Latest CyberSec News by @thecyberpicker

Typecho 1.3.0 - Race Condition. CVE-2024-35539 . webapps exploit for PHP platform

Typecho 1.3.0 - Stored Cross-Site Scripting (XSS). CVE-2024-35540 . webapps exploit for PHP platform

Cosy+ firmware 21.2s7 - Command Injection. CVE-2024-33896 . hardware exploit for Multiple platform

Microsoft patched 126 vulnerabilities including actively exploited CVE-2025-29824, leaving Windows 10 users exposed.

AkiraBot spammed 80,000 websites since September 2024 using GPT-4o-Mini, evading CAPTCHA with proxy tactics.

Centron 19.04 - Remote Code Execution (RCE). CVE-2019-13024 . webapps exploit for PHP platform

PandoraFMS 7.0NG.772 - SQL Injection. CVE-2023-44088 . webapps exploit for PHP platform

Feng Office 3.11.1.2 - SQL Injection. CVE-2024-6039 . webapps exploit for PHP platform

Les pirates de la Corée du Nord mènent une nouvelle campagne pour piéger des employés travaillant pour des entreprises du secteur des cryptomonnaies. De fausses annonces d'embauche incitent les cibles à postuler et à installer un logiciel malveillant. Les hackers nord-coréens continuent de chasser les employés de la

Cisco Smart Software Manager On-Prem 8-202206 - Account Takeover. CVE-2024-20419 . webapps exploit for Multiple platform

Copilot on Windows 11 is testing OS-level integration that would allow you to share your favourite apps' screen with Copilot.

The executive order also eliminates security clearances for SentinelOne employees.

Sensata Technologies, a U.S.-based manufacturer or industrial technologies with operations in about a dozen countries, told federal regulators that a recent ransomware attack disrupted key systems.

A targeted campaign exploited Server-Side Request Forgery (SSRF) vulnerabilities in websites hosted on AWS EC2 instances to extract EC2 Metadata, which could include Identity and Access Management (IAM) credentials from the IMDSv1 endpoint.

Google has quietly launched Firebase Studio, which is a cloud-based AI-powered integrated development environment that lets you build full-fledged apps using prompts.

How are you preparing for the sunset of the FFIEC CAT? Read on to learn how another framework can guide you through this change.

Here is an overview of the CIS Benchmarks that the Center for Internet Security (CIS) updated or released for April 2025.

Threat actor 'Jabaroot' claims breach of National Social Security Fund of Morocco, aiming to steal large volumes of sensitive citizen data.

Microsoft's April 2025 Patch Tuesday updates are strangely creating an empty "inetpub" folder in the root of the C:\ drive, even on systems that do not have Internet Information Services (IIS) installed.

Oracle finally confirmed in email notifications sent to customers that a hacker stole and leaked credentials that were stolen from what it described as "two obsolete servers."

One actively exploited issue patched; five Critical-severity Office vulns exploitable via Preview Pane

Two spyware variants are targeting Uyghur, Taiwanese and Tibetan groups and individuals, the U.K.’s National Cyber Security Centre warned in a joint alert Wednesday with Western allies.

Exchange Server and SharePoint Server are business-critical assets and considered crown-jewels for many organizations, making them attractive targets for attacks. To help customers protect their environments and respond to these attacks, Exchange Server and SharePoint Server integrated Windows Antimalware Scan Interface (AMSI), providing an essential layer of protection by preventing harmful web requests from reaching backend endpoints. The blog outlines several attacks prevented by AMSI integration and highlights recent enhancements. The blog also provides protection and mitigation guidance and how defenders can respond.

Fortinet addressed a critical vulnerability in its FortiSwitch devices that can be exploited to change administrator passwords remotely.

Cyberattackers exploit domain controllers to gain privileged system access where they deploy ransomware that causes widespread damage and operational disruption.

Human rights non-profit Amnesty International urged Thai authorities this week to investigate claims of state-sponsored cyberattacks against human rights organizations and pro-democracy activists following the leak of internal government documents that detailed such an operation.

The OCC said the February incident resulted in the theft of “highly sensitive information" tied to the financial conditions of federally regulated institutions.

Luxembourg, Luxembourg, Apr. 9, 2025, CyberNewswire -- Gcore, the global edge AI, cloud, network, and security solutions provider, has launched Super Transit, a cutting-edge DDoS protection and acceleration feature, designed to safeguard enterprise infrastructure while delivering lightning-fast connectivity. This comes as organizations face a 56% year-on-year increase in high-volume, complex DDoS attacks that disrupt operations,

For decades, a handful of tech giants have shaped digital infrastructure—and, with it, how businesses and governments manage data, security, and connectivity. Related: Practical uses for edge computing Now, the rise of distributed edge computing is being touted as a potential game-changer—pushing processing power closer to users, improving security, and redistributing control over digital assets.

Attackers gained unauthorized, prolonged access to the Office of the Comptroller of the Currency’s email system, accessing numerous emails containing highly sensitive regulatory data.