GeoVision GV-ASManager 6.1.0.0 - Broken Access Control
GeoVision GV-ASManager 6.1.0.0 - Broken Access Control. CVE-2024-56898 . webapps exploit for Multiple platform
Latest CyberSec News by @thecyberpicker
GeoVision GV-ASManager 6.1.1.0 - CSRF
GeoVision GV-ASManager 6.1.1.0 - CSRF. CVE-2024-56901 . webapps exploit for Multiple platform
NVD Revamps Operations as Vulnerability Reporting Surges
The NVD program manager has announced undergoing process improvements to catch up with its growing vulnerability backlog
qBittorrent 5.0.1 - MITM RCE
qBittorrent 5.0.1 - MITM RCE. CVE-2024-51774 . local exploit for Multiple platform
ABB Cylon Aspect 3.08.02 - PHP Session Fixation
ABB Cylon Aspect 3.08.02 - PHP Session Fixation.. hardware exploit for Multiple platform
Netman 204 - Remote command without authentication
Netman 204 - Remote command without authentication.. hardware exploit for Multiple platform
Microsoft: Windows 'inetpub' folder created by security fix, don’t delete
Microsoft has now confirmed that an April 2025 Windows security update is creating a new empty "inetpub" folder and warned users not to delete it.
WebFileSys 2.31.0 - Directory Path Traversal
WebFileSys 2.31.0 - Directory Path Traversal. CVE-2024-53586 . webapps exploit for Multiple platform
ABB Cylon FLXeon 9.3.4 - Remote Code Execution (RCE)
ABB Cylon FLXeon 9.3.4 - Remote Code Execution (RCE). CVE-2024-48841 . hardware exploit for Multiple platform
ABB Cylon FLXeon 9.3.4 - WebSocket Command Spawning
ABB Cylon FLXeon 9.3.4 - WebSocket Command Spawning. CVE-2024-48849 . hardware exploit for Multiple platform
Hands-On Labs: The Key to Accelerating CMMC 2.0 Compliance
Cary, North Carolina, 11th April 2025, CyberNewsWire
Google's AI video generator Veo 2 is rolling out on AI Studio
Google's AI video generator tool Veo 2, which is the company's take on OpenAI's Sora, is now rolling out to some users in the United States.
ABB Cylon FLXeon 9.3.4 - System Logs Information Disclosure
ABB Cylon FLXeon 9.3.4 - System Logs Information Disclosure. CVE-2024-48852 . hardware exploit for Multiple platform
ABB Cylon FLXeon 9.3.4 - Default Credentials
ABB Cylon FLXeon 9.3.4 - Default Credentials.. hardware exploit for Multiple platform
Nagios Log Server 2024R1.3.1 - API Key Exposure
Nagios Log Server 2024R1.3.1 - API Key Exposure.. webapps exploit for Multiple platform
CMU CERT/CC VINCE 2.0.6 - Stored XSS
CMU CERT/CC VINCE 2.0.6 - Stored XSS.. webapps exploit for Multiple platform
ABB Cylon FLXeon 9.3.4 - Cross-Site Request Forgery
ABB Cylon FLXeon 9.3.4 - Cross-Site Request Forgery.. hardware exploit for Multiple platform
Microsoft says Edge browser is now 9% faster after optimizations
The Chromium-based Microsoft Edge has seen up to 9% performance improvements following the release of version 134.
Paper Werewolf Deploys PowerModul Implant in Targeted Cyberattacks on Russian Sectors
Paper Werewolf deploys PowerModul in phishing attacks between July and December 2024, expanding espionage with password changes and media file theft.
Microsoft Edge is now up to 9% faster
The Chromium-based Microsoft Edge has seen up to 9% performance improvements following the release of version 134.
US lab testing provider exposed health data of 1.6 million people
Laboratory Services Cooperative (LSC) has released a statement informing it suffered a data breach where hackers stole sensitive information of roughly 1.6 million people from its systems.
Ransomware attack cost IKEA operator in Eastern Europe $23 million
Fourlis Group, the operator of IKEA stores in Greece, Cyprus, Romania, and Bulgaria, has informed that the ransomware attack it suffered just before Black Friday on November 27, 2024, caused losses estimated to €20 million ($22.8M).
Identity Theft Is Rampant. Check Your Credit Report For Free – Today!
This week in cybersecurity from the editors at Cybercrime Magazine
MonAideCyber, la start-up d'État qui aide les organisations peu matures à sécuriser leurs systèmes
Incubée au sein de l'Anssi, la start-up publique MonAideCyber s'adresse aux organisations peu expérimentées dans la sécurisation de leurs...-Cybersécurité
Comparing Human and Non-Human Identities | CSA
Explore the key differences between human and non-human identities in cloud security, focusing on their behaviors, interactions, and management strategies.
AI Vulnerability Finding - Schneier on Security
Microsoft is reporting that its AI systems are able to find new vulnerabilities in source code: Microsoft discovered eleven vulnerabilities in GRUB2, including integer and buffer overflows in filesystem parsers, command flaws, and a side-channel in cryptographic comparison. Additionally, 9 buffer overflows in parsing SquashFS, EXT4, CramFS, JFFS2, and symlinks were discovered in U-Boot and Barebox, which require physical access to exploit. The newly discovered flaws impact devices relying on UEFI Secure Boot, and if the right conditions are met, attackers can bypass security protections to execute arbitrary code on the device...
Google Cloud: Top 5 Priorities for Cybersecurity Leaders Today
Experts at the Google Cloud Next event set out how security teams need to adapt their focuses in the wake of trends such as rising cyber-attacks and advances in AI
Friday Squid Blogging: Squid and Efficient Solar Tech - Schneier on Security
Researchers are trying to use squid color-changing biochemistry for solar tech. This appears to be new and related research to a 2019 squid post. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Initial Access Brokers Shift Tactics, Selling More for Less
Initial Access Brokers shift to low-cost, high-volume access sales in 2024, fueling broader, faster cyberattacks.
Sensata Technologies’ operations disrupted by ransomware attack
The company, which makes sensors for the automotive and aerospace sectors, does not currently expect the attack to have a material impact.