Latest CyberSec News by @thecyberpicker

The value of losses to crypto thefts has soared this year to more than $2 billion over the first six months, the blockchain analytics company Chainalysis found.

The ICEBlock tool has vulnerabilities: The developer of ICEBlock, an iOS app for anonymously reporting sightings of US Immigration and Customs Enforcement (ICE) officials, promises that it “ensures user privacy by storing no personal data.” But that claim has come under scrutiny. ICEBlock creator Joshua Aaron has been accused of making false promises regarding user anonymity and privacy, being “misguided” about the privacy offered by iOS, and of being an Apple fanboy. The issue isn’t what ICEBlock stores. It’s about what it could accidentally reveal through its tight integration with iOS...

Discover how CTEM, VM, and ASM work together to enhance cybersecurity, providing real-time visibility and proactive threat management.

Europol dismantles NoName057(16), a Russian group behind DDoS attacks, arresting two and targeting over 1,000 supporters.

Cisco warns of CVE-2025-20337, a critical ISE flaw (CVSS 10) allowing remote code execution with root privileges.

Une unité de la Garde nationale américaine a été « massivement » compromise par le groupe de cyberespionnage chinois « Salt Typhoon ». Survenue entre mars et décembre 2024, l'opération aurait permis aux pirates d’accéder à des informations sensibles, compromettant potentiellement la sécurité de multiples

Cisco Talos uncovered a stealthy Malware-as-a-Service (MaaS) operation that used fake GitHub accounts to distribute a variety of dangerous payloads and evade security defenses.

Harmonic Security raises the alarm as one in 12 British and American employees uses Chinese GenAI tools

Microsoft has reported Scattered Spider continues to evolve tactics to compromise both on-premises infrastructure and cloud environments

Chinese Hackers Target Taiwan's Semiconductor Sector with Cobalt Strike, Custom Backdoors | Read more hacking news on The Hacker News cybersecurity news website and learn how to protect against cyberattacks and software vulnerabilities.

There were 1732 publicly reported US data breaches in the first half of 2025, according to the latest ITRC report

A Veeam survey found that 96% of financial services organizations believe their current levels of data resilience falls short of DORA compliance, citing major challenges

Cisco's CVE-2025-20337 flaw exposes ISE to root access via API exploit. Affects releases 3.3 & 3.4.

UK retailer Co-op has confirmed that personal data of 6.5 million members was stolen in the massive cyberattack in April that shut down systems and caused food shortages in its grocery stores.

The House Homeland Committee will revisit the malware to use the knowledge from the spy effort to explore the domestic threats facing the U.S. in 2025.

Karen Vardanyan and his co-conspirators allegedly deployed ransomware on hundreds of machines in 2019 and 2020, extorting more than $15 million from victims at the time.

A 21-year old former U.S. Army soldier pleaded guilty to charges of hacking and extorting at least ten telecommunications and technology companies in the country.

International law enforcement operation disrupted the activities of the pro-Russia hacking group NoName057(16).

Luxury fashion giant Louis Vuitton confirmed that breaches impacting customers in the UK, South Korea, and Turkey stem from the same security incident, which is believed to be linked to the ShinyHunters extortion group.

We are honored to be recognized once again as a Leader in the 2025 Gartner® Magic Quadrant™ for Endpoint Protection Platforms—our sixth consecutive year.

Google Threat Intelligence Group said a financially motivated threat group is abusing the outdated remote access VPN devices, underscoring a continued pattern of threats confronting SonicWall customers.

Matanbuchus 3.0 malware loader evolves with advanced stealth techniques, targeting companies via social engineering tactics.

Seems like an old system system that predates any care about security: The flaw has to do with the protocol used in a train system known as the End-of-Train and Head-of-Train. A Flashing Rear End Device (FRED), also known as an End-of-Train (EOT) device, is attached to the back of a train and sends data via radio signals to a corresponding device in the locomotive called the Head-of-Train (HOT). Commands can also be sent to the FRED to apply the brakes at the rear of the train. These devices were first installed in the 1980s as a replacement for caboose cars, and unfortunately, they lack encryption and authentication protocols. Instead, the current system uses data packets sent between the front and back of a train that include a simple BCH checksum to detect errors or interference. But now, the CISA is warning that someone using a software-defined radio could potentially send fake data packets and interfere with train operations...

To quash speculation of a cyberattack or BGP hijack incident causing the recent 1.1.1.1 Resolver service outage, Cloudflare explains in a post mortem that the incident was caused by an internal misconfiguration.

Les services de renseignement ukrainiens et des groupes de hackers alliés déclarent avoir mené une cyberattaque d'envergure contre l’un des principaux fabricants russes de drones militaires. Près de 50 téraoctets de données auraient été dérobés, notamment les plans de modèles de drones militaires en cours de

Google patches six security flaws in Chrome, including zero-day CVE-2025-6558, exploited in the wild.

A prominent Cambodian tycoon was the subject of multiple raids conducted Tuesday by Thai police, who accused him of being involved in cyber scams.

European and U.S. law enforcement have disrupted the operations of a pro-Russian hacker group known for launching distributed denial-of-service attacks against Ukraine and its allies.

To help protect and inform customers, Microsoft highlights protection coverage across the Microsoft Defender security ecosystem. Learn more.