Manuel Bissey
@mbissey.bsky.social
#Cybersecurity and Risk Management Executive @Microsoft. Passionate about #Cyberdefense, #Technology and #Innovation. Views are my own.
A Venezuelan oil company downplays an alleged US-linked cyberattack — where geopolitics and energy infrastructure intersect, silence doesn’t mean safety. ⚙️🌍 #IndustrialSecurity #GeoCyberThreats
Venezuelan Oil Company Downplays Alleged US Cyberattack
But media reports described the attack as causing major disruption to PDVSA, the state-owned oil and natural gas company.
buff.ly
December 17, 2025 at 4:04 PM
A Venezuelan oil company downplays an alleged US-linked cyberattack — where geopolitics and energy infrastructure intersect, silence doesn’t mean safety. ⚙️🌍 #IndustrialSecurity #GeoCyberThreats
SoundCloud suffers a breach affecting DoS VPN user data — even creative platforms must guard access and network-layer info. 🎧🔓 #DataBreach #PlatformSecurity
SoundCloud breached, hit by DoS attacks - Help Net Security
Audio streaming service SoundCloud has suffered a breach and has been repeatedly hit by denial of service attacks, the company confirmed.
buff.ly
December 17, 2025 at 2:05 PM
SoundCloud suffers a breach affecting DoS VPN user data — even creative platforms must guard access and network-layer info. 🎧🔓 #DataBreach #PlatformSecurity
Cellik Android malware rebuilds trusted Google Play apps into malicious versions — supply-chain abuse is moving straight into app stores. Trust must be verified, not assumed. 📱⚠️ #AndroidSecurity #SupplyChainRisk
Microsoft: Recent Windows updates break VPN access for WSL users
Microsoft says that recent Windows 11 security updates are causing VPN networking failures for enterprise users running Windows Subsystem for Linux.
buff.ly
December 17, 2025 at 11:05 AM
Cellik Android malware rebuilds trusted Google Play apps into malicious versions — supply-chain abuse is moving straight into app stores. Trust must be verified, not assumed. 📱⚠️ #AndroidSecurity #SupplyChainRisk
VolkLocker ransomware was exposed by hardcoded flaws — even advanced extortion ops can fail on basic mistakes. Attackers rush; defenders should exploit that. 🔓💥 #Ransomware #ThreatIntel
VolkLocker Ransomware Exposed by Hard-Coded Master Key Allowing Free Decryption
Cybersecurity, Ransomware, Malware, Encryption, Cybercrime, Linux, Windows, Telegram, Data Recovery
buff.ly
December 17, 2025 at 9:05 AM
VolkLocker ransomware was exposed by hardcoded flaws — even advanced extortion ops can fail on basic mistakes. Attackers rush; defenders should exploit that. 🔓💥 #Ransomware #ThreatIntel
Chrome and Edge privacy extensions quietly collect user data — not all “privacy tools” protect privacy. Verify before you trust. 🛡️📊 #PrivacyRisk #BrowserSecurity
Chrome, Edge privacy extensions quietly snarf AI chats
: More than 8 million people have installed extensions that eavesdrop on chatbot interactions
buff.ly
December 17, 2025 at 7:39 AM
Chrome and Edge privacy extensions quietly collect user data — not all “privacy tools” protect privacy. Verify before you trust. 🛡️📊 #PrivacyRisk #BrowserSecurity
React2Shell vulnerability is being actively exploited in the wild — developers must patch urgently to stop code execution attacks. ⚛️🔥 #ReactSecurity #ZeroDayAlert
React2Shell Vulnerability Actively Exploited to Deploy Linux Backdoors
React2Shell vulnerability CVE-2025-55182 is actively exploited to deploy Linux malware, run commands, and steal cloud credentials at scale.
