Latest CyberSec News by @thecyberpicker

CloudClassroom PHP Project 1.0 - SQL Injection. CVE-2025-45542 . webapps exploit for PHP platform

ABB Cylon Aspect 3.08.04 DeploySource - Remote Code Execution (RCE). CVE-n/a . remote exploit for Multiple platform

macOS LaunchDaemon iOS 17.2 - Privilege Escalation. CVE-2025-24085 . local exploit for macOS platform

The suspect, a native of the central Ukrainian city of Poltava, had been conducting cyberattacks since at least 2018, police said.

The rule has exposed companies to liability risks while failing to provide investors with “decision-useful” information, the coalition said in a recent letter.

“Our national security depends on a resilient and secure energy grid,” said Sen. John Hickenlooper, D-Colo. Experts say the new effort would be welcomed by the private sector.

Major porn sites—such as YouPorn, Porn Hub, and RedTube—have blocked access in France in response to age verification demands.

The hacker group has breached hundreds of organizations and is working with others to exploit flaws in a popular remote support tool.

The chairman of the House Homeland Security subcommittee on cybersecurity is apprehensive about the Department of Homeland Security’s plans to end a program that vets mobile apps for federal agencies.

Both companies have faced controversy in recent years, primarily for their work in circumventing mobile device security features

A panel of CISOs at Infosecurity Europe urged their peers to use risk management and clear communication to tame a chaotic cyber landscape

Using Dependabot to merge malicious code and bypass branch protections, JWT attack guide with mitigations and labs, AI agents found a new Linux Kernel USB protocol stack vulnerability

En réponse à une législation imposant une vérification de l'âge pour l'accès aux contenus pornographiques, le groupe Aylo, propriétaire de...-Data Protection

New findings reveal Bitter, an Indian-aligned threat group targeting governments via spear-phishing and advanced malware

Sophisticated nation-state and cybercriminal groups are using insiders to infect targets via hardware devices, despite a lack of reporting of this threat

Managed file transfer (MFT) provides a reliable way to transfer critical business data internally and externally, with built-in features like data encryption.

This week in cybersecurity from the editors at Cybercrime Magazine

Law enforcement officials said initial access brokers with ties to Play ransomware operators continue to exploit multiple vulnerabilities in remote monitoring and management tool SimpleHelp.

Officials from His Majesty's Revenue & Customs, the U.K.'s tax authority, said criminals took over accounts to pilfer £47 million ($63 million) last year.

BidenCash est désormais hors service. La « marketplace », spécialisée dans la revente de cartes bancaires volées, était l'une des plus actives du dark web. Dans une opération conjointe avec les autorités néerlandaises, le FBI a saisi plus de 145 domaines. Un message s’affiche désormais : « Ce site a été saisi par les

Malicious actors are making more use of AI in attacks, even as governments look to boost AI investments

Cisco Talos observed a destructive attack on a critical infrastructure entity within Ukraine, using a previously unknown wiper we are calling “PathWiper.”

At Infosecurity Europe 2025, Axonius’ Jon Ridyard proposed seven best practices to build mature vulnerability management processes

Iran-aligned BladedFeline hackers hit Iraqi and Kurdish officials using custom malware in ongoing espionage effort.

Business Value Assessments help CISOs link security risk to cost, showing ROI and reducing breach fallout.

The German data protection authority (BfDI) has fined Vodafone GmbH, the telecommunications company's German subsidiary, €45 million ($51.4 million) for privacy and security violations.

Discover how attackers manipulate GPTs through data poisoning, jailbreaks, and prompt injections, turning trusted AI tools into cyber threats.

Ransomware was discovered by security researchers in fake installers posing as Chat GPT, Nova Leads, and InVideo AI.

The number of attacks on mobile devices involving malware, adware, or unwanted apps saw a significant increase in the first quarter.

The report presents statistics for Windows, macOS, IoT, and other threats, including ransomware, miners, local and web-based threats, for Q1 2025.