Latest CyberSec News by @thecyberpicker

Hewlett Packard Enterprise (HPE) has issued a security bulletin to warn about eight vulnerabilities impacting StoreOnce, its disk-based backup and deduplication solution.

ChatGPT's memory feature is now better and capable of referencing past conversations for free accounts.

U.S. CISA adds ASUS RT-AX55 devices, Craft CMS, and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities catalog.

When VC mogul Chris Sacca declared AI is the death knell for professional services, I flinched. Not because he’s wrong — but because it’s only half the story. Related: GenAI grows up - at RSAC 2025 As a journalist who’s covered multiple technology shifts from the inside, I’ve learned to distinguish hype from real inflection

The most serious flaw in the monthly security update affects the Android system and could be exploited to achieve local escalation of privilege, the company said.

A recently disclosed data breach at Coinbase has been linked to India-based customer support representatives from outsourcing firm TaskUs, who threat actors bribed to steal data from the crypto exchange.

As scammers develop new ways of exploiting unsuspecting users, Malwarebytes is introducing Scam Guard to combat this new wave of threats.

The 24 people who signed the letter endorsing Sean Cairncross include former government officials and current industry leaders.

Wild variances in naming taxonomies aren’t going away, but a new initiative from the security vendors aims to more publicly address obvious overlap in threat group attribution.

Learn why CISOs prefer Microsoft Defender for Endpoint to secure their device estate across Windows, Linux, macOS, iOS, Android, and IoT devices.

CISA director and national cyber director nominees could transform how the federal government engages with the private sector on cybersecurity issues.

Two malicious RubyGems packages posing as popular Fastlane CI/CD plugins redirect Telegram API requests to attacker-controlled servers to intercept and steal data.

Microsoft is testing a dedicated page in Windows Settings for quick machine recovery, which will provide users with additional configuration options.

Outdoor apparel giant The North Face sent out a notice to impacted customers about another credential stuffing attack on their website

The intrusion follows a string of attacks that appear to be the work of the cybercrime gang Scattered Spider.

A man pleaded guilty to his involvement in a string of swatting and bomb threat incidents that allegedly impacted at least 25 members of Congress or their family members, as well as law enforcement officials and members of the federal judiciary.

Amazon Web Services précise les contours de son futur cloud européen, qualifié de "souverain", attendu pour fin 2025. Le fournisseur américain...-Cloud

Fake Gitcode and DocuSign sites are tricking users into running PowerShell scripts that install NetSupport RAT.

Resellers and channel partners can add value, fill gaps in security teams and offer expertise in niche markets

Silver Spring, MD, June 3, 2025, CyberNewswire -- Aembit, the workload identity and access management (IAM) company, today announced a major expansion of its platform to support Microsoft environments. With this launch, enterprises can now enforce secure, policy-based access for software workloads and agentic AI running on Windows Server, Active Directory, Microsoft Entra ID, and

Effective cybersecurity played a key role Ukraine drone attack on Russian strategic bombers, a leading government security expert has claimed

Mozilla has developed a new security feature for its add-on portal that helps block Firefox malicious extensions that drain cryptocurrency wallets.

CISA is facing $495m budget cut, losing 1000 employees and reducing staff to 2324

CISA is alerting federal agencies in the U.S. of hackers exploiting a recently patched ScreenConnect vulnerability that could lead to executing remote code on the server.

Critical Roundcube bug CVE-2025-49113 affects versions before 1.6.11, enabling code execution via URL flaw.

Un lanceur d’alerte anonyme, « GangExposed », publie une fuite inédite sur les chefs du groupe de ransomware Conti/Trickbot. Pour la première fois, des preuves visuelles, des documents financiers et des détails sur leur vie quotidienne à Dubaï viennent appuyer des identités déjà connues des autorités, bouleversant la

Scattered Spider isn't one group — it's an identity-first threat model evolving fast. From vishing to AiTM phishing, they're exploiting MFA gaps to hijack the cloud. Watch the Push Security webinar to learn how their identity-based tactics work — and how to stop them.

This spring has seen another spate of stories about juice jacking, including a new, more sophisticated form of attack. But how much of a threat is it, really?

Fashion retail giant Victoria's Secret has delayed its first quarter 2025 earnings release because of ongoing corporate system restoration efforts following a May 24 security incident.

CISOs should demand more of their vendors and use regulation as an ally to persuade board members to accelerate the transition to post-quantum safety