Latest CyberSec News by @thecyberpicker

Dozens of Gigabyte motherboard models run on UEFI firmware vulnerable to security issues that allow planting bootkit malware that is invisible to the operating system and can survive reinstalls.

Researchers warn that a vulnerability in the file-transfer service could enable remote code execution.

Grok-4 was jailbroken 48 hours post-launch using Echo Chamber and Crescendo attack methods

A vulnerability in Kigen eUICC cards has exposed billions of IoT devices via flawed eSIM profile management

The high-severity flaw could let a hacker abruptly halt — and potentially derail — a train.

Struggling to shift left? Learn how Burp Suite DAST overcomes slow scans, false positives and pipeline friction in our on-demand webinar

CTM360 has identified over 17,000 fake news sites mimicking reputable brands like CNN, BBC and CNBC, spreading investment fraud across 50 countries

Louis Vuitton data breach affects customers in the UK, South Korea, Turkey, and possibly more countries, with notifications underway.

As telecom networks embrace cloud-native to power 5G, the importance of Zero Trust has never been greater. A recent assessment of a 5G core network shows why.

From Bluetooth exploits in vehicles to macOS backdoors and GitHub phishing tricks—this week’s threats go deeper than they appear.

The NCSC has warned that there are still a significant number of organizations using Windows 10, which will soon be unsupported with security updates

This week in cybersecurity from the editors at Cybercrime Magazine

While most said XBOW’s capabilities fall short of an existential crisis for human bug hunters and red-team leaders, they also acknowledge that the balance between human and automation in cybersecurity is shifting rapidly underneath the industry’s feet.

Organizations must turn Cyber Governance, Risk, and Compliance (GRC) into executable pipelines, a Microsoft security product manager argues.

Experts devised a new hack targeting Kigen eSIM tech, used in over 2B devices, exposing smartphones and IoT users to serious security risks.

Britain's tax agency and Romanian police combined on an operation to break up a fraud ring that used phishing emails to capture U.K. taxpayer information.

Wondering what Security+ domains are on this certification exam? Look no further—read our article to learn everything you must know about them.

A Kaspersky GERT expert describes the UserAssist Windows artifact, including previously undocumented binary data structure, and shares a useful parsing tool.

Cybercriminals are using sponsored ads and fake news websites to lure victims to investment scams.

Sophos’ Ben Gelman and Sean Bergeron will present their research on enhancing command line classification with benign anomalous data at Las Vegas

Interlock ransomware continues to develop custom tooling and a new RAT has been detected by researchers

Louis Vuitton’s UK business has notified customers of a personal data breach

Spain gives Huawei wiretap contracts, sparking concerns over potential Chinese government access due to Huawei’s links to Beijing.

Operation Chakra-V scores success as a fraud syndicate is busted following the raid of a scam call center operating in Noida, Uttar Pradesh

CBI's Operation Chakra V dismantles a transnational tech support scam targeting UK, Australia. Over £390,000 lost in UK, two arrests made.

L’armée américaine vient de créer une nouvelle unité dédiée aux tech bros : le Detachment 201, alias l’Executive Innovation Corps. Son objectif ? Intégrer directement l'expertise de la Silicon Valley au cœur de ses forces, pour créer un pont entre la technologie civile et les besoins de modernisation militaire aux

A list of topics we covered in the week of July 7 to July 13 of 2025

New eSIM vulnerabilities in Kigen eUICC cards expose billions of IoT devices to potential cyberattacks.

Researchers from The DFIR Report, in partnership with Proofpoint, have identified a new and resilient variant of the Interlock ransomware group’s remote access trojan (RAT). This new malware,…

PoC exploits released for critical Fortinet FortiWeb flaw allowing pre-auth RCE. Fortinet urges users to patch.