Latest CyberSec News by @thecyberpicker

Soosyze CMS 2.0 - Brute Force Login. CVE-2025-52392 . webapps exploit for Multiple platform

Microsoft Windows 10.0.19045 - NTLMv2 Hash Disclosure. CVE-2025-50154 . remote exploit for Windows platform

Tenda AC20 16.03.08.12 - Command Injection. CVE-2025-9090 . remote exploit for Multiple platform

Lantronix Provisioning Manager 7.10.3 - XML External Entity Injection (XXE). CVE-2025-7766 . webapps exploit for Multiple platform

Cisco Talos observed the newly identified group compromise a Taiwanese web hosting provider to conduct a range of malicious activities

This week in cybersecurity from the editors at Cybercrime Magazine

BigAnt Office Messenger 5.6.06 - SQL Injection. CVE-2024-54761 . webapps exploit for Multiple platform

PyPI malware termncolor and colorinal downloaded 884 times exploit DLL side-loading, persistence, and C2 communication.

RiteCMS 3.0.0 - Reflected Cross Site Scripting (XSS). CVE-2024-28623 . webapps exploit for Multiple platform

PHPMyAdmin 3.0 - Bruteforce Login Bypass. CVE-2015-6830 . remote exploit for PHP platform

The human resources software company Workday announced that some customer information was obtained in a social engineering attack.

Are SOC analysts in demand? We’ll examine this question and help you determine if pursuing a SOC analyst role is worth it and how to move forward.

Agentic AI gives AI the ability to take action, not just respond to prompts. Get a step-by-step explanation of how authentication should work for AI agents.

First responders have long depended on calling for backup and clearing the airwaves. Since its launch in 2018, FirstNet—America’s public safety broadband network—has become indispensable. Related: The FirstNet petition With over 7.5 million connections, support for more than 30,000 agencies, and an estimated $8 billion economic impact in 2023, FirstNet has proven its value not

Researchers have managed to eavesdrop on cell phone voice conversations by using radar to detect vibrations. It’s more a proof of concept than anything else. The radar detector is only ten feet away, the setup is stylized, and accuracy is poor. But it’s a start.

The Warlock ransomware gang has taken credit for the cyber-attack after the UK telco giant publicly confirmed an incident on August 14

Wazuh unifies SIEM/XDR to streamline PCI DSS, GDPR, HIPAA, and NIST compliance, reducing risks and fines.

Expiration of a 2015 law could dramatically reduce cyber threat information sharing within industry, as well as between companies and the federal government, almost to the point of eliminating it.

The State Department’s recent restructuring has undermined U.S. cyber diplomacy by dissolving the Bureau of Cyberspace and Digital Policy, dispersing expertise, and weakening America’s ability to respond to global cyber threats.

DoJ seized $2.8M in crypto from Ianis Antropenko, indicted in Texas and tied to the defunct Zeppelin ransomware.

Human resources firm Workday disclosed a data breach after attackers accessed a third-party CRM platform via social engineering.

Workday has revealed a breach of its third-party CRM systems in what could be the latest ShinyHunters attack

OpenAI has confirmed it has begun rolling out a new warmer personality for GPT-5, but remember that it won't be as warm as GPT-4o, which is still available for use under legacy models.

Human resources giant Workday has disclosed a data breach after attackers gained access to a third-party customer relationship management (CRM) platform in a recent social engineering attack.

Xerox patched two serious flaws in FreeFlow Core, path traversal and XXE injection, that allowed unauthenticated remote code execution.

A list of topics we covered in the week of August 11 to August 17 of 2025

WarLock ransomware hit Colt Telecom, causing outages in hosting, porting, Colt Online, and Voice API since August 12.

OpenAI rival Anthropic says Claude has been updated with a rare new feature that allows the AI model to end conversations when it feels it poses harm or is being abused.

The U.S. Department of Justice (DoJ) announced the seizure of over $2,800,000 in cryptocurrency from alleged ransomware operator Ianis Aleksandrovich Antropenko.

Google's Gemini never stops delivering, and it's now testing a new feature called "Projects." This will be similar to OpenAI's Project Feature for ChatGPT.