Latest CyberSec News by @thecyberpicker

The high-profile information stealer switches up its TTPs, but keeps the CAPTCHA tactic; we take a deep dive

Over 1.3M security issues across 68K assets expose CVE overload + inefficiency in patching response.

The FBI has detected indicators of malware targeting end-of-life routers associated with Anyproxy and 5Socks proxy services

The high-profile information stealer switches up its TTPs, but keeps the CAPTCHA tactic; we take a deep dive

SonicWall addressed three SMA 100 flaws, including a potential zero-day, that could allow remote code execution if chained.

PowerSchool said its customers had been hit by new extortion demands using data stolen in a previous attack, despite attacker claims the data had been deleted

Google’s AI scam defenses now block 20x more malicious pages, cutting airline and visa scams by 80%+ in 2024.

Cyber incidents targeting OT in US critical infrastructure have prompted renewed federal action

China-based hackers exploited SAP flaw CVE-2025-31324 since April 29, impacting global industries via web shells.

Qilin ransomware led April 2025 with 45 data leaks, driven by NETXLOADER’s stealthy malware delivery method.

The FBI warns that threat actors are deploying malware on end-of-life (EoL) routers to convert them into proxies sold on the 5Socks and Anyproxy networks.

Another top appropriations Democrat criticized budget cuts affecting the Cybersecurity and Infrastructure Security Agency, saying the Trump administration has “illegally gutted funding for cybersecurity.”

Cisco has fixed a maximum severity flaw in IOS XE Software for Wireless LAN Controllers by a hard-coded JSON Web Token (JWT) that allows an unauthenticated remote attacker to take over devices.

SCIM Hunting - Beyond SSO

An npm package named 'rand-user-agent' has been compromised in a supply chain attack to inject obfuscated code that activates a remote access trojan (RAT) on the user's system.

Education giant Pearson suffered a cyberattack, allowing threat actors to steal corporate data and customer information, BleepingComputer has learned.

A malicious Python package targeting Discord developers with remote access trojan (RAT) malware was spotted on the Python Package Index (PyPI) after more than three years.

How do attackers exploit authority bias to manipulate victims? Martin shares proactive strategies to protect yourself and others in this must-read edition of the Threat Source newsletter.

After paying the hacker a ransom, PowerSchool previously said it believed the incident had been “contained” because the hacker turned over a video showing the data being deleted.

As per a recent FBI warning, criminals are phishing users of payroll, and similar platforms to not only steal their credentials but also their funds.

The North Korean IT worker scheme grows to include organizations in Europe and Asia and industries beyond the technology sector

The North Korean IT worker scheme grows to include organizations in Europe and Asia and industries beyond the technology sector

We're rolling out a brand new feature in Malwarebytes for iOS: the ability to block Google sponsored ads directly on Safari.

FreeDrain exploited SEO and free hosting to run 38,000+ phishing pages stealing crypto wallets since 2022.

Ransomware operations are using legitimate Kickidler employee monitoring software for reconnaissance, tracking their victims' activity, and harvesting credentials after breaching their networks.

New LOSTKEYS malware has been identified and linked to COLDRIVER by GTIG, stealing files and system data in targeted attacks

Venture capital firm Insight Partners has confirmed that sensitive data for employees and limited partners was stolen in a January 2025 cyberattack.

People and organizations across Japan are being inundated with phishing messages from cybercriminals who are using CoGUI, a sophisticated toolkit that lets them avoid detection.

Qilin ransomware led April 2025 with 45 data leaks, driven by NETXLOADER’s stealthy malware delivery method.

SonicWall fixes 3 critical SMA 100 flaws enabling root-level remote code execution via SSL-VPN access.