SuperCard X Enables Contactless ATM Fraud in Real-Time
A new malware campaign utilizing NFC-relay techniques has been identified carrying out unauthorized transactions through POS systems and ATMs
Latest CyberSec News by @thecyberpicker
Cookie-Bite attack PoC uses Chrome extension to steal session tokens
A proof-of-concept attack called "Cookie-Bite" uses a browser extension to steal browser session cookies from Azure Entra ID to bypass multi-factor authentication (MFA) protections and maintain access to cloud services like Microsoft 365, Outlook, and Teams.
Firefox ESR 115.11 - PDF.js Arbitrary JavaScript execution
Firefox ESR 115.11 - PDF.js Arbitrary JavaScript execution. CVE-2024-4367 . remote exploit for Multiple platform
Billbug Espionage Group Deploys New Tools in Southeast Asia
Billbug, a China-linked espionage group, has been observed targeting critical sectors in Southeast Asia with new tools
British retailer M&S confirms being hit by ‘cyber incident’ amid store delays
In a statement filed to London’s stock exchange on Tuesday afternoon, the company said it made “some minor, temporary changes to our store operations” as soon as it became aware of the incident.
Microsoft Windows 11 - Kernel Privilege Escalation
Microsoft Windows 11 - Kernel Privilege Escalation. CVE-2024-21338 . local exploit for Windows platform
WordPress Core 6.2 - Directory Traversal
WordPress Core 6.2 - Directory Traversal. CVE-2023-2745 . webapps exploit for PHP platform
Implementing CCM: Data Protection and Privacy Controls | CSA
The Data Security and Privacy domain of the Cloud Controls Matrix addresses critical areas of the data lifecycle, like data classification and data disposal.
tar-fs 3.0.0 - Arbitrary File Write/Overwrite
tar-fs 3.0.0 - Arbitrary File Write/Overwrite. CVE-2024-12905 . local exploit for Linux platform
Microsoft Windows 11 23h2 - CLFS.sys Elevation of Privilege
Microsoft Windows 11 23h2 - CLFS.sys Elevation of Privilege. CVE-2024-49138 . local exploit for Windows platform
OpenSSH server (sshd) 9.8p1 - Race Condition
OpenSSH server (sshd) 9.8p1 - Race Condition. CVE-2024-6387 . remote exploit for Linux platform
Attackers stick with effective intrusion points, valid credentials and exploits | CyberScoop
Infostealers fueled the staying power of identity-based attacks, increasing 84% on a weekly average last year, according to IBM X-Force.
CISA’s Secure by Design initiative in limbo after key leaders resign
Companies have been urging CISA to scale back its software security pressure campaign. Two new resignations from the agency could accelerate that shift.
code-projects Online Exam Mastering System 1.0 - Reflected Cross-Site Scripting (XSS)
code-projects Online Exam Mastering System 1.0 - Reflected Cross-Site Scripting (XSS). CVE-2025-28121 . remote exploit for PHP platform
WonderCMS 3.4.2 - Remote Code Execution (RCE)
WonderCMS 3.4.2 - Remote Code Execution (RCE). CVE-2023-41425 . remote exploit for PHP platform
New Cryptojacking Malware Targets Docker with Novel Mining Technique
Darktrace and Cado said the new campaign highlights a shift towards alternative methods of mining cryptocurrencies
GCP Cloud Composer Bug Let Attackers Elevate Access via Malicious PyPI Packages
GCP’s ConfusedComposer flaw let attackers escalate privileges via PyPI packages; patched by Google on April 13.
GUEST ESSAY: Ponemon study warns: AI-enhanced deepfake attacks taking aim at senior execs
A new study by the Ponemon Institute points to a concerning use of AI: deepfake attacks are on the rise and are taking a financial and reputational toll on companies and their executives. Related: Tools to fight deepfakes Deepfake Deception: How AI Harms the Fortunes and Reputations of Executives and Corporations details the results of a
All Gmail users at risk from clever replay attack
All Google accounts could end up compromised by a clever replay attack on Gmail users abusing Google infrastructure.
Hacktivist Group DieNet Claims DDoS Attacks against U.S. CNI
DieNet is a hacktivist group that's claimed DDoS attacks against U.S. critical infrastructure. Read on to learn its ideology and attack activity.
Russian organizations targeted by backdoor masquerading as secure networking software updates
While investigating an incident, we discovered a sophisticated new backdoor targeting Russian organizations by impersonating secure networking software updates.
Prioritizing Care when Facing Cyber Risks | CSA
Explore how healthcare organizations can safeguard patient care by addressing cyber risks through modernization and resilient security strategies.
Ransomware Damage To Cost The World $57B In 2025
This week in cybersecurity from the editors at Cybercrime Magazine
New Research from Cloud Security Alliance Highlights Critical | CSA
https://www.lastwatchdog.com/rsac-fireside-chat-zero-networks-harnesses-automation-zero-trust-to-advance-microsegmentation/
https://blog.talosintelligence.com/year-in-review-attacks-on-identity-and-mfa/
https://www.usine-digitale.fr/article/le-specialiste-du-parking-indigo-victime-d-une-fuite-de-donnees-personnelles.N2230951
https://thehackernews.com/2025/04/phishers-exploit-google-sites-and-dkim.html
https://thehackernews.com/2025/04/5-major-concerns-with-employees-using.html
AI and Privacy: Shifting from 2024 to 2025 | CSA
Explore how AI and data privacy are reshaping global business, driving innovation, and demanding agile, ethical governance across industries.