Latest CyberSec News by @thecyberpicker

Extensive VC Addons for WPBakery page builder 1.9.0 - Remote Code Execution (RCE). CVE-2023-0159 . webapps exploit for PHP platform

TranzAxis 3.2.41.10.26 - Stored Cross-Site Scripting (XSS) (Authenticated).. webapps exploit for PHP platform

Loaded Commerce 6.6 - Client-Side Template Injection(CSTI).. webapps exploit for PHP platform

A newly discovered information-stealing malware called Arcane is stealing extensive user data, including VPN account credentials, gaming clients, messaging apps, and information stored in web browsers.

Microsoft has fixed a bug causing the March 2025 Windows cumulative updates to mistakenly uninstall the AI-powered Copilot digital assistant from some Windows 10 and Windows 11 systems.

Researchers found suspected Graphite deployments in Australia, Canada, Cyprus, Denmark, Israel and Singapore.

Lawmakers also need to take action on legislation to better harmonize federal cybersecurity regulations, Democrats’ staff director on a key Senate committee said.

Newly discovered vulnerability ZDI-CAN-25373 takes advantage of Windows shortcuts has been exploited by 11 state-sponsored groups since 2017

The Federal Trade Commission (FTC) in the U.S. has taken action against Click Profit for allegedly deceiving consumers with false promises of guaranteed passive income through AI-powered online stores.

More than 500,000 people were impacted by a cyberattack on the Pennsylvania State Education Association (PSEA) that took place in July 2024.

The tech giant has yet to address a vulnerability that allows for malicious payloads to be delivered via Windows shortcut files and has been under active attack for eight years.

WhatsApp has patched a zero-click, zero-day vulnerability used to install Paragon's Graphite spyware following reports from security researchers at the University of Toronto's Citizen Lab.

Hackers exploit PHP flaw (CVE-2024-4577) to deploy Quasar RAT and XMRig miners, with Taiwan hit hardest. Update PHP now to mitigate risks.

The combined security platform will expand Google’s reach across a range of major cloud environments.

L'office européen de police a publié son rapport d'évaluation annuel sur les menaces liées au crime organisé dans l'UE. Escroqueries, systèmes...-Intelligence artificielle

Questions of privacy & security are at the forefront of every deployment of Fully Homomorphic Encryption (FHE). Get insights that help evaluate FHE solutions.

A surge in browser-based phishing attacks has been recorded over the past year, with a 140% increase compared to 2023 according to Menlo Security

Leaked Black Basta chats reveal Russian aid in leader’s escape, AI-assisted fraud, and BRUTED credential attacks on firewalls and VPNs.

While phishing has evolved, email security hasn't kept up. Attackers now bypass MFA & detection tools with advanced phishing kits, making credential theft harder to prevent. Learn how Push Security's browser-based security stops attacks as they happen.

With financial stress at an all-time high, people are desperately seeking relief. Sadly, scammers know this all too well.

GPT-4o raises privacy concerns with broad data collection, third-party sharing, and AI training risks. Businesses are restricting AI use to protect sensitive data.

In an interview with Recorded Future News, Deibert explained the technical aspects of the Citizen Lab’s methods and how spyware companies continue to evolve to evade detection.

This week in cybersecurity from the editors at Cybercrime Magazine

Austin, TX, United States, 19th March 2025, CyberNewsWire

World-renowned physicist, Professor Brian Cox, will headline day one of Infosecurity Europe, analyzing the science behind quantum computing and the challenges it brings

ClearFake malware infects 9,300+ websites, using fake reCAPTCHA and Web3 tactics to spread Lumma and Vidar Stealers, exposing 200,000+ users.

Join Beyond Identity’s webinar to learn how secure-by-design access blocks phishing, MFA bypass, and identity threats before they strike.

Security firm Barracuda said it has detected more than a million phishing-as-a-service (PhaaS) attacks in 2025

The US Cybersecurity and Infrastructure Security Agency added flaws in Fortinet and a popular GitHub Action to its Known Exploited Vulnerabilities catalog