Latest CyberSec News by @thecyberpicker

Hardcoded key flaw in Triofox and CentreStack exploited as zero-day in March, affecting 7 firms.

Spring Boot common-user-management 0.1 - Remote Code Execution (RCE). CVE-2024-52302 . webapps exploit for Java platform

President Trump last week revoked security clearances for Chris Krebs, the former director of the Cybersecurity and Infrastructure Security Agency (CISA) who was fired by Trump after declaring the 2020 election the most secure in U.S. history. The White House…

Car rental giant Hertz Corporation warns it suffered a data breach after customer data for its Hertz, Thrifty, and Dollar brands was stolen in the Cleo zero-day data theft attacks.

Car rental giant Hertz Corporation warns it suffered a data breach after customer data for its Hertz, Thrifty, and Dollar brands was stolen in the Cleo zero-day data theft attacks.

Les cyberattaques ne visent plus seulement les grandes organisations. Tous les acteurs sont désormais exposés. La cybersécurité ne peut plus se...-Publi-rédaction

Meta users in Europe will have their public posts swept up and ingested for AI training, the company announced this week.

American business services giant and government contractor Conduent disclosed today that client data was stolen in a January 2025 cyberattack.

Swiss cybersecurity firm Prodaft has launched a new initiative called 'Sell your Source' where the company purchases verified and aged accounts on cybercrime forums to conduct threat intelligence operations.

Miami, FL, Apr. 14, 2025 — Today, AcceleTrex Corporation officially emerged from stealth, unveiling a first-of-its-kind platform that transforms expert referrals into a powerful growth engine for innovators. Grounded in the belief that genuine relationships drive meaningful results, AcceleTrex combines Artificial Intelligence (AI) with Actual Intelligence — the practical expertise of Market Experts — to provide genuine Actionable Intelligence

New malware ‘ResolverRAT’ is targeting healthcare and pharmaceutical firms, using advanced capabilities to steal sensitive data.

The CA/Browser Forum has voted to significantly reduce the lifespan of SSL/TLS certificates over the next 4 years, with a final lifespan of just 47 days starting in 2029.

Plusieurs vols de voitures utilisant des techniques électroniques ont été signalés au cours du premier trimestre de 2025. Les modèles récents et populaires ne sont pas épargnés par ces attaques. Depuis début avril 2025, une vidéo diffusée par les tabloïds britanniques montre un vol de véhicule opéré en moins de 20

 Register to attend Learn Live: Security for AI with Microsoft Purview and Defender for Cloud starting April 15  In this month-long webinar series, IT pros and security practitioners can hone their security skillsets with a deeper understanding of AI-centric challenges, opportunities, and best practices using Microsoft Security solutions.   Each session will follow a hosted demo format and cover a Microsoft Learn module (topics listed below). You can ask the SMEs questions via the chat as they show you how to use Microsoft Purview and Microsoft Defender for Cloud to protect your organization in the age of AI.  Learn Live dates/topics include:  April 15 at 12pm PST – Manage AI Data Security Challenges with Microsoft Purview: Microsoft Purview helps you strengthen data security in AI environments, providing tools to handle challenges from AI technology. Learn to safeguard your data and adapt to evolving security challenges in AI technology. This session will help you:  Understand sensitivity labels in Microsoft 365 Copilot  Secure against generative AI data exposure with endpoint Data Loss Prevention  Detect generative AI usage with Insider Risk Management  Dynamically protect sensitive data with Adaptive Protection  April 22 at 12pm PST – Manage Compliance with Microsoft Purview with Microsoft 365 Copilot: Use Microsoft Purview for compliance management with Microsoft 365 Copilot. You'll learn how to handle compliance aspects of Copilot's AI functionalities through Purview. This session will teach you how to:  Audit Copilot interactions within Microsoft 365 using Microsoft Purview  Investigate Copilot interactions using Microsoft Purview eDiscovery  Manage Copilot data retention with Microsoft Purview Data Lifecycle Management  Monitor and mitigate risks in Copilot interactions using Microsoft Purview Communication Compliance  April 29 at 12pm PST – Identify and Mitigate AI Data Security Risks: Microsoft Purview Data Security Posture Management (DSPM) for AI helps organizations monitor AI activity, enforce security policies, and prevent unauthorized data exposure. Learn how to configure DSPM for AI, track AI interactions, run data assessments, and apply security controls to reduce risks associated with AI usage. You will learn how to:  Explain the purpose and benefits of Microsoft Purview DSPM for AI  Set up and configure DSPM for AI to monitor AI interactions  Identify and analyze AI security risks using reports and insights  Run and review AI data assessments to detect oversharing risks  Apply security policies, such as DLP and sensitivity labels, to protect AI-referenced data  May 13 at 10am PST – Enable Advanced Protection for AI Workloads with Microsoft Defender for Cloud: As organizations use and develop AI applications, they need to address new and amplified security risks. Prepare your environment for secure AI adoption to safeguard your data and identify threats to your AI. This session will help you:  Understand how Defender for Cloud can protect AI workloads  Enable threat protection workloads for AI  Gain application and end user context for AI alerts  Register today for these new sessions. We look forward to seeing you!  If you’re unable to attend a session, don’t worry—the recordings will be made available on-demand via YouTube. 

A new remote access trojan (RAT) called 'ResolverRAT' is being used against organizations globally, with the malware used in recent attacks targeting the healthcare and pharmaceutical sectors.

A report calls on federal authorities to conduct comprehensive risk assessments and take steps to modernize the air traffic control system.

This is a current list of where and when I am scheduled to speak: I’m giving an online talk on AI and trust for the Weizenbaum Institute on April 24, 2025 at 2:00 PM CEST (8:00 AM ET). The list is maintained on this page.

ResolverRAT targets healthcare and pharma via localized phishing; uses advanced stealth tactics to ensure persistence and evade detection.

The captain of a Chinese-crewed ship has been charged in Taiwan with breaking a subsea cable near the island, the first such formal charge following almost a dozen similar incidents in recent years.

Meta announced today that it will soon start training its artificial intelligence models using content shared by European adult users on its Facebook and Instagram social media platforms.

GestioIP 3.5.7 - Cross-Site Request Forgery (CSRF). CVE-2024-50858 . remote exploit for Multiple platform

SilverStripe 5.3.8 - Stored Cross Site Scripting (XSS) (Authenticated). CVE-2024-47605 . webapps exploit for Multiple platform

GestioIP 3.5.7 - Remote Command Execution (RCE). CVE-2024-48760 . remote exploit for Multiple platform

GestioIP 3.5.7 - Cross-Site Scripting (XSS). CVE-2024-50857 . remote exploit for Multiple platform

GestioIP 3.5.7 - Reflected Cross-Site Scripting (Reflected XSS). CVE-2024-50859 . remote exploit for Multiple platform

GestioIP 3.5.7 - Stored Cross-Site Scripting (Stored XSS). CVE-2024-50861 . remote exploit for Multiple platform

OpenPanel 0.3.4 - OS Command Injection. CVE-2024-53584 . webapps exploit for Multiple platform

OpenPanel 0.3.4 - Directory Traversal. CVE-2024-53537 . webapps exploit for Multiple platform

OpenPanel 0.3.4 - Incorrect Access Control. CVE-2024-53582 . webapps exploit for Multiple platform

OpenPanel Copy and View functions in the File Manager 0.3.4 - Directory Traversal. CVE-2024-53582 . webapps exploit for Multiple platform