Latest CyberSec News by @thecyberpicker

compop.ca 3.5.3 - Arbitrary code Execution. CVE-2024-48445 . webapps exploit for Multiple platform

AnyDesk 9.0.1 - Unquoted Service Path.. local exploit for Windows platform

A Windows vulnerability that exposes NTLM hashes using .library-ms files is now actively exploited by hackers in phishing campaigns targeting government entities and private companies.

According to a complaint filed by a former employee, cybercriminals exfiltrated records that held personal information like names and Social Security numbers belonging to 76,000 current and former employees of Paradies Shops.

Blood Bank & Donor Management System 2.4 - CSRF Improper Input Validation. CVE-2024-12955 . webapps exploit for Multiple platform

A new report fleshes out the resources that went into building DeepSeek’s R1 reasoning model and potential risks to U.S. economic and national security.

Read about the initiatives Microsoft has undertaken over the past 18 months to support secure by design, secure by default, and secure in operations objectives as part of our SFI Initiative.

The INC ransomware gang claimed it was behind the cyberattack, which limited operations last November at some of the company's 2,000 stores across the U.S.

Usermin 2.100 - Username Enumeration. CVE-2024-44762 . webapps exploit for Multiple platform

Angular-Base64-Upload Library 0.1.21 - Unauthenticated Remote Code Execution (RCE). CVE-2024-42640 . webapps exploit for Multiple platform

ABB Cylon Aspect 3.08.02 (ethernetUpdate.php) - Authenticated Path Traversal.. hardware exploit for PHP platform

ABB Cylon Aspect 3.08.02 (deployStart.php) - Unauthenticated Command Execution. CVE-2024-48840 . hardware exploit for PHP platform

Discord is testing the feature: “We’re currently running tests in select regions to age-gate access to certain spaces or user settings,” a spokesperson for Discord said in a statement. “The information shared to power the age verification method is only used for the one-time age verification process and is not stored by Discord or our vendor. For Face Scan, the solution our vendor uses operates on-device, which means there is no collection of any biometric information when you scan your face. For ID verification, the scan of your ID is deleted upon verification.”...

A set of 57 Chrome extensions with 6,000,000 users have been discovered with very risky capabilities, such as monitoring browsing behavior, accessing cookies for domains, and potentially executing remote scripts.

La célèbre chaîne française d'opticiens et d'acousticiens a subi une cyberattaque en raison d'une faille de sécurité chez l'un de ses...-Cybersécurité

Apple patched two zero-day vulnerabilities that were used in sophisticated targeted attacks manipulating device memory

An NTLM hash disclosure spoofing vulnerability that leaks hashes with minimal user interaction has been observed being exploited in the wild

The former CISA director departed the cybersecurity company in response to the order, which directs DOJ to investigate him.

Bipartisan support grows in Congress to extend Cybersecurity Information Sharing Act for 10 years

CISA added the high-severity flaw, initially disclosed in 2021, to its known exploited vulnerabilities catalog this week.

Mustang Panda uses StarProxy, SplatCloak, and updated TONESHELL to breach Myanmar target undetected.

Deliberately vulnerable MCP to practice your hacking chops, how Figma's balances usability & security, a new tool to put a leash on naughty AWS permissions

Thousands tricked by fake reward & toll scam texts. CTM360 exposes PointyPhish & TollShark—SMS phishing campaigns powered by the Darcula PhaaS platform, with 5K+ domains stealing payment info worldwide.

Food retail giant Ahold Delhaize confirms that data was stolen from its U.S. business systems during a November 2024 cyberattack.

Le financement du gouvernement américain au MITRE, qui gère la base de données CVE utilisée par de grandes entreprises du monde entier pour...-Cybersécurité

L'Agence nationale de la sécurité des systèmes d'information fait le point sur l'état de la menace dans le secteur des transports urbains. Les...-Cybersécurité

The agency is asking organizations to come forward if they detect suspicious activity or other evidence of a compromise.

​​Microsoft has reminded customers that Office 2016 and Office 2019 will reach the end of extended support six months from now, on October 14, 2025.

Here’s why a managed cloud file transfer (MFT) solution is the best answer to enterprise requirements surrounding modernization, security, and compliance.