Latest CyberSec News by @thecyberpicker

Latest CyberSec News by @thecyberpicker

30551 bookmarks
Custom sorting
Learn 14 Languages from Babbel with this exclusive StackSocial deal
Learn 14 Languages from Babbel with this exclusive StackSocial deal
Learning a new language doesn't have to mean night classes, bulky textbooks, or boring apps. With Babbel, you can pick up real-world conversation skills through short, fun, and practical lessons. And right now, you can get a lifetime subscription for only $159 (regularly $599).
·bleepingcomputer.com·
Learn 14 Languages from Babbel with this exclusive StackSocial deal
Over 1,000 CrushFTP servers exposed to ongoing hijack attacks
Over 1,000 CrushFTP servers exposed to ongoing hijack attacks
Over 1,000 CrushFTP instances currently exposed online are vulnerable to hijack attacks that exploit a critical security bug, providing admin access to the web interface.
·bleepingcomputer.com·
Over 1,000 CrushFTP servers exposed to ongoing hijack attacks
HPE warns of hardcoded passwords in Aruba access points
HPE warns of hardcoded passwords in Aruba access points
Hewlett-Packard Enterprise (HPE) is warning of hardcoded credentials in Aruba Instant On Access Points that allow attackers to bypass normal device authentication and access the web interface.
·bleepingcomputer.com·
HPE warns of hardcoded passwords in Aruba access points
Microsoft SharePoint zero-day exploited in RCE attacks, no patch available
Microsoft SharePoint zero-day exploited in RCE attacks, no patch available
A critical zero-day vulnerability in Microsoft SharePoint, tracked as CVE-2025-53770, has been actively exploited since at least July 18th, with no patch available and at least 85 servers already compromised worldwide.
·bleepingcomputer.com·
Microsoft SharePoint zero-day exploited in RCE attacks, no patch available
Threat actors downgrade FIDO2 MFA auth in PoisonSeed phishing attack
Threat actors downgrade FIDO2 MFA auth in PoisonSeed phishing attack
A PoisonSeed phishing campaign is bypassing FIDO2 security key protections by abusing the cross-device sign-in feature in WebAuthn to trick users into approving login authentication requests from fake company portals.
·bleepingcomputer.com·
Threat actors downgrade FIDO2 MFA auth in PoisonSeed phishing attack
Popular npm linter packages hijacked via phishing to drop malware
Popular npm linter packages hijacked via phishing to drop malware
Popular JavaScript libraries eslint-config-prettier and eslint-plugin-prettier were hijacked this week and turned into malware droppers, in a supply chain attack achieved via targeted phishing and credential theft.
·bleepingcomputer.com·
Popular npm linter packages hijacked via phishing to drop malware
Sous les bombes à Kiev avec les cyberdéfenseurs ukrainiens : « Le réseau dépendait de nous »
Sous les bombes à Kiev avec les cyberdéfenseurs ukrainiens : « Le réseau dépendait de nous »
L’un a vécu deux mois surréalistes dans un data center assiégé. L’autre se réveille la nuit pour combattre les hackers russes. Numerama s’est rendu en Ukraine pour rapporter les histoires de Kostya et Dmytro, haut commandants dans le privé de la cyberdéfence du pays. « Vybachte, odyn moment. » Excusez-moi, un
·numerama.com·
Sous les bombes à Kiev avec les cyberdéfenseurs ukrainiens : « Le réseau dépendait de nous »
New CrushFTP zero-day exploited in attacks to hijack servers
New CrushFTP zero-day exploited in attacks to hijack servers
CrushFTP is warning that threat actors are actively exploiting a zero-day vulnerability tracked as CVE-2025-54309, which allows attackers to gain administrative access via the web interface on vulnerable servers.
·bleepingcomputer.com·
New CrushFTP zero-day exploited in attacks to hijack servers
CrushFTP zero-day exploited in attacks to gain admin access on servers
CrushFTP zero-day exploited in attacks to gain admin access on servers
CrushFTP is warning that threat actors are actively exploiting a zero-day vulnerability tracked as CVE-2025-54309, which allows attackers to gain administrative access via the web interface on vulnerable servers.
·bleepingcomputer.com·
CrushFTP zero-day exploited in attacks to gain admin access on servers
CrushFTP zero-day exploited in attacks to gain admin access on servers
CrushFTP zero-day exploited in attacks to gain admin access on servers
CrushFTP is warning that threat actors are actively exploiting a zero-day vulnerability tracked as CVE-2025-54309, which allows attackers to gain administrative access via the web interface on vulnerable servers.
·bleepingcomputer.com·
CrushFTP zero-day exploited in attacks to gain admin access on servers