Latest CyberSec News by @thecyberpicker

The connected sex toy platform Lovense is vulnerable to a zero-day flaw that allows an attacker to get access to a member's email address simply by knowing their username, putting them at risk of doxxing and harassment.

Microsoft found a macOS flaw letting attackers access private data from protected areas like Downloads and Apple Intelligence caches.

Not long ago, I found myself staring at a reply that could’ve come from a bot. Related: Microsoft purges 'knowledge workers' It was a polite follow-up from a PR rep reiterating a pitch I had already acknowledged — and responded to with a thoughtful, clearly outlined counter-offer. My reply wasn’t off-the-shelf. It was a handcrafted

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco ISE and PaperCut flaws to its Known Exploited Vulnerabilities catalog.

The Tea app data breach has grown into an even larger leak, with the stolen data now shared on hacking forums and a second database discovered that allegedly contains 1.1 million private messages exchanged between the app's members.

Researchers have disclosed a vulnerability in Gemini Command Line Interface (CLI), Google’s latest piece of “agentic” AI software for code development.

A vulnerability in Google's Gemini CLI allowed attackers to silently execute malicious commands and exfiltrate data from developers' computers using allowlisted programs.

Bluesky thread. Here’s the paper, from 1957. Note reference 3.

Adobe ColdFusion 2023.6 - Remote File Read. CVE-2024-20767 . webapps exploit for Multiple platform

Gaming peripherals maker Endgame Gear is warning that malware was hidden in its configuration tool for the OP1w 4k v2 mouse hosted on the official website between June 26 and July 9, 2025.

Hackers breached Toptal’s GitHub to publish npm malware, risking dev systems and cloud data integrity.

Mezzanine CMS 6.1.0 - Stored Cross Site Scripting (XSS). CVE-2025-50481 . webapps exploit for Multiple platform

Attackers could use a recently patched macOS vulnerability to bypass Transparency, Consent, and Control (TCC) security checks and steal sensitive user information, including Apple Intelligence cached data.

Linux PAM Environment - Variable Injection Local Privilege Escalation. CVE-2025-6018 . local exploit for Linux platform

Security researcher Bobby Gould has published a blog post demonstrating a complete exploit chain for CVE-2025-20281, an unauthenticated remote code execution vulnerability in Cisco Identity Services Engine (ISE).

Chennai, India, July 25, 2025, CyberNewswire — xonPlus, a real-time digital risk alerting system, officially launches today to help security teams detect credential exposures before attackers exploit them. The platform detects data breaches and alerts teams and systems to respond instantly. Built by the team behind XposedOrNot, an open-source breach detection tool used by thousands,

Invision Community 4.7.20 - (calendar/view.php) SQL Injection. CVE-2025-48932 . webapps exploit for Multiple platform

Democrat Maggie Hassan says Starlink should acknowledge the use of its satellite internet tech for scams originating in Southeast Asia and do more to explain its response.

XWiki 14 - SQL Injection via getdeleteddocuments.vm. CVE-2025-32429 . webapps exploit for Multiple platform

CISA warns that threat actors are exploiting a high-severity vulnerability in PaperCut NG/MF print management software, which can allow them to gain remote code execution in cross-site request forgery (CSRF) attacks.

Microsoft Threat Intelligence has discovered a macOS vulnerability, tracked as CVE-2025-31199, that could allow attackers to steal private data of files normally protected by Transparency, Consent, and Control (TCC), including the ability to extract and leak sensitive information cached by Apple Intelligence.

Chaos dans les aéroports russes ce lundi 28 juillet : la compagnie nationale Aeroflot a été contrainte d’annuler et de reprogrammer plus d’une cinquantaine de vols. La raison ? Une cyberattaque d'une ampleur inédite revendiquée par le groupe de hackers ukrainiens « Silent Crow » La liste s'allonge et aucun signe de

Maggie Hassan cited evidence accumulating over the past two years that some Southeast Asian fraudsters scamming billions of dollars from U.S. citizens have leaned on Starlink.

AI companies like OpenAI and Perplexity like to be the "everything company," and OpenAI's latest ChatGPT feature, "Shopping," makes that obvious.

France's state-owned defense firm Naval Group is investigating a cyberattack after 1TB of allegedly stolen data was leaked on a hacking forum.

OpenAI's ChatGPT-5 could drop in the coming days, and it could be one of the best models from the Microsoft-backed startup.

Microsoft has reminded customers today that the last supported editions of Windows 11 22H2 will reach their end of servicing on October 14.

The intrusion comes amid a wave of recent social-engineering attacks targeting the insurance sector and other industries.

10,000 WordPress sites vulnerable to takeover due to critical flaws in HT Contact Form Widget plugin

The project, launched by Carnegie Mellon in collaboration with Anthropic, simulated the 2017 Equifax data breach.