Latest CyberSec News by @thecyberpicker

Frankfurt, Germany, Aug. 20, 2025, CyberNewswire — Link11, a Germany-based global IT security provider, has released insights into the evolving cybersecurity threat landscape and announced the capabilities of its Web Application and API Protection (WAAP) platform, designed to provide multi-layered defenses against modern digital threats. The rapid pace of digital transformation has expanded the opportunities

The intrusions have exploited a vulnerability in Cisco’s networking equipment software.

Apple has released emergency updates to patch another zero-day vulnerability that was exploited in an "extremely sophisticated attack."

Russian hackers exploit Cisco CVE-2018-0171 since 2022, breaching global networks and targeting U.S. infrastructure.

DOM-Based Extension Clickjacking Exposes Popular Password Managers to Credential and Data Theft | Read more hacking news on The Hacker News cybersecurity news website and learn how to protect against cyberattacks and software vulnerabilities.

DOJ charges 22-year-old Ethan Foltz of Oregon for running RapperBot, a DDoS botnet behind 370K+ attacks in 80+ countries since 2021.

A study looking into agentic AI browsers has found that these emerging tools are vulnerable to both new and old schemes that could make them interact with malicious pages and prompts.

The U.S. Department of Justice (DoJ) announced charges against the alleged developer and administrator of the "Rapper Bot" DDoS-for-hire botnet.

This issue of the Counter Threat Unit’s high-level bimonthly report discusses noteworthy updates in the threat landscape during May and June

Indiana-based pharmaceutical research company Inotiv has confirmed it suffered a ransomware attack, disrupting operations and compromising data

The company says it doesn’t yet know if the incident will have a material impact.

With Beacon Network, TRM Labs has brought together law enforcement and some of the largest crypto exchanges to fight against crypto crimes

A Russian state-sponsored group known as Static Tundra has persistently exploited the Cisco CVE-2018-0171 vulnerability to compromise network devices worldwide, targeting key industries and evading detection for years, according to new findings by Cisco Talos.

CSA has mapped the AI Controls Matrix to ISO/IEC 42001:2023. This guide helps organizations integrate AI-specific controls into existing ISMS programs.

A new report has mapped the tactical evolution of mule operators in the META region from VPNs to advanced fraud networks

An attacker could exploit the flaw to inject malicious prompts to Google Calendar invites, exploiting Gemini on the target systems.

A campaign involving a financially motivated group deploying a downloader that delivers CORNFLAKE.V3 malware.

Six major password managers with tens of millions of users are currently vulnerable to unpatched clickjacking flaws that could allow attackers to steal account credentials, 2FA codes, and credit card details.

PromptFix exploits Comet AI browser via fake CAPTCHA, auto-filling credit cards and enabling phishing scams.

A Russian state-sponsored group, Static Tundra, is exploiting an old Cisco IOS vulnerability to compromise unpatched network devices worldwide, targeting key sectors for intelligence gathering.

Email security is stuck where antivirus was a decade ago—focused only on prevention. Learn from Material Security why it's time for an "EDR for email" mindset: visibility, post-compromise controls, and SaaS-wide protection.

Microsoft is investigating an ongoing issue preventing users across North America from accessing Office.com and the company's Copilot AI-powered assistant.

Read this expert SecurityX vs CISSP comparison guide to learn all you need to know about these top certifications and decide which suits you the best.

Une hackeuse professionnelle, connue sous le pseudonyme « Bobdahacker », raconte comment sa chasse aux vulnérabilités chez McDonald's, entamée par une simple commande de nuggets gratuits, a révélé d'autres failles de sécurité et conduit au licenciement d’une employée qui avait accepté de l’aider. Un rapport de

The company said no critical data was accessed, but the hacker "gained access to one of our IT systems that contains the following data: name, first name, telephone number, SIM card number, PUK code, tariff plan.”

The Russian platform Investment Projects said it is working to restore its infrastructure following a cyberattack claimed by the pro-Ukraine group Cyber Anarchy Squad.

We don’t need to throw out RBAC, but we need to evolve beyond it. Modern identity security requires understanding the full picture of effective permissions.