https://thehackernews.com/2025/03/cisa-adds-nakivo-vulnerability-to-kev.html
CISA adds flaw CVE-2024-48248 to NAKIVO pre-10.11.3; active exploit risks data exposure, FCEB must mitigate by April 9, 2025.
Latest CyberSec News by @thecyberpicker
https://thehackernews.com/2025/03/why-continuous-compliance-monitoring-is.html
33.3M U.S. SMBs risk non-compliance. Automated monitoring cuts fines and boosts security
https://www.numerama.com/politique/1930143-signal-menace-de-quitter-la-france-si-la-loi-contre-le-narcotrafic-va-trop-loin.html
La présidente de la fondation Signal prévient que la loi Narcotrafic est susceptible de provoquer un retrait de son application de messagerie instantanée du marché français. En cause ? Les dispositions pouvant nuire à la sécurité des communications chiffrées. L'avertissement a pris la forme d'un tweet, publié dans
https://www.infosecurity-magazine.com/news/half-million-hit-pennsylvania/
The Pennsylvania State Education Association (PSEA) has sent breach notifications to over 500,000 current and former members
https://www.infosecurity-magazine.com/news/ncsc-post-quantum-cryptography/
New NCSC guidance sets out a three-phase migration to post-quantum cryptography, designed to ensure all systems are protected from quantum attacks by 2035
https://www.usine-digitale.fr/article/cybersecurite-six-gouvernements-suspectes-d-etre-clients-du-fabricant-de-spywares-paragon.N2229188
Le groupe de chercheurs Citizen Lab a publié un rapport sur la société israélienne Paragon Solutions, qui commercialise le logiciel espion...-Cybersécurité
https://www.usine-digitale.fr/article/en-2024-69-des-18-24-ont-deja-eu-recours-a-des-outils-d-ia.N2229183
Un Français sur trois a déjà utilisé des outils d'intelligence artificielle en...-IA générative
https://thehackernews.com/2025/03/cert-ua-warns-dark-crystal-rat-targets.html
CERT-UA warns of a DCRat campaign via Signal targeting Ukrainian defense; UAC-0200 active since summer 2024 risks breaches.
https://www.exploit-db.com/exploits/52089
JUX Real Estate 3.4.0 - SQL Injection. CVE-2025-2126 . webapps exploit for PHP platform
https://www.exploit-db.com/exploits/52090
FluxBB 1.5.11 - Stored Cross-Site Scripting (XSS).. webapps exploit for PHP platform
https://securityaffairs.com/175629/security/whatsapp-fixed-zero-day-flaw-used-to-deploy-paragon-graphite-spyware-spyware.html
WhatsApp fixed a zero-click, zero-day vulnerability used to install Paragon's Graphite spyware on the devices of targeted individuals.
https://krebsonsecurity.com/2025/03/doge-to-fired-cisa-staff-email-us-your-personal-data/
https://www.lastwatchdog.com/news-alert-secpod-launches-saner-cloud-cnapp-platform-for-real-time-automated-security/
Bengaluru, India, Mar. 19, 2025, CyberNewswire -- SecPod, a global cybersecurity provider, has announced the General Availability of Saner Cloud, a Cloud-Native Application Protection Platform designed to provide automated remediation and workload security across multi-cloud environments. Unlike conventional security solutions that focus primarily on detection, Saner Cloud integrates security using AI-driven automation to remediate threats
https://www.lastwatchdog.com/news-alert-knocknoc-raises-seed-funding-to-scale-its-just-in-time-network-access-control-technology/
Sydney, Australia, Mar. 19, 2025, CyberNewswire -- Sydney-based cybersecurity software company Knocknoc has raised a seed round from US-based venture capital firm Decibel Partners with support from CoAct and SomethingReal. The funding will support go-to-market, new staff, customer onboarding and product development. The company has appointed Adam Pointon as Chief Executive Officer. "The opportunity here
https://www.lastwatchdog.com/news-alert-spycloud-study-shows-darknet-identity-exploitation-arising-to-become-a-primary-cyber-risk/
Austin, TX, Ma. 19, 2025, CyberNewswire -- The average corporate user now has 146 stolen records linked to their identity, an average 12x increase from previous estimates, reflecting a surge in holistic identity exposures. SpyCloud, the leading identity threat protection company, today released its 2025 SpyCloud Annual Identity Exposure Report, highlighting the rise of darknet-exposed
https://www.bleepingcomputer.com/news/security/malware-campaign-dollyway-breached-20-000-wordpress-sites/
A malware operation dubbed 'DollyWay' has been underway since 2016, compromising over 20,000 WordPress sites globally to redirect users to malicious sites.
