Latest CyberSec News by @thecyberpicker

Google has settled a lawsuit against YouTube for $30 million but did not admit collecting data of minors for targeted advertising.

The Federal Bureau of Investigation (FBI) has warned that hackers linked to Russia's Federal Security Service (FSB) are targeting critical infrastructure organizations in attacks exploiting a 7-year-old vulnerability in Cisco devices.

Lors de la conférence DEFCON 33 en août 2025, le chercheur indépendant en cybersécurité Marek Tóth a démontré qu’une attaque de type clickjacking pouvait mettre en danger des millions d’utilisateurs de gestionnaires de mots de passe parmi les plus populaires au monde. Un procédé qui permettrait à un acteur

QuirkyLoader malware spreads via spam since Nov 2024, delivering RATs and stealers in Taiwan, Mexico.

Noah Urban, linked with the Scattered Spider cybercriminal gang, will also pay $13m in restitution to victims

Well, this is interesting: The auction, which will include other items related to cryptology, will be held Nov. 20. RR Auction, the company arranging the sale, estimates a winning bid between $300,000 and $500,000. Along with the original handwritten plain text of K4 and other papers related to the coding, Mr. Sanborn will also be providing a 12-by-18-inch copper plate that has three lines of alphabetic characters cut through with a jigsaw, which he calls “my proof-of-concept piece” and which he kept on a table for inspiration during the two years he and helpers hand-cut the letters for the project. The process was grueling, exacting and nerve wracking. “You could not make any mistake with 1,800 letters,” he said. “It could not be repaired.”...

Orange Belgium revealed that a threat actor has compromised 850,000 customer accounts, with SIM card numbers among the data accessed

The NIST National Cybersecurity Center of Excellence (NCCoE) has published NIST

Password cracking succeeded in 46% of environments in 2025, leaving valid accounts exploited in 98% of attacks.

NIST has released new guidelines examining the pros and cons of detection methods for face morphing software

Guardio reveals a new AI take on ClickFix dubbed “PromptFix”

Noah Michael Urban, a key member of the Scattered Spider cybercrime collective, was sentenced to 10 years in prison on Wednesday after pleading guilty to charges of wire fraud and conspiracy in April.

FBI warns FSB-linked group Static Tundra is exploiting a 7-year-old Cisco IOS/IOS XE flaw to gain persistent access for cyber espionage.

Scattered Spider hacker Noah Urban sentenced to 10 years, $13M restitution, after SIM swapping crypto thefts.

CERT/CC disclosed serious data exposure vulnerabilities in Workhorse Software used by hundreds of U.S. cities and towns.

Orange Belgium, a subsidiary of telecommunications giant Orange Group, disclosed on Wednesday that attackers who breached its systems in July have stolen the data of approximately 850,000 customers.

Apple patches CVE-2025-43300 zero-day in iOS, iPadOS, and macOS after active exploitation reports.

A 21-year-old Florida man at the center of a prolific cybercrime group known as "Scattered Spider" was sentenced to 10 years in federal prison today, and ordered to pay roughly $13 million in restitution to victims. Noah Michael Urban of…

OpenAI's CEO Sam Altman told reporters that GPT-6 is already in the works, and it'll not take as long as GPT-5.

Here is an overview of the CIS Benchmarks that the Center for Internet Security (CIS) updated or released for August 2025.

Frankfurt, Germany, Aug. 20, 2025, CyberNewswire — Link11, a Germany-based global IT security provider, has released insights into the evolving cybersecurity threat landscape and announced the capabilities of its Web Application and API Protection (WAAP) platform, designed to provide multi-layered defenses against modern digital threats. The rapid pace of digital transformation has expanded the opportunities

The intrusions have exploited a vulnerability in Cisco’s networking equipment software.

Apple has released emergency updates to patch another zero-day vulnerability that was exploited in an "extremely sophisticated attack."

Russian hackers exploit Cisco CVE-2018-0171 since 2022, breaching global networks and targeting U.S. infrastructure.

DOM-Based Extension Clickjacking Exposes Popular Password Managers to Credential and Data Theft | Read more hacking news on The Hacker News cybersecurity news website and learn how to protect against cyberattacks and software vulnerabilities.

DOJ charges 22-year-old Ethan Foltz of Oregon for running RapperBot, a DDoS botnet behind 370K+ attacks in 80+ countries since 2021.

A study looking into agentic AI browsers has found that these emerging tools are vulnerable to both new and old schemes that could make them interact with malicious pages and prompts.

The U.S. Department of Justice (DoJ) announced charges against the alleged developer and administrator of the "Rapper Bot" DDoS-for-hire botnet.