Kevin Poireault

𝗡𝗘𝗪 - 𝗨𝗞'𝘀 𝗖𝘆𝗯𝗲𝗿 𝗦𝗲𝗿𝘃𝗶𝗰𝗲 𝗳𝗼𝗿 𝗧𝗲𝗹𝗰𝗼𝘀 𝗕𝗹𝗼𝗰𝗸𝘀 𝟭 𝗕𝗶𝗹𝗹𝗶𝗼𝗻 𝗠𝗮𝗹𝗶𝗰𝗶𝗼𝘂𝘀 𝗦𝗶𝘁𝗲 𝗔𝘁𝘁𝗲𝗺𝗽𝘁𝘀

Almost one billion early-stage cyber-attacks have been prevented in the past year in the UK thanks to Share and Defend, a service run by @ncsc.gov.uk.

www.infosecurity-magazine.com/news/uk-cybe...

𝗡𝗘𝗪 - 𝗨𝗞 𝗥𝗮𝗻𝘀𝗼𝗺𝘄𝗮𝗿𝗲 𝗣𝗮𝘆𝗺𝗲𝗻𝘁 𝗕𝗮𝗻 𝘁𝗼 𝗖𝗼𝗺𝗲 𝘄𝗶𝘁𝗵 𝗘𝘅𝗲𝗺𝗽𝘁𝗶𝗼𝗻𝘀

Speaking at the @financialtimes.com's Cyber Resilience Summit: Europe today, British Security Minister Dan Jarvis said the ban on ransomware payments will include "national security exemptions."

www.infosecurity-magazine.com/news/uk-rans...

👀 VulnWatch Monday: CVE-2025-35028 🔓

A critical vulnerability was found by the Austin Hackers Association in HexStrike AI MCP server.

takeonme.org/cves/cve-202...

🔎 VulnWatch Friday: CVE-2025-66022 🔓

A critical vulnerability was discovered in Faction, a pentesting report generation framework developed by Faction Security.

🔧 This issue has been patched in version 1.7.1.
🔎 nvd.nist.gov/vuln/detail/...

𝗡𝗘𝗪 - 𝗙𝗿𝗲𝗻𝗰𝗵 𝗙𝗼𝗼𝘁𝗯𝗮𝗹𝗹 𝗙𝗲𝗱𝗲𝗿𝗮𝘁𝗶𝗼𝗻 𝗦𝘂𝗳𝗳𝗲𝗿𝘀 𝗗𝗮𝘁𝗮 𝗕𝗿𝗲𝗮𝗰𝗵

🇫🇷 The FFF detected unauthorized access to the software platform used by all licensed football clubs in France to manage administrative tasks, incl. registering their players with the federation.

📰 www.infosecurity-magazine.com/news/french-...

🇬🇧 Cyber Security & Resilience Bill: Key Changes Revealed

Shona Lester, Head of CSR Bill Team, just shared the bill's key provisions.

Here’s what’s coming:
☑️ Expanded Regulatory Scope
☑️ Enhanced Incident Reporting
☑️ Strengthened Regulatory Powers

📰 www.infosecurity-magazine.com/news/key-pro...

Pour les plus friands de détails techniques mais pas forcément anglophones, j’ai aussi concocté un tableau résumant les résultats de l’analyse des chercheurs, à découvrir ici : datawrapper.dwcdn.net/Ea0qo/13/

Votre VPN est-il vulnérable à la censure numérique ?

Des chercheurs de l’IIIT Delhi, en Inde, se sont demandé dans quelle mesure un gouvernement pourrait détecter du trafic VPN et ainsi (potentiellement) le bloquer.

On vous explique ce qu'ils ont trouvé ⬇️

coupecircuit.substack.com/p/vpn-voici-...

