Latest CyberSec News by @thecyberpicker

73% of respondents in an Armis survey said they worried about nation-state actors using AI for cyber-attacks

La jeune pousse française se définit comme une “tour de contrôle” des systèmes d'information de ses clients en automatisant la détection et la...-Cybersécurité

Christine Lagarde, la présidente de la Banque centrale européenne, somme l'Union européenne de concevoir son propre réseau de paiement indépendant des géants américains. Aujourd'hui, une fraction de nos paiements va directement dans les poches de Visa et Mastercard. Avec ses surtaxes douanières, Donald Trump a

WinRAR patched the MotW bypass flaw with the latest 7.11 release, alongside other bug fixes, urging users to update.

Microsoft has issued security updates to fix 130+ vulnerabilities this month, including one zero-day

The UK and allies have warned of new mobile spyware targeting Uyghur, Tibetan and Taiwanese communities

Critical Gladinet CentreStack flaw CVE-2025-30406 actively exploited in March 2025 enables remote code execution.

Windows zero-day CVE-2025-29824 exploited via PipeMagic malware escalated SYSTEM privileges, leading to targeted ransomware attacks.

ChurchCRM 5.9.1 - SQL Injection. CVE-2024-39304 . webapps exploit for PHP platform

Intelight X-1L Traffic controller Maxtime 1.9.6 - Remote Code Execution (RCE). CVE-2024-38944 . webapps exploit for Multiple platform

While AppSec teams are stuck with legacy scanners and backlogs, developers and hackers have adopted AI tools to accelerate their respective objectives.

PZ Frontend Manager WordPress Plugin 1.0.5 - Cross Site Request Forgery (CSRF). CVE-2024-6244 . webapps exploit for PHP platform

Zohocorp ManageEngine ADManager Plus 7210 - Elevation of Privilege. CVE-2024-24409 . webapps exploit for Multiple platform

Microsoft patched 126 vulnerabilities including actively exploited CVE-2025-29824, leaving Windows 10 users exposed.

Apache HugeGraph Server 1.2.0 - Remote Code Execution (RCE). CVE-2024-27348 . webapps exploit for Java platform

ResidenceCMS 2.10.1 - Stored Cross-Site Scripting (XSS). CVE-2024-39143 . webapps exploit for PHP platform

Anchor CMS 0.12.7 - Stored Cross Site Scripting (XSS). CVE-2024-37732 . webapps exploit for PHP platform

Artica Proxy 4.50 - Remote Code Execution (RCE). CVE-2024-2054 . webapps exploit for PHP platform

DocsGPT 0.12.0 - Remote Code Execution. CVE-2025-0868 . webapps exploit for Python platform

Adobe fixes 11 critical ColdFusion vulnerabilities in April 2025, urging updates to prevent file reads and code execution.

Microsoft today released updates to plug at least 121 security holes in its Windows operating systems and software, including one vulnerability that is already being exploited in the wild. Eleven of those flaws earned Microsoft's most-dire "critical" rating, meaning malware…

The U.K.’s National Cyber Security Centre and international cybersecurity and intelligence agencies on Wednesday said hackers are deploying two forms of previously identified spyware to snoop on Uyghur, Tibetan and Taiwanese individuals and civil society organizations.

Microsoft said Storm-2460 has exploited the zero-day in the Windows Common Log File System to attack organizations in the U.S., Venezuela, Spain and Saudi Arabia.

Microsoft published a blog post on Tuesday about the bug alongside its larger Patch Tuesday release, detailing how hackers exploited the vulnerability and used a strain of malware called PipeMagic before deploying ransomware on victims.

Lawmakers on the House Judiciary Committee say privacy protections under a bill Congress passed to re-up Section 702 aren’t strong enough.

Technology experts pressed Congress to maintain export controls on semiconductor chips and other technologies, telling lawmakers Tuesday that the restrictions are among the most effective strategies to slow China and other rival countries in the AI race

Threat actors are abusing SourceForge to distribute fake Microsoft add-ins that install malware on victims' computers to both mine and steal cryptocurrency.

Microsoft has fixed a known issue causing authentication problems when Credential Guard is enabled on systems using the Kerberos PKINIT pre-auth security protocol.

Microsoft has released its monthly security update for April of 2025 which includes 126 vulnerabilities affecting a range of products, including 11 that Microsoft has marked as “critical”.

Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC) have discovered post-compromise exploitation of a newly discovered zero-day vulnerability in the Windows Common Log File System (CLFS) against a small number of targets. Microsoft released security updates to address the vulnerability, tracked as CVE 2025-29824, on April 8, 2025.