Latest CyberSec News by @thecyberpicker

China-linked group UNC5174 hit French govt, telecom, media, finance and transport sectors using Ivanti CSA zero-days, says France’s ANSSI.

The Spanish police have dismantled a large-scale investment fraud operation based in the country, which has caused cumulative damages exceeding €10 million ($11.8M).

This issue of the Counter Threat Unit’s high-level bimonthly report discusses noteworthy updates in the threat landscape during March and April

Les poupées Labubu, un phénomène marketing originaire de Hong Kong, continuent de faire sensation sur les réseaux sociaux. Malheureusement, cette popularité attire également des escrocs. Certains profitent de l’engouement pour piéger parents et collectionneurs, en créant de faux sites web imitant la boutique

Grafana Labs has addressed four Chromium vulnerabilities in critical security updates for the Grafana Image Renderer plugin and Synthetic Monitoring Agent.

French authorities said government agencies and businesses spanning telecom, media, finance and transportation were impacted by the widely exploited Ivanti vulnerabilities.

IconAds ad fraud operation disrupts 352 Android apps, impacting global users with hidden ads and obfuscation.

In May 2025, the U.S. government sanctioned a Chinese national for operating a cloud provider linked to the majority of virtual currency investment scam websites reported to the FBI. But more than a month later, the accused continues to openly…

IdeaLab is notifying individuals impacted by a data breach incident last October when hackers accessed sensitive information.

Groups calling themselves IT Army of Russia and TwoNet are newly active on Telegram, coordinating operations and seeking new members, researchers at Intel 471 said.

Hunters International, l’un des groupes de ransomwares les plus actifs de ces dernières années, a officiellement annoncé la fermeture de ses opérations en juillet 2025. Le groupe se transforme en une nouvelle entité baptisée « World Leaks », axée uniquement sur l’extorsion de données. Dans le monde de la startup

​Microsoft is investigating an ongoing incident causing intermittent issues for users attempting to access SharePoint Online sites.

Rules files to vibe securely, earning $25K from dangling commits, compromising the extension marketplace of Cursor, Windsurf, and other VS Code forks

Interpol said it analyzed five years of data about the illicit industry, which relies on human trafficking to staff up centers with people who are forced to conduct investment fraud, romance scams and other schemes.

A critical Azure Machine Learning flaw allows privilege escalation, risking subscription compromise

Microsoft said it has spent years monitoring North Korea’s campaign to get its citizens hired in IT roles at U.S. companies and recently saw changes in how the campaign operates.

Russian authorities said the man used malware to attack Russian information systems in 2022, blocking access to websites of several local companies and damaging critical infrastructure.

The CVE Board has launched a Consumer Working Group and a Researcher Working Group, allowing new stakeholders to shape the future of the CVE Program

“After careful consideration and in light of recent developments, we have decided to close the Hunters International project,” the prolific cybercrime gang wrote on its darknet site.

The 2024 CrowdStrike outage exposed issues with centralized security solutions, process management, software testing, and incident response planning.

The “El Chapo” Mexican drug cartel snooped on FBI personnel through hacked cameras, and listened in on their phone calls to...

This week in cybersecurity from the editors at Cybercrime Magazine

Stalkerware app Catwatchful has been leaking customer and victim information. It is one in a long line of such apps to do this.

Microsoft has announced that the Exchange Server Subscription Edition (SE) is now available to all customers of its enterprise email service.

ReliaQuest warns that initial access vulnerability exploitation is driving successful ransomware attacks

Over 40 malicious Firefox extensions impersonating popular crypto wallets have been uncovered, putting digital assets at risk.

SentinelLabs observed North Korean actors deploying novel TTPs to target crypto firms, including a mix of programming languages and signal-based persistence

MITRE ATT&CK v17 introduces an ESXi matrix, highlighting hypervisors as critical points of attack. Learn about the new TTPs and how to secure ESXi environments.

​The Hunters International Ransomware-as-a-Service (RaaS) operation announced today that it has officially closed down its operations and will offer free decryptors to help victims recover their data without paying a ransom.

Once you build a surveillance system, you can’t control who will use it: A hacker working for the Sinaloa drug cartel was able to obtain an FBI official’s phone records and use Mexico City’s surveillance cameras to help track and kill the agency’s informants in 2018, according to a new US justice department report. The incident was disclosed in a justice department inspector general’s audit of the FBI’s efforts to mitigate the effects of “ubiquitous technical surveillance,” a term used to describe the global proliferation of cameras and the thriving trade in vast stores of communications, travel, and location data...