https://securelist.com/sparkkitty-ios-android-malware/116793/

Latest CyberSec News by @thecyberpicker
Chinese âLapDogsâ ORB Network Targets US and Asia
SecurityScorecard has discovered a covert cyber-espionage botnet dubbed âLapDogsâ linked to China
A week in security (June 15 â June 21)
A list of topics we covered in the week of June 15 to June 21 of 2025
WordPress Motors theme flaw mass-exploited to hijack admin accounts
Hackers are exploiting a critical privilege escalation vulnerability in the WordPress theme "Motors" to hijack administrator accounts and gain complete control of a targeted site.
Russian hackers bypass Gmail MFA using stolen app passwords
Russian hackers bypass multi-factor authentication and access Gmail accounts by leveraging app-specific passwords in advanced social engineering attacks that impersonate U.S. Department of State officials.
Windows Snipping Tool now lets you create animated GIF recordings
âMicrosoft announced that the Windows screenshot and screencast Snipping Tool utility is getting support for exporting animated GIF recordings.
Oxford City Council suffers breach exposing two decades of data
Oxford City Council warns it suffered a data breach where attackers accessed personally identifiable information from legacy systems.
CoinMarketCap briefly hacked to drain crypto wallets via fake Web3 popup
CoinMarketCap, the popular cryptocurrency price tracking site, suffered a website supply chain attack that exposed site visitors to a wallet drainer campaign to steal visitors' crypto.
Security Affairs newsletter Round 529 by Pierluigi Paganini â INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.
Iran confirmed it shut down internet to protect the country against cyberattacks
Iran confirmed Internet shutdown to counter Israeli cyberattacks,citing threats to critical infrastructure, interference with drone control
Scattered Spider Behind Cyberattacks on M&S and Co-op, Causing Up to $592M in Damages
U.K. retailers M&S and Co-op targeted by Scattered Spider cyber attack, with losses up to ÂŁ440M.
Aflac discloses cyber intrusion linked to wider crime spree targeting insurance industry
The breach marks the latest in a series of recent attacks linked to cybercrime group Scattered Spider.
Friday Squid Blogging: Gonate Squid Video - Schneier on Security
This is the first ever video of the Antarctic Gonate Squid. As usual, you can also use this squid post to talk about the security stories in the news that I havenât covered.
Financial deepfake scams targeted in bipartisan Senate bill | CyberScoop
New legislation seeks the creation of a Treasury-led task force to examine and combat AI-fueled scams that trick Americans out of their money.
Cloudflare blocked record-breaking 7.3 Tbps DDoS attack against a hosting provider
Cloudflare blocked a record 7.3 Tbps DDoS attack in May 2025, +12% than its previous peak and 1 Tbps greater than attack reported by Krebs
6 Steps to 24/7 In-House SOC Success
24/7 SOCs are essential for off-hours breach protection. Discover how to build one with AI and efficient staffing.
BitoPro exchange links Lazarus hackers to $11 million crypto heist
The Taiwanese cryptocurrency exchange BitoPro claims the North Korean hacking group Lazarus is behind a cyberattack that led to the theft of $11,000,000 worth of cryptocurrency on May 8, 2025.
Qilin Ransomware Adds "Call Lawyer" Feature to Pressure Victims for Larger Ransoms
Qilin ransomware intensifies, offering legal counsel to affiliates, rising as a top cybercrime platform with 304 victims in 2025.
Tonga Ministry of Health hit with cyberattack affecting website, IT systems
Minister of Health Ana âAkauâola then told parliament on Thursday that an unnamed ransomware gang attacked the National Health Information System, demanding millions in ransom to restore the system.
Microsoft investigates OneDrive bug that breaks file search
âMicrosoft is investigating a known OneDrive issue that is causing searches to appear blank for some users or return no results even when searching for files they know they've already uploaded.
Cloudflare blocks record 7.3 Tbps DDoS attack against hosting provider
Cloudflare says it mitigated a record-breaking distributed denial of service (DDoS) attack in May 2025 that peaked at 7.3 Tbps, targeting a hosting provider.
Aflac duped by social-engineering attack, marking another hit on insurance industry | CyberScoop
Three insurance companies have publicly disclosed cyberattacks in the past week. Scattered Spider, an amorphous band of cybercriminals, has been actively targeting the sector.
« On est dans le marketing de la peur » : des experts dĂ©cryptent la (fausse ?) fuite inĂ©dite de 16 milliards dâidentifiants
La presse mondiale sâest enflammĂ©e, le 19 juin 2025 : « 16 milliards de mots de passe en fuite ! » Apple, Google, Facebook, tous concernĂ©s. Les titres alarmistes se sont multipliĂ©s, Ă©voquant la « plus grande fuite de l'Histoire » et appelant Ă la vigilance extrĂȘme. Mais que sâest-il vraiment passĂ© ? Numerama a
Aflac discloses breach amidst Scattered Spider insurance attacks
On Friday, American insurance giant Aflac disclosed that its systems were breached in a broader campaign targeting insurance companies across the United States by attackers who may have stolen personal and health information.
New Android Malware Surge Hits Devices via Overlays, Virtualization Fraud and NFC Theft
Android malware AntiDot and GodFather target mobile users with phishing, NFC attacks, and app virtualization.
Can users reset their own passwords without sacrificing security?
Self-service password resets (SSPR) reduce helpdesk strainâbut without strong security, they can open the door to attackers. Learn why phishing-resistant MFA, context-aware verification, and risk-based detection are critical to secure SSPR implementation.
AWS CISO stumps for security as an AI enabler
AI's rapid development underscores the need for secure foundations, Amy Herzog said Tuesday during the company's annual cybersecurity conference.
M&S and Co-op Hacks Classified as Single Cyber Event
The UKâs Cyber Monitoring Centre (CMC) assessed the incident as a Category 2 systemic event, based on the significant economic impact
Human Risk Mitigation is at the Core of Email Security | CSA
Humans are a weak spot that cybersecurity must compensate for. Email security tools can ensure that employees are not responsible for stopping attacks.
Krispy Kreme: Over 160,000 people had data stolen during November 2024 cyberattack
A Krispy Kreme spokesperson said the âvast majority of those affected are Krispy Kreme employees, members of their families, and former employees.â