Latest CyberSec News by @thecyberpicker

Hackers are hijacking expired or deleted Discord invite links to redirect users to malicious sites that deliver remote access trojans and information-stealing malware.

Jen Easterly and Ciaran Martin called for a universal, vendor-neutral cyber threat actor naming system

Freefloat FTP Server 1.0 - Remote Buffer Overflow. CVE-2025-5548 . remote exploit for Multiple platform

The latest confirmed cyber intrusion hit a utility billing software provider and its customers.

The city government of Thomasville, North Carolina, and a court district in eastern Georgia are responding to recent intrusions into their networks.

Many companies feel unprepared to comply with global privacy and security rules, according to the advisory firm’s annual business sentiment survey.

C'était l'opération dans l'opération. En marge de la campagne Rising Lion lancée par Israël contre l'Iran dans la nuit du 12 au 13 juin 2025, pour attaquer son programme de nucléaire militaire, une action spéciale a aussi eu lieu proche de Téhéran. Elle impliquait une base clandestine et des drones explosifs. Un coup

Des chercheurs en cybersécurité ont révélé une vulnérabilité majeure dans l’IA Microsoft 365 Copilot, permettant à des pirates de voler des données sensibles d'entreprises, sans le moindre clic d'utilisateur. Baptisée EchoLeak, cette faille exploitait l’IA générative intégrée aux outils Microsoft pour exfiltrer des

It’s been a whirlwind two months since AI-powered features landed in Burp Suite Professional. Thousands of security testers across the world have been using Burp AI to find vulnerabilities and secure

Ransomware gangs leveraged a vulnerability to access unpatched versions of SimpleHelp's remote monitoring and management tool to disrupt services in double extortion compromises.

Over 269K sites infected with JSFireTruck malware in one month, redirecting visitors to scams and malware.

Microsoft is investigating a known issue that triggers Secure Boot errors and prevents Surface Hub v1 devices from starting up.

A quelques jours de l'ouverture du Salon international de l'aéronautique qui se tiendra au Bourget du 16 au 22 juin, Thales tire la sonnette...-Cybersécurité

This week in cybersecurity from the editors at Cybercrime Magazine

Implement the 11th domain of CCM: Interoperability & Portability. Avoid vendor lock-in and ensure seamless data exchange across multiple platforms and CSPs.

Microsoft is investigating an ongoing incident that is causing users to experience errors with some Microsoft 365 authentication features.

Victoria's Secret has restored all critical systems impacted by a May 24 security incident that forced it to shut down corporate systems and the e-commerce website.

This is the first forensic evidence that journalists’ devices have been infected with Paragon’s Graphite spyware

CISA warns ransomware groups exploiting unpatched SimpleHelp RMM to breach organizations worldwide, risking data theft and double extortion

Traditional SOCs are overwhelmed by alerts; CTEM helps enterprises focus on real risks and business impact for better security outcomes.

Dive into the details of a real world rootkit & learn how Kernel Integrity Measurement technology detects novel rootkits that exploit zero day vulnerabilities.

Paragon is a Israeli spyware company, increasingly in the news (now that NSO Group seems to be waning). “Graphite” is the name of their product. Citizen Lab caught them spying on multiple European journalists with a zero-click iOS exploit: On April 29, 2025, a select group of iOS users were notified by Apple that they were targeted with advanced spyware. Among the group were two journalists that consented for the technical analysis of their cases. The key findings from our forensic analysis of their devices are summarized below: Our analysis finds forensic evidence confirming with high confidence that both a prominent European journalist (who requests anonymity), and Italian journalist Ciro Pellegrino, were targeted with Paragon’s Graphite mercenary spyware. ...

Pendant près de trois ans, des chercheurs ont pu collecter des milliers de données confidentielles sur Danabot, un des réseaux cybercriminels les plus recherchés au monde. La faute à une faille dans leur infrastructure, baptisée DanaBleed. Nous sommes en mai 2025, et le botnet DanaBot, l’un des réseaux de

A CISA advisory urged all software vendors and downstream customers to check if they are impacted by unpatched versions of the SimpleHelp RMM tool

Cloudflare has confirmed that the massive service outage yesterday was not caused by a security incident and no data has been lost.

An extremely Windows-heavy month, with a surprise cameo by… Sophos?!

Researchers have found a flaw in Microsoft 365 Copilot that allows the exfiltration of sensitive corporate data with a simple email

Apple patched zero-day flaws exploited to deploy Paragon’s Graphite spyware targeting journalists and civil society, raising global spyware concerns.

Trois ans après la création de La Poste Ventures, son fonds d'investissement dédié aux start-up, le groupe double la mise en portant...-Cybersécurité

Trend Micro fixed multiple vulnerabilities that impact its Apex Central and Endpoint Encryption (TMEE) PolicyServer products.