Latest CyberSec News by @thecyberpicker

Microsoft uncovered a vulnerability in macOS that could allow specially crafted codes to escape the App Sandbox and run unrestricted on the system. We shared our findings with Apple and a fix was released for this vulnerability, now identified as CVE-2025-31191. We encourage macOS users to apply security updates as soon as possible.

Microsoft announces that it will be joining GASA as a Foundation Member. Read about how Microsoft and the other members of GASA hope to stem losses from cyber scams.

Meet the minds behind how Microsoft prioritizes cybersecurity across every team and employee. Three deputy chief information security officers share their experiences in cybersecurity and how they are redefining protection.

Since April 2024, the threat actor that Microsoft Threat Intelligence tracks as Marbled Dust has been observed exploiting user accounts that have not applied fixes to a zero-day vulnerability (CVE-2025-27920) in the messaging app Output Messenger, a multiplatform chat software. These exploits have resulted in collection of related user data from targets in Iraq. Microsoft […]

Google warned today that hackers using Scattered Spider tactics against retail chains in the United Kingdom have also started targeting retailers in the United States.

"US retailers should take note" of recent cyberattacks on British companies, according to Google's Threat Intelligence Group, as the financially motivated collective known as Scattered Spider appears to be connected.

BianLian and RansomExx Exploit SAP CVE-2025-31324 for Full Access, Deploy PipeMagic and Brute Ratel in Multi-Nation Attacks.

Samsung patched CVE-2025-4632, a 9.8 CVSS flaw exploited to deploy Mirai botnet after PoC release.

Ransomware gangs have joined ongoing SAP NetWeaver attacks, exploiting a maximum-severity vulnerability that allows threat actors to gain remote code execution on vulnerable servers.

In an 8-K filing with federal regulators, Nucor said the incident involved “unauthorized third party access to certain information technology systems” but did not explain further.

The Australian Human Rights Commission (AHRC) disclosed a data breach incident where private documents leaked online and were indexed by major search engines.

Xinbi enabled $8.4B in Telegram-based transactions since 2022, fueling cybercrime, scams, and crypto laundering.

A cyberattack first detected over Easter weekend has reportedly already cost Marks & Spencer more than £60 million.

Cary, NC, May 14, 2025, CyberNewswire -- INE Security, a global leader in hands-on cybersecurity training and certifications, today highlighted how ongoing real-world practice with the latest CVEs (Common Vulnerabilities and Exposures) is essential for transforming security teams from reactive to proactive defenders. With over 26,000 new CVEs documented in the past year, security teams

This is a current list of where and when I am scheduled to speak: I’m speaking (remotely) at the Sektor 3.0 Festival in Warsaw, Poland, May 21-22, 2025. The list is maintained on this page.

Android Enterprise introduced Device Trust to enhance mobile security on Android devices

The company is carefully ramping up systems and is boosting deliveries to its 2,300 food stores after stock issues.

Five issues actively exploited in the wild, but the real excitement may have been handled in advance

​Microsoft has fixed a known issue preventing Linux from booting on dual-boot systems with Secure Boot enabled after installing the August 2024 Windows security updates.

The law’s expiration in September could jeopardize a wide range of information-sharing partnerships that have helped catch and thwart cyberattacks in the U.S.

Un pirate informatique affirme avoir récupéré plus de 89 millions de comptes Steam, soit deux tiers des comptes existants. Si elle s'avère véridique, il s'agirait d'une des plus grandes fuites de comptes du jeu vidéo. Ce pirate du nom de Machine1337 a-t-il réellement piraté Steam ? C'est en tout cas ce qu'il affirme

Une fuite pourrait avoir affecté la plateforme de jeux vidéo Steam. En raison du nombre de comptes potentiellement affectés, il est préférable de s'assurer que les bonnes pratiques de sécurisation sont appliquées pour protéger son profil. C'est une alerte à laquelle les internautes ayant un compte Steam devraient

New phishing tactics are abusing trusted domains, real CAPTCHAs, and server-side email validation to selectively target victims with customized fake login pages. Keep Aware's latest research breaks down the full attack chain and how these zero-day phish operate.

A cybersecurity incident on Nucor Corporation's systems forced the company to take offline parts of its networks and implement containment measures.

La maison de mode française a prévenu ses clients qu'un tiers non autorisé avait accédé à certaines données clients, parmi lesquelles des...-Cybersécurité

L'application "France Identité" a atteint les deux millions d'utilisateurs. Permettant de prouver son identité, elle offre un portefeuille de...-Identité numérique

CISA paused plans to overhaul its advisory system after backlash from the infosec community

Meta Mirage phishing attack exploits 14,000+ URLs via cloud hosts, stealing credentials and ad accounts.

A Russian military cadet reportedly developed an algorithm that could bypass the protective infrastructure of law enforcement software and gain access to restricted data.

A Kosovo national has been extradited to the United States to face charges of running an online cybercrime marketplace active since 2018.