Latest CyberSec News by @thecyberpicker

Scattered Spider hacker Noah Urban sentenced to 10 years, $13M restitution, after SIM swapping crypto thefts.

CERT/CC disclosed serious data exposure vulnerabilities in Workhorse Software used by hundreds of U.S. cities and towns.

Orange Belgium, a subsidiary of telecommunications giant Orange Group, disclosed on Wednesday that attackers who breached its systems in July have stolen the data of approximately 850,000 customers.

Apple patches CVE-2025-43300 zero-day in iOS, iPadOS, and macOS after active exploitation reports.

A 21-year-old Florida man at the center of a prolific cybercrime group known as "Scattered Spider" was sentenced to 10 years in federal prison today, and ordered to pay roughly $13 million in restitution to victims. Noah Michael Urban of…

OpenAI's CEO Sam Altman told reporters that GPT-6 is already in the works, and it'll not take as long as GPT-5.

Here is an overview of the CIS Benchmarks that the Center for Internet Security (CIS) updated or released for August 2025.

Frankfurt, Germany, Aug. 20, 2025, CyberNewswire — Link11, a Germany-based global IT security provider, has released insights into the evolving cybersecurity threat landscape and announced the capabilities of its Web Application and API Protection (WAAP) platform, designed to provide multi-layered defenses against modern digital threats. The rapid pace of digital transformation has expanded the opportunities

The intrusions have exploited a vulnerability in Cisco’s networking equipment software.

Apple has released emergency updates to patch another zero-day vulnerability that was exploited in an "extremely sophisticated attack."

Russian hackers exploit Cisco CVE-2018-0171 since 2022, breaching global networks and targeting U.S. infrastructure.

DOM-Based Extension Clickjacking Exposes Popular Password Managers to Credential and Data Theft | Read more hacking news on The Hacker News cybersecurity news website and learn how to protect against cyberattacks and software vulnerabilities.

DOJ charges 22-year-old Ethan Foltz of Oregon for running RapperBot, a DDoS botnet behind 370K+ attacks in 80+ countries since 2021.

A study looking into agentic AI browsers has found that these emerging tools are vulnerable to both new and old schemes that could make them interact with malicious pages and prompts.

The U.S. Department of Justice (DoJ) announced charges against the alleged developer and administrator of the "Rapper Bot" DDoS-for-hire botnet.

This issue of the Counter Threat Unit’s high-level bimonthly report discusses noteworthy updates in the threat landscape during May and June

Indiana-based pharmaceutical research company Inotiv has confirmed it suffered a ransomware attack, disrupting operations and compromising data

The company says it doesn’t yet know if the incident will have a material impact.

With Beacon Network, TRM Labs has brought together law enforcement and some of the largest crypto exchanges to fight against crypto crimes

A Russian state-sponsored group known as Static Tundra has persistently exploited the Cisco CVE-2018-0171 vulnerability to compromise network devices worldwide, targeting key industries and evading detection for years, according to new findings by Cisco Talos.

CSA has mapped the AI Controls Matrix to ISO/IEC 42001:2023. This guide helps organizations integrate AI-specific controls into existing ISMS programs.

A new report has mapped the tactical evolution of mule operators in the META region from VPNs to advanced fraud networks

An attacker could exploit the flaw to inject malicious prompts to Google Calendar invites, exploiting Gemini on the target systems.

A campaign involving a financially motivated group deploying a downloader that delivers CORNFLAKE.V3 malware.

Six major password managers with tens of millions of users are currently vulnerable to unpatched clickjacking flaws that could allow attackers to steal account credentials, 2FA codes, and credit card details.

PromptFix exploits Comet AI browser via fake CAPTCHA, auto-filling credit cards and enabling phishing scams.

A Russian state-sponsored group, Static Tundra, is exploiting an old Cisco IOS vulnerability to compromise unpatched network devices worldwide, targeting key sectors for intelligence gathering.