Microsoft will stop supporting Windows 11 22H2 in October
Microsoft has reminded customers today that the last supported editions of Windows 11 22H2 will reach their end of servicing on October 14.
Latest CyberSec News by @thecyberpicker
Allianz Life discloses massive data breach linked to supply-chain attack
The intrusion comes amid a wave of recent social-engineering attacks targeting the insurance sector and other industries.
Critical Flaws in WordPress Plugin Leave 10,000 Sites Vulnerable
10,000 WordPress sites vulnerable to takeover due to critical flaws in HT Contact Form Widget plugin
Research shows LLMs can conduct sophisticated attacks without humans
The project, launched by Carnegie Mellon in collaboration with Anthropic, simulated the 2017 Equifax data breach.
Internet Archive is now a US federal depository library
The Internet Archive has become an official U.S. federal depository library, providing online users with access to archived congressional bills, laws, regulations, presidential documents, and other U.S. government documents.
Hundreds of registered data brokers ignore user requests around personal data | CyberScoop
Researchers in California contacted data brokers in their state to exercise their rights under the California Privacy Protection Act. Many didn’t reply, while others threw up barriers.
FBI alerts tie together threats of cybercrime, physical violence from The Com | CyberScoop
Officials said thousands of people, typically between 11 and 25 years old, are engaged in a growing and evolving online threat to commit crime for money, retaliation, ideology, sexual gratification and notoriety.
Fuite de Naval Group, « aucun document n’est classé secret défense »
Un hacker affirme détenir des documents sensibles sur Naval Group. Le 26 juillet, il a publié 30 Go de données sur un forum du dark web. Contacté par Numerama, le géant militaire français confirme que les documents proviennent bien de l’entreprise, mais assure qu’aucun n’est classé « secret défense ». L’actualité de
Free Tool Autoswagger Finds The API Flaws Attackers Hope You Miss
Exposed API documentation is a gift-wrapped roadmap for threat actors. The free Autoswagger tool from Intruder scans for exposed docs and flags endpoints with broken access controls—before attackers find them.
New Scattered Spider Tactics Target VMware vSphere Environments
Scattered Spider has targeted VMware vSphere environments, exploiting retail, airline and insurance sectors
Implementing CCM: Cloud Security Monitoring & Logging | CSA
CSA’s CCM includes cloud security monitoring and logging controls. Implement effective incident response, audit log security, clock synchronization, and more.
⚡ Weekly Recap — SharePoint Breach, Spyware, IoT Hijacks, DPRK Fraud, Crypto Drains and More
From insider arrests to AI-powered fraud, here’s what mattered in cyber this week—no fluff, just the signal.
Critical WordPress Post SMTP plugin flaw exposes 200K+ sites to full takeover
Critical vulnerability in Post SMTP plugin risks full site takeover, over 400k sites use it, and nearly half remain unpatched.
Tea app data theft scandal worsens as stolen IDs leaked to cybercriminal forum
Makers of the app for women called Tea are continuing to respond to an intrusion into a "legacy data storage system" that exposed photos of users, including images of driver's licenses.
Xlight FTP 1.1 - Denial Of Service (DOS)
Xlight FTP 1.1 - Denial Of Service (DOS). CVE-2024-0737 . dos exploit for Multiple platform
Third-Party Breach Impacts Majority of Allianz Life US Customers
Insurance firm Allianz Life said that a threat actor accessed personally identifiable information of the majority of its 1.4 million US customers
Des milliers de cartes d’identité volées par des hackers sur Tea, l’app qui voulait protéger les femmes
L'application Tea, qui permettait à des femmes de s'échanger des informations sur les hommes qu'elles rencontrent, a été victime d'une fuite de données. Des pièces d'identité et des selfies de vérification des utilisatrices ont été exposés, et dérobées par des hackers. Les développeurs de Tea s'en mordent les doigts
Microsoft SharePoint Zero-Day - Schneier on Security
Chinese hackers are exploiting a high-severity vulnerability in Microsoft SharePoint to steal data worldwide: The vulnerability, tracked as CVE-2025-53770, carries a severity rating of 9.8 out of a possible 10. It gives unauthenticated remote access to SharePoint Servers exposed to the Internet. Starting Friday, researchers began warning of active exploitation of the vulnerability, which affects SharePoint Servers that infrastructure customers run in-house. Microsoft’s cloud-hosted SharePoint Online and Microsoft 365 are not affected. Here’s...
Best CompTIA Network+ Cheat Sheet (Updated for N10-009 Exam)
Overloaded by the latest Network+ certification study materials? This CompTIA Network+ cheat sheet is for you—get your copy now and ace the exam fast.
Social engineering attack obtains data on ‘majority’ of Allianz Life customers
Minneapolis-based Allianz Life said “a malicious threat actor gained access to a third-party CRM system” earlier in July, breaching data of a large amount of its customers.
U.S. Strikes on Iran Could Trigger Cyber Retaliation | CSA
Recent global events highlight the need to look at computer networks as an adversary would. AI tools are lowering the bar for hacktivists hoping to wreak havoc.
Email Security Is Stuck in the Antivirus Era: Why It Needs a Modern Approach
Legacy email filters miss post-delivery threats in Microsoft 365 and Google Workspace, exposing data. Here's how EDR-style tools change the game.
Naval Group Denies Hack Claims, Alleges "Reputational Attack"
Despite claims by a hacker, French defense company Naval Group has detected no intrusions into its IT environments at the time of writing
Sophos’ Secure by Design 2025 Progress
We are pleased to openly share our pledges and the progress we are making in each of the seven core pillars of product security in the Secure by Design framework
Quand un hacker tente de transformer l’assistant IA d’Amazon en outil destructeur
Suggestions de code, aide au débogage, automatisation des tâches… la promesse d’Amazon Q Developer est simple : fluidifier le travail des développeurs. Et si cette extension, téléchargée près d’un million de fois, était piratée et se retrouvait programmée pour essayer d’effacer toutes vos données ? C’est le scénario
Microsoft’s software licensing playbook is a national security risk | CyberScoop
The tech giant’s model is built around anticompetitive practices, the head of the Coalition for Fair Software Licensing argues.
China-linked group Fire Ant exploits VMware and F5 flaws since early 2025
China-linked group Fire Ant exploits VMware and F5 flaws to stealthily breach secure systems, reports cybersecurity firm Sygnia.
Emerging cybersecurity needs: What the market is telling us
Default-deny, strict controls, and real-time monitoring: how to stop threats before they start.
US Woman Gets Eight Years for Part in $17m North Korean Scheme
Arizonan woman sentenced to 102 months for operating laptop farm for North Korean IT workers
Dating App Breach Exposes Images of 13,000 Women
Dating app Tea has been compromised by a hacker, resulting in the exposure of 13,000 selfies