Latest CyberSec News by @thecyberpicker

Apple addressed a vulnerability impacting iOS, iPadOS, and macOS that it is under active exploitation in the wild.

The ClickFix social engineering technique has been growing in popularity, with campaigns targeting thousands of enterprise and end-user devices daily. This technique exploits users’ tendency to resolve technical issues by tricking them into running malicious commands. These commands, in turn, deliver payloads that ultimately lead to information theft and exfiltration.

Commvault patched four flaws before 11.36.60, including CVE-2025-57790 (8.7 CVSS), preventing remote code execution.

Federal prosecutors called Rapper Bot one of the most powerful DDoS botnets in history.

Dans un rapport publié le 20 août 2025, les chercheurs de Cisco Talos alertent sur l'exploitation active d'une vulnérabilité par un groupe de cyberespions affilié aux services de renseignements russes. Une campagne qui vise principalement des machines en fin de vie et dont les correctifs ont pourtant été publiés en

Europol has confirmed that a Telegram channel impersonating the agency and offering a $50,000 reward for information on two Qilin ransomware administrators is fake. The impostor later admitted it was created to troll researchers and journalists.

ClickFix attacks deliver CORNFLAKE.V3 backdoor via fake CAPTCHAs, enabling multi-payload delivery and persistence since Sept 2024.

Critical vulnerabilities in MCPs, stealthily enumerating AWS resources, a North Korean government hacker's computer was pwned, backdoors & campaigns leaked

​Microsoft is seeking further information from customers who reported failure and data corruption issues affecting their solid-state drives (SSDs) and hard disk drives (HDDs) after installing the August 2025 security update.

The powerful “Rapper Bot” DDoS-for-hire botnet impacted the Department of Defense Information Network (DODIN) in at least three attacks between April and August, two officials told DefenseScoop.

Noah Michael Urban, 20, of Palm Coast, Florida, pleaded guilty to conspiracy, wire fraud and aggravated identity theft charges in two separate federal cases spanning Florida and California.

Cloud security and identity and access management tool purchases insulated the market from tariff-induced economic shocks, according to Forrester.

From hybrid cloud to AI, IT complexity and security risks are accelerating. Certified VMware pros bring clarity and resilience that keep teams ahead. See why CIOs are making certification a workforce strategy with VMUG.

Russian state-backed hackers are exploiting a seven-year-old Cisco Smart Install vulnerability (CVE-2018-0171) in end-of-life devices, prompting warnings from the FBI and Cisco Talos

Colt customers can request a list of filenames posted on the dark web via a dedicated call center

As economic pressure mounts, global supply chains are under extraordinary strain. Shifting tariffs and trade disputes are forcing companies to rethink sourcing strategies. Geopolitical tensions are introducing costly delays and unpredictable bottlenecks. It’s clear that the ability to anticipate and adapt is no longer optional. Business leaders need a clear-eyed, forward-looking view of where supply....

A 22-year-old Oregon man has been charged with administering the Rapper Bot DDoS-for-hire Botnet

This breakdown of the ISO 27001 certification process will help you get a better idea of what will be reviewed during each phase of the audit process.

A Florida judge ignored prosecutors’ request for an eight-year sentence and gave Noah Michael Urban 10 years in prison with three years of supervised release, and ordered him to pay $13 million in restitution to more than 30 victims.

Apple has released security updates to patch a zero-day vulnerability tracked as CVE-2025-43300 for all platforms

This week in cybersecurity from the editors at Cybercrime Magazine

Google has settled a lawsuit against YouTube for $30 million but did not admit collecting data of minors for targeted advertising.

The Federal Bureau of Investigation (FBI) has warned that hackers linked to Russia's Federal Security Service (FSB) are targeting critical infrastructure organizations in attacks exploiting a 7-year-old vulnerability in Cisco devices.

Lors de la conférence DEFCON 33 en août 2025, le chercheur indépendant en cybersécurité Marek Tóth a démontré qu’une attaque de type clickjacking pouvait mettre en danger des millions d’utilisateurs de gestionnaires de mots de passe parmi les plus populaires au monde. Un procédé qui permettrait à un acteur

QuirkyLoader malware spreads via spam since Nov 2024, delivering RATs and stealers in Taiwan, Mexico.

Noah Urban, linked with the Scattered Spider cybercriminal gang, will also pay $13m in restitution to victims

Well, this is interesting: The auction, which will include other items related to cryptology, will be held Nov. 20. RR Auction, the company arranging the sale, estimates a winning bid between $300,000 and $500,000. Along with the original handwritten plain text of K4 and other papers related to the coding, Mr. Sanborn will also be providing a 12-by-18-inch copper plate that has three lines of alphabetic characters cut through with a jigsaw, which he calls “my proof-of-concept piece” and which he kept on a table for inspiration during the two years he and helpers hand-cut the letters for the project. The process was grueling, exacting and nerve wracking. “You could not make any mistake with 1,800 letters,” he said. “It could not be repaired.”...

Orange Belgium revealed that a threat actor has compromised 850,000 customer accounts, with SIM card numbers among the data accessed

The NIST National Cybersecurity Center of Excellence (NCCoE) has published NIST

Password cracking succeeded in 46% of environments in 2025, leaving valid accounts exploited in 98% of attacks.