Latest CyberSec News by @thecyberpicker

Latest CyberSec News by @thecyberpicker

31294 bookmarks
Custom sorting
Exploit available for critical Cisco ISE bug exploited in attacks
Exploit available for critical Cisco ISE bug exploited in attacks
Security researcher Bobby Gould has published a blog post demonstrating a complete exploit chain for CVE-2025-20281, an unauthenticated remote code execution vulnerability in Cisco Identity Services Engine (ISE).
·bleepingcomputer.com·
Exploit available for critical Cisco ISE bug exploited in attacks
News alert: xonPlus launches real-time alerting platform to detect exposed enterprise credentials
News alert: xonPlus launches real-time alerting platform to detect exposed enterprise credentials
Chennai, India, July 25, 2025, CyberNewswire — xonPlus, a real-time digital risk alerting system, officially launches today to help security teams detect credential exposures before attackers exploit them. The platform detects data breaches and alerts teams and systems to respond instantly. Built by the team behind XposedOrNot, an open-source breach detection tool used by thousands,
·lastwatchdog.com·
News alert: xonPlus launches real-time alerting platform to detect exposed enterprise credentials
CISA flags PaperCut RCE bug as exploited in attacks, patch now
CISA flags PaperCut RCE bug as exploited in attacks, patch now
CISA warns that threat actors are exploiting a high-severity vulnerability in PaperCut NG/MF print management software, which can allow them to gain remote code execution in cross-site request forgery (CSRF) attacks.
·bleepingcomputer.com·
CISA flags PaperCut RCE bug as exploited in attacks, patch now
Sploitlight: Analyzing a Spotlight-based macOS TCC vulnerability
Sploitlight: Analyzing a Spotlight-based macOS TCC vulnerability
Microsoft Threat Intelligence has discovered a macOS vulnerability, tracked as CVE-2025-31199, that could allow attackers to steal private data of files normally protected by Transparency, Consent, and Control (TCC), including the ability to extract and leak sensitive information cached by Apple Intelligence.
·microsoft.com·
Sploitlight: Analyzing a Spotlight-based macOS TCC vulnerability
Des hackeurs promettent « la destruction totale de l’infrastructure informatique » d’Aeroflot, compagnie aérienne russe
Des hackeurs promettent « la destruction totale de l’infrastructure informatique » d’Aeroflot, compagnie aérienne russe
Chaos dans les aéroports russes ce lundi 28 juillet : la compagnie nationale Aeroflot a été contrainte d’annuler et de reprogrammer plus d’une cinquantaine de vols. La raison ? Une cyberattaque d'une ampleur inédite revendiquée par le groupe de hackers ukrainiens « Silent Crow » La liste s'allonge et aucun signe de
·numerama.com·
Des hackeurs promettent « la destruction totale de l’infrastructure informatique » d’Aeroflot, compagnie aérienne russe
OpenAI could rival Google Shopping with ChatGPT Shop
OpenAI could rival Google Shopping with ChatGPT Shop
AI companies like OpenAI and Perplexity like to be the "everything company," and OpenAI's latest ChatGPT feature, "Shopping," makes that obvious.
·bleepingcomputer.com·
OpenAI could rival Google Shopping with ChatGPT Shop
OpenAI prepares GPT-5 for roll out
OpenAI prepares GPT-5 for roll out
OpenAI's ChatGPT-5 could drop in the coming days, and it could be one of the best models from the Microsoft-backed startup.
·bleepingcomputer.com·
OpenAI prepares GPT-5 for roll out
Microsoft will stop supporting Windows 11 22H2 in October
Microsoft will stop supporting Windows 11 22H2 in October
Microsoft has reminded customers today that the last supported editions of Windows 11 22H2 will reach their end of servicing on October 14.
·bleepingcomputer.com·
Microsoft will stop supporting Windows 11 22H2 in October
Internet Archive is now a US federal depository library
Internet Archive is now a US federal depository library
The Internet Archive has become an official U.S. federal depository library, providing online users with access to archived congressional bills, laws, regulations, presidential documents, and other U.S. government documents.
·bleepingcomputer.com·
Internet Archive is now a US federal depository library
Fuite de Naval Group, « aucun document n’est classé secret défense »
Fuite de Naval Group, « aucun document n’est classé secret défense »
Un hacker affirme détenir des documents sensibles sur Naval Group. Le 26 juillet, il a publié 30 Go de données sur un forum du dark web. Contacté par Numerama, le géant militaire français confirme que les documents proviennent bien de l’entreprise, mais assure qu’aucun n’est classé « secret défense ». L’actualité de
·numerama.com·
Fuite de Naval Group, « aucun document n’est classé secret défense »
Free Tool Autoswagger Finds The API Flaws Attackers Hope You Miss
Free Tool Autoswagger Finds The API Flaws Attackers Hope You Miss
Exposed API documentation is a gift-wrapped roadmap for threat actors. The free Autoswagger tool from Intruder scans for exposed docs and flags endpoints with broken access controls—before attackers find them.
·bleepingcomputer.com·
Free Tool Autoswagger Finds The API Flaws Attackers Hope You Miss
Implementing CCM: Cloud Security Monitoring & Logging | CSA
Implementing CCM: Cloud Security Monitoring & Logging | CSA
CSA’s CCM includes cloud security monitoring and logging controls. Implement effective incident response, audit log security, clock synchronization, and more.
·cloudsecurityalliance.org·
Implementing CCM: Cloud Security Monitoring & Logging | CSA
Xlight FTP 1.1 - Denial Of Service (DOS)
Xlight FTP 1.1 - Denial Of Service (DOS)
Xlight FTP 1.1 - Denial Of Service (DOS). CVE-2024-0737 . dos exploit for Multiple platform
·exploit-db.com·
Xlight FTP 1.1 - Denial Of Service (DOS)
Des milliers de cartes d’identité volées par des hackers sur Tea, l’app qui voulait protéger les femmes
Des milliers de cartes d’identité volées par des hackers sur Tea, l’app qui voulait protéger les femmes
L'application Tea, qui permettait à des femmes de s'échanger des informations sur les hommes qu'elles rencontrent, a été victime d'une fuite de données. Des pièces d'identité et des selfies de vérification des utilisatrices ont été exposés, et dérobées par des hackers. Les développeurs de Tea s'en mordent les doigts
·numerama.com·
Des milliers de cartes d’identité volées par des hackers sur Tea, l’app qui voulait protéger les femmes