Latest CyberSec News by @thecyberpicker

Apple has released emergency updates to patch another zero-day vulnerability that was exploited in an "extremely sophisticated attack."

Russian hackers exploit Cisco CVE-2018-0171 since 2022, breaching global networks and targeting U.S. infrastructure.

DOM-Based Extension Clickjacking Exposes Popular Password Managers to Credential and Data Theft | Read more hacking news on The Hacker News cybersecurity news website and learn how to protect against cyberattacks and software vulnerabilities.

DOJ charges 22-year-old Ethan Foltz of Oregon for running RapperBot, a DDoS botnet behind 370K+ attacks in 80+ countries since 2021.

A study looking into agentic AI browsers has found that these emerging tools are vulnerable to both new and old schemes that could make them interact with malicious pages and prompts.

The U.S. Department of Justice (DoJ) announced charges against the alleged developer and administrator of the "Rapper Bot" DDoS-for-hire botnet.

This issue of the Counter Threat Unit’s high-level bimonthly report discusses noteworthy updates in the threat landscape during May and June

Indiana-based pharmaceutical research company Inotiv has confirmed it suffered a ransomware attack, disrupting operations and compromising data

The company says it doesn’t yet know if the incident will have a material impact.

With Beacon Network, TRM Labs has brought together law enforcement and some of the largest crypto exchanges to fight against crypto crimes

A Russian state-sponsored group known as Static Tundra has persistently exploited the Cisco CVE-2018-0171 vulnerability to compromise network devices worldwide, targeting key industries and evading detection for years, according to new findings by Cisco Talos.

CSA has mapped the AI Controls Matrix to ISO/IEC 42001:2023. This guide helps organizations integrate AI-specific controls into existing ISMS programs.

A new report has mapped the tactical evolution of mule operators in the META region from VPNs to advanced fraud networks

An attacker could exploit the flaw to inject malicious prompts to Google Calendar invites, exploiting Gemini on the target systems.

A campaign involving a financially motivated group deploying a downloader that delivers CORNFLAKE.V3 malware.

Six major password managers with tens of millions of users are currently vulnerable to unpatched clickjacking flaws that could allow attackers to steal account credentials, 2FA codes, and credit card details.

PromptFix exploits Comet AI browser via fake CAPTCHA, auto-filling credit cards and enabling phishing scams.

A Russian state-sponsored group, Static Tundra, is exploiting an old Cisco IOS vulnerability to compromise unpatched network devices worldwide, targeting key sectors for intelligence gathering.

Email security is stuck where antivirus was a decade ago—focused only on prevention. Learn from Material Security why it's time for an "EDR for email" mindset: visibility, post-compromise controls, and SaaS-wide protection.

Microsoft is investigating an ongoing issue preventing users across North America from accessing Office.com and the company's Copilot AI-powered assistant.

Read this expert SecurityX vs CISSP comparison guide to learn all you need to know about these top certifications and decide which suits you the best.

Une hackeuse professionnelle, connue sous le pseudonyme « Bobdahacker », raconte comment sa chasse aux vulnérabilités chez McDonald's, entamée par une simple commande de nuggets gratuits, a révélé d'autres failles de sécurité et conduit au licenciement d’une employée qui avait accepté de l’aider. Un rapport de

The company said no critical data was accessed, but the hacker "gained access to one of our IT systems that contains the following data: name, first name, telephone number, SIM card number, PUK code, tariff plan.”

The Russian platform Investment Projects said it is working to restore its infrastructure following a cyberattack claimed by the pro-Ukraine group Cyber Anarchy Squad.

We don’t need to throw out RBAC, but we need to evolve beyond it. Modern identity security requires understanding the full picture of effective permissions.

Recent headlines about the Panama Canal, port concessions in Latin America, and strategic realignments in global shipping have reignited conversations across the logistics and procurement world. For organizations, these developments are immediate signals to assess risk exposure, optimize routing decisions and reevaluate resilience strategies. At interos.ai, our latest analysis shows that these developments are already....

Researchers discovered two new phishing techniques where attackers split malicious QR codes or embed them into legitimate ones

This week in cybersecurity from the editors at Cybercrime Magazine