Latest CyberSec News by @thecyberpicker

The Alvin Independent School District in Texas has notified over 47,000 individuals affected by a data breach exposing sensitive personal information

Spending plans come amid rising concerns over third-party cyber risk.

Global smishing campaigns linked to Chinese cybercriminals escalate with Smishing Triad’s new tools and techniques

Being aware of “Vibe Coding” security risks isn't enough. Cursor Rules offer a powerful way to shape AI behavior and ensure secure code generation.

You can't protect what you can't see. From shadow IT to supplier risk, modern attack surfaces are sprawling fast — and External Attack Surface Management (EASM) is how security teams take back control. Learn from Outpost24 how EASM powers proactive digital risk protection.

Threat actors launch second wave of attacks on SAP NetWeaver, exploiting webshells from a recent zero-day vulnerability.

Several radio stations owned by iHeartMedia were breached in December, exposing Social Security numbers, financial information and more.

Google has released the May 2025 security updates for Android with fixes for 45 security flaws, including an actively exploited zero-click FreeType 2 code execution vulnerability.

Reckless and Ruthless Rabbit scams use fake celebrity ads, RDGAs, and cloaking tools to target victims across Eastern Europe since 2022.

A relatively new app called Raw that aims to rewrite the rules of dating is the latest to trip over its coattails by exposing user data to anyone who asked for it.

Today, Microsoft announced new Windows experiences for Copilot+ PCs, including AI agents that will make changing settings on your Windows computer easier.

Google has patched 47 Android vulnerabilities in its May update, including an actively exploited FreeType vulnerability.

This week in cybersecurity from the editors at Cybercrime Magazine

Media companies face rising cyber threats and trust erosion. Discover how zero trust security strategies can protect digital assets and ensure content authenticity.

The Signal controversy questions if truly private conversations are possible, and why new digital security solutions are urgently needed.

Third-party breaches doubled to 30% in 2025 + ungoverned machine accounts fueled major attacks + unified identity strategy is critical.

Individuals allegedly linked to the DragonForce cybercriminal syndicate have claimed the attack on the three UK retailers

Reporting on the rise of fake students enrolling in community college courses: The bots’ goal is to bilk state and federal financial aid money by enrolling in classes, and remaining enrolled in them, long enough for aid disbursements to go out. They often accomplish this by submitting AI-generated work. And because community colleges accept all applicants, they’ve been almost exclusively impacted by the fraud. The article talks about the rise of this type of fraud, the difficulty of detecting it, and how it upends quite a bit of the class structure and learning community...

Microsoft warns default Helm charts expose Kubernetes apps by prioritizing ease over security, risking data leaks.

Prolific PhaaS operation Darcula uses Magic Cat software to steal over 800,000 cards in a seven-month period

Learn more about the framework Talos IR uses to conduct proactive threat hunts, and how we can help you stay one step ahead of emerging threats.

Manufacturers face rising ESXi hypervisor threats. Learn why hypervisor ransomware protection is key to protecting your organization.

Microsoft Entra ID faces 600M daily attacks; native protections fall short, making backup vital for recovery.

Grokability Snipe-IT 8.0.4 - Insecure Direct Object Reference (IDOR). CVE-2025-47226 . webapps exploit for PHP platform

Casdoor 1.901.0 - Cross-Site Request Forgery (CSRF). CVE-n/a . webapps exploit for Go platform

ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF). CVE-2025-28062 . webapps exploit for Python platform

As organizations brace for the rising tide of machine identities and prepare for a post-quantum cryptographic era, a quiet but crucial shift is underway in the financial sector: the deployment of a new, private PKI standard designed specifically to meet banking’s complex operational and compliance needs. Related: Why crypto-agility is a must have While the

A supply-chain attack targets Linux servers with disk-wiping malware hidden in Golang modules published on GitHub.

New BYOI technique lets attackers bypass SentinelOne EDR,disable protection, and deploy Babuk ransomware by exploiting agent upgrade process

The National Cyber Security Centre has published advice for retailers while the Co-op admits customer data was stolen