Billbug Espionage Group Deploys New Tools in Southeast Asia
Billbug, a China-linked espionage group, has been observed targeting critical sectors in Southeast Asia with new tools
Latest CyberSec News by @thecyberpicker
British retailer M&S confirms being hit by ‘cyber incident’ amid store delays
In a statement filed to London’s stock exchange on Tuesday afternoon, the company said it made “some minor, temporary changes to our store operations” as soon as it became aware of the incident.
Microsoft Windows 11 - Kernel Privilege Escalation
Microsoft Windows 11 - Kernel Privilege Escalation. CVE-2024-21338 . local exploit for Windows platform
WordPress Core 6.2 - Directory Traversal
WordPress Core 6.2 - Directory Traversal. CVE-2023-2745 . webapps exploit for PHP platform
Implementing CCM: Data Protection and Privacy Controls | CSA
The Data Security and Privacy domain of the Cloud Controls Matrix addresses critical areas of the data lifecycle, like data classification and data disposal.
tar-fs 3.0.0 - Arbitrary File Write/Overwrite
tar-fs 3.0.0 - Arbitrary File Write/Overwrite. CVE-2024-12905 . local exploit for Linux platform
Microsoft Windows 11 23h2 - CLFS.sys Elevation of Privilege
Microsoft Windows 11 23h2 - CLFS.sys Elevation of Privilege. CVE-2024-49138 . local exploit for Windows platform
OpenSSH server (sshd) 9.8p1 - Race Condition
OpenSSH server (sshd) 9.8p1 - Race Condition. CVE-2024-6387 . remote exploit for Linux platform
Attackers stick with effective intrusion points, valid credentials and exploits | CyberScoop
Infostealers fueled the staying power of identity-based attacks, increasing 84% on a weekly average last year, according to IBM X-Force.
CISA’s Secure by Design initiative in limbo after key leaders resign
Companies have been urging CISA to scale back its software security pressure campaign. Two new resignations from the agency could accelerate that shift.
code-projects Online Exam Mastering System 1.0 - Reflected Cross-Site Scripting (XSS)
code-projects Online Exam Mastering System 1.0 - Reflected Cross-Site Scripting (XSS). CVE-2025-28121 . remote exploit for PHP platform
WonderCMS 3.4.2 - Remote Code Execution (RCE)
WonderCMS 3.4.2 - Remote Code Execution (RCE). CVE-2023-41425 . remote exploit for PHP platform
New Cryptojacking Malware Targets Docker with Novel Mining Technique
Darktrace and Cado said the new campaign highlights a shift towards alternative methods of mining cryptocurrencies
GCP Cloud Composer Bug Let Attackers Elevate Access via Malicious PyPI Packages
GCP’s ConfusedComposer flaw let attackers escalate privileges via PyPI packages; patched by Google on April 13.
GUEST ESSAY: Ponemon study warns: AI-enhanced deepfake attacks taking aim at senior execs
A new study by the Ponemon Institute points to a concerning use of AI: deepfake attacks are on the rise and are taking a financial and reputational toll on companies and their executives. Related: Tools to fight deepfakes Deepfake Deception: How AI Harms the Fortunes and Reputations of Executives and Corporations details the results of a
All Gmail users at risk from clever replay attack
All Google accounts could end up compromised by a clever replay attack on Gmail users abusing Google infrastructure.
Hacktivist Group DieNet Claims DDoS Attacks against U.S. CNI
DieNet is a hacktivist group that's claimed DDoS attacks against U.S. critical infrastructure. Read on to learn its ideology and attack activity.
Russian organizations targeted by backdoor masquerading as secure networking software updates
While investigating an incident, we discovered a sophisticated new backdoor targeting Russian organizations by impersonating secure networking software updates.
Prioritizing Care when Facing Cyber Risks | CSA
Explore how healthcare organizations can safeguard patient care by addressing cyber risks through modernization and resilient security strategies.
Ransomware Damage To Cost The World $57B In 2025
This week in cybersecurity from the editors at Cybercrime Magazine
New Research from Cloud Security Alliance Highlights Critical | CSA
https://www.lastwatchdog.com/rsac-fireside-chat-zero-networks-harnesses-automation-zero-trust-to-advance-microsegmentation/
https://blog.talosintelligence.com/year-in-review-attacks-on-identity-and-mfa/
https://www.usine-digitale.fr/article/le-specialiste-du-parking-indigo-victime-d-une-fuite-de-donnees-personnelles.N2230951
https://thehackernews.com/2025/04/phishers-exploit-google-sites-and-dkim.html
https://thehackernews.com/2025/04/5-major-concerns-with-employees-using.html
AI and Privacy: Shifting from 2024 to 2025 | CSA
Explore how AI and data privacy are reshaping global business, driving innovation, and demanding agile, ethical governance across industries.
Rebuilding Maritime Cybersecurity Resilience: Charting an America First Course to Secure the U.S. Homeland | CyberScoop
Strengthening U.S. maritime cybersecurity in 2025 is vital. Learn about recent port cyberattacks and key steps to secure America’s ports and shipping against rising global threats.
Abilene city, Texas, takes systems offline following a cyberattack
Abilene, Texas, shut down systems after a cyberattack caused server issues. IT staff and experts are investigating the security incident.
Scalllywag Ad Fraud Network Generates 1.4 Billion Bid Requests Daily
Security firm Human lifts the lid on prolific new ad fraud scheme dubbed “scallywag”