Latest CyberSec News by @thecyberpicker

Explore how healthcare’s growing reliance on virtual infrastructure has introduced a new class of threats—and what can be done to secure the hypervisor layer.

ShadowCaptcha exploits 100+ WordPress sites since Aug 2025, spreading ransomware, stealers, and miners worldwide.

Les géants de la tech doivent résister aux demandes visant à affaiblir le chiffrement. Voilà le rappel que vient de faire une autorité américaine aux grandes entreprises de la Silicon Valley, en nommant spécifiquement certaines législations récentes en Europe. Motif ? Cela pourrait nuire aux droits des Américains.

I wrote about this in 2023. Here’s the story: Three Dutch security analysts discovered the vulnerabilities­—five in total—­in a European radio standard called TETRA (Terrestrial Trunked Radio), which is used in radios made by Motorola, Damm, Hytera, and others. The standard has been used in radios since the ’90s, but the flaws remained unknown because encryption algorithms used in TETRA were kept secret until now. There’s new news: In 2023, Carlo Meijer, Wouter Bokslag, and Jos Wetzels of security firm Midnight Blue, based in the Netherlands, discovered vulnerabilities in encryption algorithms that are part of a European radio standard created by ETSI called TETRA (Terrestrial Trunked Radio), which has been baked into radio systems made by Motorola, Damm, Sepura, and others since the ’90s. The flaws remained unknown publicly until their disclosure, because ETSI refused for decades to let anyone examine the proprietary algorithms...

Le 22 août, un groupe de hackers nommé Lab-Dookhtegan a revendiqué une cyberattaque d'une ampleur spectaculaire : les hacktivistes auraient coupé la communication de 39 tankers et 25 cargos d'entreprises iraniennes. Les pirates auraient infiltré un des partenaires commerciaux des entreprises maritimes. Dans le monde

All previously scheduled mobility trips across Maryland for this week will be honored, said the state’s transportation administration

Les géants de la tech doivent résister aux demandes visant à affaiblir le chiffrement. Voilà le rappel que vient de faire une autorité américaine aux grandes entreprises de la Silicon Valley, en nommant spécifiquement certaines législations récentes en Europe. Motif ? Cela pourrait nuire aux droits des Américains.

A new CIISec poll finds the majority of industry professionals would prefer more rigorous cybersecurity laws

HOOK Android trojan evolves with 107 commands, adding ransomware overlays and NFC scams, threatening financial security.

Data I/O has revealed operational disruption following a ransomware breach that forced it to take some systems offline

CISA adds Citrix and Git flaws to KEV after active exploitation; agencies must patch by Sept 15, 2025.

Google will verify all Android developers by September 2026 in select countries to curb malicious apps.

GeoVision ASManager Windows Application 6.1.2.0 - Remote Code Execution (RCE). CVE-2025-26264 . remote exploit for Windows platform

Lingdang CRM 8.6.4.7 - SQL Injection. CVE-2025-9140 . webapps exploit for Multiple platform

Birth Chart Compatibility WordPress Plugin 2.0 - Full Path Disclosure. CVE-2025-6082 . webapps exploit for Multiple platform

GeoVision ASManager Windows Application 6.1.2.0 - Credentials Disclosure. CVE-2025-26263 . local exploit for Windows platform

StoryChief Wordpress Plugin 1.0.42 - Arbitrary File Upload. CVE-2025-7441 . webapps exploit for Multiple platform

Ivanti Endpoint Manager Mobile 12.5.0.0 - Authentication Bypass. CVE-2025-4427 . remote exploit for Multiple platform

This guide has been developed to help organisational personnel in understanding the threat environment and the value of implementing secure keys and secrets management to make better informed decisions.

Internet intelligence firm GreyNoise reports that it has recorded a significant spike in scanning activity consisting of nearly 1,971 IP addresses probing Microsoft Remote Desktop Web Access and RDP Web Client authentication portals in unison, suggesting a coordinated reconnaissance campaign.

Docker fixed a critical flaw in Docker Desktop app for Windows and macOS that could potentially allow to escape the confines of a container

Researchers have developed a novel attack that steals user data by injecting malicious prompts in images processed by AI systems before delivering them to a large language model.

Researchers warn that attackers are using compromised Amazon email accounts in spear-phishing attacks that may lead to ransomware infections.

U.S. insurance giant Farmers Insurance has disclosed a data breach impacting 1.1 million customers, with BleepingComputer learning that the data was stolen in the widespread Salesforce attacks.

French retailer Auchan is informing that some sensitive data associated with loyalty accounts of several hundred thousand of its customers was exposed in a cyberattack.

The FCC announced Monday it has blocked more than 1,200 voice service providers from having access to the country’s phone network for failing to comply with anti-robocall regulations.

Docker patched CVE-2025-9074 (CVSS 9.3), a flaw enabling container escape via unauthenticated API, risking host takeover.

UNC6384 hijacked captive portals in March 2025 to deploy PlugX malware, advancing PRC cyber-espionage goals.

Dover, Del., Aug. 25, 2025, CyberNewswire—Attaxion announces the addition of the Agentless Traffic Monitoring capability to its exposure management platform. Agentless Traffic Monitoring is a new capability designed to give cybersecurity teams actionable visibility into network traffic flowing to and from their digital assets – all without the need to deploy any agents or sensors

UpCrypter phishing since Aug 2025 uses fake voicemails, RAT payloads, and anti-analysis, hitting global industries.