Latest CyberSec News by @thecyberpicker

The U.S. Department of the Treasury has sanctioned Russian hosting company Aeza Group and four operators for allegedly acting as a bulletproof hosting company for ransomware gangs, infostealer operations, darknet drug markets, and Russian disinformation campaigns.

A new FileFix attack allows executing malicious scripts while bypassing the Mark of the Web (MoTW) protection in Windows by exploiting how browsers handle saved HTML webpages.

Google has released an urgent update for the Chrome browser to patch a vulnerability which has already been exploited.

Malgré un cessez-le-feu, la tension reste palpable entre les différents acteurs du conflit Iran-Israël. Les autorités américaines en ont bien conscience et tirent la sonnette d'alarme : une vague de cyberattaques iraniennes pourrait frapper des infrastructures américaines dans les jours ou semaines à venir. La nuit

Cloudflare now blocks AI web crawlers by default, requiring permission from site owners for access

sters

Researchers have found a set of vulnerabilities in Bluetooth connected devices that could allow an attacker to spy on users.

Google has patched a critical type confusion vulnerability in Chrome, the fourth zero-day fix in 2025

On Monday, the International Criminal Court (ICC) announced that it's investigating a new "sophisticated" cyberattack that targeted its systems last week.

Proofpoint has identified similarities between the tactics of a pro-Russian cyber espionage group and a cybercriminal gang

A security flaw in IDEs like Visual Studio Code lets attackers bypass extension verification, running malicious code on developer machines

The U.S. Department of Justice (DoJ) announced coordinated law enforcement actions against North Korean government's fund raising operations using remote IT workers.

The ICC said the new incident was the second “of its type” it has faced in recent years, relating to an espionage attack in 2023

Posts about macOS malware, exploits, and tools

The intruders who gained access to the grocer’s online systems in November had access to information including birthdays, Social Security numbers and bank account details.

Esse Health, a healthcare provider based in St. Louis, Missouri, is notifying over 263,000 patients that their personal and health information was stolen in an April cyberattack.

AI is a tool that can combat cybersecurity threats. From threat detection to automated response, explore key use cases that are shaping the future of security.

Posts about macOS malware, exploits, and tools

U.S. issues warning on potential Iranian cyber-attacks, urging stronger protections for critical infrastructure and defense sectors.

Spain's Guardia Civil and Europol touted an operation that took down an international scheme that lured victims into bogus cryptocurrency investments.

This week in cybersecurity from the editors at Cybercrime Magazine

CertiK found $2.47bn in crypto was stolen in H1 2025, largely due to two major security incidents – ByBit and Cetus

Building automation giant Johnson Controls is notifying individuals whose data was stolen in a massive ransomware attack that impacted the company's operations worldwide in September 2023.

Dozens of accounts on X that promoted Scottish independence went dark during an internet blackout in Iran. Well, that’s one way to identify fake accounts and misinformation campaigns.

Google releases an update for Chrome’s CVE-2025-6554, a critical zero-day flaw, to prevent exploitation

Discover how to secure browser usage in enterprises, from GenAI risks to control enforcement, with a three-stage maturity model.

Facebook's pursuit of your personal data continues apace, and now it has a new target: photos on your phone that you haven't shared with it yet.