal account data and transactions from legitimate banking apps.

Android malware AntiDot and GodFather target mobile users with phishing, NFC attacks, and app virtualization.

China-linked APT Typhoon has reportedly targeted satellite firm Viasat, the group has breached multiple telecom providers in the past.

North Korean hackers used deepfake Zoom calls and Telegram links to infect Mac systems at a crypto firm.

Cybercriminals no longer need zero-days to breach your systems—these days, they just log in. Join BleepingComputer, SC Media, and Specops Software's Darren Siegel on July 9 at 2:00 PM ET for a live webinar on how attackers are using stolen credentials to infiltrate networks and how you can stop them.

A civil forfeiture complaint was filed in U.S. District Court for the District of Columbia this week, where investigators from the FBI and U.S. Secret Service said they used blockchain analysis to trace the funds back to fraud schemes perpetrated by actors in the Philippines.

Banana Squad exploited GitHub to distribute malicious Python code disguised as legitimate tools

ChatGPT's next big upgrade, or the new foundational model "GPT-5," is still being prepared for a release in the summer, but OpenAI won't share the specifics.

4 ways Google uses AI for security, catalog of AWS threat actor techniques, training a custom small language model to find secrets

Python RAT PylangGhost, linked to Famous Chollima, targeted crypto professionals via fake job sites

A 33-year-old man arrested in Ukraine will face charges in the U.S. of working for the Ryuk cybercrime operation, known for high-profile targets and large ransom demands.

Researchers have uncovered 30 exposed data sets containing over 16 billion login credentials which were likely harvested by infostealers.

The U.S. Department of Justice has seized more than $225 million in cryptocurrency linked to investment fraud and money laundering operations, the largest crypto seizure in the history of the U.S. Secret Service.

Doughnut maker Krispy Kreme has revealed that sensitive financial and personal data of over 160,000 individuals has been impacted following a November 2024 cyber incident

Microsoft has announced new Windows 365 security defaults starting in the second half of 2025 and affecting newly provisioned and reprovisioned Cloud PCs.

Toy company Mattel has announced a deal with OpenAI to create AI-powered toys, but digital rights advocates have urged caution.