Latest CyberSec News by @thecyberpicker

CEO Sandy Douglas said the food distributor is helping some customers maintain inventory with assistance from other wholesalers.

Security researchers have disclosed a new Secure Boot bypass tracked as CVE-2025-3052 that can be used to turn off security on PCs and servers and install bootkit malware.

Salesforce Industry Cloud has 20+ config risks exposing sensitive data; customers must fix most issues to avoid compliance and security breaches.

Adobe patched 254 flaws, mostly in Experience Manager, impacting cloud and on-prem users, preventing critical code execution risks.

A House panel approved a fiscal 2026 funding bill Monday that would cut the Cybersecurity and Infrastructure Security Agency by $135 million from fiscal 2025, significantly less than the Trump administration’s proposed $495 million.

Microsoft has released the KB5060533 cumulative update for Windows 10 22H2 and Windows 10 21H2, with seven fixes or changes, including bringing seconds back to the time shown in the Calendar flyout.

Android Enterprise has introduced features for mobile security, device management and user productivity in its latest update

SAP fixed a critical NetWeaver flaw that let attackers bypass auth and escalate privileges. Patch released in June 2025 Security Patch.

Microsoft has released Windows 11 KB5060842 and KB5060999 cumulative updates for versions 24H2 and 23H2 to fix security vulnerabilities and issues, including 66 flaws.

Today is Microsoft's June 2025 Patch Tuesday, which includes security updates for 66 flaws, including one actively exploited vulnerability and another that was publicly disclosed.

FIN6 uses fake resumes hosted on AWS to deliver More_eggs malware, targeting recruiters to steal credentials and card data

The Texas Department of Transportation (TxDOT) is warning that it suffered a data breach after a threat actor downloaded 300,000 crash records from its database.

Microsoft announced it will expand the list of blocked attachments in Outlook Web and the new Outlook for Windows starting next month.

In a twist on typical hiring-related social engineering attacks, the FIN6 hacking group impersonates job seekers to target recruiters, using convincing resumes and phishing sites to deliver malware.

The scheme is based in Cambodia, where people residing in scam centers contact U.S. victims through phone calls, texts, dating apps and other avenues to promote fake cryptocurrency investments.

Ivanti has released security updates to fix three high-severity hardcoded key vulnerabilities in the company's Workspace Control (IWC) solution.

The department store chain six weeks ago was one of the first targets in an international spree of attacks disrupting retailers.

Rust-based Myth Stealer malware spreads via fake gaming sites, stealing browser data from millions worldwide.

AI acts like Pac-Man—devouring sensitive data across clouds, apps, and copilots. Varonis analyzed 1,000 orgs and found 99% have exposed data AI can access, exposing them to data risks.

Heroku is suffering a widespread outage that has lasted over six hours, preventing developers from logging into the platform and breaking website functionality.

The campaign has affected hundreds of Russian users, particularly targeting industrial enterprises and engineering schools, with additional victims reported in Belarus and Kazakhstan.

A ransomware attack on Mastery Schools, Philadelphia, has compromised personal information of 37,031 individuals, exposing sensitive data

La mise en service des péages en flux libre a déclenché une vague d’arnaques ciblant les automobilistes français. De fausses campagnes de SMS et d’e-mails, imitant les messages officiels des sociétés d’autoroute, circulent actuellement et cherchent à piéger les usagers. Après les fausses amendes à régler, c’est

UNFI, a grocery retailer and wholesaler, is working to resume full operations following “unauthorized activity” involving its IT systems.

Generative AI is even helping hackers trick open-source developers into using malicious code, according to Gartner.

Pour la première fois depuis 2019, les primes collectées en 2024 sont en baisse, d'après la cinquième étude de l'Amrae sur l'état du marché...-Cybersécurité

L'Union européenne lance les tests de DNS4EU, son résolveur public. Pensé comme un outil de souveraineté numérique face aux entreprises...-Internet

U.S. CISA adds RoundCube Webmail and Erlang Erlang/OTP SSH server flaws to its Known Exploited Vulnerabilities catalog.

OpenAI is working to fix an ongoing outage impacting ChatGPT users worldwide and preventing them from accessing the chatbot on the web or via mobile and desktop apps.

A mobile scam finds most people at least once a week, new Malwarebytes research reveals. The financial and emotional consequences are dire.