Latest CyberSec News by @thecyberpicker

MoziloCMS 3.0 - Remote Code Execution (RCE). CVE-2024-44871 . webapps exploit for PHP platform

A man didn't just have his ID stolen, identity theft ruined his life and robbed him of a promising future.

Russian authorities said they arrested three people and seized hardware in an operation against Mamont malware, which specializes in stealing money from Android device users.

Agent authentication & Model Context Protocol Security, k8s for pentesters, a critical look at "state of cloud security" reports

Cybercriminals are exploiting the popularity of DeepSeek by using fake sponsored Google ads to distribute malware.

Is moving from WhatApp to Signal a good idea? We look at the pros and cons, and which settings can make Signal even more private.

You can't escape AI in WhatsApp even if you are based in one of the 41 European countries. Today, more people are seeing the Meta AI chatbot being added to WhatsApp.

Le groupe de distribution d'articles de sport a été victime d'une intrusion informatique à la mi-mars entraînant une fuite de données...-Cybersécurité

RansomHub's EDRKillShifter used in 2024 ransomware by Medusa, BianLian, and Play, revealing cross-gang tool sharing.

Mozilla has released Firefox 136.0.4 to patch a critical security vulnerability that can let attackers escape the web browser's sandbox on Windows systems.

​Microsoft says a known issue is causing Remote Desktop freezes on Windows Server 2025 systems after installing security updates released since the February 2025 Patch Tuesday.

Cary, North Carolina, 27th March 2025, CyberNewsWire

“We have discovered and reported dozens of zero-day exploits actively used in attacks, but this particular exploit is certainly one of the most interesting we’ve encountered,” researchers from Kaspersky said in their analysis published Tuesday.

Discover why combining SaaS and IaaS security is crucial for cloud security. See how organizations safeguard their cloud ecosystem against evolving threats.

Vivaldi has announced the integration of Proton VPN directly into its browser without requiring add-on downloads or plugin activations, allowing users to protect their data against 'Big Tech' surveillance for free.

Two investigative journalists in Serbia were targeted with advanced commercial spyware last month, Amnesty International said Thursday.

Un VPN accessible gratuitement dans un navigateur web. C'est ce que proposent Proton et Vivaldi, qui viennent de s'associer pour inclure Proton VPN dans le navigateur des power users. C'est une nouveauté qui pourrait bien réussir à faire gagner quelques points de parts de marché à Vivaldi. Le navigateur web, qui

U.S. CISA adds Sitecore CMS and XP, and GitHub Action flaws to its Known Exploited Vulnerabilities catalog.

This week in cybersecurity from the editors at Cybercrime Magazine

APT36 spoofed India Post using malware-laced PDFs and Android apps to harvest sensitive data.

The ICO’s Deputy Commissioner told Infosecurity that organizations that fail to implement MFA and suffer a breach can expect heavy penalties

Dozens of vulnerabilities in products from three leading makers of solar inverters, Sungrow, Growatt, and SMA, could be exploited to control devices or execute code remotely on the vendor's cloud platform.

Once considered inactive, the Chinese cyber espionage group FamousSparrow has reemerged, targeting organizations across the US, Mexico and Honduras

Hybrid cloud security requires visibility, governance, and automation. Learn best practices to mitigate risks like misconfigurations, compliance gaps, and insider threats.

NIST just released a comprehensive taxonomy of adversarial machine learning attacks and countermeasures.

Sophos X-Ops uncovers a recent campaign from an Android RAT first seen in 2019 – now infecting users in Taiwan

Traditional CASB tools miss 100% of shadow SaaS threats—browser-based security offers real-time visibility and control.

The UK’s National Crime Agency is warning of a growing cyber and physical threat from homegrown teens

Phishing Office files and CVE-2017-11882 exploits still active in 2025, exposing unpatched systems to malware.

The UK’s National Cyber Security Centre has released new guidance to help domain registrars enhance security