Latest CyberSec News by @thecyberpicker

Twilio has denied in a statement for BleepingComputer that it was breached after a threat actor claimed to be holding over 89 million Steam user records with one-time access codes.

Ivanti warned customers today to patch their Ivanti Endpoint Manager Mobile (EPMM) software against two security vulnerabilities chained in attacks to gain remote code execution.

Today is Microsoft's May 2025 Patch Tuesday, which includes security updates for 72 flaws, including five actively exploited and two publicly disclosed zero-day vulnerabilities.

A 33-year-old Kosovo citizen, Liridon Masurica, has been extradited to the U.S. to face charges related to his alleged role in operating an illegal online marketplace.

Microsoft has released the KB5058379 cumulative update for Windows 10 22H2 and Windows 10 21H2, with four fixes and changes, including one for an SGRMBroker bug.

Google is announcing improvements for the Advanced Protection feature in Android 16 that strengthen defenses against sophisticated spyware attacks.

Earth Ammit, as the group is known, launched two waves of campaigns from 2023 to 2024, affecting a range of industries including military, satellite, heavy industry, media, technology, software services and healthcare.

Microsoft has released Windows 11 KB5058411 and KB5058405 cumulative updates for versions 24H2 and 23H2 to fix security vulnerabilities and issues.

Fortinet released security updates to patch a critical remote code execution vulnerability exploited as a zero-day in attacks targeting FortiVoice enterprise phone systems.

L'Agence européenne pour la cybersécurité vient de mettre en ligne la première base de données européenne qui centralise les vulnérabilités...-Cybersécurité

The UK retailer said the payment data was masked and therefore not usable.

​Ivanti has released security updates for its Neurons for ITSM IT service management solution that mitigate a critical authentication bypass vulnerability.

Marbled Dust has been exploiting a vulnerability in user accounts associated with the Kurdish military operating in Iraq for over a year, according to Microsoft

Apple released security updates for iOS, iPadOS, and macOS, addressing over 30 vulnerabilities—including the first C1 modem patch.

A new "Branch Privilege Injection" flaw in all modern Intel CPUs allows attackers to leak sensitive data from memory regions allocated to privileged software like the operating system kernel.

Malicious PyPI package ‘solana-token’ stole developer source code in 761 downloads via hidden exfiltration.

581 SAP NetWeaver instances hacked via CVE-2025-31324 + Confirmed China-nexus APT involvement + Critical infrastructure at risk.

The European Union launched on Tuesday its new vulnerability database to provide aggregated information regarding cybersecurity issues affecting various products and services.

Microsoft has backtracked on its plan to end support for Office apps on Windows 10 later this year and announced that it will continue providing security updates for three more years, until 2028.

150 active and retired officials from across the country asked Senate and House appropriations leaders to set aside $400 million for the next fiscal year.

Cyber espionage campaign linked to North Korean actor TA406 targeted Ukrainian government entities

CISA won't post standard cybersecurity updates on its website, shifting to email and social media

Red teams uncover what others miss — but they can't be everywhere, all the time. Adversarial Exposure Validation combines BAS + Automated Pentesting to extend red team impact, uncover real attack paths, and validate defenses continuously. Learn more from Picus Security on how AEV can help protect your network.

Strategy and Tactics for Protecting and Enabling Modern Software Organizations

L'Institut national de cybersécurité espagnol serait en train d'enquêter sur la panne électrique géante auprès des entreprises gestionnaires...-Cybersécurité

A threat actor has contacted multiple school districts demanding payments related to student and staff data stolen in a December breach.

Dans un article du Parisien, on découvre qu'un utilisateur d'iPhone estime être écouté par son appareil qui afficherait ensuite des publicités basées sur ses conversations. Cette théorie populaire est fausse. C'est toujours la même histoire et elle est toujours fausse. Nos confrères du Parisien se font l'écho ce 13

Explore 2025's top security trends: AI governance, compliance automation, third-party risk, and building trust to enhance your organization's security strategy.

Alabama Governor Kay Ivey said the state is responding to a "cybersecurity event" that has prompted government IT staff to work "around-the-clock to identify and mitigate impacts."

Marks and Spencer (M&S) confirms that customer data was stolen in a cyberattack last month, when ransomware was used to encrypt servers.