Today is the day…#LABScon2025 is live from Phoenix, AZ. Get ready for two days of unique research and excellent speakers.

New: French phone giant Bouygues confirmed a data breach affects the personal information of 6.4 million customers.

Bouygues disclosed the breach on a dedicated web page; however, the page is currently deliberately excluded from search engines using "noindex" code, making it more difficult to find.

Enjoying the #threebuddyproblem podcast live from BH /Vegas!

If all goes to plan, I’ll be in Vegas for #BlackHat this week. DM me if you would like to meet. See y’all soon and safe travels to all!

Update: Microsoft has released security updates that fully protect customers using all supported versions of SharePoint affected by CVE-2025-53770 and CVE-2025-53771. Customers should apply these updates immediately.

Full guidance and detection details: msft.it/6010sDzSE.

Microsoft Patches ‘ToolShell’ Zero-Days Exploited to Hack SharePoint Servers - www.securityweek.com/microsoft-pa...

New from 404 Media: a startup is selling data hacked from peoples' computers to debt collectors, divorce lawyers, more. People already hacked, now being re-vicitmized by startup. I used the tool, found peoples' personal addresses.

“This is so gross and predatory.”

www.404media.co/a-startup-is...

No patch but here’s the suggested mitigations from MSFT:
Configure Antimalware Scan Interface integration in SharePoint and deploy Defender AV on all SharePoint servers, and/or consider disconnecting your server from the internet until a security update is available.

www.forbes.com/sites/daveyw...

A website developed for the UK Home Office's 2022 "flop" anti-encryption campaign has seemingly been hijacked to push a payday loan scheme.
www.theregister.com/2025/06/25/h...

Iran's APT42 (Charming Kitten) hacker team is now conducting targeted spearphishing attacks on high-profile Israeli national security journalists and cybersecurity researchers, according to Check Point. blog.checkpoint.com/security/edu...

After five incredible years at
@lutasecurity.bsky.social I’ll be moving on at the end of the month and looking for a new senior communications leadership role within the cybersecurity industry. For more info about my background, please read: tinyurl.com/yeyw4xb6. Thanks!

Phew…CISA extends MITRE-backed CVE contract hours before its lapse
www.nextgov.com/cybersecurit...

Uncle Sam abruptly turns off funding for CVE program. Yes, that CVE program - by @jessicalyons.bsky.social at @theregister.com

www.theregister.com/AMP/2025/04/...

#Cryptocurrency Exchanges—Do you need a security assessment? Do you need an audit for your #bugbounty program? Hire LutaSecurity—the only company led by a co-author of the international standards on vuln disclosure & handling processes. @lutasecurity.bsky.social www.lutasecurity.com/bug-bounty-s...

NEW: The Trump admin has fired members of the Cyber Safety Review Board, a committee that was lauded for its investigation into Microsoft hacks of 2023, and was working on the recent Salt Typhoon telco hacks.

One source called it a “horribly shortsighted” decision.

techcrunch.com/2025/01/22/t...

Back in DC. Not for political reasons. Still feels like home.

Who's ready to sign up for @lutasecurity.bsky.social's Long Spoons Workforce Platform?