Latest CyberSec News by @thecyberpicker

Samsung patched CVE-2025-4632, a 9.8 CVSS flaw exploited to deploy Mirai botnet after PoC release.

Ransomware gangs have joined ongoing SAP NetWeaver attacks, exploiting a maximum-severity vulnerability that allows threat actors to gain remote code execution on vulnerable servers.

In an 8-K filing with federal regulators, Nucor said the incident involved “unauthorized third party access to certain information technology systems” but did not explain further.

The Australian Human Rights Commission (AHRC) disclosed a data breach incident where private documents leaked online and were indexed by major search engines.

Xinbi enabled $8.4B in Telegram-based transactions since 2022, fueling cybercrime, scams, and crypto laundering.

A cyberattack first detected over Easter weekend has reportedly already cost Marks & Spencer more than £60 million.

Cary, NC, May 14, 2025, CyberNewswire -- INE Security, a global leader in hands-on cybersecurity training and certifications, today highlighted how ongoing real-world practice with the latest CVEs (Common Vulnerabilities and Exposures) is essential for transforming security teams from reactive to proactive defenders. With over 26,000 new CVEs documented in the past year, security teams

This is a current list of where and when I am scheduled to speak: I’m speaking (remotely) at the Sektor 3.0 Festival in Warsaw, Poland, May 21-22, 2025. The list is maintained on this page.

Android Enterprise introduced Device Trust to enhance mobile security on Android devices

The company is carefully ramping up systems and is boosting deliveries to its 2,300 food stores after stock issues.

Five issues actively exploited in the wild, but the real excitement may have been handled in advance

​Microsoft has fixed a known issue preventing Linux from booting on dual-boot systems with Secure Boot enabled after installing the August 2024 Windows security updates.

The law’s expiration in September could jeopardize a wide range of information-sharing partnerships that have helped catch and thwart cyberattacks in the U.S.

Un pirate informatique affirme avoir récupéré plus de 89 millions de comptes Steam, soit deux tiers des comptes existants. Si elle s'avère véridique, il s'agirait d'une des plus grandes fuites de comptes du jeu vidéo. Ce pirate du nom de Machine1337 a-t-il réellement piraté Steam ? C'est en tout cas ce qu'il affirme

Une fuite pourrait avoir affecté la plateforme de jeux vidéo Steam. En raison du nombre de comptes potentiellement affectés, il est préférable de s'assurer que les bonnes pratiques de sécurisation sont appliquées pour protéger son profil. C'est une alerte à laquelle les internautes ayant un compte Steam devraient

New phishing tactics are abusing trusted domains, real CAPTCHAs, and server-side email validation to selectively target victims with customized fake login pages. Keep Aware's latest research breaks down the full attack chain and how these zero-day phish operate.

A cybersecurity incident on Nucor Corporation's systems forced the company to take offline parts of its networks and implement containment measures.

La maison de mode française a prévenu ses clients qu'un tiers non autorisé avait accédé à certaines données clients, parmi lesquelles des...-Cybersécurité

L'application "France Identité" a atteint les deux millions d'utilisateurs. Permettant de prouver son identité, elle offre un portefeuille de...-Identité numérique

CISA paused plans to overhaul its advisory system after backlash from the infosec community

Meta Mirage phishing attack exploits 14,000+ URLs via cloud hosts, stealing credentials and ad accounts.

A Russian military cadet reportedly developed an algorithm that could bypass the protective infrastructure of law enforcement software and gain access to restricted data.

A Kosovo national has been extradited to the United States to face charges of running an online cybercrime marketplace active since 2018.

House of Dior, the French luxury fashion brand commonly referred to as Dior, has disclosed a cybersecurity incident that has exposed customer information.

ISO 42001 mandates numerous requirements for the establishment, operation, monitoring, maintenance, and improvement of an organization’s AI management system.

Cary, North Carolina, 14th May 2025, CyberNewsWire

This week in cybersecurity from the editors at Cybercrime Magazine

Fortinet and Ivanti published advisories on the same day revealing that attackers are exploiting new zero days, one of which is rated critical

Microsoft on Tuesday released software updates to fix at least 70 vulnerabilities in Windows and related products, including five zero-day flaws that are already seeing active exploitation. Adding to the sense of urgency with this month's patch batch from Redmond…

While appearing unsophisticated on the surface, Chihuahua Stealer uses advanced methods