Latest CyberSec News by @thecyberpicker

WordPress User Registration & Membership Plugin 4.1.2 - Authentication Bypass. CVE-2025-2594 . webapps exploit for Multiple platform

Java-springboot-codebase 1.1 - Arbitrary File Read. CVE-2025-46822 . webapps exploit for Java platform

ABB Cylon Aspect 3.08.03 - Guest2Root Privilege Escalation. CVE-n/a . remote exploit for Multiple platform

Windows 2024.15 - Unauthenticated Desktop Screenshot Capture. CVE-n/a . remote exploit for Windows platform

Microsoft Windows Server 2016 - Win32k Elevation of Privilege. CVE-2023-29336 . local exploit for Windows platform

Winos 4.0 malware campaign active since Feb 2025 uses fake installers, Catena loader, and AV evasion tactics.

Pour échapper aux trackers, à la publicité ciblée ou simplement ne pas enregistrer son historique de navigation, il est commun d’activer la navigation privée. Voici pourquoi c’est une fausse bonne idée. La plupart des navigateurs web disposent d’une fonctionnalité de navigation privée. Très pratique et simple à

L’Usine Digitale vous propose un récapitulatif des grandes actualités de la semaine en matière de cybersécurité. Au programme, une...-Cybersécurité

OpenAI says Operator Agent now uses the o3 model, which means it's now significantly better at reasoning capabilities.

Meta’s AI plans face legal action for collecting E.U. user data without opt-in consent, starting May 27.

Interesting story: USS Stein was underway when her anti-submarine sonar gear suddenly stopped working. On returning to port and putting the ship in a drydock, engineers observed many deep scratches in the sonar dome’s rubber “NOFOUL” coating. In some areas, the coating was described as being shredded, with rips up to four feet long. Large claws were left embedded at the bottom of most of the scratches. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Europol said 300 servers and 650 domains were taken down worldwide, while about $3.5 million was seized during raids throughout the week as part of Operation Endgame.

Sens. Warner and Lankford reintroduced their VDP bill after a companion version passed the House in March.

Latrodectus malware evades detection with ClickFix technique; TikTok and fake Ledger apps expand threat reach.

The decentralized exchange Cetus Protocol announced that hackers have stolen $223 million in cryptocurrency and is offering a deal to stop all legal action if the funds are returned.

60 packages have been discovered in the NPM index that attempt to collect sensitive host and network data and send it to a Discord webhook controlled by the threat actor.

The FBI warned that an extortion gang known as the Silent Ransom Group has been targeting U.S. law firms over the last two years in callback phishing and social engineering attacks.

U.S. and EU law enforcement seized more than $200 million and 144 kilograms of fentanyl or fentanyl-laced narcotics alongside 180 firearms as part of the international effort.

Dans le cadre de l'opération “Endgame 2.0”, Europol et Eurojust ont démantelé l'infrastructure derrière un logiciel malveillant utilisé pour...-Cybersécurité

Law enforcement agencies in Europe and North America have dismantled major infrastructure used in ransomware attacks as part of Operation Endgame, disrupting initial access malware and issuing international arrest warrants against key suspects.

This week in cybersecurity from the editors at Cybercrime Magazine

ViciousTrap exploited CVE-2023-20118 to hijack 5,300 routers, building a honeypot-style spy network.

Explore how privacy intersects with cybersecurity and how aligning them strengthens data protection strategies.

Talos analyzed six months of PowerShell network telemetry and found that rare domains are over three times more likely to be malicious compared to frequently contacted ones.

Operation Endgame dismantled 300 servers and seized €3.5M crypto, disrupting ransomware access networks globally.

A tailored phishing campaign runs on personal information. Taking employees’ personal information out of circulation deprives attackers of a valuable resource.

This article gives a good rundown of the security risks of Windows Recall, and the repurposed copyright protection took that Signal used to block the AI feature from scraping Signal data.

SafeLine WAF delivers 99.45% threat detection via semantic analysis + full self-hosted control + zero subscription fees.

A new Europol-led operation has dismantled infrastructure for key initial access malware used to launch ransomware attacks

Cybercriminals are using TikTok videos to trick users into infecting themselves with Vidar and StealC information-stealing malware in ClickFix attacks.