buff.ly
December 16, 2025 at 4:04 PM
React2Shell vulnerability is being actively exploited in the wild — developers must patch urgently to stop code execution attacks. ⚛️🔥 #ReactSecurity #ZeroDayAlert
New research shows MFA adoption is shifting security postures — strong authentication is moving from optional to foundational. 🔐📈 #IdentitySecurity #MFAAdoption
Passwordless is finally happening, and users barely notice - Help Net Security
MFA security shift shows rising passwordless use and smoother sign in as organizations adopt user focused authentication methods.
buff.ly
December 16, 2025 at 2:05 PM
New research shows MFA adoption is shifting security postures — strong authentication is moving from optional to foundational. 🔐📈 #IdentitySecurity #MFAAdoption
Cyber insurance MGAs are reshaping policies to reflect real cyber risk — moving coverage from paperwork to practical protection. 📋🛡️ #CyberInsurance #RiskManagement
What is a Cyber Insurance Managing General Agent?
A cybersecurity policy written by a managing general agent (MGA) is more likely to reflect an understanding of the security risks CISOs are dealing with.
buff.ly
December 16, 2025 at 11:05 AM
Cyber insurance MGAs are reshaping policies to reflect real cyber risk — moving coverage from paperwork to practical protection. 📋🛡️ #CyberInsurance #RiskManagement
French Interior Ministry email servers were breached in a cyberattack — files were accessed, but there’s currently no evidence of serious compromise. An investigation is underway as security is tightened. 🇫🇷📧 #GovernmentSecurity #IncidentResponse 
French Interior Minister says hackers breached its email servers
France’s Interior Minister confirmed that a cyberattack breached the Interior Ministry, compromising its email servers.
buff.ly
December 16, 2025 at 9:05 AM
French Interior Ministry email servers were breached in a cyberattack — files were accessed, but there’s currently no evidence of serious compromise. An investigation is underway as security is tightened. 🇫🇷📧 #GovernmentSecurity #IncidentResponse 
New study shows AI-generated phishing training boosts user detection rates — simulated threats build real resilience. Educate before you react. 🎓📧 #PhishingAwareness #AITraining
AI might be the answer for better phishing resilience - Help Net Security
Researchers tested AI generated phishing training to see if users became better at spotting suspicious emails.
buff.ly
December 16, 2025 at 7:39 AM
New study shows AI-generated phishing training boosts user detection rates — simulated threats build real resilience. Educate before you react. 🎓📧 #PhishingAwareness #AITraining
A Gogs zero-day is under active exploitation — source-control systems can’t be trusted without rapid patching and scoped access controls. 🛠️🚨 #DevSecOps #ZeroDayAlert
700+ self-hosted Git instances battered in 0-day attacks
: More than half of internet-exposed instances already compromised
buff.ly
December 15, 2025 at 4:05 PM
A Gogs zero-day is under active exploitation — source-control systems can’t be trusted without rapid patching and scoped access controls. 🛠️🚨 #DevSecOps #ZeroDayAlert
☢️ Apple issues security updates after two active zero-days were exploited in the wild — urgent patching is non-negotiable. 🍏⚠️ #iOSSecurity #ZeroDayAlert
Apple Issues Security Updates After Two WebKit Flaws Found Exploited in the Wild
Apple fixes two exploited WebKit bugs targeting specific users, issuing security updates across iOS, macOS, and Safari.
buff.ly
December 15, 2025 at 2:05 PM
☢️ Apple issues security updates after two active zero-days were exploited in the wild — urgent patching is non-negotiable. 🍏⚠️ #iOSSecurity #ZeroDayAlert
Hacktivists are targeting critical infrastructure — where ideology meets impact, outages become statements. Protecting grids and networks is now a civic duty. ⚡🌐 #CyberWarfare #Hacktivism
CISA: Pro-Russia Hacktivists Target US Critical Infrastructure
So far the attacks, which compromise VNC connections in OT systems, have not been particularly destructive, but this could change as they evolve.
