Latest CyberSec News by @thecyberpicker

While AppSec teams are stuck with legacy scanners and backlogs, developers and hackers have adopted AI tools to accelerate their respective objectives.

PZ Frontend Manager WordPress Plugin 1.0.5 - Cross Site Request Forgery (CSRF). CVE-2024-6244 . webapps exploit for PHP platform

Zohocorp ManageEngine ADManager Plus 7210 - Elevation of Privilege. CVE-2024-24409 . webapps exploit for Multiple platform

Microsoft patched 126 vulnerabilities including actively exploited CVE-2025-29824, leaving Windows 10 users exposed.

Apache HugeGraph Server 1.2.0 - Remote Code Execution (RCE). CVE-2024-27348 . webapps exploit for Java platform

ResidenceCMS 2.10.1 - Stored Cross-Site Scripting (XSS). CVE-2024-39143 . webapps exploit for PHP platform

Anchor CMS 0.12.7 - Stored Cross Site Scripting (XSS). CVE-2024-37732 . webapps exploit for PHP platform

Artica Proxy 4.50 - Remote Code Execution (RCE). CVE-2024-2054 . webapps exploit for PHP platform

DocsGPT 0.12.0 - Remote Code Execution. CVE-2025-0868 . webapps exploit for Python platform

Adobe fixes 11 critical ColdFusion vulnerabilities in April 2025, urging updates to prevent file reads and code execution.

Microsoft today released updates to plug at least 121 security holes in its Windows operating systems and software, including one vulnerability that is already being exploited in the wild. Eleven of those flaws earned Microsoft's most-dire "critical" rating, meaning malware…

The U.K.’s National Cyber Security Centre and international cybersecurity and intelligence agencies on Wednesday said hackers are deploying two forms of previously identified spyware to snoop on Uyghur, Tibetan and Taiwanese individuals and civil society organizations.

Microsoft said Storm-2460 has exploited the zero-day in the Windows Common Log File System to attack organizations in the U.S., Venezuela, Spain and Saudi Arabia.

Microsoft published a blog post on Tuesday about the bug alongside its larger Patch Tuesday release, detailing how hackers exploited the vulnerability and used a strain of malware called PipeMagic before deploying ransomware on victims.

Lawmakers on the House Judiciary Committee say privacy protections under a bill Congress passed to re-up Section 702 aren’t strong enough.

Technology experts pressed Congress to maintain export controls on semiconductor chips and other technologies, telling lawmakers Tuesday that the restrictions are among the most effective strategies to slow China and other rival countries in the AI race

Threat actors are abusing SourceForge to distribute fake Microsoft add-ins that install malware on victims' computers to both mine and steal cryptocurrency.

Microsoft has fixed a known issue causing authentication problems when Credential Guard is enabled on systems using the Kerberos PKINIT pre-auth security protocol.

Microsoft has released its monthly security update for April of 2025 which includes 126 vulnerabilities affecting a range of products, including 11 that Microsoft has marked as “critical”.

Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC) have discovered post-compromise exploitation of a newly discovered zero-day vulnerability in the Windows Common Log File System (CLFS) against a small number of targets. Microsoft released security updates to address the vulnerability, tracked as CVE 2025-29824, on April 8, 2025.

Microsoft says the RansomEXX ransomware gang has been exploiting a high-severity zero-day flaw in the Windows Common Log File System to gain SYSTEM privileges on victims' systems.

Beware of deceptive Google Ads targeting QuickBooks and always confirm the website URL before logging in, as fake sites can bypass even 2FA.

Meet the minds behind how Microsoft prioritizes cybersecurity across every team and employee. Three deputy CISOs share their experiences in cybersecurity and how they are redefining protection.

Fortinet patches CVE-2024-48887, a 9.3 CVSS FortiSwitch flaw, urging quick upgrades to avoid attacks.

The makers of the popular file transfer tool CrushFTP say a responsibly disclosed vulnerability in the software has been weaponized. CISA and cyber researchers are sounding alarm bells.

Unknown attackers who breached the Treasury's Office of the Comptroller of the Currency (OCC) in June 2023 gained access to over 150,000 emails.

Microsoft has released Windows 11 KB5055523 and KB5055528 cumulative updates for versions 24H2 and 23H2 to fix security vulnerabilities and issues.

Microsoft has released the KB5055518 cumulative update for Windows 10 22H2 and Windows 10 21H2, with nine changes or fixes.

Today is Microsoft's April 2025 Patch Tuesday, which includes security updates for 134 flaws, including one actively exploited zero-day vulnerability.

Malware campaign via SourceForge and fake AI sites deploy miner, clipper, and RAT malware, impacting 4,604 users in Russia.