Latest CyberSec News by @thecyberpicker

Teedy 1.11 - Account Takeover via Stored Cross-Site Scripting (XSS). CVE-2024-46278 . webapps exploit for Multiple platform

phpMyFAQ 3.1.7 - Reflected Cross-Site Scripting (XSS). CVE-2022-4407 . webapps exploit for PHP platform

A critical resource that cybersecurity professionals worldwide rely on to identify, mitigate and fix security vulnerabilities in software and hardware is in danger of breaking down. The federally funded, non-profit research and development organization MITRE warned today that its contract…

The MITRE Corporation said on Tuesday that its stewardship of the CVE program may be ending this week because the federal government has decided not to renew its contract with the nonprofit.

Follow me for lucky prizes scams are old fake crypto exchange scams in a new jacket and on a different platform

ChatGPT 4.1 is now rolling out, and it's a significant leap from GPT 4o, but it fails to beat the benchmark set by Google's most powerful model, Gemini.

ChatGPT 4.1 is now rolling out, and it's a significant leap from GPT 4o, but it fails to beat the benchmark set by Google's most powerful model, Gemini 2.5 Pro.

Russian state-sponsored espionage group Midnight Blizzard is behind a new spear-phishing campaign targeting diplomatic entities in Europe, including embassies.

China on Tuesday accused three alleged employees of the U.S. National Security Agency of carrying out cyberattacks on the Asian Winter Games in February.

Landmark Admin has issued an update to its investigation of a cyberattack it suffered in May 2024, increasing the number of impacted individuals to 1.6 million.

The allegations, supported by the foreign ministry, are more specific and aggressive than usual and say the U.S. sought to disrupt the Asian Winter Games.

Since October 2024, Microsoft Defender Experts has observed and helped multiple customers address campaigns leveraging Node.js to deliver malware and other payloads that ultimately lead to information theft and data exfiltration.

4chan, a notorious online forum, was taken offline earlier today after what appears to be a significant hack and has since been loading intermittently.

Le très polémique forum 4chan a été ciblé par une cyberattaque. La plateforme est actuellement hors ligne et des données sur les administrateurs ont potentiellement fuité. Le forum 4chan est hors ligne depuis le 15 avril, ce qui a rapidement suscité des réactions sur Reddit et X (anciennement Twitter). De nombreux

Learn how Microsoft Security Exposure Management initiatives build on the foundation to offer a renewed perspective on managing cybersecurity risks.

Microsoft announced it will begin disabling all ActiveX controls in Windows versions of Microsoft 365 and Office 2024 applications later this month.

As AI coding assistants invent nonexistent software libraries to download and use, enterprising attackers create and upload libraries with those names—laced with malware, of course.

Critical vulnerability affects both CentreStack and Gladinet’s on-premises file-sharing server, Triofox.

The kidney dialysis firm doesn’t have an estimate for how long disruption from the attack will last, though it stressed patients are still receiving care.

Sysdig researchers say UNC5174’s use of open-source tools like VShell and WebSockets has likely helped the group mask its presence in other campaigns.

​Microsoft warned that Exchange 2016 and Exchange 2019 will reach the end of support six months from now, on October 14.

Car rental giant Hertz data suffered a data breach caused by a CL0P ransomware attack on file sharing vendor Cleo

A critical flaw (CVE-2025-24859) in Apache Roller lets attackers keep access even after password changes. All versions ≤6.1.4 are affected

The company is the latest organization to investigate or disclose an incident linked to a monthslong attack spree.

Meta announced that it will use public EU user data to train AI, resuming plans paused last year over Irish data protection concerns.

A House committee launched an investigation into the privacy and security risks associated with the bankruptcy of genetic testing company 23andMe and has asked its former CEO to testify at a hearing planned for early May.

La patronne de la sécurité chez Microsoft en est persuadée : l'intelligence artificielle va redonner l'avantage aux entreprises face aux...-Intelligence artificielle

Posing as potential employers, Slow Pisces hackers conceal malware in coding challenges sent to cryptocurrency developers on LinkedIn

Malicious PyPI package rerouted MEXC crypto orders and exposed API keys, downloaded 1,065 times.

Apache Roller flaw CVE-2025-24859 keeps sessions active after password changes, risking persistent access.