Latest CyberSec News by @thecyberpicker

According to Infoblox’s new report, the VexTrio cybercrime-enabling network originates from Italy and Eastern Europe

Fake apps from VexTrio on Apple and Google stores mislead users, steal data, and charge hidden fees.

Akira ransomware is abusing a legitimate Intel CPU tuning driver to turn off Microsoft Defender in attacks from security tools and EDRs running on target machines.

In today's threat landscape, attackers are no longer just exploiting technical flaws — they're exploiting business logic. Think gaps in workflows, permissions, and overlooked assumptions in how applications behave. This subtle shift is creating powerful new footholds for cybercriminals and evading traditional defenses. A10 Networks’ Field CISO Jamison Utter calls this the new front in

Critics say budget cuts, job losses have hurt the agency’s ability to coordinate with private industry.

The zero-trust initiative, which gained steam during the Biden administration, is still underway.

Tornado Cash cofounder Roman Storm was found guilty of conspiring to operate an unlicensed money-transmitting business, while the jury failed to reach a ruling on more significant charges around money laundering and sanctions violations.

Learn more about SFI patterns and practices: a new library of actionable guidance designed to help organizations implement security measures at scale.

WhatsApp removed 6.8M accounts linked to global scam centers, mainly in Cambodia, in a crackdown with Meta and OpenAI.

Trend Micro patched two critical Apex One flaws (CVE-2025-54948, CVE-2025-54987) exploited in the wild, allowing RCE via console injection.

The incident, reported to be ransomware-related, has resulted in attackers stealing sensitive personal and clinical data, including lab test results

A new post-exploitation command-and-control (C2) evasion method called 'Ghost Calls' abuses TURN servers used by conferencing apps like Zoom and Microsoft Teams to tunnel traffic through trusted infrastructure.

Nigerian national Chukwuemeka Victor Amachukwu has been extradited from France to the U.S. to face charges of hacking, fraud, and identity theft for suspected spearphishing attacks on U.S. tax preparation businesses.

A report from security firm SixMap shows that a large number of energy companies use equipment with vulnerabilities that are located on potentially exposed ports.

A Nigerian man accused of hacking, fraud and identity theft has been extradited from France to the US to face charges

Le service de messagerie instantanée Whatsapp a annoncé, le 5 août 2025, la mise en service de nouvelles mesures de sécurité pour lutter contre les arnaques en ligne. L'application affichera notamment des messages de prévention avant que vous n'entamiez une discussion avec un groupe ou un interlocuteur inconnu.

A look under the hood at a tool designed to disable protections

GenAI company OpenAI has launched its first-ever open-weight models alongside a red teaming challenge

Google is the latest company to suffer a data breach in an ongoing wave of Salesforce CRM data theft attacks conducted by the ShinyHunters extortion group.

MFA blocks 99% of attacks—but weak passwords still let attackers in. Specops helps you enforce strong password policies and MFA everywhere, so one layer doesn't undo the other. Book your free trial today.

Hackers have been sending fake summons emails purportedly from Ukrainian courts to target the country’s military and defense, cyber authorities have found.

Weight loss scams prey on insecurities, and scammers are abusing celebrities and fake news sites to deceive people.

National Bank of Canada (Banque Nationale du Canada), the sixth largest commercial bank of Canada is currently experiencing a widespread service outage affecting its online banking and mobile app platforms.

Cisco Talos’ Vulnerability Discovery & Research team recently disclosed seven vulnerabilities in WWBN AVideo, four in MedDream, and one in an Eclipse ThreadX module. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy.     For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org, and our latest Vulnerability Advisor

Austin, TX, USA, 6th August 2025, CyberNewsWire

During the pre-Black Hat AI Summit, Sean Morgan, Protect AI’s Chief Architect, highlighted the three most prominent security risks of using AI agents

Perplexity ignores robots.txt files on websites that say they do no want to be crawled.

Trend Micro has released a temporary fix for the flaws, which enable remote code execution on on-prem Apex One machines

Adversaries are prioritizing stealth over scale, according to OPSWAT’s latest Threat Landscape Report