Latest CyberSec News by @thecyberpicker

A list of topics we covered in the week of March 31 to April 6 of 2025

NumSpot déroule sa feuille de route sans encombre. L’offre de cloud portée par Docaposte, Bouygues Telecom, Dassault Systèmes et la Banque...-Cloud

An ongoing phishing campaign impersonating E-ZPass and other toll agencies has surged recently, with recipients receiving multiple iMessage and SMS texts to steal personal and credit card information.

A newly discovered malicious PyPi package named 'disgrasya' that abuses legitimate WooCommerce stores for validating stolen credit cards has been downloaded over 34,000 times from the open-source package platform.

OpenAI is reportedly testing a new "watermark" for the Image Generation model, which is a part of the ChatGPT 4o model.

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free.

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

A researcher used ChatGPT-4o to create a replica of his passport in just five minutes, realistic enough to deceive most automated KYC systems.

WBCE CMS 1.6.3 - Authenticated Remote Code Execution (RCE).. webapps exploit for Multiple platform

Reservit Hotel 2.1 - Stored Cross-Site Scripting (XSS). CVE-2024-9458 . webapps exploit for PHP platform

Backup and Staging by WP Time Capsule 1.22.21 - Unauthenticated Arbitrary File Upload. CVE-2024-8856 . webapps exploit for PHP platform

Watcharr 1.43.0 - Remote Code Execution (RCE). CVE-2024-48827 . webapps exploit for Multiple platform

Palo Alto Networks Expedition 1.2.90.1 - Admin Account Takeover. CVE-2024-5910 . webapps exploit for Multiple platform

DataEase 2.4.0 - Database Configuration Information Exposure. CVE-2024-30269 . webapps exploit for Java platform

A now-patched flaw in Verizon ’s iOS Call Filter app exposed call records of millions. Only phone numbers and timestamps were at risk

A vulnerability in the WinRAR file archiver solution could be exploited to bypass the Mark of the Web (MotW) security warning and execute arbitrary code on a Windows machine.

Coinbase is fixing an incorrect account activity message that freaks out customers and makes them think their credentials were compromised.

EncryptHub compromised 618+ targets using Microsoft flaws and custom malware after failed freelance attempts.

North Korean actors used 11 npm packages downloaded 5,600+ times to spread BeaverTail malware, expanding attacks to Bitbucket.

Royal Elementor Addons and Templates 1.3.78 - Unauthenticated Arbitrary File Upload. CVE-2023-5360 . webapps exploit for Multiple platform

Next.js Middleware 15.2.2 - Authorization Bypass. CVE-2025-29927 . webapps exploit for Multiple platform

Exclusive Addons for Elementor 2.6.9 - Stored Cross-Site Scripting (XSS). CVE-2024-1234 . webapps exploit for Multiple platform

Kubio AI Page Builder 2.5.1 - Local File Inclusion (LFI). CVE-2025-2294 . webapps exploit for Multiple platform

L’Usine Digitale vous propose un récapitulatif des grandes actualités de la semaine en matière de cybersécurité. Au programme, une...-Cybersécurité

Researchers found Disgrasya downloaded 37,217 times, targeting WooCommerce with carding scripts that steal payment data.

Placé sous le thème du Zero Trust, le Forum InCyber s'est tenu cette semaine à Lille. L'Usine Digitale en résume les temps forts et les...-Cybersécurité

Microchip TimeProvider 4100 Grandmaster (Data plot modules) 2.4.6 - SQL Injection. CVE-2024-7801 . remote exploit for Hardware platform

IBM Security Verify Access 10.0.0 - Open Redirect during OAuth Flow. CVE-2024-35133 . webapps exploit for Multiple platform

Criminal and state-linked hackers use fast-changing DNS records to make it harder for defenders to detect or disrupt malicious activity.

A Maryland pharmacist installed spyware on hundreds of computers at a major teaching hospital and recorded videos of staff over the course of a decade, a class-action lawsuit alleges.