Latest CyberSec News by @thecyberpicker

As the sanctions-evading scheme has grown, so too has the U.S. government’s response.

Newark, N.J., Aug. 25, 2025, CyberNewwire — Only 7 days left to secure the Early Bird registration at the OpenSSL Conference 2025, October 7 – 9 in Prague. The event will bring together lawyers, regulators, developers, and entrepreneurs to explore issues of security and privacy for everyone, everywhere. Attendees will have the opportunity to: •Meet

Microsoft warns that a threat actor tracked as Storm-0501 has evolved its operations, shifting away from encrypting devices with ransomware to focusing on cloud-based encryption, data theft, and extortion.

A notorious Chinese hacking campaign against telecommunications companies has now reached into a variety of additional sectors across the globe, including government, transportation, lodging and military targets.

Threat researchers discovered the first AI-powered ransomware, called PromptLock, that uses Lua scripts to steal and encrypt data on Windows, macOS, and Linux systems.

Storm-0501 exfiltrates and deletes Azure data in hybrid cloud attacks, forcing ransom via Teams.

The Sangoma FreePBX Security Team is warning about an actively exploited FreePBX zero-day vulnerability that impacts systems with the Administrator Control Panel (ACP) is exposed to the internet.

Google says it is starting a cyber “disruption unit,” a development that arrives in a potentially shifting U.S. landscape toward more offensive-oriented approaches in cyberspace.

Cisco Talos’ Vulnerability Discovery & Research team recently disclosed ten vulnerabilities in BioSig Libbiosig, nine in Tenda AC6 Router, eight in SAIL, two in PDF-XChange Editor, and one in a Foxit PDF Reader. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy.     For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from S

Over 28,200 Citrix NetScaler ADC/Gateway instances remain exposed to critical RCE flaw CVE-2025-7775, already under active exploitation.

A cyberattack on Miljödata, an IT systems supplier for roughly 80% of Sweden's municipal systems, has caused accessibility problems in more than 200 regions of the country.

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Citrix NetScaler flaw to its Known Exploited Vulnerabilities catalog.

The U.S. National Security Agency (NSA), the UK's National Cyber Security Centre (NCSC), and partners from over a dozen countries have linked the Salt Typhoon global hacking campaigns to three China-based technology firms.

Financially motivated threat actor Storm-0501 has continuously evolved their campaigns to achieve sharpened focus on cloud-based tactics, techniques, and procedures (TTPs). While the threat actor has been known for targeting hybrid cloud environments, their primary objective has shifted from deploying on-premises endpoint ransomware to using cloud-based ransomware tactics.

Cybersecurity News

Google is introducing a new defense for Android called 'Developer Verification' to block malware installations from sideloaded apps sourced from outside the official Google Play app store.

The financially motivated threat group demonstrates deep knowledge of hybrid cloud environments, which allows it to rapidly steal sensitive data, destroy backups and encrypt systems for ransomware.

ESET uncovers AI-powered PromptLock ransomware using OpenAI gpt-oss:20b model, complicating detection with variable Lua scripts.

CISA has launched a new Software Acquisition Guide Web Tool to enhance security in software procurement

Hackers are targeting American industrial firms by contacting them through their website forms, posing as potential business partners before infecting them with malware.

Dans l’écosystème Tesla, il existe une solution qui assouvit la soif toujours plus grande de certains propriétaires en données sur leur précieux véhicule. Son nom ? TeslaMate, un outil open source capable d'enregistrer l’historique de trajets, l’état de la batterie mais également de révéler des données sensibles à la

More than 28,200 Citrix instances are vulnerable to a critical remote code execution vulnerability tracked as CVE-2025-7775 that is already being exploited in the wild.

For a third year a row, Microsoft has been named the number one leader for endpoint security market share, as featured in a new IDC report.

While still in development, PromptLock is described as the “first known AI-powered ransomware” by ESET researchers

The three companies were accused of providing “cyber-related products and services to China’s intelligence services, including multiple units in the People’s Liberation Army and Ministry of State Security” since at least 2021, according to the advisory.

Healthcare Services Group suffered a 2024 breach, exposing personal data of 624,000+ people. Affected individuals are now being notified.

The Office of the Governor of Nevada revealed that the incident has shut down in-person State services, while government phone lines and websites are offline

The company is urging customers to patch their devices immediately, saying the flaw could lead to denial of service or remote code execution.

ShadowSilk hit 36 victims across Central Asia and APAC in July, using Telegram bots to exfiltrate government data.

Anthropic stopped AI-driven cyberattacks in July 2025, blocking extortion demands up to $500K targeting 17 groups.