Latest CyberSec News by @thecyberpicker

Latest CyberSec News by @thecyberpicker

30556 bookmarks
Custom sorting
Another Supply Chain Vulnerability - Schneier on Security
Another Supply Chain Vulnerability - Schneier on Security
ProPublica is reporting: Microsoft is using engineers in China to help maintain the Defense Department’s computer systems—with minimal supervision by U.S. personnel—leaving some of the nation’s most sensitive data vulnerable to hacking from its leading cyber adversary, a ProPublica investigation has found. The arrangement, which was critical to Microsoft winning the federal government’s cloud computing business a decade ago, relies on U.S. citizens with security clearances to oversee the work and serve as a barrier against espionage and sabotage...
·schneier.com·
Another Supply Chain Vulnerability - Schneier on Security
Assessing the Role of AI in Zero Trust
Assessing the Role of AI in Zero Trust
AI now powers Zero Trust enforcement across all CISA pillars, helping 80% of firms adopt by 2026. Learn why human-machine teaming is key.
·thehackernews.com·
Assessing the Role of AI in Zero Trust
Dell confirms breach of test lab platform by World Leaks extortion group
Dell confirms breach of test lab platform by World Leaks extortion group
A newly rebranded extortion gang known as "World Leaks" breached one of Dell's product demonstration platforms earlier this month and is now trying to extort the company into paying a ransom.
·bleepingcomputer.com·
Dell confirms breach of test lab platform by World Leaks extortion group
Learn 14 Languages from Babbel with this exclusive StackSocial deal
Learn 14 Languages from Babbel with this exclusive StackSocial deal
Learning a new language doesn't have to mean night classes, bulky textbooks, or boring apps. With Babbel, you can pick up real-world conversation skills through short, fun, and practical lessons. And right now, you can get a lifetime subscription for only $159 (regularly $599).
·bleepingcomputer.com·
Learn 14 Languages from Babbel with this exclusive StackSocial deal
Over 1,000 CrushFTP servers exposed to ongoing hijack attacks
Over 1,000 CrushFTP servers exposed to ongoing hijack attacks
Over 1,000 CrushFTP instances currently exposed online are vulnerable to hijack attacks that exploit a critical security bug, providing admin access to the web interface.
·bleepingcomputer.com·
Over 1,000 CrushFTP servers exposed to ongoing hijack attacks
HPE warns of hardcoded passwords in Aruba access points
HPE warns of hardcoded passwords in Aruba access points
Hewlett-Packard Enterprise (HPE) is warning of hardcoded credentials in Aruba Instant On Access Points that allow attackers to bypass normal device authentication and access the web interface.
·bleepingcomputer.com·
HPE warns of hardcoded passwords in Aruba access points
Microsoft SharePoint zero-day exploited in RCE attacks, no patch available
Microsoft SharePoint zero-day exploited in RCE attacks, no patch available
A critical zero-day vulnerability in Microsoft SharePoint, tracked as CVE-2025-53770, has been actively exploited since at least July 18th, with no patch available and at least 85 servers already compromised worldwide.
·bleepingcomputer.com·
Microsoft SharePoint zero-day exploited in RCE attacks, no patch available
Threat actors downgrade FIDO2 MFA auth in PoisonSeed phishing attack
Threat actors downgrade FIDO2 MFA auth in PoisonSeed phishing attack
A PoisonSeed phishing campaign is bypassing FIDO2 security key protections by abusing the cross-device sign-in feature in WebAuthn to trick users into approving login authentication requests from fake company portals.
·bleepingcomputer.com·
Threat actors downgrade FIDO2 MFA auth in PoisonSeed phishing attack
Popular npm linter packages hijacked via phishing to drop malware
Popular npm linter packages hijacked via phishing to drop malware
Popular JavaScript libraries eslint-config-prettier and eslint-plugin-prettier were hijacked this week and turned into malware droppers, in a supply chain attack achieved via targeted phishing and credential theft.
·bleepingcomputer.com·
Popular npm linter packages hijacked via phishing to drop malware
Sous les bombes à Kiev avec les cyberdéfenseurs ukrainiens : « Le réseau dépendait de nous »
Sous les bombes à Kiev avec les cyberdéfenseurs ukrainiens : « Le réseau dépendait de nous »
L’un a vécu deux mois surréalistes dans un data center assiégé. L’autre se réveille la nuit pour combattre les hackers russes. Numerama s’est rendu en Ukraine pour rapporter les histoires de Kostya et Dmytro, haut commandants dans le privé de la cyberdéfence du pays. « Vybachte, odyn moment. » Excusez-moi, un
·numerama.com·
Sous les bombes à Kiev avec les cyberdéfenseurs ukrainiens : « Le réseau dépendait de nous »