Latest CyberSec News by @thecyberpicker

Avis aux créateurs de contenus : de faux logiciels CapCut circulent pour vous piéger. Des cybercriminels ont créé de fausses versions du célèbre logiciel de montage, promettant de nouvelles fonctionnalités d’IA. Leur but ? Vous pousser à télécharger un fichier malveillant capable de prendre le contrôle total de vos

A DPRK stealer, dubbed BeaverTail, targets users via a trojanized meeting app

A comprehensive analysis of the year's new macOS malware

LiveHelperChat 4.61 - Stored Cross Site Scripting (XSS) via the Chat Transfer Function. CVE-2025-51401 . webapps exploit for PHP platform

LiveHelperChat 4.61 - Stored Cross Site Scripting (XSS) via Department Assignment Alias Nick Field. CVE-2025-51403 . webapps exploit for PHP platform

Abnormal AI found that 96% of security leaders have no plans to reduce the headcount in SOC teams as a result of AI adoption, instead focusing on reallocating roles

Microsoft is asking businesses to reach out for support to mitigate a known issue causing Cluster service and VM restart issues after installing this month's Windows Server 2019 security updates.

Tenda FH451 1.0.0.9 Router - Stack-based Buffer Overflow. CVE-2025-7795 . remote exploit for Multiple platform

Discourse 3.1.1 - Unauthenticated Chat Message Access. CVE-2023-45131 . webapps exploit for Multiple platform

LiveHelperChat 4.61 - Stored Cross Site Scripting (XSS) via Facebook Integration Page Name Field. CVE-2025-51398 . webapps exploit for PHP platform

LiveHelperChat 4.61 - Stored Cross Site Scripting (XSS) via Personal Canned Messages. CVE-2025-51400 . webapps exploit for PHP platform

LiveHelperChat 4.61 - Stored Cross Site Scripting (XSS) via Operator Surname. CVE-2025-51397 . webapps exploit for PHP platform

LiveHelperChat 4.61 - Stored Cross Site Scripting (XSS) via Telegram Bot Username. CVE-2025-51396 . webapps exploit for PHP platform

Pie Register WordPress Plugin 3.7.1.4 - Authentication Bypass to RCE. CVE-2025-34077 . webapps exploit for Multiple platform

Simple File List WordPress Plugin 4.2.2 - File Upload to RCE. CVE-2020-36847 . webapps exploit for Multiple platform

Ivanti ICS flaws exploited from Dec 2024–July 2025 to deploy MDifyLoader, Cobalt Strike, and Go tools.

Active SharePoint exploits since July 7 target governments and tech firms globally, risking key theft and persistent access.

Microsoft Edge Windows 10 Version 1511 - Cross Site Scripting (XSS). CVE-2015-6176 . remote exploit for Windows platform

Joomla JS Jobs plugin 1.4.2 - SQL injection. CVE-2025-49484 . webapps exploit for PHP platform

Hardcoded credentials in HPE Aruba Instant On Wi-Fi devices, let attackers to bypass authentication and access the web interface.

Cisco Talos is aware of the ongoing exploitation of CVE-2025-53770 and CVE-2025-53771 in the wild. These are path traversal vulnerabilities affecting SharePoint Server Subscription Edition, SharePoint Server 2016, and SharePoint Server 2019.

The Clear Linux OS team has announced the shutdown of the project, marking the end of its 10-year existence in the open-source ecosystem.

As the state responded to a pro-Iranian attack, officials tell CyberScoop that it avoided reaching out to the federal agency, partly because it has been “politicized and weakened” under the president.

Ring is warning that a backend update bug is responsible for customers seeing a surge in unauthorized devices logged into their account on May 28th.

A Dell spokesperson said the site is “intentionally separated from customer and partner systems, as well as Dell’s networks and is not used in the provision of services to Dell customers.”

APT41 targeted African IT services using SharePoint-based C2, custom malware, and credential stealers.

DCHSpy Android spyware, linked to Iran's MOIS, mimics VPN and Starlink apps to spy on dissidents.

The flaw has already led to widespread compromises prior to Microsoft’s release of an emergency patch.

For technology chiefs, a “do as I say, not as I do” stance could lead to a security breach. Instead, cyber awareness can be taught by example.

The founders of Indian cryptocurrency exchange CoinDCX said no customer funds were affected in a more than $40 million theft from reserves.