Latest CyberSec News by @thecyberpicker

OpenAI has launched three new reasoning models - o3, o4-mini, and o4-mini-high for Plus and Pro subscribers, but as it turns out, these models do not offer 'unlimited' usage.

An alleged operator of the SmokeLoader malware is now facing federal hacking charges in Vermont after accusations that he stole personal information on more than 65,000 people.

ASUS is warning about an authentication bypass vulnerability in routers with AiCloud enabled that could allow remote attackers to perform unauthorized execution of functions on the device.

The FBI warns that scammers posing as FBI IC3 employees are offering to "help" fraud victims recover money lost to other scammers.

Understand what happened in the Oracle Cloud Infrastructure (OCI) breach and potential mitigation strategies powered by Agentic AI.

Text scams come in many forms and are an ever increasing threat doing an awful lot of financial, and other, damage

A remote code execution vulnerability affecting SonicWall Secure Mobile Access (SMA) appliances has been under active exploitation since at least January 2025, according to cybersecurity company Arctic Wolf.

Smishing kits by Wang Duo Yu enabled toll fraud in 8 U.S. states since Oct 2024, stealing user data via fake E-ZPass pages.

The company is notifying about 190,000 people after certain information used for car insurance quotes was left unencrypted.

A new payment card scam uses malware disguised as a security tool or verification utility to capture card details and access funds.

Hackers don't break in—they log in. Credential-based attacks now fuel nearly half of all breaches. Learn how to scan your Active Directory for compromised passwords and stop attackers before they strike.

Explore how Data Security Posture Management (DSPM) enhances traditional DLP by offering real-time visibility, risk assessment, and automated protection.

Hackers don't break in—they log in. Credential-based attacks now fuel nearly half of all breaches. Learn how to scan your Active Directory for compromised passwords and stop attackers before they strike.

Chinese-speaking IronHusky hackers are targeting Russian and Mongolian government organizations using upgraded MysterySnail remote access trojan (RAT) malware.

This week in cybersecurity from the editors at Cybercrime Magazine

Cisco has released security updates for a high-severity Webex vulnerability that allows unauthenticated attackers to gain client-side remote code execution using malicious meeting invite links.

Multi-stage phishing attack in Dec 2024 used .JSE, PowerShell, and AutoIt to deliver Agent Tesla.

A Server-Side Request Forgery (SSRF) attack occurs when an attacker tricks a server into making requests to other services. Review a real-world SSRF attack.

Inventio Lite 4 - SQL Injection. CVE-2024-44541 . webapps exploit for PHP platform

UJCMS 9.6.3 - User Enumeration via IDOR. CVE-2024-12483 . webapps exploit for Multiple platform

KiviCare Clinic & Patient Management System (EHR) 3.6.4 - Unauthenticated SQL Injection. CVE-2024-11728 . webapps exploit for PHP platform

Langflow 1.3.0 - Remote Code Execution (RCE). CVE-2025-3248 . remote exploit for Multiple platform

Apache Commons Text 1.10.0 - Remote Code Execution. CVE-2022-42889 . webapps exploit for Multiple platform

Tatsu 3.3.11 - Unauthenticated RCE. CVE-2021-25094 . webapps exploit for PHP platform

Hunk Companion Plugin 1.9.0 - Unauthenticated Plugin Installation. CVE-2024-11972 . webapps exploit for Multiple platform

Le Digital Markets Act, le règlement européen sur le droit du numérique, force Apple à autoriser l'installation de magasins concurrents de l'App Store sur ses iPhone et iPad. AltStore Classic, disponible depuis le 17 avril, permet d'installer des applications illégales avec du contenu pirate. Des mois avant l'entrée

AI use in SaaS tools bypasses security controls, creating shadow integrations and real breach risks.

Russian state actor Midnight Blizzard is using fake wine tasting events as a lure to spread malware for espionage purposes, according to Check Point

XorDDoS malware targeted 71.3% of U.S. systems in latest wave; Docker, IoT, and Linux bots fuel rise.