Latest CyberSec News by @thecyberpicker

Le Premier ministre François Bayrou et la ministre responsable de l'IA et du numérique Clara Chappaz sont intervenus lors d'un forum organisé par Viginum, un service gouvernemental focalisé sur les manipulations de l'information sur Internet. Ce 28 mars était l'occasion pour le gouvernement de mettre en lumière

Progress Telerik Report Server 2024 Q1 (10.0.24.305) - Authentication Bypass. CVE-2024-4358 . webapps exploit for Multiple platform

Microsoft resolved an issue that caused the new Outlook email client to crash when users clicked a button designed to switch back to classic Outlook.

Sonatype Nexus Repository 3.53.0-01 - Path Traversal. CVE-2024-4956 . webapps exploit for Multiple platform

As evidence continues to pile up, security firms warn their customers to secure networks.

CodeCanyon RISE CRM 3.7.0 - SQL Injection. CVE-2024-8945 . webapps exploit for PHP platform

Forescout researchers found multiple vulnerabilities in leading solar power system manufacturers, which could be exploited to cause emergencies and blackouts

Hackers have been targeting users in Taiwan with PJobRAT malware delivered through malicious instant messaging apps, according to new research.

Un VPN accessible gratuitement dans un navigateur web. C'est ce que proposent Proton et Vivaldi, qui viennent de s'associer pour inclure Proton VPN dans le navigateur des power users. C'est une nouveauté qui pourrait bien réussir à faire gagner quelques points de parts de marché à Vivaldi. Le navigateur web, qui

RansomHub, l'un des principaux groupes de ransomware au monde, développe et utilise un outil intitulé “EDRKillShifter”. L'objectif de ce...-Cybersécurité

Litespeed Cache 6.5.0.1 - Authentication Bypass. CVE-2024-44000 . webapps exploit for PHP platform

Security flaws underscore the risk of cyber threat actors commandeering parts of the electric grid.

Three security bypasses have been discovered in Ubuntu Linux's unprivileged user namespace restrictions, which could be enable a local attacker to exploit vulnerabilities in kernel components.

Claroty revealed that 89% of healthcare organizations use the top 1% of riskiest Internet-of-Medical-Things (IoMT) devices

46 solar inverter flaws in Sungrow, Growatt, SMA expose power grids to botnet attacks, risking blackouts.

A breach at Oracle Health impacts multiple US healthcare organizations and hospitals after a threat actor stole patient data from legacy servers.

Learn key questions to ask before purchasing a network penetration test to ensure comprehensive security assessment and maximum value for your organization.

CoffeeLoader uses GPU-based evasion, call stack spoofing, and scheduled tasks to deliver next-stage malware.

Many cyber experts are panning a new Trump administration executive order that would shift more responsibilities for responding to cyberattacks to state and local governments.

This week in cybersecurity from the editors at Cybercrime Magazine

Expert speakers discussed the impact of reported cutbacks to CISA on the ability of local officials to protect against surging cyber-attacks on US election infrastructure

Microsoft has fixed a known issue that caused problems with Remote Desktop and RDS connections after installing Windows updates released since January 2025.

La start-up texane conçoit un navigateur d'entreprise basé sur Chromium qui intègre de nombreux outils de cybersécurité et dont les applications...-Cybersécurité

Explore how AI pilot programs help businesses strategically test and implement AI, addressing challenges and unlocking new opportunities for innovation.

This is a truly fascinating paper: “Trusted Machine Learning Models Unlock Private Inference for Problems Currently Infeasible with Cryptography.” The basic idea is that AIs can act as trusted third parties: Abstract: We often interact with untrusted parties. Prioritization of privacy can limit the effectiveness of these interactions, as achieving certain goals necessitates sharing private data. Traditionally, addressing this challenge has involved either seeking trusted intermediaries or constructing cryptographic protocols that restrict how much data is revealed, such as multi-party computations or zero-knowledge proofs. While significant advances have been made in scaling cryptographic approaches, they remain limited in terms of the size and complexity of applications they can be used for. In this paper, we argue that capable machine learning models can fulfill the role of a trusted third party, thus enabling secure computations for applications that were previously infeasible. In particular, we describe Trusted Capable Model Environments (TCMEs) as an alternative approach for scaling secure computation, where capable machine learning model(s) interact under input/output constraints, with explicit information flow control and explicit statelessness. This approach aims to achieve a balance between privacy and computational efficiency, enabling private inference where classical cryptographic solutions are currently infeasible. We describe a number of use cases that are enabled by TCME, and show that even some simple classic cryptographic problems can already be solved with TCME. Finally, we outline current limitations and discuss the path forward in implementing them...

Cisco Talos is actively tracking an ongoing campaign, targeting users in Ukraine with malicious LNK files which run a PowerShell downloader since at least November 2024.

A PhaaS platform, dubbed 'Morphing Meerkat,' uses DNS MX records to spoof over 100 brands and steal credentials, according to Infoblox Threat Intel

This article discusses how IT pros and businesses can guarantee operational continuity and business resilience with Datto BCDR. Learn more.

Mozilla addressed a critical vulnerability, tracked as CVE-2025-2857, impacting its Firefox browser for Windows.

Autosur, la société spécialisée dans le contrôle technique de véhicules, a subi une cyberattaque. Les données personnelles de plus de 10 millions de clients ont été exposées sur un forum de pirates. Autosur, l'enseigne spécialisée dans le contrôle technique, a été victime d'une cyberattaque. Plusieurs clients