Latest CyberSec News by @thecyberpicker

OpenAI and Microsoft have said that GPT-5 is one of their safest and secure models out of the box yet. An AI red-teamer called its performance “terrible.”

Dutch NCSC warns CVE-2025-6543 Citrix bug, a memory overflow flaw, is being exploited to breach critical organizations in the Netherlands.

Microsoft has released Windows 11 KB5063878 and KB5063875 cumulative updates for versions 24H2 and 23H2 to fix security vulnerabilities and issues.

Coordinated brute-force attacks hit Fortinet SSL VPNs and FortiManager, involving 780+ malicious IPs from U.S., Canada, Russia, and more.

Today is Microsoft's August 2025 Patch Tuesday, which includes security updates for 107 flaws, including one publicly disclosed zero-day vulnerability in Windows Kerberos.

Microsoft has released the KB5063709 cumulative update for Windows 10 22H2 and Windows 10 21H2, with seven fixes or changes, including a fix for a bug that prevented enrollment in extended security updates.

ShinyHunters and Scattered Spider are teaming up in a coordinated Salesforce phishing and extortion campaign, with researchers warning financial firms

Two different groups were found to have abused a now patched vulneraability in popular archive software WinRAR. Who's next?

Microsoft recently spoke with Mario Ferket, Chief Information Security Officer for Dow, about the company’s approach to AI in security.

In a new investigation launched at DEFCON 33, Analyst1’s Jon DiMaggio revealed probable Russian government involvement in the Kaseya attack

Google announced that its protected Kernel-based Virtual Machine (pKVM) for Android has achieved SESIP Level 5 certification, the highest security assurance level for IoT and mobile platforms.

The U.S. Department of Justice (DoJ) seized cryptocurrency and digital assets worth $1,091,453 at the time of confiscation, on January 9, 2024, from the BlackSuit ransomware gang.

The hacker group behind the campaign used methods similar to those of the China-linked group Earth Baxia, known for targeting government agencies in the Asia-Pacific region.

A new technique has bypassed GPT-5’s safety systems via narrative-driven steering to elicit harmful output

A report from industrial cybersecurity firm Dragos highlights growing risks of business interruption and supply-chain disruptions.

Pour contrer le déploiement massif de drones envoyés par la Russie, les forces armées ukrainiennes rivalisent d’ingéniosité face à cet ennemi à la fois peu coûteux et redoutable. Début août 2025, un avion agricole modifié a été aperçu dans le ciel ukrainien. Sa nouvelle mission : intercepter les drones ennemis à

Scam hunter Julie-Anne Kearns, who helps scam victims online, opened up about a tax scam she fell for herself.

Over 29,000 Microsoft Exchange servers remain unpatched against a vulnerability that could allow attackers to seize control of entire domains in hybrid cloud environments

Dutch authorities said hackers penetrated several critical infrastructure providers, in a warning sign for vulnerable organizations elsewhere.

Over 3,300 Citrix NetScaler devices remain unpatched against a critical vulnerability that allows attackers to bypass authentication by hijacking user sessions, nearly two months after patches were released.

A new cyber-espionage threat group has been using a new backdoor malware that provides persistent access through a seemingly inactive scheduled task.

Depuis la fin juillet 2025, le Muséum national d’Histoire naturelle (MNHN) de Paris, l’une des institutions majeures en recherche et patrimoine naturel dans le monde, est la cible d’une cyberattaque d’une ampleur inédite. L'organisation ne parvient plus à accéder à de nombreuses bases de données destinées à la

Healthcare led all industries in 2024 breaches—over 275M patient records exposed, mostly via weak or stolen passwords. See how the self-hosted password manager by Passwork helps providers meet HIPAA requirements, protect ePHI, and keep care running. Try it free for 1 month.

The sophisticated campaign aims to steal credentials of sponsor license holders to facilitate immigration fraud, extortion and other monetization schemes

Scammers are using the age old tactic of scaring victims into clicking by sending out fake product recall messages from Amazon.

Rapid7 found that threat actors are able to purchase low-cost initial access broker services, with many packages offering a variety of options

Bitdefender exposes ‘Curly COMrades,’ a new Russian-aligned APT targeting Georgia and Moldova with NGEN COM hijacking and credential theft.

While “fairly primitive”, APT28’s LameHug was a testbed for future AI-powered attacks, said two MITRE experts during Black Hat USA 2025

Microsoft announced today that systems running Home and Pro editions of Windows 11 23H2 will stop receiving updates in three months.