Latest CyberSec News by @thecyberpicker

New phishing tactics are abusing trusted domains, real CAPTCHAs, and server-side email validation to selectively target victims with customized fake login pages. Keep Aware's latest research breaks down the full attack chain and how these zero-day phish operate.

A cybersecurity incident on Nucor Corporation's systems forced the company to take offline parts of its networks and implement containment measures.

La maison de mode française a prévenu ses clients qu'un tiers non autorisé avait accédé à certaines données clients, parmi lesquelles des...-Cybersécurité

L'application "France Identité" a atteint les deux millions d'utilisateurs. Permettant de prouver son identité, elle offre un portefeuille de...-Identité numérique

CISA paused plans to overhaul its advisory system after backlash from the infosec community

Meta Mirage phishing attack exploits 14,000+ URLs via cloud hosts, stealing credentials and ad accounts.

A Russian military cadet reportedly developed an algorithm that could bypass the protective infrastructure of law enforcement software and gain access to restricted data.

A Kosovo national has been extradited to the United States to face charges of running an online cybercrime marketplace active since 2018.

House of Dior, the French luxury fashion brand commonly referred to as Dior, has disclosed a cybersecurity incident that has exposed customer information.

ISO 42001 mandates numerous requirements for the establishment, operation, monitoring, maintenance, and improvement of an organization’s AI management system.

Cary, North Carolina, 14th May 2025, CyberNewsWire

This week in cybersecurity from the editors at Cybercrime Magazine

Fortinet and Ivanti published advisories on the same day revealing that attackers are exploiting new zero days, one of which is rated critical

Microsoft on Tuesday released software updates to fix at least 70 vulnerabilities in Windows and related products, including five zero-day flaws that are already seeing active exploitation. Adding to the sense of urgency with this month's patch batch from Redmond…

While appearing unsophisticated on the surface, Chihuahua Stealer uses advanced methods

Google has extended its Advanced Protection features to Android devices. It’s not for everybody, but something to be considered by high-risk users. Wired article, behind a paywall.

This guide helps you assess the current state of your MFT security strategy. Build an unbreachable fortress around your MFT operations.

Horabot malware campaign hits Latin America via invoice lures, steals data from 8+ browsers, and spreads using Outlook.

18% breach increase in 2025 driven by 34% rise in exploited flaws, exposing cloud, infra sectors.

Earth Ammit breached drone supply chains in VENOM and TIDRONE campaigns (2023–2024), compromising military targets via ERP software.

The CVE program narrowly avoided shutdown after a funding crisis, prompting calls for alternative models and renewed debate about the future of global vulnerability management in cybersecurity.

Law enforcers from multiple countries team up to dismantle a multimillion-euro fraud gang

Fortinet fixed a critical remote code execution zero-day actively exploited in attacks targeting FortiVoice enterprise phone systems.

Microsoft patched 78 flaws, including 5 exploited zero-days, prompting CISA mandates for June 3 fixes.

Over the past year, we’ve been hard at work making Burp Suite Professional faster, smarter, and more powerful than ever before. From the launch of Burp AI to major performance upgrades, there's never

Microsoft has patched seven zero-day bugs, five of which were exploited in the wild

Ivanti patched CVE-2025-4427 and CVE-2025-4428 in EPMM after limited exploitation + On-prem only risk.

Fortinet patched CVE-2025-32756, a zero-day flaw exploited in FortiVoice systems, risking remote code execution.

Order on Motion for Summary Judgment AND ~Util - Terminate Motions

Microsoft has released its monthly security update for May of 2025 which includes 78 vulnerabilities affecting a range of products, including 11 that Microsoft marked as “critical”.   Microsoft noted five vulnerabilities that have been observed to be exploited in the wild. CVE-2025-30397 is a remote code execution vulnerability in the Microsoft Scripting Engine. There were also four elevation of privilege vulnerabilities being actively exploited, CVE-2025-32709, CVE-2025-30400, CVE-2025-32701 a