Latest CyberSec News by @thecyberpicker

FIN7 deploys Anubis backdoor via malspam to control Windows systems using stealthy, memory-resident payloads.

ABB Cylon Aspect 3.08.01 - Arbitrary File Delete. CVE-2024-6209 . webapps exploit for PHP platform

Elaine's Realtime CRM Automation 6.18.17 - Reflected XSS. CVE-2024-42831 . webapps exploit for PHP platform

ABB Cylon Aspect 3.08.01 - Remote Code Execution (RCE). CVE-2024-6298 . webapps exploit for Multiple platform

Hijack Loader now uses call stack spoofing and ANTIVM modules to bypass detection and persist.

interos.ai’s weighs in on tariffs and the geopolitical landscape ahead of "Liberation Day”

As medical devices are bought and re-sold on the secondary market, they become harder to find and patch when a new vulnerability is discovered, a doctor told House lawmakers.

A previously unknown trick lets you easily bypass using a Microsoft Account in Windows 11, just as Microsoft tries to make it harder to use local accounts.

Retired Lt. Gen. Dan Caine, President Trump's nominee to serve as chairman of the Joint Chiefs of Staff, also expressed support for the current dual-hat arrangement between U.S. Cyber Command and NSA.

As thousands were laid off from the Department of Health and Human Services on Tuesday morning, Congress held a hearing on medical device cybersecurity where experts raised concerns about the ramifications of the firings.

The company released a host of security patches Monday, including ones that address two zero-day vulnerabilities.

The program faces a number of challenges before it is set to expire, during a time where state and local governments face a bevy of cyber risks and changes.

Microsoft’s offensive security team discovered a critical code execution vulnerability impacting Canon printer drivers.

​North Korea's IT workers have expanded operations beyond the United States and are now increasingly targeting organizations across Europe.

Read how Microsoft’s unified security operations platform can use generative AI to transform cybersecurity for the public sector.

The lawsuit casts much of the order as broadly illegal and outside the scope of the executive branch’s constitutional powers.

A RAR file, a fake summons, and a Nietzsche quote—all part of a multi-stage malware chain delivering DCRat & Rhadamanthys. Acronis TRU breaks down how attackers use VBS, batch, and PowerShell scripts to slip past defenses.

Over 1,500 PostgreSQL servers compromised via weak credentials and SQL abuse, enabling fileless crypto mining.

The prolific gang is linked to the exploitation of critical flaws in Cleo file transfer software.

The Commission said it would create roadmaps regarding both the “lawful and effective access to data for law enforcement” and on encryption.

Autorité de la concurrence, France's antitrust watchdog, has fined Apple €150 million ($162 million) for using the App Tracking Transparency privacy framework to abuse its dominant market position in mobile app advertising on its devices.

Questions and confusion surround the authentication bypass vulnerability, which was privately disclosed to customers on March 21.

Gmail launches client-side E2EE beta on its 21st birthday, simplifying encryption and boosting admin control.

The CERT-UA investigation concluded that the attack’s techniques were “characteristic of Russian intelligence services”

WP Ultimate CSV Importer flaws expose 20,000 websites to attacks enabling attackers to achieve full site compromise

Vladimir Putin signed a law on Monday that prohibits state institutions, banks and others from using foreign messaging apps when communicating with customers.

Cisco Talos observed identity-based attacks in 60% of the incidents it responded to last year.

The belated reworking of the country’s cybersecurity regulations comes three years after the previous government had prematurely described those laws as “updated” while failing to actually introduce the legislation.

Zero Trust takes the fear factor out of AI threats by limiting threat actors’ chances of gaining access. No matter how advanced an attack, access is required.