Latest CyberSec News by @thecyberpicker

Researchers uncover sophisticated Konfety Android malware using evil twin apps and complex evasion methods to conduct ad fraud.

A few years ago, a casino was breached via a smart fish tank thermometer. Related: NIST's IoT security standard It’s a now-famous example of how a single overlooked IoT device can become an entry point for attackers — and a cautionary tale that still applies today. The Internet of Things (IoT) is expanding at an

SugarCRM 14.0.0 - SSRF/Code Injection. CVE-2024-58258 . webapps exploit for Multiple platform

White Star Software Protop 4.4.2-2024-11-27 - Local File Inclusion (LFI). CVE-2025-44177 . webapps exploit for Multiple platform

WP Publications WordPress Plugin 1.2 - Stored XSS. CVE-2024-11605 . webapps exploit for Multiple platform

MikroTik RouterOS 7.19.1 - Reflected XSS. CVE-2025-6563 . remote exploit for Multiple platform

The Co-op is teaming up with The Hacking Games to inspire pathways into ethical cybersecurity careers

TOTOLINK N300RB 8.54 - Command Execution. CVE-2025-52089 . hardware exploit for Multiple platform

Microsoft Graphics Component Windows 11 Pro (Build 26100+) - Local Elevation of Privileges. CVE-2025-49744 . local exploit for Windows platform

Langflow 1.2.x - Remote Code Execution (RCE). CVE-2025-3248 . webapps exploit for Multiple platform

Keras 2.15 - Remote Code Execution (RCE). CVE-2025-1550 . remote exploit for Python platform

Microsoft Brokering File System Windows 11 Version 22H2 - Elevation of Privilege. CVE-2025-49677 . local exploit for Windows platform

PivotX 3.0.0 RC3 - Remote Code Execution (RCE). CVE-2025-52367 . webapps exploit for Multiple platform

Google AI "Big Sleep" Stops Exploitation of Critical SQLite Vulnerability Before Hackers Act | Read more hacking news on The Hacker News cybersecurity news website and learn how to protect against cyberattacks and software vulnerabilities.

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Wing FTP Server flaw to its Known Exploited Vulnerabilities catalog.

Cameron Wagenius faces a maximum of 27 years in prison. A researcher that helped with the investigation called this ‘one of the most significant wins in the fight against cybercrime.'

with July 2025 Patch Tuesday, Microsoft fixed 137 different vulnerabilities, including 14 critical issues and an actively exploited zero-day.

Abacus Market, the largest Western darknet marketplace supporting Bitcoin payments, has shut down its public infrastructure in a move suspected to be an exit scam.

OpenAI's image gen model, which is available via ChatGPT for free, now lets you easily create AI images even if you're not familiar with trends or prompt engineering.

ESET researchers observed tens of thousands of machines infected with AsyncRAT and its variants over the past year. The open-source malware is a popular tool among cybercriminals.

In congressional testimony, President Trump’s former national security adviser said his use of Signal to coordinate military operations was “driven by” cybersecurity guidance from CISA.

On Tuesday, Google said Big Sleep managed to discover CVE-2025-6965 — a critical security flaw that Google said was “only known to threat actors and was at risk of being exploited.”

Microsoft has released an emergency update to fix a bug that prevents Azure virtual machines from launching when the Trusted Launch setting is disabled and Virtualization-Based Security (VBS) is enabled.

North Korean threat actors planted 67 malicious packages in the Node Package Manager (npm) online repository to deliver a new malware loader called XORIndex to developer systems.

Cloudflare blocked 7.3 million DDoS attacks in Q2 2025, with a notable spike in hyper-volumetric attacks.

An international law enforcement action dismantled a Romanian ransomware gang known as 'Diskstation,' which encrypted the systems of several companies in the Lombardy region, paralyzing their businesses.

Le 15 juillet 2025, de nombreux utilisateurs de WeTransfer se sont inquiétés d’une nouvelle clause dans les conditions générales d’utilisation (CGU) du service. Censée entrer en vigueur le 8 août 2025, la clause 6.3 semblait accorder à WeTransfer des droits très larges sur les fichiers transférés, notamment leur

MITRE has introduced AADAPT framework, a new cybersecurity framework aimed at mitigating risks in digital financial systems like cryptocurrency

GLOBAL GROUP ransomware, launched in June 2025, targets industries across multiple regions with AI-powered negotiation and rebranded BlackLock tactics

Companies have improved their recovery processes and user controls but still lag in risk preparedness, according to the report.