Latest CyberSec News by @thecyberpicker

A 26-year old in the UK who claimed to have hacked thousands of websites was sentenced to 20 months in prison after pleading guilty earlier this year.

Failure to remediate known device vulnerabilities is a rampant problem, according to a study by HP.

A recent ruling from Germany's Federal Supreme Court (BGH) has revived a legal battle over whether browser-based ad blockers infringe copyright, raising fears about a potential ban of the tools in the country.

Meta has introduced Instagram Map. How can you control what others can see about your location? An explainer.

The federal agency plans to develop guidance to organizations about various AI use cases.

A multi-stage attack delivered via USB devices has been observed installing cryptomining malware using DLL hijacking and PowerShell

An incident involving the npm package eslint-config-prettier has been uncovered spreading Scavenger RAT

Russia-based cybersecurity firm F6 said the attacks began in April and infected devices with Kinsing and XMRig malware, tools commonly used to mine the cryptocurrency Monero.

Face morphing software, which combines photos of different people into a single image, is being used to commit identity fraud.

In 2023, a threat actor launched a social engineering campaign on Retool involving smishing & credential harvesting, leading them to a one-time password token.

For years, “Zero Trust” has reshaped cybersecurity architecture — pushing organizations to move beyond the perimeter and reframe everything around identity, access control, and segmentation. Related: The Zero-Trust revolution These shifts are overdue. But as the frameworks mature, a critical blind spot remains: files. Spreadsheets, PDFs, Word docs — they flow freely across teams, vendors,

Microsoft has mitigated a known issue that caused Windows update failures when installing them from a network share using the Windows Update Standalone Installer (WUSA).

Cybersecurity isn’t breaking in one big hack—it’s bleeding out in dozens of new threats this week: NFC trojans, live exploits, state espionage.

Soosyze CMS 2.0 - Brute Force Login. CVE-2025-52392 . webapps exploit for Multiple platform

Microsoft Windows 10.0.19045 - NTLMv2 Hash Disclosure. CVE-2025-50154 . remote exploit for Windows platform

Tenda AC20 16.03.08.12 - Command Injection. CVE-2025-9090 . remote exploit for Multiple platform

Lantronix Provisioning Manager 7.10.3 - XML External Entity Injection (XXE). CVE-2025-7766 . webapps exploit for Multiple platform

Cisco Talos observed the newly identified group compromise a Taiwanese web hosting provider to conduct a range of malicious activities

This week in cybersecurity from the editors at Cybercrime Magazine

BigAnt Office Messenger 5.6.06 - SQL Injection. CVE-2024-54761 . webapps exploit for Multiple platform

PyPI malware termncolor and colorinal downloaded 884 times exploit DLL side-loading, persistence, and C2 communication.

RiteCMS 3.0.0 - Reflected Cross Site Scripting (XSS). CVE-2024-28623 . webapps exploit for Multiple platform

PHPMyAdmin 3.0 - Bruteforce Login Bypass. CVE-2015-6830 . remote exploit for PHP platform

The human resources software company Workday announced that some customer information was obtained in a social engineering attack.

Are SOC analysts in demand? We’ll examine this question and help you determine if pursuing a SOC analyst role is worth it and how to move forward.

Agentic AI gives AI the ability to take action, not just respond to prompts. Get a step-by-step explanation of how authentication should work for AI agents.

First responders have long depended on calling for backup and clearing the airwaves. Since its launch in 2018, FirstNet—America’s public safety broadband network—has become indispensable. Related: The FirstNet petition With over 7.5 million connections, support for more than 30,000 agencies, and an estimated $8 billion economic impact in 2023, FirstNet has proven its value not

Researchers have managed to eavesdrop on cell phone voice conversations by using radar to detect vibrations. It’s more a proof of concept than anything else. The radar detector is only ten feet away, the setup is stylized, and accuracy is poor. But it’s a start.

The Warlock ransomware gang has taken credit for the cyber-attack after the UK telco giant publicly confirmed an incident on August 14