Latest CyberSec News by @thecyberpicker

Sens. Warner and Lankford reintroduced their VDP bill after a companion version passed the House in March.

Latrodectus malware evades detection with ClickFix technique; TikTok and fake Ledger apps expand threat reach.

The decentralized exchange Cetus Protocol announced that hackers have stolen $223 million in cryptocurrency and is offering a deal to stop all legal action if the funds are returned.

60 packages have been discovered in the NPM index that attempt to collect sensitive host and network data and send it to a Discord webhook controlled by the threat actor.

The FBI warned that an extortion gang known as the Silent Ransom Group has been targeting U.S. law firms over the last two years in callback phishing and social engineering attacks.

U.S. and EU law enforcement seized more than $200 million and 144 kilograms of fentanyl or fentanyl-laced narcotics alongside 180 firearms as part of the international effort.

Dans le cadre de l'opération “Endgame 2.0”, Europol et Eurojust ont démantelé l'infrastructure derrière un logiciel malveillant utilisé pour...-Cybersécurité

Law enforcement agencies in Europe and North America have dismantled major infrastructure used in ransomware attacks as part of Operation Endgame, disrupting initial access malware and issuing international arrest warrants against key suspects.

This week in cybersecurity from the editors at Cybercrime Magazine

ViciousTrap exploited CVE-2023-20118 to hijack 5,300 routers, building a honeypot-style spy network.

Explore how privacy intersects with cybersecurity and how aligning them strengthens data protection strategies.

Talos analyzed six months of PowerShell network telemetry and found that rare domains are over three times more likely to be malicious compared to frequently contacted ones.

Operation Endgame dismantled 300 servers and seized €3.5M crypto, disrupting ransomware access networks globally.

A tailored phishing campaign runs on personal information. Taking employees’ personal information out of circulation deprives attackers of a valuable resource.

This article gives a good rundown of the security risks of Windows Recall, and the repurposed copyright protection took that Signal used to block the AI feature from scraping Signal data.

SafeLine WAF delivers 99.45% threat detection via semantic analysis + full self-hosted control + zero subscription fees.

A new Europol-led operation has dismantled infrastructure for key initial access malware used to launch ransomware attacks

Cybercriminals are using TikTok videos to trick users into infecting themselves with Vidar and StealC information-stealing malware in ClickFix attacks.

Law enforcement operation codenamed 'Operation RapTor' led to the arrest of 270 dark web vendors and buyers across 10 countries.

Microsoft is testing a new AI-powered text generation feature in Notepad that can let Windows Insiders create content based on custom prompts.

Operation Raptor also resulted in the seizure of $184m and a record amount of illegal drugs, firearms and drug trafficking proceeds

Sophos has observed DragonForce attacking rival ransomware operators including RansomHub as it seeks to expand its reach in the cybercrime marketplace

DoJ disrupts DanaBot malware after 300K infections and $50M damage; 16 charged in Russia-linked cybercrime ring.

A Chinese threat actor, tracked as UAT-6382, exploited a patched Trimble Cityworks flaw to deploy Cobalt Strike and VShell.

In the latest phase of Operation Endgame, an international law enforcement operation, national authorities from seven countries seized 300 servers and 650 domains used to launch ransomware attacks.

Google has launched a new Chrome feature that automatically updates compromised passwords using its built-in Password Manager.

Indirect prompt injection in GitLab Duo exposed private source code and inserted malicious HTML into AI responses, risking credential theft and data l

Commvault app secrets exposed via CVE-2025-3928 in Azure; CISA warns of broader SaaS campaign

Three critical Versa Concerto flaws disclosed after 90 days allow remote code execution via reverse proxy misconfigurations.

Today, OpenAI rival Anthropic announced Claude 4 models, which are significantly better than Claude 3 in benchmarks, but we're left disappointed with the same 200,000 context window limit.