Latest CyberSec News by @thecyberpicker

Iran throttles web, cites cyber threats; Israeli group hacks bank; U.S. warns of Iranian ICS malware.

Veeam patches 3 major flaws, including CVE-2025-23121, to stop RCE risks in backup software. Update now.

A pair of AI tools advertised on hacking forums were developed using commercial AI models from xAI and Mistral, according to Cato Networks.

Last week at Microsoft Build, Azure CTO Mark Russinovich made headlines by telling the truth. Related: A basis for AI optimism In a rare moment of public candor from a Big Tech executive, Russinovich warned that current AI architectures—particularly autoregressive transformers—have structural limitations we won’t engineer our way past. And more than that, he acknowledged

Iran-focused media outlets report Bank Sepah branches are closed, customers are unable to access accounts and payment processing is down.

WhatsApp has announced it will start showing its users targeted ads. Will this be yet another Meta "Pay or OK" choice?

Chrome and Yandex zero-days exploited to deploy Trinper backdoor via phishing; Russian entities targeted.

Security analysts at Google’s Threat Intelligence Group published a warning this week to insurance companies, writing that it is “now aware of multiple intrusions in the US which bear all the hallmarks of Scattered Spider activity.”

The AnonsecKh group, which goes by Bl4ckCyb3r on Telegram, claimed at least 73 attacks on Thai organizations in the two weeks following a May 28 incident in which a Cambodian soldier was killed in a skirmish with Thai forces.

LangSmith flaw let hackers steal OpenAI API keys and data via LangChain agents. Enterprises risked IP leaks.

Instagram ads impersonating financial institutions like Bank of Montreal (BMO) and EQ Bank (Equitable Bank) are being used to target Canadian consumers with phishing scams and investment fraud. Some ads use AI-powered deepfake videos in an attempt to collect your personal information, while others drive traffic to phishing pages.

Un groupe de hackers, supposément lié à Israël, revendique une cyberattaque majeure contre la banque Sepah, institution clé du système financier iranien. Ils assurent avoir « détruit toutes les données » de la banque. Le groupe de hackers Gonjeshke Darande, également connu sous le nom de « Predatory Sparrow », a

To defend “target rich, resource poor” critical infrastructure from cyberattacks, the U.S. must expand its patchwork volunteer system, a new report concludes.

New SEO poisoning attacks identified, using Hacklink to hijack search rankings and inject malicious links into sites

​Veeam has released security updates today to fix several Veeam Backup & Replication (VBR) flaws, including a critical remote code execution (RCE) vulnerability.

Moving from artisanal to industrial security at scale, and how Google uses AI for reversing malware, analyzing hacker videos, fuzzing, and more

The commission described how recently updated federal regulations affect dealerships — and their vendors.

The UK Information Commissioner's Office (ICO) has fined genetic testing provider 23andMe £2.31 million ($3.12 million) over 'serious security failings' that led to a 'profoundly damaging' data breach in 2023.

A chain of Sitecore Experience Platform (XP) vulnerabilities allows attackers to perform remote code execution (RCE) without authentication to breach and hijack servers.

Researchers say a sudden burst of activity could be linked to a Mirai botnet variant.

Malware detected previously in Italy has popped up in Russia, researchers said. Attackers use it to access devices' near field communications (NFC) and steal payment card data.

Email hosting provider Cock.li has confirmed it suffered a data breach after threat actors exploited flaws in its now-retired Roundcube webmail platform to steal over a million user records.

Completing the CAIQ self-assessment is a prerequisite for pursuing CSA STAR Level 2. This requirement strengthens the overall assurance of cloud providers.

23andMe has been fined over £2m by the UK ICO for failing to adequately protect genetic data

Phishing emails in Taiwan deploy Gh0stCringe and HoldingHands RAT via fake tax lures and PDF malware.

Tired of drowning in IT tickets? This AI-powered workflow built on Tines auto-triages common issues like known bugs & password resets—saving time for your team and speeding up resolution. Learn more about Tines and get a free account now.

Microsoft has released an emergency update to fix a known issue causing startup failures for some Surface Hub v1 devices running Windows 10.

Congress should use renewal of an expiring terrorism insurance program to create a federal backstop for cybersecurity insurance, according to a report out Tuesday that tries to thread many difficult needles to bolster an industry that its author says isn’t developing fast enough. In an ideal world, cybersecurity insurance can be a valuable tool to […]

U.S. CISA adds Apple products, and TP-Link routers vulnerabilities to its Known Exploited Vulnerabilities catalog.

Phishing campaign targeting Taiwan has been identified, using tax-themed emails and malware like Winos and HoldingHands