Latest CyberSec News by @thecyberpicker

A Chinese company has developed an AI-piloted submersible that can reach speeds “similar to a destroyer or a US Navy torpedo,” dive “up to 60 metres underwater,” and “remain static for more than a month, like the stealth capabilities of a nuclear submarine.” In case you’re worried about the military applications of this, you can relax because the company says that the submersible is “designated for civilian use” and can “launch research rockets.” “Research rockets.” Sure. ...

In unreliable network situations, an ICAM (Identity, Credential, & Access Management) framework should function efficiently even without network access.

The Israeli spyware maker must pay $444,719 in compensatory damages to Meta and $167.25m in punitive damages

​Polish authorities have detained four suspects linked to six DDoS-for-hire platforms, believed to have facilitated thousands of attacks targeting schools, government services, businesses, and gaming platforms worldwide since 2022.

UK government minister Pat McFadden said during CYBERUK that the incidents affecting M&S, Co-op and Harrods show that cybersecurity is a necessity

Play ransomware exploited CVE-2025-29824 zero-day in a U.S. breach before Microsoft patched it

Marsh says ransomware drove cyber insurance claims to second highest on record in 2024

Les données sensibles des ministères français doivent être hébergées par des cloud protégés de toute prédation étrangère, en...-Cloud

NSO Group must pay WhatsApp over $167M in damages for a 2019 hack targeting 1,400+ users, per U.S. jury ruling after a five-year legal battle.

Microsoft says the April 2025 security updates are causing authentication issues on some Windows Server 2025 domain controllers.

La société israélienne est accusée par la firme de Mark Zuckerberg d'avoir exploité des failles de sa messagerie en 2018 et 2019 pour espionner...-Cybersécurité

Half of UK firms have over 10 cyber positions unfilled, according to Cisco

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds FreeType flaw to its Known Exploited Vulnerabilities catalog.

PyPI package 'discordpydebug' hides a RAT, downloaded 11,574 times, using stealthy HTTP polling to bypass defenses.

NSO must pay $168M after targeting 1,400+ users via WhatsApp zero-day flaw, court finds illegal spyware use.

The six-year case is the culmination of a Meta lawsuit filed in 2019, which argued that the NSO Group repeatedly attacked WhatsApp with spyware vectors, continuing to break into its systems even as the social media giant patched vulnerabilities.

It’s a major ruling in a landmark lawsuit that has had plenty of twists and turns — with more likely to come.

House lawmakers challenged the Trump administration's proposed $491 million budget cut to CISA, citing concerns over US cyber defense strength.

The state’s AG vowed to defend the prosecution of Tina Peters, an election clerk behind one of the most serious breaches of voting systems in U.S. history.

Katie Sutton, nominated to serve as assistant secretary of defense for cyber policy, told lawmakers that the U.S. needs to be able to effectively respond to cyberattacks.

A proof-of-concept exploit has been publicly released for a maximum severity Apache Parquet vulnerability, tracked as CVE-2025-30065, making it easy to find vulnerable servers.

Hackers are exploiting an unauthenticated remote code execution (RCE) vulnerability in the Samsung MagicINFO 9 Server to hijack devices and deploy malware.

The head of the agency’s Computer Security Division and roughly a dozen of his subordinates took the Trump administration’s retirement offers, placing key programs at risk.

Microsoft Entra ID faces 600M daily attacks; native protections fall short, making backup vital for recovery.

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has tagged a Langflow remote code execution vulnerability as actively exploited, urging organizations to apply security updates and mitigations as soon as possible.

The response to our first LastWatchdog Strategic Reel has been energizing — and telling. Related: What is a cyber kill chain? The appetite for crisp, credible insight is alive and well. As the LinkedIn algo picked up steam and auto-captioning kicked in, it became clear that this short-form format resonates. Not just because it’s fast

The Legal Aid Agency (LAA), an executive agency of the UK's Ministry of Justice that oversees billions in legal funding, warned law firms of a security incident and said the attackers might have accessed financial information.

Microsoft is investigating a new Microsoft 365 outage affecting multiple services across North America, including the company's Teams collaboration platform.

Two critical CVEs exploited in GeoVision IoT and Samsung MagicINFO allow Mirai botnet deployment via RCE.