Latest CyberSec News by @thecyberpicker

Xanthorox AI, a self-contained system for offensive cyber operations, has emerged on darknet forums

Discover how to balance security and productivity in distributed SaaS management. Learn key risks and strategies for securing SaaS apps without disruption.

Heavy incoming traffic: A new wave of toll fee scams are sweeping America.

This week in cybersecurity from the editors at Cybercrime Magazine

This week’s THN Recap shows how attackers are outsmarting outdated defenses — and what you can do next.

A campaign named PoisonSeed uses stolen CRM and bulk email credentials to send crypto seed scams, aiming to empty victims' digital wallets.

In “Secrets and Lies” (2000), I wrote: It is poor civic hygiene to install technologies that could someday facilitate a police state. It’s something a bunch of us were saying at the time, in reference to the vast NSA’s surveillance capabilities. I have been thinking of that quote a lot as I read news stories of President Trump firing the Director of the National Security Agency. General Timothy Haugh. A couple of weeks ago, I wrote: We don’t know what pressure the Trump administration is using to make intelligence services fall into line, but it isn’t crazy to ...

Delve into the critical role of containerization & Remote Browser Isolation (RBI) as pivotal technologies in enhancing security from the end-user's perspective.

Vanity metrics mask real risks; Gartner forecasts CTEM adoption could cut breaches by two-thirds by 2026.

While analyzing a malicious DLL library used in attacks by APT group ToddyCat, Kaspersky expert discovered the CVE 2024-11859 vulnerability in a component of ESET’s EPP solution.

Vodafone Business has urged the UK government to implement policy changes, including improvements to the Cyber Essentials scheme and tax incentives for cybersecurity

Osney Capital’s new fund is the first to focus exclusively on early-stage UK cybersecurity

Cyber-attacks on Australian superannuation funds leave some savers out of pocket

Cybercriminals exploit compromised accounts for EDR-as-a-Service (Emergency Data Requests - EDR), targeting major platforms

PoisonSeed exploits CRM credentials to spread cryptocurrency seed phrase attacks, risking major wallet compromises.

Face à l'accroissement des menaces, la Cnil joue un rôle central, non seulement en tant qu'organisme de régulation, mais également en tant...-Cybersécurité

A list of topics we covered in the week of March 31 to April 6 of 2025

NumSpot déroule sa feuille de route sans encombre. L’offre de cloud portée par Docaposte, Bouygues Telecom, Dassault Systèmes et la Banque...-Cloud

An ongoing phishing campaign impersonating E-ZPass and other toll agencies has surged recently, with recipients receiving multiple iMessage and SMS texts to steal personal and credit card information.

A newly discovered malicious PyPi package named 'disgrasya' that abuses legitimate WooCommerce stores for validating stolen credit cards has been downloaded over 34,000 times from the open-source package platform.

OpenAI is reportedly testing a new "watermark" for the Image Generation model, which is a part of the ChatGPT 4o model.

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free.

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

A researcher used ChatGPT-4o to create a replica of his passport in just five minutes, realistic enough to deceive most automated KYC systems.

WBCE CMS 1.6.3 - Authenticated Remote Code Execution (RCE).. webapps exploit for Multiple platform

Reservit Hotel 2.1 - Stored Cross-Site Scripting (XSS). CVE-2024-9458 . webapps exploit for PHP platform

Backup and Staging by WP Time Capsule 1.22.21 - Unauthenticated Arbitrary File Upload. CVE-2024-8856 . webapps exploit for PHP platform

Watcharr 1.43.0 - Remote Code Execution (RCE). CVE-2024-48827 . webapps exploit for Multiple platform

Palo Alto Networks Expedition 1.2.90.1 - Admin Account Takeover. CVE-2024-5910 . webapps exploit for Multiple platform

DataEase 2.4.0 - Database Configuration Information Exposure. CVE-2024-30269 . webapps exploit for Java platform