Latest CyberSec News by @thecyberpicker

Elon Musk’s DOGE isn’t about efficiency — it’s about destruction. We should not let this administration tear down our best defenses against those trying to attack us in cyberspace.

Five zero-days. Nation-state attacks. Supply chain breaches. This week’s cyber recap isn’t just another alert—it’s a red flag.

Mozilla patched 2 Firefox zero-days exploited at Pwn2Own Berlin, risking code execution via JavaScript flaws.

CTEM adoption in 2025 improves risk visibility and enables 3x breach reduction by 2026 via real-time validation.

“Fifty Years of Mathematical Cryptanalysis (1937-1987),” by Glenn F. Stahly, was just declassified—with a lot of redactions—by the NSA. I have not read it yet. If you find anything interesting in the document, please tell us about it in the comments.

Pwn2Own Berlin 2025 wrapped up with $383,750 awarded on the final day, pushing the total prize money to $1,078,750 over three days.

An Alabama man has been sentenced to 14 months for hacking the SEC’s X account

The UK government says that hackers accessed a “large amount” of personal information in attack on Legal Aid Agency

Security experts tell Infosecurity about the cloud attack trends in the past year, and how CISOs can mitigate evolving techniques

A list of topics we covered in the week of May 12 to May 18 of 2025

This guidance is intended for decision makers and cybersecurity practitioners. It highlights what to be aware of when identifying the source of a threat and the potential implications of geo-blocking in a broader cybersecurity strategy.

Key Takeaways The threat actor first gained entry by exploiting a known vulnerability (CVE-2023-22527) on an internet-facing Confluence server, allowing for remote code execution. Using this access…

CrushFTP 11.3.1 - Authentication Bypass. CVE-2025-31161 . remote exploit for Multiple platform

Zyxel USG FLEX H series uOS 1.31 - Privilege Escalation. CVE-2025-1731 . local exploit for Multiple platform

Invision Community 5.0.6 - Remote Code Execution (RCE). CVE-2025-47916 . remote exploit for Multiple platform

Chinese "kill switches" found in Chinese-made power inverters in US solar farm equipment that could let Beijing remotely disable power grids.

A new tool called 'Defendnot' can disable Microsoft Defender on Windows devices by registering a fake antivirus product, even when no real AV is installed.

A new tool called 'Defendnot' can disable Microsoft Defender on Windows devices by registering a fake antivirus product, even when no real AV is installed.

U.S. CISA adds Google Chromium, DrayTek routers, and SAP NetWeaver flaws to its Known Exploited Vulnerabilities catalog.

L’Usine Digitale vous propose un récapitulatif des grandes actualités de la semaine en matière de cybersécurité. Au programme, la...-Cybersécurité

On day two of Pwn2Own Berlin 2025, participants earned $435K for demonstrating zero-day in SharePoint, ESXi, VirtualBox, RHEL, and Firefox.

The January 2024 attack resulted in fraudulent posts on the SEC’s account that altered the market value of bitcoin.

From Hackaday.com, this is a neural network simulation of a pet squid. Autonomous Behavior: The squid moves autonomously, making decisions based on his current state (hunger, sleepiness, etc.). Implements a vision cone for food detection, simulating realistic foraging behavior. Neural network can make decisions and form associations. Weights are analysed, tweaked and trained by Hebbian learning algorithm. Experiences from short-term and long-term memory can influence decision-making. Squid can create new neurons in response to his environment (Neurogenesis) ...

The crypto exchange is offering a $20 million reward for information leading to the hackers’ arrest. Coinbase terminated customer support agents who leaked customer data.

Sen. Mark Warner urged OPM’s acting director to ensure identity protection services continue for the more than 21 million individuals affected by the 2015 breach.

​Microsoft has confirmed that some Windows 10 and Windows 10 Enterprise LTSC 2021 systems will boot into BitLocker recovery after installing the May 2025 security updates.

Some of the suspects allegedly “cold-called victims and used social engineering to convince them their accounts were the subject of cyberattacks and the enterprise callers were attempting to help secure their accounts,” according to the DOJ.

The largest cryptocurrency exchange in the U.S. said cybercriminals bribed insiders to steal data on customers, some of whom were duped into handing over crypto assets.

“When minority commissioners dissent, they are fired,” Commissioner Anna Gomez said of the Trump administration’s assault on free speech.

Le fournisseur français de solutions télécoms ajoute une corde à son arc en mettant la main sur Olfeo, un éditeur de logiciels spécialisé dans...-Cybersécurité