Latest CyberSec News by @thecyberpicker

A new version of the Hook Android banking Trojan features 107 remote commands, including ransomware overlays

A global phishing campaign has been identified using personalized emails and fake websites to deliver malware via UpCrypter

Enhancing Hardware Security for the Future of National Defense and Emerging TechnologiesIn

A report by Proofpoint shows growing anxiety among security leaders about their companies’ cyber readiness.

Discover how GDPR compliance can spark real growth and give you a competitive advantage with practical strategies and a strong security culture.

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) is warning of hackers exploiting an arbitrary code execution flaw in the Git distributed version control system.

The cybersecurity community on Reddit responded in disbelief this month when a self-described Air National Guard member with top secret security clearance began questioning the arrangement they'd made with company called DSLRoot, which was paying $250 a month to plug…

This week in cybersecurity from the editors at Cybercrime Magazine

ZipLine campaign uses fake NDAs and AI lures to deploy MixShell malware via contact forms, threatening U.S. supply chains.

The governor added that the state is working with local, tribal and federal partners to restore services, and is “using temporary routing and operational workarounds to maintain public access where it is feasible."

Credential theft attacks prove that companies need to do better, but business leaders cited many reasons for slow progress.

Nissan Japan has confirmed to BleepingComputer that it suffered a data breach following unauthorized access to a server of one of its subsidiaries, Creative Box Inc. (CBI).

Explore how healthcare’s growing reliance on virtual infrastructure has introduced a new class of threats—and what can be done to secure the hypervisor layer.

ShadowCaptcha exploits 100+ WordPress sites since Aug 2025, spreading ransomware, stealers, and miners worldwide.

Les géants de la tech doivent résister aux demandes visant à affaiblir le chiffrement. Voilà le rappel que vient de faire une autorité américaine aux grandes entreprises de la Silicon Valley, en nommant spécifiquement certaines législations récentes en Europe. Motif ? Cela pourrait nuire aux droits des Américains.

I wrote about this in 2023. Here’s the story: Three Dutch security analysts discovered the vulnerabilities­—five in total—­in a European radio standard called TETRA (Terrestrial Trunked Radio), which is used in radios made by Motorola, Damm, Hytera, and others. The standard has been used in radios since the ’90s, but the flaws remained unknown because encryption algorithms used in TETRA were kept secret until now. There’s new news: In 2023, Carlo Meijer, Wouter Bokslag, and Jos Wetzels of security firm Midnight Blue, based in the Netherlands, discovered vulnerabilities in encryption algorithms that are part of a European radio standard created by ETSI called TETRA (Terrestrial Trunked Radio), which has been baked into radio systems made by Motorola, Damm, Sepura, and others since the ’90s. The flaws remained unknown publicly until their disclosure, because ETSI refused for decades to let anyone examine the proprietary algorithms...

Le 22 août, un groupe de hackers nommé Lab-Dookhtegan a revendiqué une cyberattaque d'une ampleur spectaculaire : les hacktivistes auraient coupé la communication de 39 tankers et 25 cargos d'entreprises iraniennes. Les pirates auraient infiltré un des partenaires commerciaux des entreprises maritimes. Dans le monde

All previously scheduled mobility trips across Maryland for this week will be honored, said the state’s transportation administration

Les géants de la tech doivent résister aux demandes visant à affaiblir le chiffrement. Voilà le rappel que vient de faire une autorité américaine aux grandes entreprises de la Silicon Valley, en nommant spécifiquement certaines législations récentes en Europe. Motif ? Cela pourrait nuire aux droits des Américains.

A new CIISec poll finds the majority of industry professionals would prefer more rigorous cybersecurity laws

HOOK Android trojan evolves with 107 commands, adding ransomware overlays and NFC scams, threatening financial security.

Data I/O has revealed operational disruption following a ransomware breach that forced it to take some systems offline

CISA adds Citrix and Git flaws to KEV after active exploitation; agencies must patch by Sept 15, 2025.

Google will verify all Android developers by September 2026 in select countries to curb malicious apps.

GeoVision ASManager Windows Application 6.1.2.0 - Remote Code Execution (RCE). CVE-2025-26264 . remote exploit for Windows platform

Lingdang CRM 8.6.4.7 - SQL Injection. CVE-2025-9140 . webapps exploit for Multiple platform

Birth Chart Compatibility WordPress Plugin 2.0 - Full Path Disclosure. CVE-2025-6082 . webapps exploit for Multiple platform

GeoVision ASManager Windows Application 6.1.2.0 - Credentials Disclosure. CVE-2025-26263 . local exploit for Windows platform

StoryChief Wordpress Plugin 1.0.42 - Arbitrary File Upload. CVE-2025-7441 . webapps exploit for Multiple platform

Ivanti Endpoint Manager Mobile 12.5.0.0 - Authentication Bypass. CVE-2025-4427 . remote exploit for Multiple platform