Latest CyberSec News by @thecyberpicker

Skitnet malware used in 2025 ransomware attacks uses Rust and Nim to evade detection and exfiltrate data.

RomethemeKit for Elementor has released a patch addressing an RCE vulnerability exposing 30,000 sites

The United Kingdom's Legal Aid Agency (LAA) has confirmed that a recent cyberattack is more serious than first believed, with hackers stealing a large trove of sensitive applicant data in a data breach.

The research highlights a “trust gap between the untested promise of AI and the wariness of security and privacy risks,” finance software company Kyriba said.

Make sure your Chrome is on the latest version, to patch against an actively exploited vulnerability that can be used to steal sensitive information from websites.

Une arnaque sur Instagram, particulièrement sophistiquée, cible les jeunes parents. Son but ? Leur voler de très grosses sommes d'argent grâce à un phishing en deux étapes. Vous vous sentez solides face aux arnaques en ligne ? Celle que nous avons découverte en ce mois de mai 2025 (une de plus) pourrait vous faire

The Pwn2Own Berlin 2025 hacking competition has concluded, with security researchers earning $1,078,750 after exploiting 29 zero-day vulnerabilities and encountering some bug collisions.

Mozilla released emergency security updates to address two Firefox zero-day vulnerabilities demonstrated in the recent Pwn2Own Berlin 2025 hacking competition.

At the RSA Conference in San Francisco this year, Tim Brown talked about the protection CISOs need, Russia’s continued attempts to launch attacks and how companies can navigate the treacherous waters of cyber incidents.

Explore the pros, cons, and business uses of open vs. closed-source AI models. Learn how to choose the best option—or combine both—for your needs.

Civil society groups and academics are calling for the EU's GDPR to remain unchanged following the EU Commission's plans to revisit it

Data obtained by Recorded Future News from the U.K.'s National Health Service show that two incidents last year put patients at risk of clinical harm.

This week in cybersecurity from the editors at Cybercrime Magazine

A large cache of sensitive data about people who applied for legal aid in the U.K. is potentially in the possession of cybercriminals, the government said.

Discover 24 expert strategies for CISOs to combat the top 8 cyber threats of 2025, including AI-driven attacks and insider risks.

Elon Musk’s DOGE isn’t about efficiency — it’s about destruction. We should not let this administration tear down our best defenses against those trying to attack us in cyberspace.

Five zero-days. Nation-state attacks. Supply chain breaches. This week’s cyber recap isn’t just another alert—it’s a red flag.

Mozilla patched 2 Firefox zero-days exploited at Pwn2Own Berlin, risking code execution via JavaScript flaws.

CTEM adoption in 2025 improves risk visibility and enables 3x breach reduction by 2026 via real-time validation.

“Fifty Years of Mathematical Cryptanalysis (1937-1987),” by Glenn F. Stahly, was just declassified—with a lot of redactions—by the NSA. I have not read it yet. If you find anything interesting in the document, please tell us about it in the comments.

Pwn2Own Berlin 2025 wrapped up with $383,750 awarded on the final day, pushing the total prize money to $1,078,750 over three days.

An Alabama man has been sentenced to 14 months for hacking the SEC’s X account

The UK government says that hackers accessed a “large amount” of personal information in attack on Legal Aid Agency

Security experts tell Infosecurity about the cloud attack trends in the past year, and how CISOs can mitigate evolving techniques

A list of topics we covered in the week of May 12 to May 18 of 2025

This guidance is intended for decision makers and cybersecurity practitioners. It highlights what to be aware of when identifying the source of a threat and the potential implications of geo-blocking in a broader cybersecurity strategy.

Key Takeaways The threat actor first gained entry by exploiting a known vulnerability (CVE-2023-22527) on an internet-facing Confluence server, allowing for remote code execution. Using this access…

CrushFTP 11.3.1 - Authentication Bypass. CVE-2025-31161 . remote exploit for Multiple platform

Zyxel USG FLEX H series uOS 1.31 - Privilege Escalation. CVE-2025-1731 . local exploit for Multiple platform

Invision Community 5.0.6 - Remote Code Execution (RCE). CVE-2025-47916 . remote exploit for Multiple platform