Latest CyberSec News by @thecyberpicker

Ultimate Member WordPress Plugin 2.6.6 - Privilege Escalation. CVE-2023-3460 . webapps exploit for Multiple platform

Gandia Integra Total 4.4.2236.1 - SQL Injection. CVE-2025-41373 . webapps exploit for Multiple platform

Copyparty 1.18.6 - Reflected Cross-Site Scripting (XSS). CVE-2025-54589 . webapps exploit for Multiple platform

Microsoft Edge (Chromium-based) 135.0.7049.114/.115 - Information Disclosure. CVE-2025-49741 . remote exploit for Windows platform

State-backed hackers breached Southeast Asia telecoms using advanced tools—no data stolen, but stealth access achieved.

Undetected for a year, Plague malware targets Linux PAM to hijack SSH access and erase forensic traces.

OpenAI isn't just working on GPT-5. It looks like OpenAI is also preparing to release new open-source weights, living up to its name, OpenAI.'

Anthropic says it has revoked OpenAI's access to the Claude API after ChatGPT's engineers were found using Claude's coding tools.

Les tensions commerciales entre Washington et Pékin sur la question cruciale des semi-conducteurs n'en finissent plus. Nvidia se retrouve cet été au cœur des soupçons : la Chine exige des « preuves de sécurité convaincantes » concernant ses puces H20, soupçonnées d’abriter des portes dérobées. Le va-et-vient

Akira ransomware exploits SonicWall SSL VPNs, hitting patched devices. Organizations face risks from possible zero-day flaw.

Security teams can no longer afford to wait for alerts — not when cyberattacks unfold in milliseconds. That’s the core warning from Fortinet’s Derek Manky in a new Last Watchdog Strategic Reel recorded at RSAC 2025. As adversaries adopt AI-driven tooling, defenders must rethink automation, exposure management, and the role of human analysts. “We saw

Researchers say hackers using the Akira ransomware strain may be exploiting the vulnerability en masse.

What scientists thought were squid fossils were actually arrow worms.

San Francisco, Calif., Aug. 1, 2025, CyberNewswire—Comp AI, an emerging player in the compliance automation space, today announced it has secured $2.6 million in pre-seed funding to accelerate its mission of transforming how companies achieve compliance with critical frameworks like SOC 2 and HIPAA. The funding round was co-led by OSS Capital and Grand Ventures,

Industries and trade partners scramble ahead of July 9 Deadline

interos.ai Risk Intelligence Summit is back after a sold-out event in 2024. After a sold-out inaugural summit last year, we are excited to announce that the in

Author: Teddy DeWitt, PhD, Lead Computational Social Scientist  Recession Fears Linger Amidst Consumer Pessimism and Tariff Uncertainty  The U.S. economy ma

Author: Dr. Andrea Little Limbago, SVP, Applied AI  We are at a rare moment in history, one where an industrial revolution, an information revolution, and

72% of surveyed CFOs anticipated the North American economy would improve this year, according to Deloitte’s fourth quarter North American CFO Signals Survey.

Geopolitical shocks, trade wars, tariff policies, cyber threats and compounding supplier disruptions mean today’s supply chain challenges demand more than awa

OpenAI is reportedly working on a new plan called 'Go,' which would be cheaper than the existing $20 Plus subscription.

The flaw, disclosed a month after it was patched, provided an attacker with remote code execution privileges by poisoning the data ingested by the model.

Unit 42 said social engineering — the method of choice for groups as diverse as Scattered Spider and North Korean tech workers — was the top initial attack vector over the past year.

SonicWall firewall devices have been increasingly targeted since late July in a surge of Akira ransomware attacks, potentially exploiting a previously unknown security vulnerability, according to cybersecurity company Arctic Wolf.

An Ohio man lost $27,000 after an Apple ID scam text hit his phone. The strangest part? It happened at his doorstep.

Critical flaw in Cursor AI editor let attackers execute remote code via Slack and GitHub—fixed in v1.3 update.

Hackers have leaked flight records allegedly belonging to the CEO of the Russian airline Aeroflot following a major cyberattack that grounded flights.

Meta backs Pwn2Own Ireland 2025 in Cork, offering up to $1M for WhatsApp exploits; targets include phones and wearables.

Pi-hole, a popular network-level ad-blocker, has disclosed that donor names and email addresses were exposed through a security vulnerability in the GiveWP WordPress donation plugin.

San Francisco, California, 1st August 2025, CyberNewsWire