Latest CyberSec News by @thecyberpicker

Visual Studio Code extensions have been identified exploiting a loophole that allows reuse of names from removed packages

Data breaches cost $4.44M in 2025 as app flaws and GenAI risks surge, driving urgent security changes.

Examine the structure of AI agents, the identity gaps they expose, and the principles required to govern them as they take on a larger role in enterprises.

This week in cybersecurity from the editors at Cybercrime Magazine

Nevada’s CIO confirmed in a press conference that ransomware actors had exfiltrated data from state networks, amid an ongoing incident investigation

Enterprise security teams are under more pressure than ever to secure sprawling application estates, without slowing down delivery. That's why, over the first half of 2025, we've delivered some of our

German prosecutors charged a man with carrying out a damaging cyberattack on Rosneft Deutschland, the German subsidiary of Russia’s state-owned oil giant, in the weeks following Russia's invasion of Ukraine.

15M Trello profiles leaked in 2024; built-in SaaS security fails, making third-party backup essential.

Everyone hates robocalls. However, it’s difficult to track down all the scammers and spammers that make them, so the Federal Communications...

Anthropic—maker of AI coding chatbot Claude—says cybercriminals have abused Claude to automate and orchestrate sophisticated attacks.

Nx supply chain attack on Aug 26, 2025 leaked 2,349 secrets via npm packages, risking GitHub and cloud accounts.

The US Director of National Intelligence is reporting that the UK government is dropping its backdoor mandate against the Apple iPhone. For now, at least, assuming that Tulsi Gabbard is reporting this accurately.

The US, UK and allies have called out China’s “commercial cyber ecosystem” for enabling large-scale Salt Typhoon campaigns

Le SCAF apparaît enlisé dans sa phase 1B. La faute à des désaccords sur la gouvernance du projet entre les trois principaux acteurs industriels chargés de concevoir le système de combat aérien du futur. Les passes d’armes entre Dassault Aviation et les filiales allemande et espagnole d’Airbus se poursuivent, alors

U.S. sanctions target DPRK IT worker scheme using AI, crypto, and fraud, generating $1M+ since 2021

Chainalysis, OKX, Binance and Tether have managed to stop nearly $50m reaching romance baiting fraudsters

Hackers breached Salesloft to steal OAuth/refresh tokens for Drift AI chat; GTIG and Mandiant link the campaign to threat actor UNC6395.

Microsoft observed Storm-0501 pivot to the victim’s cloud environment to exfiltrate data rapidly and prevent the victim’s recovery

Automated Malware Analysis - Development and Licensing of Automated Malware Analysis Tools to Fight Malware

ESET uncovers AI-powered PromptLock ransomware using OpenAI gpt-oss:20b model, complicating detection with variable Lua scripts.

As the sanctions-evading scheme has grown, so too has the U.S. government’s response.

Newark, N.J., Aug. 25, 2025, CyberNewwire — Only 7 days left to secure the Early Bird registration at the OpenSSL Conference 2025, October 7 – 9 in Prague. The event will bring together lawyers, regulators, developers, and entrepreneurs to explore issues of security and privacy for everyone, everywhere. Attendees will have the opportunity to: •Meet

Microsoft warns that a threat actor tracked as Storm-0501 has evolved its operations, shifting away from encrypting devices with ransomware to focusing on cloud-based encryption, data theft, and extortion.

A notorious Chinese hacking campaign against telecommunications companies has now reached into a variety of additional sectors across the globe, including government, transportation, lodging and military targets.

Threat researchers discovered the first AI-powered ransomware, called PromptLock, that uses Lua scripts to steal and encrypt data on Windows, macOS, and Linux systems.

Storm-0501 exfiltrates and deletes Azure data in hybrid cloud attacks, forcing ransom via Teams.

The Sangoma FreePBX Security Team is warning about an actively exploited FreePBX zero-day vulnerability that impacts systems with the Administrator Control Panel (ACP) is exposed to the internet.

Google says it is starting a cyber “disruption unit,” a development that arrives in a potentially shifting U.S. landscape toward more offensive-oriented approaches in cyberspace.

Cisco Talos’ Vulnerability Discovery & Research team recently disclosed ten vulnerabilities in BioSig Libbiosig, nine in Tenda AC6 Router, eight in SAIL, two in PDF-XChange Editor, and one in a Foxit PDF Reader. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy.     For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from S

Over 28,200 Citrix NetScaler ADC/Gateway instances remain exposed to critical RCE flaw CVE-2025-7775, already under active exploitation.