Latest CyberSec News by @thecyberpicker

Microsoft PowerPoint 2019 - Remote Code Execution (RCE). CVE-2025-47175 . remote exploit for Windows platform

Sudo 1.9.17 - Local Privilege Escalation. CVE-2025-32463 . local exploit for Linux platform

An attack linked to the ransomware gang SafePay has disrupted certain fulfillment capabilities.

A new report shows that a select group of large companies uses technologies that the hacker group often targets.

Researchers from Koi Security have detected 18 malicious Chrome and Edge extensions masquerading as benign productivity and entertainment tools

A group of top cybersecurity and technology firms said the law provided critical protections for sharing essential vulnerability information.

The Anatsa banking trojan has sneaked into Google Play once more via an app posing as a PDF viewer that counted more than 50,000 downloads.

Researchers uncover a supply chain attack targeting the Ethcode VS Code extension, affecting 6,000+ users.

Le 4 juillet 2025, un informaticien de la société C&M Software est arrêté par la police de Sao Paulo. L'homme est suspecté d'avoir aidé des cybercriminels à infiltrer les systèmes de l'entreprise pour 15 000 réais, environ 2 300 euros. Le piratage de la société, qui assure l’interconnexion entre les banques et un

Almost a dozen malicious extensions with 1.7 million downloads in Google's Chrome Web Store could track users, steal browser activity, and redirect to potentially unsafe web addresses.

Moscow-based cybersecurity firm Kaspersky said the campaign has already affected over 100 victims across several dozen Russian organizations, but did not disclose the specific targets.

Almost a dozen malicious extensions with 1.7 million downloads in Google's Chrome Web Store could track users, steal browser activity, and redirect to potentially unsafe web addresses.

Exposed RDP ports are an open door for attackers. TruGrid SecureRDP enforces Zero Trust and MFA, blocks lateral movement, and secures remote access—no open firewall ports required. Learn more and get a free trial.

Google says it's Gemini AI will soon be able to access your messages, WhatsApp, and utilities on your phone. But we're struggling to see this as a good thing.

Check Point discovered around 500 suspected Scattered Spider phishing domains, suggesting the group is preparing to expand its targeting

If you treat Policy-as-Code and Infrastructure-as-Code security as interchangeable, you’re setting yourself up for compliance gaps and security incidents.

This week in cybersecurity from the editors at Cybercrime Magazine

New CTM360 report exposes over 17,000 Baiting News Sites redirecting users into financial fraud.

Cybersecurity researchers warn of the RondoDox botnet targeting TBK DVRs and Four-Faith routers via critical vulnerabilities.

Major retailers like Adidas and The North Face were breached using identity-driven tactics, exposing key security gaps.

Depuis fin juin, une nouvelle vague d’arnaques au colis déferle sur les messageries des Français. Cette fois, les cybercriminels adoptent une approche plus subtile : au lieu d’envoyer immédiatement un lien frauduleux, ils engagent d’abord la conversation avec un simple SMS d’accroche : « Bonjour, vous êtes à la

Get an overview of Identity and Access Management (IAM), including how it works, current IAM tools, and the limitations of IAM technology.

We have explored the RACF security package in z/OS and developed a utility to interact with its database. Now, we are assessing RACF configuration security for penetration testing.

If someone is going to negotiate with criminals for you, that person should at least be on your side.

Sonatype’s latest Open Source Malware Index report has identified more than 16,000 malicious open source packages, representing a 188% annual increase

The company behind AV/EDR evasion tool Shellter has confirmed the product is being used by threat actors

China’s Hikvision vows legal battle after Canada bans its operations, citing national security concerns

PortSwigger returns to Black Hat USA and DEF CON 33 with a host of new talks, events and ways to meet PortSwigger and the creators of Burp Suite.

Russian organizations have been targeted by Batavia spyware in a phishing attack, exfiltrating documents and system info.

Trend Micro has observed the Bert ransomware group in operation since April 2025, with confirmed victims in sectors including healthcare, technology and event services