Latest CyberSec News by @thecyberpicker

FortiOS SSL-VPN 7.4.4 - Insufficient Session Expiration & Cookie Reuse. CVE-2024-50562 . remote exploit for Multiple platform

News broke today of a "mother of all breaches," sparking wide media coverage filled with warnings and fear-mongering. However, it appears to be a compilation of previously leaked credentials stolen by infostealers, exposed in data breaches, and via credential stuffing attacks.

A new version of the Android malware "Godfather" creates isolated virtual environments on mobile devices to steal account data and transactions from legitimate banking apps.

Android malware AntiDot and GodFather target mobile users with phishing, NFC attacks, and app virtualization.

China-linked APT Typhoon has reportedly targeted satellite firm Viasat, the group has breached multiple telecom providers in the past.

North Korean hackers used deepfake Zoom calls and Telegram links to infect Mac systems at a crypto firm.

Cybercriminals no longer need zero-days to breach your systems—these days, they just log in. Join BleepingComputer, SC Media, and Specops Software's Darren Siegel on July 9 at 2:00 PM ET for a live webinar on how attackers are using stolen credentials to infiltrate networks and how you can stop them.

A civil forfeiture complaint was filed in U.S. District Court for the District of Columbia this week, where investigators from the FBI and U.S. Secret Service said they used blockchain analysis to trace the funds back to fraud schemes perpetrated by actors in the Philippines.

Banana Squad exploited GitHub to distribute malicious Python code disguised as legitimate tools

ChatGPT's next big upgrade, or the new foundational model "GPT-5," is still being prepared for a release in the summer, but OpenAI won't share the specifics.

4 ways Google uses AI for security, catalog of AWS threat actor techniques, training a custom small language model to find secrets

Python RAT PylangGhost, linked to Famous Chollima, targeted crypto professionals via fake job sites

A 33-year-old man arrested in Ukraine will face charges in the U.S. of working for the Ryuk cybercrime operation, known for high-profile targets and large ransom demands.

Researchers have uncovered 30 exposed data sets containing over 16 billion login credentials which were likely harvested by infostealers.

The U.S. Department of Justice has seized more than $225 million in cryptocurrency linked to investment fraud and money laundering operations, the largest crypto seizure in the history of the U.S. Secret Service.

Doughnut maker Krispy Kreme has revealed that sensitive financial and personal data of over 160,000 individuals has been impacted following a November 2024 cyber incident

Microsoft has announced new Windows 365 security defaults starting in the second half of 2025 and affecting newly provisioned and reprovisioned Cloud PCs.

Toy company Mattel has announced a deal with OpenAI to create AI-powered toys, but digital rights advocates have urged caution.

GenAI, credential theft, third-party risks—Verizon's 2025 DBIR reveals what's putting your org at risk. Join DBIR author Alex Pinto & LayerX CEO Or Eshed as they break down this year's key insights and defense strategies. Don't miss the webinar—register now.

ChatGPT appears to be testing support for Gmail and Google Calendar integration. This will allow users to summarise emails and create events.

Iran experienced a near-total internet blackout on Wednesday as tensions with Israel escalated into the first week of conflict.

The DuckDuckGo web browser has expanded its built-in Scam Blocker tool to protect against a broader range of online scams, including fake e-commerce, cryptocurrency exchanges, and "scareware" sites.

Banking giant UBS revealed it had suffered a data breach following a cyber-attack on procurement service provider Chain IQ

Satellite communications company Viasat is the latest victim of China's Salt Typhoon cyber-espionage group, which has previously hacked into the networks of multiple other telecom providers in the United States and worldwide.

AI-generated code is accelerating dev speed—but it’s also exposing users to stealthy, undetected flaws.

North Korean hackers used deepfake Zoom calls and Telegram links to infect Mac systems at a crypto firm.

Two articles crossed my path recently. First, a discussion of all the video Waymo has from outside its cars: in this case related to the LA protests. Second, a discussion of all the video Tesla has from inside its cars. Lots of things are collecting lots of video of lots of other things. How and under what rules that video is used and reused will be a continuing source of debate.

Cato Networks researchers demonstrated an attack leveraging Atlassian’s AI agent-enabling server

Hackers now exploit trusted apps like Zoom and Dropbox to launch stealth attacks. Learn how to detect LOTS threats

U.S. doughnut chain Krispy Kreme confirmed that attackers stole the personal information of over 160,000 individuals in a November 2024 cyberattack.