https://www.bleepingcomputer.com/news/security/kali-linux-20251a-released-with-1-new-tool-annual-theme-refresh/
Kali Linux has released version 2025.1a, the first version of 2025, with one new tool, desktop changes, and a theme refresh.
https://www.bleepingcomputer.com/news/security/pennsylvania-education-union-data-breach-hit-500-000-people/
The Pennsylvania State Education Association (PSEA), the largest public-sector union in Pennsylvania, is notifying over half a million individuals that attackers stole their personal information in a July 2024 security breach.
https://cyberscoop.com/dhs-cdm-improvement-elasic-shelly-hartsook-matt-house/
Department of Homeland Security officials in charge of the Cybersecurity and Infrastructure Security Agency’s (CISA) Continuous Diagnostics and Mitigation (CDM) have pushed the program to evolve from a compliance-focused initiative to a real-time threat detection and response platform.
https://cyberscoop.com/capital-one-hacker-paige-thompson-sentence-appeals-court/
Two of the three judges said five years’ probation and time served didn’t match the severity of the crime, among other reasons for overturning the sentence.
https://www.bleepingcomputer.com/news/security/ukrainian-military-targeted-in-new-signal-spear-phishing-attacks/
Ukraine's Computer Emergency Response Team (CERT-UA) is warning about highly targeted attacks employing compromised Signal accounts to send malware to employees of defense industry firms and members of the country's army forces.
https://www.bleepingcomputer.com/news/microsoft/microsoft-exchange-online-outage-affects-outlook-web-users/
Microsoft is investigating an ongoing outage preventing Outlook on the web users from accessing their Exchange Online mailboxes.
https://www.exploit-db.com/exploits/52088
VeeVPN 1.6.1 - Unquoted Service Path.. local exploit for Windows platform
https://www.exploit-db.com/exploits/52087
Gitea 1.24.0 - HTML Injection.. webapps exploit for Multiple platform
https://www.exploit-db.com/exploits/52085
Extensive VC Addons for WPBakery page builder 1.9.0 - Remote Code Execution (RCE). CVE-2023-0159 . webapps exploit for PHP platform
https://www.exploit-db.com/exploits/52086
TranzAxis 3.2.41.10.26 - Stored Cross-Site Scripting (XSS) (Authenticated).. webapps exploit for PHP platform
https://www.exploit-db.com/exploits/52084
Loaded Commerce 6.6 - Client-Side Template Injection(CSTI).. webapps exploit for PHP platform
https://www.bleepingcomputer.com/news/security/new-arcane-infostealer-infects-youtube-discord-users-via-game-cheats/
A newly discovered information-stealing malware called Arcane is stealing extensive user data, including VPN account credentials, gaming clients, messaging apps, and information stored in web browsers.
https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-update-bug-that-wiped-out-copilot/
Microsoft has fixed a bug causing the March 2025 Windows cumulative updates to mistakenly uninstall the AI-powered Copilot digital assistant from some Windows 10 and Windows 11 systems.
https://cyberscoop.com/six-countries-suspected-paragon-spyware-customers/
Researchers found suspected Graphite deployments in Australia, Canada, Cyprus, Denmark, Israel and Singapore.