Latest CyberSec News by @thecyberpicker

How to avoid Busywork Generators, bug bounty story of secrets in deleted files, new AI security tools and evals from Meta

Microsoft - NTLM Hash Disclosure Spoofing (library-ms). CVE-2025-24054 . local exploit for Windows platform

A large-scale phishing campaign using DarkWatchman and Sheriff malware has been observed targeting companies in Russia and Ukraine

Daikin Security Gateway 14 - Remote Password Reset.. local exploit for Multiple platform

Microsoft Windows - XRM-MS File NTLM Information Disclosure Spoofing.. local exploit for Windows platform

ZTE ZXV10 H201L - RCE via authentication bypass.. local exploit for Multiple platform

One way to lighten the load of security questionnaires is to automate certain parts of the process. Automate these 5 steps for a more efficient workflow.

Researchers found a set of vulnerabilities that puts all devices leveraging Apple's AirPlay at risk.

Bitdefender highlighted the growing use of subscription scams, in which victims are lured by adverts into recurring payments for fake products

Multiple vendors were hacked in a coordinated supply chain attack, Sansec found 21 applications with the same backdoor. Curiously, the malware was injected 6...

Alongside its new Meta AI app, Facebook’s parent company launched several new products to help secure open-source AI applications

The U.K. Information Commissioner's Office said it will not investigate the British Library over a 2023 ransomware attack. The institution will not face potential monetary penalties or a reprimand.

This week in cybersecurity from the editors at Cybercrime Magazine

These 3 cybersecurity threats may not be the most sophisticated, but they're the most effective—and serious—threats for small businesses.

​AI enables attackers to craft convincing scams at scale, using deepfakes and typosquatting to bypass traditional defenses. Proactive AI security is essential.​

NDR solutions uncover hidden threats missed by legacy tools by analyzing encrypted traffic, lateral movement, and blind spots.

Claude AI orchestrated 100 fake personas in global influence campaigns + enabled malware, scams, and brute-force attacks.

Cybercriminals are having less success targeting end-user technology with zero-day attacks, said Google's security team this week.

AI search service Perplexity AI doesn't just want you using its app—it wants to take over your web browsing experience too.

Phishing attacks deliver DarkWatchman and Sheriff malware; targets span Russia, Ukraine, Baltics, with stealth and persistence tactics.

95–98% of AppSec alerts are noise — wasting time, straining dev teams, and weakening real threat response

The ICO has decided not to fine the British Library for a 2023 ransomware breach

SonicWall confirmed that threat actors actively exploited two vulnerabilities impacting its SMA100 Secure Mobile Access (SMA) appliances.

Commvault confirms Azure breach via CVE-2025-3928 zero-day + no data loss + CISA mandates patch by May 19.

The FBI has released details of 42,000 phishing domains associated with the LabHost operation, in order to help the security community

The impact of the advancement in quantum computing on cybersecurity will be a key focus at this year’s Infosecurity Europe event

SonicWall confirms wild exploitation of CVE-2023-44221 and CVE-2024-38475 in SMA100 devices, risking file access and session hijacking.

A China-aligned APT threat actor named "TheWizards" abuses an IPv6 networking feature to launch adversary-in-the-middle (AitM) attacks that hijack software updates to install Windows malware.

Security leaders at Mandiant and Google Cloud say nearly every major company has hired or received applications from North Korean nationals working on behalf of the country’s regime.

A 23-year-old Scottish man thought to be a member of the prolific Scattered Spider cybercrime group was extradited last week from Spain to the United States, where he is facing charges of wire fraud, conspiracy and identity theft. U.S. prosecutors…