Latest CyberSec News by @thecyberpicker

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds TeleMessage TM SGNL flaw to its Known Exploited Vulnerabilities catalog.

Microsoft has removed an upgrade block that prevented some Safe Exam Browser users from installing the Windows 11 2024 Update due to incompatibility issues.

The backdoored Magento extensions appeared following a supply-chain attack targeting three vendors, ultimately impacting the customer stores.

Expert found two flaws in DriverHub, pre-installed on Asus motherboards, which allow remote code execution via crafted HTTP requests.

A new campaign employing ClickFix attacks has been spotted targeting both Windows and Linux systems using instructions that make infections on either operating system possible.

Since April 2024, the threat actor that Microsoft Threat Intelligence tracks as Marbled Dust has been observed exploiting user accounts that have not applied fixes to a zero-day vulnerability (CVE-2025-27920) in the messaging app Output Messenger, a multiplatform chat software. These exploits have resulted in collection of related user data from targets in Iraq. Microsoft […]

A Türkiye-backed cyberespionage group exploited a zero-day vulnerability to attack Output Messenger users linked to the Kurdish military in Iraq.

The long-running botnet operation used malware that infected older wireless internet routers over a 20-year period, according to federal prosecutors.

A new analysis from the Atlantic Council’s Digital Forensic Research Lab (DFRLab) identified over 40 accounts involved in the traffic manipulation campaign, which garnered 290,000 views.

Hacktivist claims on Indian infrastructure raised alarms, but investigations showed minimal damage

La presse rapporte la possibilité que Donald Trump accepte un cadeau du Qatar : un nouvel avion, qui ferait office d'Air Force One de nouvelle génération. Un don qui pourrait advenir dans les prochains jours, mais qui soulève des questions éthiques et légales, et entraine des problématiques de sécurité informatique

The newspaper chain said the attack will have lingering impacts on its balance sheet, and its lender waived certain payments.

Moldovan authorities have detained a 45-year-old suspect linked to DoppelPaymer ransomware attacks targeting Dutch organizations in 2021.

ASUS Patches Two DriverHub RCE Flaws (CVSS 8.4 & 9.4) Exploitable via Crafted Requests and .ini Files

SAP a découvert le mois dernier une vulnérabilité touchant des centaines d'instances de son serveur d'applications NetWeaver. Malgré la...-Cybersécurité

The criminal proxy network infected thousands of IoT and end-of-life devices, creating dangerous botnet

Google has agreed to a $1.375 billion settlement with the state of Texas over a 2022 lawsuit that alleged it had been collecting and using biometric data of millions of Texans without properly acquiring their consent.

During Infosecurity Europe 2025 experts will explore how to strengthen organizational resilience against persistent third-party risks

99% of enterprise users have browser extensions but over half carry high-risk permissions. LayerX's 2025 report reveals how everyday extensions expose sensitive data, and what security teams must do now.

Threat actors use fake AI tools to trick users into installing the information stealer Noodlophile, Morphisec researchers warn.

Define the components of Data Security Posture Management (DSPM), including APIs, connectors, collectors, agents, & agent-less. Learn when to use each of them.

She@Cyber training program is focused on improving the representation of women and other underrepresented groups in the cybersecurity industry

Software investments, infrastructure upgrades and compliance documentation topped the list of Cybersecurity Maturity Model Certification (CMMC) implementation costs, a new survey shows.

A 45-year-old man arrested in Moldova is charged with a string of cybercrimes against Dutch entities in 2021.

An airline involved in deportation flights on behalf of the Trump administration confirmed reports of a cybersecurity incident with the SEC on Friday.

This week in cybersecurity from the editors at Cybercrime Magazine

State hackers. Fake updates. Compromised software tools. Read the full recap.

U.K. retailer Co-op is still having trouble with keeping grocery shelves stocked as it continues to respond to an attempted cyberattack that forced it to shut down some systems two weeks ago.

A global cryptocurrency phishing operation likely based in India or Sri Lanka has been stealing digital assets since at least 2022