Latest CyberSec News by @thecyberpicker

SAP issues 21 new and 4 updated security notes, fixing critical NetWeaver flaws enabling RCE and privilege escalation.

The U.S. Department of the Treasury has sanctioned several large networks of cyber scam operations in Southeast Asia, which stole over $10 billion from Americans last year.

The Department of Justice unsealed an indictment against a Ukrainian national alleged to be central to a ransomware campaign affecting hundreds of companies worldwide.

Researchers found a host of vulnerabilities in the platforms run by RBI to service Burger King, Tim Horton's, and Popeyes.

Microsoft has released its monthly security update for September 2025, which includes 86 vulnerabilities affecting a range of products.

New York Blood Center submitted documents to regulators in Maine, Texas, New Hampshire and California that confirmed the cyberattack, which they said was first discovered on January 26.

A threat actor targeting exposed Docker APIs has updated its malicious tooling with more dangerous functionality that could lay the foundation for a complex botnet.

Attaullah Baig alleges that the social media giant fired him for raising security concerns about its WhatsApp messaging platform.

Volodymyr Tymoshchuk, currently a fugitive, was an administrator for multiple ransomware strains, including LockerGoga, said U.S. prosecutors in unsealing an indictment against the Ukrainian national.

Multiple popular npm packages were compromised in a supply chain attack after a maintainer fell for a phishing attack.

The Department of Justice’s Computer Crime and Intellectual Property Section (CCIPS) is pursuing funds taken from five victims between late October 2022 and March 2023, according to a news release.

Kosovo national Liridon Masurica has pleaded guilty to running BlackDB.cc, a cybercrime marketplace that has been active since 2018.

Microsoft has released Windows 11 KB5065426 and KB5065431 cumulative updates for versions 24H2 and 23H2 to fix security vulnerabilities and issues.

Today is Microsoft's September 2025 Patch Tuesday, which includes security updates for 81 flaws, including two publicly disclosed zero-day vulnerabilities.

King, a leading voice in the Senate on cybersecurity issues, honed in on the thousands of staffers and experts laid off by CISA, saying the agency has lost 30 percent of its staff and most of its seasoned leaders.

The tiremaker disclosed a cyberattack just days after Jaguar Land Rover was impacted by a major hack that also disrupted production at certain locations.

The agreement is part of a larger strategy for Mitsubishi to develop one-stop security capabilities in the OT space.

The U.S. Department of Justice has charged Ukrainian national Volodymyr Viktorovich Tymoshchuk for his role as the administrator of the LockerGoga, MegaCortex, and Nefilim ransomware operations.

The United States needs a “new, coordinated strategy” to counter its cyber adversaries and “shift the burden of risk in cyberspace from Americans to them,” National Cyber Director Sean Cairncross said Tuesday.

Frankfurt am Main, Germany, 9th September 2025, CyberNewsWire

Shadow assets don't care about your perimeter. EASM finds every internet-facing asset, surfaces unknowns, and prioritizes real risks—so you can fix exposures before attackers do. See how Outpost24 makes it easy.

Adobe is warning of a critical vulnerability (CVE-2025-54236) in its Commerce and Magento Open Source platforms that researchers call SessionReaper and describe as one of " the most severe" flaws in the history of the product.

A threat actor accidentally revealed their AI-powered methods by installing Huntress security software

C'est un développement qui pourrait faire grand bruit. L'un des dirigeants de Nokia aurait affirmé lors d’un point presse que son entreprise ainsi qu’Ericsson seraient prochainement éjectées de Chine pour des raisons de « sécurité nationale ». Est-ce le début de la riposte chinoise ? Dans un article paru le 8

On Monday, independent researchers revealed that the app’s application programming interface (API) reportedly contained a flaw that allowed outsiders to retrieve photos and personal details from other users’ accounts without authorization.

Industrial conglomerate Mitsubishi Electric has agreed to acquire OT and IoT cybersecurity specialist Nozomi Networks in a transaction that values the firm near the $1 billion mark.

Axios abuse surged 241% June–August 2025, powering phishing campaigns with 70% success via Microsoft Direct Send.

Certaines opérations de lutte contre le piratage sont plus faciles à mener que d'autres. Celle qui consistait à en finir avec la plateforme Calcio a été simple à mener : un coup de pression a suffi, en somme, à en croire l'alliance mondiale anti-piratage. Calcio. Pour les fans de football, c'est le surnom que l'on