Latest CyberSec News by @thecyberpicker

A critical privilege escalation vulnerability has been discovered in the premium WordPress theme Motors, which allows unauthenticated attackers to hijack administrator accounts and take complete control of websites.

A flaw in O2 4G Calling (VoLTE) leaked user location data via network responses due to improper IMS standard implementation.

The Trump administration’s workforce purge is sapping CISA of its best talent, experts say. CISA deputy Matt Hartman is the latest to leave the agency.

The VanHelsing ransomware-as-a-service operation published the source code for its affiliate panel, data leak blog, and Windows encryptor builder after an old developer tried to sell it on the RAMP cybercrime forum.

The Kettering Health network based in western Ohio reported a system-wide technology outage that it tracked to "unauthorized access."

A report by FDD says an elaborate online recruiting effort is using LinkedIn and fake online companies to gather sensitive intelligence.

Hotels are a popular target for cyberattacks, but industry collaboration and intelligence sharing can serve as defense mechanisms.

À l’occasion de sa conférence annuelle I/O, Google a trouvé surement l’astuce idéale pour faire de Gemini l'une des intelligences artificielles les plus performantes du moment. Avec « Personal Context », entend devenir un véritable assistant personnel. Parce qu'il est au cœur de la vie numérique de bien des

After a cyberattack first identified about 10 days ago, Alabama's IT leaders said the "threat has been neutralized and Alabama’s core operations are safe and stable."

L'entreprise pharmaceutique a remporté une vente aux enchères à 256 millions de dollars pour reprendre la quasi-totalité des actifs de 23andMe,...-Biotech

Another adversary picks up the email bombing / vishing Storm-1811 playbook, doing thorough reconnaissance to target specific employees with fake help desk call—this time, over the phone.

Another adversary picks up the email bombing / vishing Storm-1811 playbook, doing thorough reconnaissance to target specific employees with fake help desk call—this time, over the phone.

Hazy Hawk hijacked CDC and Deloitte subdomains via DNS flaws, flooding users with scams and malware.

SK Telecom says that a recently disclosed cybersecurity incident in April, first occurred all the way back in 2022, ultimately exposing the USIM data of 27 million subscribers.

The Venice.ai chatbot gained traction in hacking forums for its uncensored access to advanced models

A threat actor named 'Hazy Hawk' has been using DNS CNAME hijacking to hijack abandoned cloud endpoints of domains belonging to trusted organizations and incorporate them in large-scale scam delivery and traffic distribution systems (TDS).

Over 100 malicious Chrome extensions since Feb 2024 impersonated real tools to steal data and execute code.

A new coalition will push policymakers to change how the government oversees foreign purchases of U.S. cyber resources.

A data breach at Nationwide Recovery Services compromised data of 200,000 Harbin Clinic patients

Service desks are on the front lines of defense—and attackers know it. Attackers are using social engineering attacks to trick agents into changing passwords, disabling MFA, and granting access. Learn more from Specops Software on how to secure your service desk.

The official website for the RVTools VMware management tool was taken offline in what appears to be a supply chain attack where hackers replaced a DLL in the distributed installer to drop the Bumblebee malware loader on users' machines.

La jeune pousse française, devenue indépendante d'Accenture en 2023, met au point une plateforme SaaS de gestion des authentifications et des...-Cybersécurité

Internet monitoring services showed ongoing disruptions to Russia's tax service, as well as services for managing secure digital keys and documents (Saby), among others.

Researchers at ESET observed strengthened cyber-offensive activity from Russian groups, especially against Ukrainian and European entities

When AI fails, it often fails fast and loud. Apply CSA’s AI Resilience Benchmarking Model to 4 real incidents to get a better understanding of AI failures.

China-linked UnsolicitedBooker used a new backdoor, MarsSnake, to target an international organization in Saudi Arabia.

This week in cybersecurity from the editors at Cybercrime Magazine

AWS default IAM roles with AmazonS3FullAccess exposed accounts to privilege escalation and lateral movement.

SideWinder exploited CVE-2017-0199 to deploy StealerBot malware in South Asian government networks.

Peter Green Chilled, which ships refrigerated food to supermarkets, is the latest company in the U.K.'s grocery sector to announce disruption from a cyberattack.