Google Gemini AI is getting ChatGPT-like Scheduled Actions feature
Google Gemini is testing a ChatGPT-like scheduled tasks feature called "Scheduled Actions," which will allow you to create tasks that Gemini will execute later.
Latest CyberSec News by @thecyberpicker
ASUS Confirms Critical Flaw in AiCloud Routers; Users Urged to Update Firmware
CVE-2025-2492 flaw in ASUS AiCloud routers allows remote control; firmware fix issued for 4 versions.
Bleu franchit le J0, Meta AI utilise les données des Européens... Les 5 actus clés sur la protection des données
L'Usine Digitale vous propose un best-of des actualités de la semaine du 14 avril en matière de protection des données. Au menu : l'offre...-Data protection
Base de données CVE en sursis, menaces dans les transports… Les 5 actus cyber de la semaine
L’Usine Digitale vous propose un récapitulatif des grandes actualités de la semaine en matière de cybersécurité. Au programme, l'arrêt...-Cybersécurité
FoxCMS 1.2.5 - Remote Code Execution (RCE)
FoxCMS 1.2.5 - Remote Code Execution (RCE). CVE-2025-29306 . webapps exploit for Multiple platform
Drupal 11.x-dev - Full Path Disclosure
Drupal 11.x-dev - Full Path Disclosure. CVE-2024-45440 . webapps exploit for PHP platform
Friday Squid Blogging: Live Colossal Squid Filmed - Schneier on Security
A live colossal squid was filmed for the first time in the ocean. It’s only a juvenile: a foot long. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
ASUS routers with AiCloud vulnerable to auth bypass exploit
ASUS warns of an authentication bypass flaw in routers that could allow unauthorized execution of functions on the device
Interlock ransomware gang pushes fake IT tools in ClickFix attacks
The Interlock ransomware gang now uses ClickFix attacks that impersonate IT tools to breach corporate networks and deploy file-encrypting malware on devices.
OpenAI details ChatGPT-o3, o4-mini, o4-mini-high usage limits
OpenAI has launched three new reasoning models - o3, o4-mini, and o4-mini-high for Plus and Pro subscribers, but as it turns out, these models do not offer 'unlimited' usage.
Alleged SmokeLoader malware operator facing federal charges in Vermont
An alleged operator of the SmokeLoader malware is now facing federal hacking charges in Vermont after accusations that he stole personal information on more than 65,000 people.
ASUS warns of critical auth bypass flaw in routers using AiCloud
ASUS is warning about an authentication bypass vulnerability in routers with AiCloud enabled that could allow remote attackers to perform unauthorized execution of functions on the device.
FBI: Scammers pose as FBI IC3 employees to 'help' recover lost funds
The FBI warns that scammers posing as FBI IC3 employees are offering to "help" fraud victims recover money lost to other scammers.
Oracle Cloud Breach: Mitigate Attacks with Agentic AI | CSA
Understand what happened in the Oracle Cloud Infrastructure (OCI) breach and potential mitigation strategies powered by Agentic AI.
Text scams grow to steal hundreds of millions of dollars
Text scams come in many forms and are an ever increasing threat doing an awful lot of financial, and other, damage
SonicWall SMA VPN devices targeted in attacks since January
A remote code execution vulnerability affecting SonicWall Secure Mobile Access (SMA) appliances has been under active exploitation since at least January 2025, according to cybersecurity company Arctic Wolf.
Chinese Smishing Kit Powers Widespread Toll Fraud Campaign Targeting U.S. Users in 8 States
Smishing kits by Wang Duo Yu enabled toll fraud in 8 U.S. states since Oct 2024, stealing user data via fake E-ZPass pages.
Lemonade says applicant driver’s license numbers exposed
The company is notifying about 190,000 people after certain information used for car insurance quotes was left unencrypted.
New payment-card scam involves a phone call, some malware and a personal tap
A new payment card scam uses malware disguised as a security tool or verification utility to capture card details and access funds.
7 Steps to Take After a Credential-Based Attack
Hackers don't break in—they log in. Credential-based attacks now fuel nearly half of all breaches. Learn how to scan your Active Directory for compromised passwords and stop attackers before they strike.
Data Security Evolution: From DLP to DSPM | CSA
Explore how Data Security Posture Management (DSPM) enhances traditional DLP by offering real-time visibility, risk assessment, and automated protection.
7 Steps to Take After a Credential-Based cyberattack
Hackers don't break in—they log in. Credential-based attacks now fuel nearly half of all breaches. Learn how to scan your Active Directory for compromised passwords and stop attackers before they strike.
Chinese hackers target Russian govt with upgraded RAT malware
Chinese-speaking IronHusky hackers are targeting Russian and Mongolian government organizations using upgraded MysterySnail remote access trojan (RAT) malware.
YouTube Marketing Lesson From RSA Conference 2025
This week in cybersecurity from the editors at Cybercrime Magazine
U.S. CISA adds Apple products and Microsoft Windows NTLM flaws to its Known Exploited Vulnerabilities catalog
Cisco Webex bug lets hackers gain code execution via meeting links
Cisco has released security updates for a high-severity Webex vulnerability that allows unauthenticated attackers to gain client-side remote code execution using malicious meeting invite links.
Multi-Stage Malware Attack Uses .JSE and PowerShell to Deploy Agent Tesla and XLoader
Multi-stage phishing attack in Dec 2024 used .JSE, PowerShell, and AutoIt to deliver Agent Tesla.
Defending Against SSRF Attacks in Cloud Native Apps | CSA
A Server-Side Request Forgery (SSRF) attack occurs when an attacker tricks a server into making requests to other services. Review a real-world SSRF attack.
Inventio Lite 4 - SQL Injection
Inventio Lite 4 - SQL Injection. CVE-2024-44541 . webapps exploit for PHP platform
UJCMS 9.6.3 - User Enumeration via IDOR
UJCMS 9.6.3 - User Enumeration via IDOR. CVE-2024-12483 . webapps exploit for Multiple platform