Latest CyberSec News by @thecyberpicker

code-projects Online Exam Mastering System 1.0 - Reflected Cross-Site Scripting (XSS). CVE-2025-28121 . remote exploit for PHP platform

WonderCMS 3.4.2 - Remote Code Execution (RCE). CVE-2023-41425 . remote exploit for PHP platform

Darktrace and Cado said the new campaign highlights a shift towards alternative methods of mining cryptocurrencies

GCP’s ConfusedComposer flaw let attackers escalate privileges via PyPI packages; patched by Google on April 13.

A new study by the Ponemon Institute points to a concerning use of AI: deepfake attacks are on the rise and are taking a financial and reputational toll on companies and their executives. Related: Tools to fight deepfakes Deepfake Deception: How AI Harms the Fortunes and Reputations of Executives and Corporations details the results of a

All Google accounts could end up compromised by a clever replay attack on Gmail users abusing Google infrastructure.

DieNet is a hacktivist group that's claimed DDoS attacks against U.S. critical infrastructure. Read on to learn its ideology and attack activity.

While investigating an incident, we discovered a sophisticated new backdoor targeting Russian organizations by impersonating secure networking software updates.

​Explore how healthcare organizations can safeguard patient care by addressing cyber risks through modernization and resilient security strategies.

This week in cybersecurity from the editors at Cybercrime Magazine

Explore how AI and data privacy are reshaping global business, driving innovation, and demanding agile, ethical governance across industries.

Strengthening U.S. maritime cybersecurity in 2025 is vital. Learn about recent port cyberattacks and key steps to secure America’s ports and shipping against rising global threats.

Abilene, Texas, shut down systems after a cyberattack caused server issues. IT staff and experts are investigating the security incident.

Security firm Human lifts the lid on prolific new ad fraud scheme dubbed “scallywag”

The UN has warned that Southeast Asian fraud groups are expanding their operations

L'émergence de l'intelligence artificielle générative s'accompagne d'un nouveau type de risque informatique : le Slopsquatting. Il s'agit d'une manipulation construite grâce aux hallucinations d'une IA, qui permet à une personne malveillante d'injecter du code corrompu dans des logiciels. Ce n'est un secret pour

Microsoft secures MSA and Entra ID with Azure Confidential VMs + HSM, preventing token forgery and reducing breach risks.

Lotus Panda breached 6 Southeast Asian organizations using custom tools, browser stealers, and sideloaded malware.

A security architect with the National Labor Relations Board (NLRB) alleges that employees from Elon Musk's Department of Government Efficiency (DOGE) transferred gigabytes of sensitive data from agency case files in early March, using short-lived accounts configured to leave few…

This week on the Lock and Code podcast, we speak with Sydney Saubestre about DOGE and its access to Americans' data.

The city of Abilene disconnected servers after officials detected a cyber incident last week.

The CVE could allow unauthenticated attackers to gain full access to a device. Many of these devices are widely used in IoT and telecom platforms.

A U.S. judge limits what evidence NSO Group can present in the WhatsApp spyware trial, blocking arguments about suspected criminal targets and focusing the case on NSO’s conduct.

In a statement to CyberScoop, acting Director Bridget Bean said that encouraging the private sector to build more secure products will continue to be a priority at the agency.