Latest CyberSec News by @thecyberpicker

Par la voix de Clara Chappaz, la ministre déléguée de l'IA et du numérique, le gouvernement a lancé un appel aux grands patrons de choisir des...-Cybersécurité

ollama 0.6.4 - Server Side Request Forgery (SSRF).. local exploit for Multiple platform

MCPs for Ghidra, Semgrep, and SecOps, a CodeQL supply chain issue, using ServiceNow offensively for persistence and lateral movement

A cascading supply chain attack on GitHub that targeted Coinbase in March has now been traced back to a single token stolen from a SpotBugs workflow, which allowed a threat actor to compromise multiple GitHub projects.

Worried parents tracking their children with T-Mobile SyncUP devices suddenly found that they were looking at the location of random other children.

Sansec found criminals mass-scanning for defunct.dat files which contain GSocket backdoor keys. A quick scan reveals dozens of infected stores.

Unravel why Penetration Testing as a Service (PTaaS) is critical for a cybersecurity approach in the public sector for optimizing safety and security.

The cybercriminal uses the service of Proton66, an infamous Russian-based bulletproof hosting provider, to deploy malware

Lazarus Group deploys GolangGhost via fake job interviews using ClickFix, targeting Windows/macOS users with finance roles.

This week in cybersecurity from the editors at Cybercrime Magazine

AI-driven cyberattacks now clone voices and manipulate data in real time—adapt fast or fall behind.

A l'occasion du Forum InCyber, qui se tient actuellement à Lille, l'entreprise Wallix a annoncé le lancement de "Web Session Manager", un...-Cybersécurité

IT compliance has evolved from a niche concern into an essential component of a business strategy. Read these guidelines for securing your compliance strategy.

ABB Cylon Aspect 3.07.02 - File Disclosure (Authenticated). CVE-na . webapps exploit for Multiple platform

If you’ve ever taken a computer security class, you’ve probably learned about the three legs of computer security—confidentiality, integrity, and availability—known as the CIA triad. When we talk about a system being secure, that’s what we’re referring to. All are important, but to different degrees in different contexts. In a world populated by artificial intelligence (AI) systems and artificial intelligent agents, integrity will be paramount. What is data integrity? It’s ensuring that no one can modify data—that’s the security angle—but it’s much more than that. It encompasses accuracy, completeness, and quality of data—all over both time and space. It’s preventing accidental data loss; the “undo” button is a primitive integrity measure. It’s also making sure that data is accurate when it’s collected—that it comes from a trustworthy source, that nothing important is missing, and that it doesn’t change as it moves from format to format. The ability to restart your computer is another integrity measure...

Facebook Pixel exposed CSRF tokens at major retailer; Reflectiz detected breach early, preventing €20M GDPR fines.

Compliance concerns delay AI adoption across enterprises, exposing them to faster, AI-driven cyberattacks.

Située en Bretagne, W3Cam est spécialisée depuis 20 ans dans la vente de systèmes de vidéosurveillance et de sécurité sur IP. Partenaire de grands groupes comme La Poste, la RATP ou certains ministères, W3Cam s'engage à sécuriser les sites les plus sensibles, mais pas uniquement. Elle peut aussi s’occuper de la

Highline Public Schools revealed that sensitive personal, financial and medical data was accessed by ransomware attackers during the September 2024 incident

ABB Cylon Aspect 3.07.01 - Hard-coded Default Credentials. CVE-2024-4007 . webapps exploit for PHP platform

Webmin Usermin 2.100 - Username Enumeration. CVE-2024-44762 . webapps exploit for Perl platform

Microsoft Office 2019 MSO Build 1808 - NTLMv2 Hash Disclosure. CVE-2024-38200 . remote exploit for Windows platform

La division de l'opérateur dédiée aux entreprises et administrations met la main sur SecInfra, une société spécialisée dans la sécurité des...-Cybersécurité

Semperis claims 62% of water and electricity providers were hit by cyber-attacks in the past year

Vite 6.2.2 - Arbitrary File Read. CVE-2025-30208 . remote exploit for Multiple platform

PortSwigger's Vision In March, PortSwigger hosted its biggest webinar to date and the turnout spoke volumes. With over 7,500 registrants, it’s clear that the future of application security is top of m

Quick Share flaw CVE-2024-10668 bypasses earlier fixes, enabling DoS or unauthorized file delivery.

BforeAI researchers discover 596 suspicious Bybit-themed domains designed to defraud visitors

Triada malware infected 2,600+ Android devices via counterfeit phones in March 2025, enabling remote access and crypto theft.

A new Triada trojan variant comes preinstalled on Android devices, stealing data on setup, warn researchers from Kaspersky.