Latest CyberSec News by @thecyberpicker

Learning a new language doesn't have to mean night classes, bulky textbooks, or boring apps. With Babbel, you can pick up real-world conversation skills through short, fun, and practical lessons. And right now, you can get a lifetime subscription for only $159 (regularly $599).

Over 1,000 CrushFTP instances currently exposed online are vulnerable to hijack attacks that exploit a critical security bug, providing admin access to the web interface.

Microsoft has issued an urgent patch for most SharePoint servers after cybersecurity researchers found threat actors globally exploiting a zero-day vulnerability in the products.

On-prem SharePoint customers have been told to assume compromise, with attackers observed to be exfiltrating data from victim servers across critical sectors

Kaspersky experts analyze an incident that saw APT41 launch a targeted attack on government IT services in Africa.

A list of topics we covered in the week of July 14 to July 20 of 2025

Hackers bypass FIDO keys using spoofed portals and QR codes, exposing MFA weaknesses and risking user accounts.

Microsoft has released emergency SharePoint security updates for two zero-day vulnerabilities tracked as CVE-2025-53770 and CVE-2025-53771 that have compromised services worldwide in "ToolShell" attacks.

JavaScript cryptojackers hit 3,500+ sites using stealth WebSocket miners and Magecart-linked infrastructure.

HPE fixed two flaws in Instant On Access Points that could allow admin access and command injection. Patch now to stay secure.

Microsoft warns of active SharePoint exploits affecting on-prem users; 54 victims confirmed in major attack.

Hackers target Web3 developers using fake AI tools and malware to steal crypto wallets and credentials.

Hewlett-Packard Enterprise (HPE) is warning of hardcoded credentials in Aruba Instant On Access Points that allow attackers to bypass normal device authentication and access the web interface.

A critical zero-day vulnerability in Microsoft SharePoint, tracked as CVE-2025-53770, has been actively exploited since at least July 18th, with no patch available and at least 85 servers already compromised worldwide.

npm packages hit by phishing-based supply chain attack, exposing developers to malware and remote access threats.

SharePoint zero-day CVE-2025-53770 exploited in mass attacks breaching 75+ orgs; on-prem users at high risk.

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Fortinet FortiWeb flaw to its Known Exploited Vulnerabilities catalog.

npm packages hit by phishing-based supply chain attack, exposing developers to malware and remote access threats.

SharePoint zero-day CVE-2025-53770 exploited in mass attacks breaching 75+ orgs; on-prem users at high risk.

CrushFTP flaw CVE-2025-54309 exploited in wild, giving attackers admin access. Older builds before July 1 are at high risk

A PoisonSeed phishing campaign is bypassing FIDO2 security key protections by abusing the cross-device sign-in feature in WebAuthn to trick users into approving login authentication requests from fake company portals.

Popular JavaScript libraries eslint-config-prettier and eslint-plugin-prettier were hijacked this week and turned into malware droppers, in a supply chain attack achieved via targeted phishing and credential theft.

L’un a vécu deux mois surréalistes dans un data center assiégé. L’autre se réveille la nuit pour combattre les hackers russes. Numerama s’est rendu en Ukraine pour rapporter les histoires de Kostya et Dmytro, haut commandants dans le privé de la cyberdéfence du pays. « Vybachte, odyn moment. » Excusez-moi, un

GPT-5 might be just a few days or weeks away, as we've spotted references to a new model called gpt-5-reasoning-alpha-2025-07-13.

AI companies could soon disrupt the education market with their new AI-based learning tools for students.

CrushFTP is warning that threat actors are actively exploiting a zero-day vulnerability tracked as CVE-2025-54309, which allows attackers to gain administrative access via the web interface on vulnerable servers.

CrushFTP is warning that threat actors are actively exploiting a zero-day vulnerability tracked as CVE-2025-54309, which allows attackers to gain administrative access via the web interface on vulnerable servers.

CrushFTP is warning that threat actors are actively exploiting a zero-day vulnerability tracked as CVE-2025-54309, which allows attackers to gain administrative access via the web interface on vulnerable servers.

Japanese police released a free decryptor for Phobos and 8Base ransomware, letting victims recover files without paying ransom.

A financially-motivated threat actor is targeting fully patched end-of-life SonicWall devices to deploy a backdoor known as OVERSTEP.