Latest CyberSec News by @thecyberpicker

A list of topics we covered in the week of April 21 to April 27 of 2025

Threat actors exploited Craft CMS zero-days CVE-2025-32432 and CVE-2024-58136, compromising 300 of 13,000 vulnerable servers.

Key Takeaways An open directory associated with a ransomware affiliate, likely linked to the Fog ransomware group, was discovered in December 2024. It contained tools and scripts for reconnaissance…

A large-scale phishing campaign targets WooCommerce users with a fake security alert urging them to download a "critical patch" that adds a Wordpress backdoor to the site.

The ransomware scene is re-organizing, with one gang known as DragonForce working to gather other operations under a cartel-like structure.

Brave has open-sourceed a new tool called "Cookiecrumbler," which uses large language models (LLMs) to detect cookie consent notices and then community-driven reviews to block those that won't break site functionality.

Coinbase has fixed a confusing bug in its account activity logs that caused users to think their credentials were compromised.

Microsoft warns that threat actor Storm-1977 is behind password spraying attacks against cloud tenants in the education sector.

SAN FRANCISCO -- The first rule of reporting is to follow the tension lines—the places where old assumptions no longer quite hold. Related: GenAI disrupting tech jobs I’ve been feeling that tension lately. Just arrived in the City by the Bay. Trekked here with some 40,000-plus cyber security pros and company execs flocking to RSAC

In Q1 2025, the Top 10 Malware observed via the MS-ISAC® changed slightly from the previous quarter. Read our blog post to learn more.

Storm-1977 used AzureChecker in password spray attacks on education clouds, leading to crypto mining abuse.

African multinational telecommunications company MTN Group disclosed a data breach that exposed subscribers' personal information.

CSA and Northeastern University’s Trusted AI Safety Knowledge Certification Program trains professionals to build, secure, and manage AI responsibly across its lifecycle.

ToyMaker deploys LAGTOY malware to steal credentials and sell access to CACTUS ransomware groups for double extortion.

L’Usine Digitale vous propose un récapitulatif des grandes actualités de la semaine en matière de cybersécurité. Au programme, une...-Cybersécurité

Veritaco CEO Jeffrey Bowie faces charges for allegedly installing malware on hospital computers, violating Oklahoma's Computer Crimes Act.

Microsoft has confirmed that Windows Recall is rolling out to everyone with Windows 11 KB5055627 on Copilot+ PCs.

Text “SQUID” to 1-833-SCI-TEXT for daily squid facts. The website has merch. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

​​Microsoft has released the KB5055627 preview cumulative update for Windows 11 24H2 with many new features gradually rolling out, and some new bug fixes for everyone.

Two vulnerabilities impacting Craft CMS were chained together in zero-day attacks to breach servers and steal data, with exploitation ongoing, according to CERT Orange Cyberdefense.

The legislation calls on federal law enforcement to help state, local and tribal agencies with blockchain and other investigative tools to fight pig butchering and other schemes.

For this special live recording of To Catch a Thief at The New York Stock Exchange, host and former lead cybersecurity and digital espionage reporter for The...

Researchers attribute the attacks to an initial access broker who is exploiting the 10.0 critical vulnerability.

Microsoft presents best practices for securing data and optimizing Microsoft Purview implementation, emphasizing the integration of people, processes, and technology.

After hearing about ChatGPT o3 ability at geo-guessing we decided to run some tests and the tested AIs didn't fail to amaze us

Increased law enforcement pressure has forced ransomware groups like DragonForce and Anubis to move away from traditional affiliate models

A maximum severity flaw affecting SAP NetWeaver has been exploited by threat actors

Attackers have been observed dropping webshell backdoors and researchers warn the application is popular among government agencies.

MTN Group said an “unknown third-party has claimed to have accessed data linked” to parts of its system and that the incident “resulted in unauthorised access to personal information of some MTN customers in certain markets.”

The massive British retailer is still struggling to recover from the cyberattack, which it first acknowledged on Tuesday.