Latest CyberSec News by @thecyberpicker

A chain of Sitecore Experience Platform (XP) vulnerabilities allows attackers to perform remote code execution (RCE) without authentication to breach and hijack servers.

Researchers say a sudden burst of activity could be linked to a Mirai botnet variant.

Malware detected previously in Italy has popped up in Russia, researchers said. Attackers use it to access devices' near field communications (NFC) and steal payment card data.

Email hosting provider Cock.li has confirmed it suffered a data breach after threat actors exploited flaws in its now-retired Roundcube webmail platform to steal over a million user records.

Completing the CAIQ self-assessment is a prerequisite for pursuing CSA STAR Level 2. This requirement strengthens the overall assurance of cloud providers.

23andMe has been fined over £2m by the UK ICO for failing to adequately protect genetic data

Phishing emails in Taiwan deploy Gh0stCringe and HoldingHands RAT via fake tax lures and PDF malware.

Tired of drowning in IT tickets? This AI-powered workflow built on Tines auto-triages common issues like known bugs & password resets—saving time for your team and speeding up resolution. Learn more about Tines and get a free account now.

Microsoft has released an emergency update to fix a known issue causing startup failures for some Surface Hub v1 devices running Windows 10.

Congress should use renewal of an expiring terrorism insurance program to create a federal backstop for cybersecurity insurance, according to a report out Tuesday that tries to thread many difficult needles to bolster an industry that its author says isn’t developing fast enough. In an ideal world, cybersecurity insurance can be a valuable tool to […]

U.S. CISA adds Apple products, and TP-Link routers vulnerabilities to its Known Exploited Vulnerabilities catalog.

Phishing campaign targeting Taiwan has been identified, using tax-themed emails and malware like Winos and HoldingHands

La maquette impressionnante de l'UCAS est affichée en vedette lors du salon du Bourget 2025. Derrière ce drone de combat autonome se cache un projet militaire numérique européen à l'ambition inédite et parfois contrariée : le SCAF. Posté à l’entrée du hall 2C, le stand extérieur de Dassault Aviation est impossible à

Scattered Spider targets U.S. insurance firms using social engineering and MFA bypass tactics. GTIG urges vigilance.

This week in cybersecurity from the editors at Cybercrime Magazine

This article discusses how ransomware attacks are targeting backups and what to do to keep your data and backups secure.

Three flaws in Sitecore XP v10.1+ let attackers gain remote access using default credentials—impacting banks, airlines, and global enterprises

Botnet attack exploited over 130,000 forgotten AD accounts. Learn why service account oversight matters.

A group tracked as Predatory Sparrow said it was responsible for hacking Bank Sepah as the conflict between Israel and Iran intensified.

If you’ve worried that AI might take your job, deprive you of your livelihood, or maybe even replace your role in society, it probably feels good to see the latest AI tools fail spectacularly. If AI recommends glue as a pizza topping, then you’re safe for another day. But the fact remains that AI already has definite advantages over even the most skilled humans, and knowing where these advantages arise—and where they don’t—will be key to adapting to the AI-infused workforce. AI will often not be as effective as a human doing the same job. It won’t always know more or be more accurate. And it definitely won’t always be fairer or more reliable. But it may still be used whenever it has an advantage over humans in one of four dimensions: speed, scale, scope and sophistication. Understanding these dimensions is the key to understanding AI-human replacement...

WatchTowr has found three vulnerabilities in the Sitecore Experience Platform, used by HSBC and L’Oréal

In a confirmation that we've gone full Black Mirror, air fryer and other IoT manufacturers are being told to stop invading our digital privacy.

Learn how to adopt the NIST AI Risk Management Framework to build trustworthy AI systems and streamline compliance with automation tools.

Reddit has announced more Artificial Intelligence powered tools to help advertisers. But do users care for it?

interos.ai launches itariffs to help supply chain and finance leaders identify and act on tariff risk faster.

Microsoft’s Sovereign Cloud solutions are designed to ensure European cloud data is stored and processed in Europe

Langflow’s RCE flaw is under active attack, infecting servers with Flodrix botnet malware via public PoC. Unpatched AI apps remain at risk.

TP-Link and Zyxel router flaws are under active attack, affecting global users and federal systems. Urgent updates needed.

New City of London Police data reveals British men and women lost over £100m to romance fraudsters in 2024

Archetyp, immense plateforme de vente de drogue en ligne, active depuis 2020, a été démantelée lors d’une vaste opération internationale baptisée Deep Sentinel, coordonnée par l’Office fédéral de la police criminelle allemande et Europol. 600 000 utilisateurs, 3 200 vendeurs et près de 17 000 annonces : ce sont les