Latest CyberSec News by @thecyberpicker

Hawaiian Airlines, the tenth-largest commercial airline in the United States, is investigating a cyberattack that has disrupted access to some of its systems.

ShinyHunters threat group members were arrested in a coordinated law enforcement action for their association with BreachForums

The Federal Trade Commission (FTC) has approved $126,000,000 in refunds to be sent to 969,173 Fortnite players as part of a settlement over allegations that Epic Games tricked users into making unwanted purchases.

Amnesty International said it identified dozens of scam compounds in Cambodia, calling the government's response to the nexus of cybercrime and human trafficking "grossly inadequate."

British national Kai West, aka IntelBroker, was charged in the U.S. for a global hacking scheme that stole and sold data.

A total of 689 printer models from Brother, along with 53 other models from Fujifilm, Toshiba, and Konica Minolta, come with a default administrator password that remote attackers can generate. Even worse, there is no way to fix the flaw via firmware in existing printers.

A critical vulnerability in Open VSX Registry could allow attackers to control VS Code extensions, threatening millions of developers.

See an example of the Microsoft Durability Strategy in action, read the case study and learn more about the Microsoft Security Future Initiative.

New South Wales police in Australia have arrested a 27-year-old former Western Sydney University (WSU) student for allegedly hacking into the University's systems on multiple occasions, starting with a scheme to obtain cheaper parking.

The company has been working with security partners to make sure future software updates don’t lead to operational disruptions for customers.

Son arrestation faisait l'objet de rumeurs depuis plusieurs mois, c'est désormais officiel : Kai West, alias « Intelbrocker », a été arrêté en février 2025 en France. Le FBI l'a annoncé dans un communiqué le mercredi 25 juin. Il était l’un des hackers les plus prolifiques et insaisissables de la scène cyber. Derrière

Cisco has published a bulletin to warn about two critical, unauthenticated remote code execution (RCE) vulnerabilities affecting Cisco Identity Services Engine (ISE) and the Passive Identity Connector (ISE-PIC).

Misconfigured AI-linked MCP servers are exposing users to data breaches and remote code execution threats

Kai West, a 25-year-old British national, is accused of stealing data from more than 40 organizations during a two-year spree.

Can LLMs red team AI, intro to detection engineering, how to scale security impact via cross-team partnerships

A patient’s death was linked to the 2024 ransomware attack on Synnovis, which disrupted NHS facilities

Sitecore 10.4 - Remote Code Execution (RCE). CVE-2025-27218 . webapps exploit for Multiple platform

Social Warfare WordPress Plugin 3.5.2 - Remote Code Execution (RCE). CVE-2019-9978 . webapps exploit for Multiple platform

McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information. CVE-2022-1257 . remote exploit for Multiple platform

ClickFix attacks surged by 517% in 2024–2025, leading to ransomware, malware, and credential theft. Learn why it's a growing threat

Cisco fixes CVE-2025-20281 and CVE-2025-20282 in ISE, ISE-PIC to prevent remote code execution.

Two reports illustrate how business leaders are thinking about and budgeting for generative AI.

Cybercriminals are using jailbroken AI models to assist them in designing campaigns and improving their tactics.

Identity is the new battleground—and Scattered Spider exploits it. Join Push Security to unpack how identity-based attacks are reshaping the threat landscape, and how to defend against MFA bypass, help desk scams, and more. Watch the webinar now.

A Kansas City man has pleaded guilty to hacking multiple organizations to advertise his cybersecurity services, the U.S. Department of Justice announced on Wednesday.

Dans une allocution faîte face à l'Assemblée Nationale, le mercredi 25 juin 2025, le ministre français des Armées Sébastien Lecornu a déclaré que la France avait intercepté plusieurs drones iraniens se dirigeant vers Israël avant la trêve du conflit. Destinés à viser Israël, des drones iraniens ont survolé « les

An ongoing phishing campaign abuses a little‑known feature in Microsoft 365 called "Direct Send" to evade detection by email security and steal credentials.

The Do Not Call Registry hardly works. The reason why is simple and frustrating—it was never meant to stop all unwanted calls.

Why do organizations migrate to the public cloud? It may sound like a simple question in 2025, but there’s complexity to it. Hint: It isn’t about cost anymore.

This week in cybersecurity from the editors at Cybercrime Magazine