Latest CyberSec News by @thecyberpicker

Microsoft has confirmed that Windows 11 24H2 feature updates via Windows Server Update Services (WSUS) are being blocked after installing the April 2025 security updates.

unzip-stream 0.3.1 - Arbitrary File Write. CVE-2024-42471 . local exploit for NodeJS platform

Over 100K accounts exposed monthly + 1.4% takeover rate + session hijacking = rising fraud & churn risks.

The security firm said in a new report that defenders should begin using AI to counter cyber criminals’ adoption of the technology.

RansomHub's sudden offline status triggered affiliate migration to Qilin and cartel shifts, signaling major RaaS disruption.

A l'occasion de son événement annuel, S3NS - la coentreprise entre Thales et Google Cloud - a présenté ses avancées. Parmi les principales...-Cloud

L'Anssi a publié un rapport sur l'activité du groupe de cyberespionnage lié au renseignement russe Fancy Bear, ou APT28. Ce dernier a ciblé...-Cybersécurité

JPMorgan’s CISO has argued that SaaS apps represent a growing risk to businesses, “quietly enabling cyber attackers”

Une application dédiée à son assistant Meta AI, une API pour que les développeurs puissent accéder à ses modèles dans le cloud, une...-IA générative

The French government has criticized Russia’s APT28 group for attacking 12 entities in a long-running espionage campaign

Meta debuts LlamaFirewall with PromptGuard 2 and CyberSecEval 4 to defend AI from injection attacks and insecure code threats.

Federal research leaders suggested Tuesday that AI could lead industries to “nearly eliminate software vulnerabilities” in critical infrastructure.

Indian court orders blocking of Proton Mail citing AI deepfakes and explicit emails, triggering national privacy concerns.

At the 2025 RSAC Conference, DHS Secretary Kristi Noem vowed to refocus CISA on its core mission of critical infrastructure protection.

Google’s Threat Intelligence team published its annual zero-day report on Tuesday, finding that 75 vulnerabilities were exploited in the wild in 2024, down from 98 in the prior year.

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SAP NetWeaver flaw to its Known Exploited Vulnerabilities catalog.

Splitting up the Cyberspace and Digital Policy bureau undercuts efforts to streamline cyber efforts at the department and undermines coordination in the U.S. and abroad, critics of the plan argue.

San Francisco, Calif., Apr 29, 2025, CyberNewswire -- SecAI, an AI-enriched threat intelligence company, made its official debut today at RSA Conference 2025 in San Francisco, marking the company’s first public appearance on the global cybersecurity stage. At the event, the SecAI team is showcasing the latest version of its platform to security professionals from

A new cryptocurrency exchange named Grinex is believed to be a rebrand of Garantex, a Russian cryptocurrency exchange whose domains were seized by the U.S. authorities and an admin arrested.

Microsoft has announced that it will soon introduce paid subscriptions for Windows Server 2025 hotpatching, a service that enables admins to install security updates without restarting.

Today, the French foreign ministry blamed the APT28 hacking group linked to Russia's military intelligence service (GRU) for targeting or breaching a dozen French entities over the last four years.

Threat actors are intensifying internet-wide scanning for Git configuration files that can reveal sensitive secrets and authentication tokens used to compromise cloud services and source code repositories.

SentinelOne warns China-linked APT group PurpleHaze attempted reconnaissance on its systems and high-value clients.

Threat intel experts expounded on how their data does not only serve to temporarily disrupt malicious activity, but find, arrest and convict cybercriminals for their offenses.

This week in cybersecurity from the editors at Cybercrime Magazine

​A set of security vulnerabilities in Apple's AirPlay Protocol and AirPlay Software Development Kit (SDK) exposed unpatched third-party and Apple devices to various attacks, including remote code execution.

In a rare public attribution, the French foreign ministry said on Tuesday it “condemns in the strongest possible terms” the actions of the GRU-linked threat actor known as APT28 for attacks against local entities.

Multiple AI jailbreaks and tool poisoning flaws expose GenAI systems like GPT-4.1 and MCP to critical security risks.

WhatsApp launches Private Processing using CVM and OHTTP, ensuring AI-driven message privacy and auditable security.

South Korean mobile provider SK Telecom has announced free SIM card replacements to its 25 million mobile customers following a recent USIM data breach, but only 6 million cards are available through May.