Latest CyberSec News by @thecyberpicker

Apple fixed 2 exploited flaws in iOS 18.4.1, one flagged by Google TAG, urging urgent updates.

TP-Link VN020 F3v(T) TT_V6.2.1021 - Buffer Overflow Memory Corruption. CVE-2024-12344 . remote exploit for Multiple platform

TP-Link VN020 F3v(T) TT_V6.2.1021 - Denial Of Service (DOS). CVE-2024-12342 . remote exploit for Multiple platform

Four Windows Task Scheduler flaws allow attackers to bypass UAC, gain SYSTEM access, and erase logs.

Bots now account for half of all internet traffic, according to a new study that shows how non-human activity has grown online.

The Cybersecurity and Infrastructure Security Agency on Wednesday said that while the scope of the reported Oracle issue remains unconfirmed, it "presents potential risk to organizations and individuals."

Over 16,000 internet-exposed Fortinet devices have been detected as compromised with a new symlink backdoor that allows read-only access to sensitive files on previously compromised devices.

MITRE’s U.S.-funded CVE program, a core tool for tracking vulnerabilities, faces funding expiry Wednesday, risking to impact global security.

Google blocked 5.1 billion ads and suspended more than 39.2 million advertiser accounts in 2024, according to its 2024 Ads Safety Report released this week.

Apple released emergency security updates to patch two zero-day vulnerabilities that were used in an "extremely sophisticated attack" against specific targets' iPhones.

The Cybersecurity Information Sharing Act of 2015, set to expire in September, “moved the needle.”

Four Windows Task Scheduler flaws allow attackers to bypass UAC, gain SYSTEM access, and erase logs.

“The CVE Program is invaluable to the cyber community and a priority of CISA,” a CISA spokesperson said. “We appreciate our partners’ and stakeholders’ patience.”

Car rental giant Hertz has been notifying state regulators of a data breach that occurred through third-party file sharing software. Tens of thousands of people are affected, but the company hasn't specified a total number.

The information security industry feared a lapse would lead to industrywide exposures of software vulnerabilities.

While the last-minute extension averts an immediate lapse in support, rival organizations are being stood up to supplant the global vulnerability system.

The Cloud Security Alliance’s CFO encourages others beginning on their AI journeys to continue forging a path into this evolving technology.

Mitre’s CVE’s program—which provides common naming and other informational resources about cybersecurity vulnerabilities—was about to be cancelled, as the US Department of Homeland Security failed to renew the contact. It was funded for eleven more months at the last minute. This is a big deal. The CVE program is one of those pieces of common infrastructure that everyone benefits from. Losing it will bring us back to a world where there’s no single way to talk about vulnerabilities. It’s kind of crazy to think that the US government might damage its own security in this way—but I suppose no crazier than any of the other ways the US is working against its own interests right now...

A new variant of the hello pervert emails claims that the target's system is infected with njRAT and spoofs the victims email address

Just hours before it was set to expire on April 16, the federal contract funding MITRE’s stewardship of the CVE (Common Vulnerabilities and Exposures) program was given a temporary extension by CISA. Related: Brian Krebs' take on MITRE funding expiring This averted an immediate shutdown, but it didn’t solve the underlying problem. Far from it.

Your dashboards say you're secure—but 41% of threats still get through. Picus Security's Adversarial Exposure Validation uncovers what your stack is missing with continuous attack simulations and automated pentesting.

Atlassian users are experiencing degraded performance amid an 'active incident' affecting multiple Jira products since morning hours today. Jira, Jira Service Management, Jira Work Management and Jira Product Discovery are among the impacted products.

Google has announced that it's retiring separate country code top-level domain names like google.co.uk or google.com.br and redirecting users to Google.com.

Hertz has confirmed a data breach exposing customer data after a zero-day attack targeting file transfer software from Cleo Communications

NVISO discovered new variants of the BRICKSTORM backdoor, initially designed for Linux, on Windows systems

Palo Alto, Calif, Apr. 16, 2025, CyberNewswire -- SquareX researchers Jeswin Mathai and Audrey Adeline will be disclosing a new class of data exfiltration techniques at BSides San Francisco 2025. Titled “Data Splicing Attacks: Breaking Enterprise DLP from the Inside Out”, the talk will demonstrate multiple data splicing techniques that will allow attackers to exfiltrate any

The digital forensics company known as Meiya Pico won a contract in mid-2023 to build two labs at the Tibet Police College: one on offensive and defensive cyber techniques and the other on electronic evidence collection and analysis.

The law is due to lapse in September, something cyber experts and industry officials say would be a huge loss.

Critics warn that drastic downsizing of  the DHS unit will threaten the nation’s ability to counter cyber adversaries.

A U.K. law firm specializing in crime, family fraud, sexual offenses and other sensitive matters has been fined after a hack that led to a data leak on the dark web — something the company only learned about after authorities contacted it.