Latest CyberSec News by @thecyberpicker

interos.ai uses their anomalous returns predictive model to detect which companies are at an elevated financial risk in this new trade climate, and which market drops are just noise.

The top Democrat on a cybersecurity subcommittee says the “drastic reorganization” obligates CISA’s acting director to discuss its plans with lawmakers.

Laboratory Services Cooperative reports a data breach from October 2024 that exposed personal and medical info of 1.6 million individuals.

Researchers discovered a technique that allows threat actors to maintain read-only access to vulnerable FortiGate devices after they are patched.

Cary, NC, Apr. 11, 2025, CyberNewswire -- Defense contractors are facing increased pressure to meet the Department of Defense's stringent Cybersecurity Maturity Model Certification (CMMC) 2.0 requirements ahead of 2025 compliance deadlines. INE Security, a leading global provider of cybersecurity training and certifications, is highlighting how hands-on cybersecurity labs are proving critical for organizations seeking

Microsoft is testing a new Defender for Endpoint capability that will block traffic to and from undiscovered endpoints to thwart attackers' lateral network movement attempts.

Fortinet warns attackers used symlink exploits to retain access post-patch, prompting urgent FortiOS updates and SSL-VPN mitigations.

​Microsoft is gradually rolling out the AI-powered Windows Recall feature to Insiders in the Release Preview channel before making it generally available to all Windows users with Copilot+ PCs.

Fortinet warns that threat actors use a post-exploitation technique that helps them maintain read-only access to previously compromised FortiGate VPN devices even after the original attack vector was patched.

Western Sydney University (WSU) announced two security incidents that exposed personal information belonging to members of its community.

A report by At-Bay also shows a sharp increase in supply chain risk via third-party vendors.

Fortinet warns that threat actors use a post-exploitation technique that helps them maintain read-only access to previously compromised FortiGate VPN devices even after the original attack vector was patched.

Tech executives grapple with a looming skills gap as they juggle cybersecurity with the speed of innovation, according to an Experis survey.

The “Right to be Forgotten”—a principle touted by GDPR—is facing its biggest test yet. Once personal data is used to train an AI model, is deletion possible?

Le géant du web a lancé une plateforme réunissant sous le même toit ses services et offres de cybersécurité, y compris ses activités de...-Cybersécurité

The US indicated they will sign the Pall Mall Pact, an international treaty to regulate commercial spyware and surveillance tools.

The breach affecting Laboratory Services Cooperative involves sensitive information about medical care, as well as bank account details.

ABB Cylon FLXeon 9.3.4 - Remote Code Execution (Authenticated). CVE-2024-48841 . hardware exploit for Multiple platform

GeoVision GV-ASManager 6.1.0.0 - Broken Access Control. CVE-2024-56898 . webapps exploit for Multiple platform

GeoVision GV-ASManager 6.1.1.0 - CSRF. CVE-2024-56901 . webapps exploit for Multiple platform

The NVD program manager has announced undergoing process improvements to catch up with its growing vulnerability backlog

qBittorrent 5.0.1 - MITM RCE. CVE-2024-51774 . local exploit for Multiple platform

ABB Cylon Aspect 3.08.02 - PHP Session Fixation.. hardware exploit for Multiple platform

Netman 204 - Remote command without authentication.. hardware exploit for Multiple platform

Microsoft has now confirmed that an April 2025 Windows security update is creating a new empty "inetpub" folder and warned users not to delete it.

WebFileSys 2.31.0 - Directory Path Traversal. CVE-2024-53586 . webapps exploit for Multiple platform

ABB Cylon FLXeon 9.3.4 - Remote Code Execution (RCE). CVE-2024-48841 . hardware exploit for Multiple platform

ABB Cylon FLXeon 9.3.4 - WebSocket Command Spawning. CVE-2024-48849 . hardware exploit for Multiple platform

Cary, North Carolina, 11th April 2025, CyberNewsWire

Google's AI video generator tool Veo 2, which is the company's take on OpenAI's Sora, is now rolling out to some users in the United States.