Latest CyberSec News by @thecyberpicker

Latest CyberSec News by @thecyberpicker

30533 bookmarks
Custom sorting
Reflecting on the 2023 Toyota Data Breach | CSA
Reflecting on the 2023 Toyota Data Breach | CSA
Several critical data governance and security vulnerabilities contributed to the 2023 Toyota data breach, including misconfiguration and inadequate controls.
·cloudsecurityalliance.org·
Reflecting on the 2023 Toyota Data Breach | CSA
Plus de 50 entreprises piratées à cause de Microsoft SharePoint… et ce n’est pas fini
Plus de 50 entreprises piratées à cause de Microsoft SharePoint… et ce n’est pas fini
Des acteurs malveillants ont exploité mi-juillet 2025 des failles de sécurité critiques sur Microsoft SharePoint. Des attaques ciblées, qui concernent les versions dites « on-premise », installées localement chez le client, permettent à un attaquant d’exécuter à distance du code. Microsoft a déjà identifié au moins
·numerama.com·
Plus de 50 entreprises piratées à cause de Microsoft SharePoint… et ce n’est pas fini
Another Supply Chain Vulnerability - Schneier on Security
Another Supply Chain Vulnerability - Schneier on Security
ProPublica is reporting: Microsoft is using engineers in China to help maintain the Defense Department’s computer systems—with minimal supervision by U.S. personnel—leaving some of the nation’s most sensitive data vulnerable to hacking from its leading cyber adversary, a ProPublica investigation has found. The arrangement, which was critical to Microsoft winning the federal government’s cloud computing business a decade ago, relies on U.S. citizens with security clearances to oversee the work and serve as a barrier against espionage and sabotage...
·schneier.com·
Another Supply Chain Vulnerability - Schneier on Security
Assessing the Role of AI in Zero Trust
Assessing the Role of AI in Zero Trust
AI now powers Zero Trust enforcement across all CISA pillars, helping 80% of firms adopt by 2026. Learn why human-machine teaming is key.
·thehackernews.com·
Assessing the Role of AI in Zero Trust
Dell confirms breach of test lab platform by World Leaks extortion group
Dell confirms breach of test lab platform by World Leaks extortion group
A newly rebranded extortion gang known as "World Leaks" breached one of Dell's product demonstration platforms earlier this month and is now trying to extort the company into paying a ransom.
·bleepingcomputer.com·
Dell confirms breach of test lab platform by World Leaks extortion group
Learn 14 Languages from Babbel with this exclusive StackSocial deal
Learn 14 Languages from Babbel with this exclusive StackSocial deal
Learning a new language doesn't have to mean night classes, bulky textbooks, or boring apps. With Babbel, you can pick up real-world conversation skills through short, fun, and practical lessons. And right now, you can get a lifetime subscription for only $159 (regularly $599).
·bleepingcomputer.com·
Learn 14 Languages from Babbel with this exclusive StackSocial deal
Over 1,000 CrushFTP servers exposed to ongoing hijack attacks
Over 1,000 CrushFTP servers exposed to ongoing hijack attacks
Over 1,000 CrushFTP instances currently exposed online are vulnerable to hijack attacks that exploit a critical security bug, providing admin access to the web interface.
·bleepingcomputer.com·
Over 1,000 CrushFTP servers exposed to ongoing hijack attacks
Microsoft releases emergency patches for SharePoint RCE flaws exploited in attacks
Microsoft releases emergency patches for SharePoint RCE flaws exploited in attacks
Microsoft has released emergency SharePoint security updates for two zero-day vulnerabilities tracked as CVE-2025-53770 and CVE-2025-53771 that have compromised services worldwide in "ToolShell" attacks.
·bleepingcomputer.com·
Microsoft releases emergency patches for SharePoint RCE flaws exploited in attacks
HPE warns of hardcoded passwords in Aruba access points
HPE warns of hardcoded passwords in Aruba access points
Hewlett-Packard Enterprise (HPE) is warning of hardcoded credentials in Aruba Instant On Access Points that allow attackers to bypass normal device authentication and access the web interface.
·bleepingcomputer.com·
HPE warns of hardcoded passwords in Aruba access points
Microsoft SharePoint zero-day exploited in RCE attacks, no patch available
Microsoft SharePoint zero-day exploited in RCE attacks, no patch available
A critical zero-day vulnerability in Microsoft SharePoint, tracked as CVE-2025-53770, has been actively exploited since at least July 18th, with no patch available and at least 85 servers already compromised worldwide.
·bleepingcomputer.com·
Microsoft SharePoint zero-day exploited in RCE attacks, no patch available