Latest CyberSec News by @thecyberpicker

Latest CyberSec News by @thecyberpicker

30533 bookmarks
Custom sorting
ToolShell: Details of CVEs Affecting SharePoint Servers
ToolShell: Details of CVEs Affecting SharePoint Servers
Cisco Talos is aware of the ongoing exploitation of CVE-2025-53770 and CVE-2025-53771 in the wild. These are path traversal vulnerabilities affecting SharePoint Server Subscription Edition, SharePoint Server 2016, and SharePoint Server 2019.
·blog.talosintelligence.com·
ToolShell: Details of CVEs Affecting SharePoint Servers
Ring denies breach after users report suspicious logins
Ring denies breach after users report suspicious logins
Ring is warning that a backend update bug is responsible for customers seeing a surge in unauthorized devices logged into their account on May 28th.
·bleepingcomputer.com·
Ring denies breach after users report suspicious logins
Hackers hit Dell product demo platform, but impact is limited
Hackers hit Dell product demo platform, but impact is limited
A Dell spokesperson said the site is “intentionally separated from customer and partner systems, as well as Dell’s networks and is not used in the provision of services to Dell customers.”
·therecord.media·
Hackers hit Dell product demo platform, but impact is limited
How IT leaders infuse cyber hygiene into daily work
How IT leaders infuse cyber hygiene into daily work
For technology chiefs, a “do as I say, not as I do” stance could lead to a security breach. Instead, cyber awareness can be taught by example.
·cybersecuritydive.com·
How IT leaders infuse cyber hygiene into daily work
Iranian Hackers Deploy New Android Spyware Version
Iranian Hackers Deploy New Android Spyware Version
New samples of DCHSpy, a spyware implant linked to Iranian APT group MuddyWater, were detected by Lookout one week after the start of the Israel-Iran conflict
·infosecurity-magazine.com·
Iranian Hackers Deploy New Android Spyware Version
ExpressVPN bug leaked user IPs in Remote Desktop sessions
ExpressVPN bug leaked user IPs in Remote Desktop sessions
ExpressVPN has fixed a flaw in its Windows client that caused Remote Desktop Protocol (RDP) traffic to bypass the virtual private network (VPN) tunnel, exposing the users' real IP addresses.
·bleepingcomputer.com·
ExpressVPN bug leaked user IPs in Remote Desktop sessions
Veeam Recovery Orchestrator users locked out after MFA rollout
Veeam Recovery Orchestrator users locked out after MFA rollout
Veeam warned customers today that a recently released Recovery Orchestrator version blocks Web UI logins after enabling multi-factor authentication (MFA).
·bleepingcomputer.com·
Veeam Recovery Orchestrator users locked out after MFA rollout
Sous les bombes à Kiev avec les cyberdéfenseurs ukrainiens : « Le réseau dépendait de nous »
Sous les bombes à Kiev avec les cyberdéfenseurs ukrainiens : « Le réseau dépendait de nous »
L’un a vécu deux mois surréalistes dans un data center assiégé. L’autre se réveille la nuit pour combattre les hackers russes. Numerama s’est rendu en Ukraine pour rapporter les histoires de Kostya et Dmytro, haut commandants dans le privé de la cyberdéfence du pays. « Vybachte, odyn moment. » Excusez-moi, un
·numerama.com·
Sous les bombes à Kiev avec les cyberdéfenseurs ukrainiens : « Le réseau dépendait de nous »
New malware samples exfiltrate WhatsApp data to target Iran regime’s enemies
New malware samples exfiltrate WhatsApp data to target Iran regime’s enemies
Researchers from the cybersecurity firm Lookout detected the latest version of DCHSpy one week after Israel’s June bombing campaign targeting Iran’s nuclear program began. DCHSpy was first detected in 2024, but has since evolved and can now exfiltrate data from WhatsApp and files stored on devices, Lookout said.
·therecord.media·
New malware samples exfiltrate WhatsApp data to target Iran regime’s enemies
Fake Receipt Generators Fuel Rise in Online Fraud
Fake Receipt Generators Fuel Rise in Online Fraud
An investigation has revealed novel scams using tools like MaisonReceipts, creating realistic fake receipts to resell stolen or counterfeit good
·infosecurity-magazine.com·
Fake Receipt Generators Fuel Rise in Online Fraud
Microsoft Fix Targets Attacks on SharePoint Zero-Day
Microsoft Fix Targets Attacks on SharePoint Zero-Day
On Sunday, July 20, Microsoft Corp. issued an emergency security update for a vulnerability in SharePoint Server that is actively being exploited to compromise vulnerable organizations. The patch comes amid reports that malicious hackers have used the Sharepoint flaw to…
·krebsonsecurity.com·
Microsoft Fix Targets Attacks on SharePoint Zero-Day
Dior begins sending data breach notifications to U.S. customers
Dior begins sending data breach notifications to U.S. customers
The House of Dior (Dior) is sending data breach notifications to U.S. customers informing them that a May cybersecurity incident compromised their personal information.
·bleepingcomputer.com·
Dior begins sending data breach notifications to U.S. customers
« Bonjour vous êtes chez vous » : comment signaler le célèbre SMS de phishing
« Bonjour vous êtes chez vous » : comment signaler le célèbre SMS de phishing
Depuis plusieurs semaines, une vaste campagne de phishing par SMS cible les Français. Le désormais célèbre « Bonjour, vous êtes chez vous ? » se révèle bien plus sournois qu’il n’y paraît. La bonne nouvelle, c’est que tout le monde peut agir pour s’en protéger. Rassurez-vous, vous n’êtes pas seuls à l’avoir reçu. Ce
·numerama.com·
« Bonjour vous êtes chez vous » : comment signaler le célèbre SMS de phishing