Latest CyberSec News by @thecyberpicker

Google is implementing a new Chrome security feature that uses the built-in 'Gemini Nano' large-language model (LLM) to detect and block tech support scams while browsing the web.

Google announced it will equip Chrome with an AI driven method to detect and block Tech Support Scam websites

Japanese finance regulators said that in April alone, nine securities firms reported 2,746 fraudulent transactions conducted through nearly 5,000 accounts that were breached by hackers.

OtterCookie v4 adds VM evasion and MetaMask theft in April 2025, signaling rapid malware evolution.

Dutch and U.S. law enforcement have dismantled a long-running criminal proxy botnet powered by over 7,000 infected IoT and end-of-life (EoL) devices

L'équipe de renseignement sur les menaces de Google a associé le malware Lostkeys, capable de dérober des fichiers à partir d'extensions codées...-Cybersécurité

Forescout Vedere Labs security researchers have linked ongoing attacks targeting a maximum severity vulnerability impacting SAP NetWeaver instances to a Chinese threat actor.

Cyber system complexity and a lack of adequate tools are adding to enterprise IT headaches, according to Logicalis Group.

The Federal police in Germany (BKA) seized the server infrastructure and shut down the 'eXch' cryptocurrency exchange platform for alleged money laundering cybercrime proceeds.

Apache ActiveMQ 6.1.6 - Denial of Service (DOS). CVE-2025-27533 . remote exploit for Multiple platform

The OWASP Top 10 for LLM Applications provide a standardized framework for the most critical vulnerabilities facing AI systems. Map them to CSA best practices.

Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation. CVE-2024-38193 . local exploit for Windows platform

The FBI warns that attackers are using end-of-life routers to deploy malware and turn them into proxies sold on 5Socks and Anyproxy networks.

WordPress Depicter Plugin 3.6.1 - SQL Injection. CVE-2025-2011 . webapps exploit for Multiple platform

This week in cybersecurity from the editors at Cybercrime Magazine

VirtualBox 7.0.16 - Privilege Escalation. CVE-2024-21111 . local exploit for Windows platform

SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation. CVE-2025-27007 . webapps exploit for Multiple platform

The tech giant plans to leverage its Gemini Nano LLM on-device to enhance scam detection on Chrome

Malicious npm packages targeting Cursor macOS users stole credentials and disabled updates, impacting 3,200+ downloads.

AI agents pose real threats like data leaks and misuse—Auth0's webinar shares how to secure them fast.

Brazil-targeted phishing abuses RMM trialware via NF-e lures + Dropbox links, enabling stealth access

Reporting is one of the most important parts of being a CISO. There’s a big difference between saying “trust me, we’re secure” and proving it with data.

The UNIDR Intrusion Path is designed to provide a simplified view of cyber-threats and security across the network perimeter

The high-profile information stealer switches up its TTPs, but keeps the CAPTCHA tactic; we take a deep dive

Over 1.3M security issues across 68K assets expose CVE overload + inefficiency in patching response.

The FBI has detected indicators of malware targeting end-of-life routers associated with Anyproxy and 5Socks proxy services

The high-profile information stealer switches up its TTPs, but keeps the CAPTCHA tactic; we take a deep dive

SonicWall addressed three SMA 100 flaws, including a potential zero-day, that could allow remote code execution if chained.

PowerSchool said its customers had been hit by new extortion demands using data stolen in a previous attack, despite attacker claims the data had been deleted

Google’s AI scam defenses now block 20x more malicious pages, cutting airline and visa scams by 80%+ in 2024.