Palo Alto Networks Expedition 1.2.90.1 - Admin Account Takeover
Palo Alto Networks Expedition 1.2.90.1 - Admin Account Takeover. CVE-2024-5910 . webapps exploit for Multiple platform
Latest CyberSec News by @thecyberpicker
DataEase 2.4.0 - Database Configuration Information Exposure
DataEase 2.4.0 - Database Configuration Information Exposure. CVE-2024-30269 . webapps exploit for Java platform
A flaw in Verizon ’s iOS Call Filter app exposed call records of millions
A now-patched flaw in Verizon ’s iOS Call Filter app exposed call records of millions. Only phone numbers and timestamps were at risk
WinRAR flaw bypasses Windows Mark of the Web security alerts
A vulnerability in the WinRAR file archiver solution could be exploited to bypass the Mark of the Web (MotW) security warning and execute arbitrary code on a Windows machine.
Coinbase to fix 2FA account activity entry freaking out users
Coinbase is fixing an incorrect account activity message that freaks out customers and makes them think their credentials were compromised.
Microsoft Credits EncryptHub, Hacker Behind 618+ Breaches, for Disclosing Windows Flaws
EncryptHub compromised 618+ targets using Microsoft flaws and custom malware after failed freelance attempts.
North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages
North Korean actors used 11 npm packages downloaded 5,600+ times to spread BeaverTail malware, expanding attacks to Bitbucket.
Royal Elementor Addons and Templates 1.3.78 - Unauthenticated Arbitrary File Upload
Royal Elementor Addons and Templates 1.3.78 - Unauthenticated Arbitrary File Upload. CVE-2023-5360 . webapps exploit for Multiple platform
Next.js Middleware 15.2.2 - Authorization Bypass
Next.js Middleware 15.2.2 - Authorization Bypass. CVE-2025-29927 . webapps exploit for Multiple platform
Exclusive Addons for Elementor 2.6.9 - Stored Cross-Site Scripting (XSS)
Exclusive Addons for Elementor 2.6.9 - Stored Cross-Site Scripting (XSS). CVE-2024-1234 . webapps exploit for Multiple platform
Kubio AI Page Builder 2.5.1 - Local File Inclusion (LFI)
Kubio AI Page Builder 2.5.1 - Local File Inclusion (LFI). CVE-2025-2294 . webapps exploit for Multiple platform
Fuite de données chez Oracle, chiffrement de bout en bout par Google… Les 5 actus cyber de la semaine
L’Usine Digitale vous propose un récapitulatif des grandes actualités de la semaine en matière de cybersécurité. Au programme, une...-Cybersécurité
Malicious Python Packages on PyPI Downloaded 39,000+ Times, Steal Sensitive Data
Researchers found Disgrasya downloaded 37,217 times, targeting WooCommerce with carding scripts that steal payment data.
Création d'un cloud européen, lancement d'un XDR collaboratif... Les 5 actu à retenir du FIC 2025
Placé sous le thème du Zero Trust, le Forum InCyber s'est tenu cette semaine à Lille. L'Usine Digitale en résume les temps forts et les...-Cybersécurité
Microchip TimeProvider 4100 Grandmaster (Data plot modules) 2.4.6 - SQL Injection
Microchip TimeProvider 4100 Grandmaster (Data plot modules) 2.4.6 - SQL Injection. CVE-2024-7801 . remote exploit for Hardware platform
IBM Security Verify Access 10.0.0 - Open Redirect during OAuth Flow
IBM Security Verify Access 10.0.0 - Open Redirect during OAuth Flow. CVE-2024-35133 . webapps exploit for Multiple platform
CISA, FBI warn of fast flux technique used to hide malicious servers
Criminal and state-linked hackers use fast-changing DNS records to make it harder for defenders to detect or disrupt malicious activity.
DEF CON® 33 Hacking Conference - Call Index
Maryland pharmacist used keyloggers to spy on coworkers for a decade, victim alleges
A Maryland pharmacist installed spyware on hundreds of computers at a major teaching hospital and recorded videos of staff over the course of a decade, a class-action lawsuit alleges.
Friday Squid Blogging: Two-Man Giant Squid - Schneier on Security
The Brooklyn indie art-punk group, Two-Man Giant Squid, just released a new album. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Senators re-up bill to expand Secret Service’s financial cybercrime authorities | CyberScoop
The bipartisan legislation would strengthen the agency’s authorities to investigate criminal activity tied to digital assets.
Port of Seattle says 90,000 people impacted in 2024 ransomware attack
The organization that runs Seattle-Tacoma International Airport and several container terminals said it is sending breach notification letters to those affected by a ransomware attack, including about 71,000 people in Washington state.
Des hackers exploitent une nouvelle faille de sécurité sur les VPN Ivanti, la Chine pointée du doigt
La société de cybersécurité Mandiant a observé le déploiement de deux familles de malwares suite à l'exploitation d'une vulnérabilité sur des...-Cybersécurité
Port of Seattle says ransomware breach impacts 90,000 people
Port of Seattle, the U.S. government agency overseeing Seattle's seaport and airport, is notifying roughly 90,000 individuals of a data breach after their personal information was stolen in an August 2024 ransomware attack.
Cyber Forensic Expert in 2,000+ Cases Faces FBI Probe
A Minnesota cybersecurity and computer forensics expert whose testimony has featured in thousands of courtroom trials over the past 30 years is facing questions about his credentials and an inquiry from the Federal Bureau of Investigation (FBI). Legal experts say…
PoisonSeed phishing campaign behind emails with wallet seed phrases
A large-scale phishing campaign dubbed 'PoisonSeed' compromises corporate email marketing accounts to distribute emails containing crypto seed phrases used to drain cryptocurrency wallets.
Head of NSA and US Cyber Command reportedly fired
Gen. Timothy D. Haugh served as the head of two government organizations that play integral roles for U.S. cybersecurity.
Australian pension funds hit by wave of credential stuffing attacks
Over the weekend, a massive wave of credential stuffing attacks hit multiple large Australian super funds, compromising thousands of members' accounts.
Flaw in Verizon call record requests put millions of Americans at risk
A security researcher found a flaw in Verizon call record requests that may have put millions of Americans at risk
Trump fires Gen. Timothy Haugh from leadership of Cyber Command and NSA | DefenseScoop
It was not immediately clear why Haugh was let go.