Latest CyberSec News by @thecyberpicker

Attackers have been observed dropping webshell backdoors and researchers warn the application is popular among government agencies.

MTN Group said an “unknown third-party has claimed to have accessed data linked” to parts of its system and that the incident “resulted in unauthorised access to personal information of some MTN customers in certain markets.”

The massive British retailer is still struggling to recover from the cyberattack, which it first acknowledged on Tuesday.

British retailer giant Marks & Spencer (M&S) has suspended online orders while working to recover from a recently disclosed cyberattack.

Madhu Gottumukkala, a state CIO, lacks the homeland security experience of his two predecessors.

A recent Windows security update that creates an 'inetpub' folder has introduced a new weakness allowing attackers to prevent the installation of future updates.

APIs have become foundational to digital business operations, serving as the behind-the-scenes glue that connects apps, platforms and partners. Related: OWASP’s Top 10 Web App Security Risks But this growing reliance has opened a new front in cybersecurity—one where attackers are quietly exploiting weaknesses buried deep in business logic. In this RSAC Fireside Chat, I

British retailer M&S continues to tackle a cyber incident with online orders now paused for customers

North Korean hackers use fake crypto firms and job interview lures to spread cross-platform malware targeting IT professionals globally.

African mobile giant MTN Group announced that a cybersecurity incident has compromised the personal information of some of its subscribers in certain countries.

​Baltimore City Public Schools notified tens of thousands of employees and students of a data breach following an incident in February when unknown attackers hacked into its network.

The CCM’s GRC domain helps organizations ensure that their enterprise risk management and cybersecurity compliance programs effectively address the cloud.

SAP has released out-of-band emergency updates for NetWeaver to fix an actively exploited remote code execution (RCE) vulnerability used to hijack servers.

SAP has released out-of-band emergency NetWeaver updates to fix a suspected remote code execution (RCE) zero-day flaw actively exploited to hijack servers.

Threat actors exploit SAP NetWeaver flaw + zero-day suspected + CVE-2025-31324 enables file uploads.

Spécialiste du stockage, reconnu pour ses NAS, Synology est aussi expert dans la gestion et la protection des données. Un savoir-faire que la société met à disposition des particuliers et des entreprises désireuses de sécuriser leurs données les plus sensibles. Contrairement à ce que l’on pourrait croire, il ne

This week in cybersecurity from the editors at Cybercrime Magazine

Researchers have found a Chrome extension that can act on the user’s behalf by using a popular AI agent orchestration protocol

Walk through what makes Kubernetes security so challenging and how security teams can get started with it in a way that sets them up for long-term success.

Long story of a $250 million cryptocurrency theft that, in a complicated chain events, resulted in a pretty brutal kidnapping.

Panaseer's latest cybersecurity study revealed that US companies have paid $155M in data breach lawsuit settlements over just six months

23.7M secrets leaked in 2024 + 70% still valid from 2022 expose risks from unmanaged machine identities.

Threat actors exploit SAP NetWeaver flaw + zero-day suspected + CVE-2025-31324 enables file uploads.

Backslash Security found that naïve prompts resulted in code vulnerable to at least four of the of the 10 most common vulnerabilities across popular LLMs

The FBI has asked the public for information on Chinese Salt Typhoon hackers behind widespread breaches of telecommunications providers in the United States and worldwide.

CVE-2025-0282 exploited by Chinese threat actors + DslogdRAT malware installs + 9X ICS scans spike

CVE-2025-27610 allows unauthenticated access to sensitive files in Rack Ruby apps due to root misconfig.

The largest hacking and security conference with presentations, workshops, contests, villages and the premier Capture The Flag Contest.