Latest CyberSec News by @thecyberpicker

Latest CyberSec News by @thecyberpicker

30551 bookmarks
Custom sorting
How to Advance from SOC Manager to CISO?
How to Advance from SOC Manager to CISO?
Learn what it takes to move from SOC to CISO—skills, challenges, and strategic steps for advancement.
·thehackernews.com·
How to Advance from SOC Manager to CISO?
Microsoft Sharepoint ToolShell attacks linked to Chinese hackers
Microsoft Sharepoint ToolShell attacks linked to Chinese hackers
Hackers with ties to the Chinese government have been linked to a recent wave of widespread attacks targeting a Microsoft SharePoint zero-day vulnerability chain.
·bleepingcomputer.com·
Microsoft Sharepoint ToolShell attacks linked to Chinese hackers
Why Visibility Is Key to IAM Observability | CSA
Why Visibility Is Key to IAM Observability | CSA
True IAM security starts with visibility—mapping identities, assessing risk, and turning insights into action to reduce attack surfaces.
·cloudsecurityalliance.org·
Why Visibility Is Key to IAM Observability | CSA
"Encryption Backdoors and the Fourth Amendment" - Schneier on Security
"Encryption Backdoors and the Fourth Amendment" - Schneier on Security
Law journal article that looks at the Dual_EC_PRNG backdoor from a US constitutional perspective: Abstract: The National Security Agency (NSA) reportedly paid and pressured technology companies to trick their customers into using vulnerable encryption products. This Article examines whether any of three theories removed the Fourth Amendment’s requirement that this be reasonable. The first is that a challenge to the encryption backdoor might fail for want of a search or seizure. The Article rejects this both because the Amendment reaches some vulnerabilities apart from the searches and seizures they enable and because the creation of this vulnerability was itself a search or seizure. The second is that the role of the technology companies might have brought this backdoor within the private-search doctrine. The Article criticizes the doctrine­ particularly its origins in Burdeau v. McDowell­and argues that if it ever should apply, it should not here. The last is that the customers might have waived their Fourth Amendment rights under the third-party doctrine. The Article rejects this both because the customers were not on notice of the backdoor and because historical understandings of the Amendment would not have tolerated it. The Article concludes that none of these theories removed the Amendment’s reasonableness requirement...
·schneier.com·
"Encryption Backdoors and the Fourth Amendment" - Schneier on Security
Votre CapCut est-il un faux ? Les hackers sont à l’affut
Votre CapCut est-il un faux ? Les hackers sont à l’affut
Avis aux créateurs de contenus : de faux logiciels CapCut circulent pour vous piéger. Des cybercriminels ont créé de fausses versions du célèbre logiciel de montage, promettant de nouvelles fonctionnalités d’IA. Leur but ? Vous pousser à télécharger un fichier malveillant capable de prendre le contrôle total de vos
·numerama.com·
Votre CapCut est-il un faux ? Les hackers sont à l’affut
The Mac Malware of 2024 👾
The Mac Malware of 2024 👾
A comprehensive analysis of the year's new macOS malware
·objective-see.org·
The Mac Malware of 2024 👾
Microsoft: Windows Server KB5062557 causes cluster, VM issues
Microsoft: Windows Server KB5062557 causes cluster, VM issues
Microsoft is asking businesses to reach out for support to mitigate a known issue causing Cluster service and VM restart issues after installing this month's Windows Server 2019 security updates.
·bleepingcomputer.com·
Microsoft: Windows Server KB5062557 causes cluster, VM issues
ToolShell: Details of CVEs Affecting SharePoint Servers
ToolShell: Details of CVEs Affecting SharePoint Servers
Cisco Talos is aware of the ongoing exploitation of CVE-2025-53770 and CVE-2025-53771 in the wild. These are path traversal vulnerabilities affecting SharePoint Server Subscription Edition, SharePoint Server 2016, and SharePoint Server 2019.
·blog.talosintelligence.com·
ToolShell: Details of CVEs Affecting SharePoint Servers
Ring denies breach after users report suspicious logins
Ring denies breach after users report suspicious logins
Ring is warning that a backend update bug is responsible for customers seeing a surge in unauthorized devices logged into their account on May 28th.
·bleepingcomputer.com·
Ring denies breach after users report suspicious logins