Ghost CMS 5.59.1 - Arbitrary File Read
Ghost CMS 5.59.1 - Arbitrary File Read. CVE-2023-40028 . webapps exploit for Multiple platform
Latest CyberSec News by @thecyberpicker
Ghost CMS 5.42.1 - Path Traversal
Ghost CMS 5.42.1 - Path Traversal. CVE-2023-32235 . webapps exploit for Multiple platform
Belkin F9K1009 F9K1010 2.00.04/2.00.09 - Hard Coded Credentials
Belkin F9K1009 F9K1010 2.00.04/2.00.09 - Hard Coded Credentials. CVE-2025-8730 . remote exploit for Multiple platform
VMware vSphere Client 8.0.3.0 - Reflected Cross-Site Scripting (XSS)
VMware vSphere Client 8.0.3.0 - Reflected Cross-Site Scripting (XSS). CVE-2025-41228 . webapps exploit for Multiple platform
ServiceNow Multiple Versions - Input Validation & Template Injection
ServiceNow Multiple Versions - Input Validation & Template Injection. CVE-2024-4879 . webapps exploit for Multiple platform
OpenAI is testing 3,000-per-week limit for GPT-5 Thinking
OpenAI has responded to criticism that it shipped GPT-5 with token limits to minimize cost and maximize profit not with words, but rather with a new 3,000-per-week limit.
Microsoft tests cloud-based Windows 365 disaster recovery PCs
Microsoft has announced the limited public preview of Windows 365 Reserve, a service that provides temporary desktop access to pre-configured cloud PCs for employees whose computers have become unavailable due to cyberattacks, hardware issues, or software problems.
Comment Google se retrouve victime d’une cyberattaque qu’il avait lui-même documentée
Le 8 août 2025, plusieurs dirigeants de petites et moyennes entreprises reçoivent un email inattendu de Google. Le géant américain les informe qu’une fuite a exposé leurs coordonnées, ainsi que des notes relatives à leurs activités commerciales. En cause : une cyberattaque ayant permis à des pirates d’accéder à l’une
Research shows AI agents are highly vulnerable to hijacking attacks
Experts from Zenity Labs demonstrated how attackers could exploit widely deployed AI technologies for data theft and manipulation.
Researchers Spot Surge in Erlang/OTP SSH RCE Exploits, 70% Target OT Firewalls
Erlang/OTP SSH flaw CVE-2025-32433 exploited since May 2025, targeting key industries via OT networks.
OneNote finally gets "paste text only" feature on Windows and Mac
Microsoft confirmed that it's testing the ability to paste text only (plain format) to OneNote for Windows and Mac.
The Rise of Native Phishing: Microsoft 365 Apps Abused in Attacks
Native phishing turns trusted tools into attack delivery systems. Varonis shows how attackers weaponize Microsoft 365 apps, like OneNote & OneDrive, to send convincing internal lures and how to spot them before they spread.
Citrix NetScaler ADC/Gateway 14.1 - Memory Disclosure
Citrix NetScaler ADC/Gateway 14.1 - Memory Disclosure. CVE-2025-5777 . remote exploit for Multiple platform
atjiu pybbs 6.0.0 - Cross Site Scripting (XSS)
atjiu pybbs 6.0.0 - Cross Site Scripting (XSS). CVE-2025-8550 . webapps exploit for Multiple platform
“The worst thing” for online rights: An age-restricted grey web (Lock and Code S06E16)
This week on the Lock and Code podcast, we speak with EFF Activism Director Jason Kelley about online age verification and the "grey web."
New WinRAR Zero-Day Exploited by RomCom Hackers
A flaw in WinRAR, tracked as CVE-2025-8088, has been exploited by the RomCom group to deploy malware
Microsoft Edge Renderer Process (Mojo IPC) 134.0.6998.177 - Sandbox Escape
Microsoft Edge Renderer Process (Mojo IPC) 134.0.6998.177 - Sandbox Escape. CVE-2025-2783 . webapps exploit for Windows platform
Grav CMS 1.7.48 - Remote Code Execution (RCE)
Grav CMS 1.7.48 - Remote Code Execution (RCE). CVE-2025-50286 . webapps exploit for PHP platform
xAI is testing Grok 4.20 to take on GPT-5, may launch this month
Elon Musk-owned xAI is testing Grok 4.20, a small update to Grok 4, which already competes with GPT-5 in some benchmarks, such as ARC-AGI 2.
Connex Credit Union Breach Exposes 172,000 Members’ Data
A cyber-attack at Connex Credit Union has compromised data of 172,000 individuals, including sensitive information
Cyber experts ponder a non-government future for the CVE program
Organizations supporting the security vulnerability program said it needed changes to improve stability and rebuild trust.
CyberScoop 50 reveals 2025 winners; honors Amit Yoran with lifetime award | CyberScoop
The cybersecurity world stands immeasurably stronger because of the vision, expertise, and leadership of Amit Yoran. Throughout his distinguished career, Amit fundamentally shaped the field of cybersecurity, setting new standards for excellence, innovation, and resilience. We are proud to honor Amit’s life with our first-ever lifetime CyberScoop 50 award.
Announcing the winners of the 2025 CyberScoop 50 awards | CyberScoop
Scoop News Group is thrilled to honor the standout winners of the 2025 CyberScoop 50 Awards, recognizing the leaders who protect our networks, data, and infrastructure while driving innovation across cybersecurity.
Cisco ISE 3.0 - Authorization Bypass
Cisco ISE 3.0 - Authorization Bypass. CVE-2025-20125 . remote exploit for Multiple platform
Cisco ISE 3.0 - Remote Code Execution (RCE)
Cisco ISE 3.0 - Remote Code Execution (RCE). CVE-2025-20124 . remote exploit for Multiple platform
Microsoft Windows - Storage QoS Filter Driver Checker
Microsoft Windows - Storage QoS Filter Driver Checker. CVE-2025-49730 . local exploit for Windows platform
projectworlds Online Admission System 1.0 - SQL Injection
projectworlds Online Admission System 1.0 - SQL Injection. CVE-2025-8471 . webapps exploit for Multiple platform
MuddyWater’s DarkBit ransomware cracked for free data recovery
Cybersecurity firm Profero cracked the encryption of the DarkBit ransomware gang's encryptors, allowing them to recover a victim's files for free without paying a ransom.
Online portal exposed car and personal data, allowed anyone to remotely unlock cars
A carmaker has been found to be open to leaking vehicle data and customer information through their dealership portal.
NIST Releases Test Tools to Accelerate Adoption of Emerging Route Leak Mitigation Standards