buff.ly
December 15, 2025 at 11:05 AM
Hacktivists are targeting critical infrastructure — where ideology meets impact, outages become statements. Protecting grids and networks is now a civic duty. ⚡🌐 #CyberWarfare #Hacktivism
☝️ Global ransomware trends in 2025 show data extortion overtaking encryption, bigger payouts, and faster attacks. Defense must be proactive, not reactive. 🗂️💣 #Ransomware #ThreatLandscape
Ransomware keeps widening its reach - Help Net Security
New research tracks global ransomware trends and shows how exposure and security posture vary across sectors, raising concerns for CISOs.
buff.ly
December 15, 2025 at 9:05 AM
☝️ Global ransomware trends in 2025 show data extortion overtaking encryption, bigger payouts, and faster attacks. Defense must be proactive, not reactive. 🗂️💣 #Ransomware #ThreatLandscape
PayPal subscription misuse is driving fake purchase emails — scammers exploiting trusted billing flows to phish and defraud. Always verify before you click. 📧⚠️ #PhishingScams #FraudAwareness
Beware: PayPal subscriptions abused to send fake purchase emails
An email scam is abusing abusing PayPal's "Subscriptions" billing feature to send legitimate PayPal emails that contain fake purchase notifications embedded in the Customer service URL field.
buff.ly
December 15, 2025 at 7:39 AM
PayPal subscription misuse is driving fake purchase emails — scammers exploiting trusted billing flows to phish and defraud. Always verify before you click. 📧⚠️ #PhishingScams #FraudAwareness
☝️ Gartner recommends banning AI-powered browsers in sensitive environments — convenience is colliding with data leakage and prompt injection risks. Control before curiosity. 🚫🌐 #AIBrowsers #DataProtection
Block all AI browsers for the foreseeable future: Gartner
: Analysts worry lazy users could have agents complete mandatory infosec training, and attackers could do far nastier things
buff.ly
December 12, 2025 at 4:04 PM
☝️ Gartner recommends banning AI-powered browsers in sensitive environments — convenience is colliding with data leakage and prompt injection risks. Control before curiosity. 🚫🌐 #AIBrowsers #DataProtection
AI and OT still don’t mix easily — safety, latency, and legacy constraints clash with data-hungry models. Securing industrial AI means redesigning, not retrofitting. ⚙️🤖 #OTSecurity #IndustrialAI
AI in OT Sparks Cascade of Complex Challenges
Using artificial intelligence in operational technology environments could be a bumpy ride full of trust issues and security challenges.
buff.ly
December 12, 2025 at 2:05 PM
AI and OT still don’t mix easily — safety, latency, and legacy constraints clash with data-hungry models. Securing industrial AI means redesigning, not retrofitting. ⚙️🤖 #OTSecurity #IndustrialAI
Chrome is being targeted by active in-the-wild exploits — real attacks, real victims. Patch immediately and harden browser defenses before the window closes. 🌐🚨 #BrowserSecurity #ZeroDayAlert
Chrome Targeted by Active In-the-Wild Exploit Tied to Undisclosed High-Severity Flaw
Google issues a Chrome update to fix actively exploited issue 466192044 and other confirmed 2025 security flaws.
buff.ly
December 12, 2025 at 11:05 AM
Chrome is being targeted by active in-the-wild exploits — real attacks, real victims. Patch immediately and harden browser defenses before the window closes. 🌐🚨 #BrowserSecurity #ZeroDayAlert
Mobile networks are under growing security pressure — 5G scale, legacy tech, and rising attacks demand stronger coordination and faster defenses. Connectivity must be resilient by design. 📡⚠️ #MobileSecurity #NetworkResilience
Uneven regulatory demands expose gaps in mobile security - Help Net Security
Mobile network security pressures are rising as operators face growing attacks, higher costs, and tougher regulatory demands.
