OpenPanel 0.3.4 - OS Command Injection
OpenPanel 0.3.4 - OS Command Injection. CVE-2024-53584 . webapps exploit for Multiple platform
Latest CyberSec News by @thecyberpicker
OpenPanel 0.3.4 - Directory Traversal
OpenPanel 0.3.4 - Directory Traversal. CVE-2024-53537 . webapps exploit for Multiple platform
OpenPanel 0.3.4 - Incorrect Access Control
OpenPanel 0.3.4 - Incorrect Access Control. CVE-2024-53582 . webapps exploit for Multiple platform
OpenPanel Copy and View functions in the File Manager 0.3.4 - Directory Traversal
OpenPanel Copy and View functions in the File Manager 0.3.4 - Directory Traversal. CVE-2024-53582 . webapps exploit for Multiple platform
Over 14K Fortinet devices compromised via new attack method
Fortinet last week warned that a threat actor was using a novel post-exploitation trick to maintain access to devices after they were patched.
Phishing Campaigns Use Real-Time Checks to Validate Victim Emails Before Credential Theft
Precision-validating phishing filters verified emails via real-time checks, boosting credential theft success and evading security analysis.
Pimcore 11.4.2 - Stored cross site scripting
Pimcore 11.4.2 - Stored cross site scripting. CVE-2024-11954 . webapps exploit for Multiple platform
No, it’s not OK to delete that new inetpub folder
A newly created inetpub folder turns out to be part of a Microsoft update against a vulnerability tracked as CVE-2025-21204
Rep. Green on CISA cuts, China hacking and cyber as a bipartisan issue
The chair of the House Homeland Security Committee said his panel was prepared to take on pressing cyber policy challenges, like an estimated cyber workforce shortage of 50,000 professionals and burdensome digital compliance.
Malicious NPM packages target PayPal users
Threat actors deploy malicious NPM packages to steal PayPal credentials and hijack cryptocurrency transfers.
Major WordPress Plugin Flaw Exploited in Under 4 Hours
Flaw in SureTriggers plugin allows unauthenticated users to create admin accounts on WordPress sites
ZTE ZXHN H168N 3.1 - Remote Code Execution (RCE) via authentication bypass
ZTE ZXHN H168N 3.1 - Remote Code Execution (RCE) via authentication bypass.. hardware exploit for Multiple platform
Hackers using AI-produced audio to impersonate tax preparers, IRS
Artificial Intelligence has supercharged an array of tax-season scams this year, with fraudsters using deepfake audio and other techniques to trick taxpayers into sending them money and financial documents.
Enhancing your DevSecOps with Wazuh, the open source XDR platform
Security shouldn't wait until the end of development. Wazuh brings real-time threat detection, compliance, and vulnerability scanning into your DevOps pipeline—powering a stronger DevSecOps strategy from day one. Learn more about how Wazuh can help secure your development cycle.
Kidney dialysis firm DaVita hit by weekend ransomware attack
Kidney dialysis firm DaVita disclosed Monday it suffered a weekend ransomware attack that encrypted parts of its network and impacted some of its operations.
Pimcore customer-data-framework 4.2.0 - SQL injection
Pimcore customer-data-framework 4.2.0 - SQL injection. CVE-2024-11956 . webapps exploit for Multiple platform
Xinet Elegant 6 Asset Lib Web UI 6.1.655 - SQL Injection
Xinet Elegant 6 Asset Lib Web UI 6.1.655 - SQL Injection. CVE-2019-19245 . webapps exploit for Multiple platform
Ransomware disrupts some operations of kidney dialysis company DaVita
A ransomware attack over the weekend is still affecting some operations at kidney dialysis provider DaVita, the company said in a filing with U.S. regulators.
Prodaft Offers "No Judgment" Deal to Buy Dark Web Accounts from Cybercrime Forum Users
Through the SYS Initiative, Prodaft is offering a secure, anonymous channel for individuals to share information about ongoing cybercrime activities
Secure smart devices with microsegmentation | CSA
Learn how microsegmentation secures IoT/OT devices by isolating them to prevent breaches and reduce costs.
New Malware ResolverRAT Targets Healthcare and Pharma Sectors
ResolverRAT targets healthcare organizations using advanced evasion techniques and social engineering
Microsoft tells Windows users to ignore 0x80070643 WinRE errors
Microsoft says some users might see 0x80070643 installation failures when trying to deploy the April 2025 Windows Recovery Environment (WinRE) updates.
Cybercrime Magazine YouTube Channel Exceeds 1 Million Subscribers
This week in cybersecurity from the editors at Cybercrime Magazine
⚡ Weekly Recap: Windows 0-Day, VPN Exploits, Weaponized AI, Hijacked Antivirus and More
This week's critical cybersecurity recap: breaches before patches, AI weaponization, silent persistence.
April Patch Tuesday From Microsoft Fixed Over 130 Vulnerabilities
Despite 100+ patches, Microsoft hasn't yet released the zero-day fix for Windows 10 systems with April Patch Tuesday, pledging it for later.
US Blocks Foreign Governments from Acquiring Citizen Data
The US government has implemented a program that applies export controls on data transactions to certain countries of concern, including China and Russia
OpenAI's GPT-4.1, 4.1 nano, and 4.1 mini models release imminent
According to references spotted on OpenAI's website, the Microsoft-backed AI startup is planning to launch five new models this week, including GPT-4.1, 4.1 nano, and 4.1 mini.
SOC 2 & HIPAA: unified approach to data privacy | CSA
Explore how combining SOC 2 and HIPAA compliance enhances data security, builds trust, and streamlines operations in the healthcare sector.
Microsoft: New emergency Windows updates fix AD policy issues
Microsoft has released emergency Windows updates to address a known issue affecting local audit logon policies in Active Directory Group Policy.
Digital Certificate Lifespans to Fall to 47 Days by 2029
CA/Browser Forum members have voted in favor of shortening TLS/SSL certificate lifespans to 47 days