Latest CyberSec News by @thecyberpicker

The Senate voted to confirm Sean Cairncross as national cyber director Saturday, giving the Trump administration one of its top cyber officials after a more than five-month process.

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape

Sean Cairncross, a political veteran without significant cybersecurity experience, could turn the relatively new White House office into a major player in the administration

Microsoft Virtual Hard Disk (VHDX) 11 - Remote Code Execution (RCE). CVE-2025-49683 . local exploit for Windows platform

Swagger UI 1.0.3 - Cross-Site Scripting (XSS). CVE-2025-8191 . remote exploit for Multiple platform

LPAR2RRD 8.04 - Remote Code Execution (RCE). CVE-2025-54769 . webapps exploit for Multiple platform

Ultimate Member WordPress Plugin 2.6.6 - Privilege Escalation. CVE-2023-3460 . webapps exploit for Multiple platform

Gandia Integra Total 4.4.2236.1 - SQL Injection. CVE-2025-41373 . webapps exploit for Multiple platform

Copyparty 1.18.6 - Reflected Cross-Site Scripting (XSS). CVE-2025-54589 . webapps exploit for Multiple platform

Microsoft Edge (Chromium-based) 135.0.7049.114/.115 - Information Disclosure. CVE-2025-49741 . remote exploit for Windows platform

State-backed hackers breached Southeast Asia telecoms using advanced tools—no data stolen, but stealth access achieved.

Undetected for a year, Plague malware targets Linux PAM to hijack SSH access and erase forensic traces.

OpenAI isn't just working on GPT-5. It looks like OpenAI is also preparing to release new open-source weights, living up to its name, OpenAI.'

Anthropic says it has revoked OpenAI's access to the Claude API after ChatGPT's engineers were found using Claude's coding tools.

Les tensions commerciales entre Washington et Pékin sur la question cruciale des semi-conducteurs n'en finissent plus. Nvidia se retrouve cet été au cœur des soupçons : la Chine exige des « preuves de sécurité convaincantes » concernant ses puces H20, soupçonnées d’abriter des portes dérobées. Le va-et-vient

Akira ransomware exploits SonicWall SSL VPNs, hitting patched devices. Organizations face risks from possible zero-day flaw.

Security teams can no longer afford to wait for alerts — not when cyberattacks unfold in milliseconds. That’s the core warning from Fortinet’s Derek Manky in a new Last Watchdog Strategic Reel recorded at RSAC 2025. As adversaries adopt AI-driven tooling, defenders must rethink automation, exposure management, and the role of human analysts. “We saw

Researchers say hackers using the Akira ransomware strain may be exploiting the vulnerability en masse.

What scientists thought were squid fossils were actually arrow worms.

San Francisco, Calif., Aug. 1, 2025, CyberNewswire—Comp AI, an emerging player in the compliance automation space, today announced it has secured $2.6 million in pre-seed funding to accelerate its mission of transforming how companies achieve compliance with critical frameworks like SOC 2 and HIPAA. The funding round was co-led by OSS Capital and Grand Ventures,

OpenAI is reportedly working on a new plan called 'Go,' which would be cheaper than the existing $20 Plus subscription.

The flaw, disclosed a month after it was patched, provided an attacker with remote code execution privileges by poisoning the data ingested by the model.

Unit 42 said social engineering — the method of choice for groups as diverse as Scattered Spider and North Korean tech workers — was the top initial attack vector over the past year.

SonicWall firewall devices have been increasingly targeted since late July in a surge of Akira ransomware attacks, potentially exploiting a previously unknown security vulnerability, according to cybersecurity company Arctic Wolf.

An Ohio man lost $27,000 after an Apple ID scam text hit his phone. The strangest part? It happened at his doorstep.

Critical flaw in Cursor AI editor let attackers execute remote code via Slack and GitHub—fixed in v1.3 update.

Hackers have leaked flight records allegedly belonging to the CEO of the Russian airline Aeroflot following a major cyberattack that grounded flights.

Meta backs Pwn2Own Ireland 2025 in Cork, offering up to $1M for WhatsApp exploits; targets include phones and wearables.

Pi-hole, a popular network-level ad-blocker, has disclosed that donor names and email addresses were exposed through a security vulnerability in the GiveWP WordPress donation plugin.

San Francisco, California, 1st August 2025, CyberNewsWire