buff.ly
December 12, 2025 at 9:05 AM
Mobile networks are under growing security pressure — 5G scale, legacy tech, and rising attacks demand stronger coordination and faster defenses. Connectivity must be resilient by design. 📡⚠️ #MobileSecurity #NetworkResilience
Hackers are exploiting a cryptographic flaw in Gladinet CentreStack to launch RCE attacks — weak crypto still opens the door to full compromise. Patch fast. 🔓⚠️ #CryptographicRisk #RCEThreats
Hackers exploit Gladinet CentreStack cryptographic flaw in RCE attacks
Hackers are exploiting a new, undocumented vulnerability in the implementation of the cryptographic algorithm present in Gladinet's CentreStack and Triofox products for secure remote file access and…
buff.ly
December 12, 2025 at 7:39 AM
Hackers are exploiting a cryptographic flaw in Gladinet CentreStack to launch RCE attacks — weak crypto still opens the door to full compromise. Patch fast. 🔓⚠️ #CryptographicRisk #RCEThreats
New research trends reveal rising focus on AI risks, supply-chain exposure, and human-centric attacks — the future threatscape is diverse and accelerating. Stay curious, stay ready. 🔍⚡️ #CyberResearch #EmergingThreats
The hidden dynamics shaping who produces influential cybersecurity research - Help Net Security
Cybersecurity research trends show shifts in team structures, gender balance, and collaboration networks, offering insight into the field.
buff.ly
December 11, 2025 at 4:04 PM
New research trends reveal rising focus on AI risks, supply-chain exposure, and human-centric attacks — the future threatscape is diverse and accelerating. Stay curious, stay ready. 🔍⚡️ #CyberResearch #EmergingThreats
Researchers uncovered 30 flaws in AI developer tools — proving that even the platforms building the future can introduce tomorrow’s vulnerabilities. Secure the pipeline, secure the model. 🤖⚠️ #AISecurity #DevToolsRisk
Researchers Uncover 30+ Flaws in AI Coding Tools Enabling Data Theft and RCE Attacks
More than 30 security flaws in AI-powered IDEs allow data leaks and remote code execution, showing major risks in modern coding tools.
buff.ly
December 11, 2025 at 2:05 PM
Researchers uncovered 30 flaws in AI developer tools — proving that even the platforms building the future can introduce tomorrow’s vulnerabilities. Secure the pipeline, secure the model. 🤖⚠️ #AISecurity #DevToolsRisk
Storm-0249 is now targeting EDR processes to stay hidden — striking at the very tools meant to catch them. When visibility is blinded, compromise follows. 👀💀 #EDREvasion #ThreatIntelligence
Storm-0249 Abuses EDR Processes in Stealthy Attacks
The initial access broker has been weaponizing endpoint detection and response (EDR) platforms and Windows utilities in recent high-precision attacks.
buff.ly
December 11, 2025 at 11:05 AM
Storm-0249 is now targeting EDR processes to stay hidden — striking at the very tools meant to catch them. When visibility is blinded, compromise follows. 👀💀 #EDREvasion #ThreatIntelligence
Security teams are struggling with collaboration gaps — silos slow response while attackers move fast. Teamwork is becoming a core security control. 🤝⚠️ #SecurityCulture #TeamResilience
Teamwork is failing in slow motion and security feels it - Help Net Security
Teamwork is breaking down in new ways as AI spreads, creating security gaps that leaders must address to protect workflows and data.
buff.ly
December 11, 2025 at 9:05 AM
Security teams are struggling with collaboration gaps — silos slow response while attackers move fast. Teamwork is becoming a core security control. 🤝⚠️ #SecurityCulture #TeamResilience
Google ads offering “shared ChatGPT/Grok guides” are pushing macOS infostealers — weaponizing curiosity and search traffic. Even helpful-looking tutorials can bite. 🍏⚠️ #Malvertising #MacSecurity
Google ads for shared ChatGPT, Grok guides push macOS infostealer malware
A new AMOS infostealer campaign is abusing Google search ads to lure users into Grok and ChatGPT conversations that appear to offer "helpful" instructions but ultimately lead to installing the AMOS…
buff.ly
December 11, 2025 at 7:39 AM
Google ads offering “shared ChatGPT/Grok guides” are pushing macOS infostealers — weaponizing curiosity and search traffic. Even helpful-looking tutorials can bite. 🍏⚠️ #Malvertising #MacSecurity