🚨 𝐎𝐩. 𝐄𝐧𝐝𝐠𝐚𝐦𝐞 3.0 𝐃𝐢𝐬𝐦𝐚𝐧𝐭𝐥𝐞𝐬 𝐑𝐡𝐚𝐝𝐚𝐦𝐚𝐧𝐭𝐡𝐲𝐬, 𝐕𝐞𝐧𝐨𝐦𝐑𝐀𝐓 𝐚𝐧𝐝 𝐄𝐥𝐲𝐬𝐢𝐮𝐦

The third "season" of Operation Endgame resulted in:
🗄️ Over 1025 servers taken down or disrupted
🌐 20 domains seized
🚪 11 locations searched
👮 One arrest

📰 www.infosecurity-magazine.com/news/operati...

𝐏𝐎𝐃𝐂𝐀𝐒𝐓 - 𝐇𝐨𝐰 𝐏𝐫𝐢𝐯𝐚𝐭𝐞 𝐑𝐞𝐬𝐞𝐚𝐫𝐜𝐡𝐞𝐫𝐬 𝐀𝐫𝐞 𝐓𝐚𝐤𝐢𝐧𝐠 𝐃𝐨𝐰𝐧 𝐑𝐚𝐧𝐬𝐨𝐦𝐰𝐚𝐫𝐞 𝐎𝐩𝐞𝐫𝐚𝐭𝐢𝐨𝐧𝐬

I sat down with Matthew Maynard, a cybersecurity pro by day and a cyber ghost-buster by night, who doesn’t just hunt vulnerabilities, but haunts the hackers themselves.

🎧 Listen here: feeds.soundcloud.com/users/soundc...

YouTube video by Times Radio Russia may be behind European airport cyber attacks: 'Anything is possible'

My post is mainly about the thumbnails above and below. The videos from the Times Radio actually show good reporting. But I feel like many people seeing these thumbnails will immediately believe "The Times is claiming it comes from the Kremlin." (5/5)

www.youtube.com/watch?v=GPoe...

Journalists (and politicians) have a responsibility to avoid amplifying unproven claims, no matter how tempting the headline. Let’s demand evidence-first reporting, even when the story is breaking. (4/5)

Airports latest: Government must say if Russia behind European airport cyber attack chaos, Lib Dems demand Multiple European airports have said they have been impacted by a suspected cyber attack, with Heathrow passengers stranded for hours and flights cancelled in Brussels.

I understand why this framing exists: The Lib Dems’ statement is newsworthy, and Putin’s image drives clicks. But at this stage, I believe there is no public evidence linking Russia (or any state actor) to this attack. (3/5)

news.sky.com/story/cyber-...

YouTube video by Times Radio Heathrow cyber attack brings chaos and disruption: Is Putin responsible?

But when a major outlet like The Times frames the story with Vladimir Putin’s face, amplifying the Lib Dems’ call for the government to disclose Kremlin involvement, it risks prioritizing engagement over evidence. (2/5)

www.youtube.com/watch?v=xZ_3...

Airport Chaos Enters Third Day After Supply Chain Attack Heathrow, Brussels, Dublin and Berlin airports are among those disrupted by a cyber-attack on Collins Aerospace

𝘗𝘦𝘳𝘴𝘰𝘯𝘢𝘭 𝘰𝘱𝘪𝘯𝘪𝘰𝘯: 𝐂𝐲𝐛𝐞𝐫𝐬𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐑𝐞𝐩𝐨𝐫𝐭𝐢𝐧𝐠 𝐒𝐡𝐨𝐮𝐥𝐝𝐧’𝐭 𝐉𝐮𝐦𝐩 𝐭𝐨 𝐆𝐞𝐨𝐩𝐨𝐥𝐢𝐭𝐢𝐜𝐚𝐥 𝐂𝐨𝐧𝐜𝐥𝐮𝐬𝐢𝐨𝐧𝐬 (𝐄𝐬𝐩𝐞𝐜𝐢𝐚𝐥𝐥𝐲 𝐖𝐢𝐭𝐡𝐨𝐮𝐭 𝐄𝐯𝐢𝐝𝐞𝐧𝐜𝐞)

The latest cyberattack on airports is a serious incident that warrants thorough investigation. (1/5)

www.infosecurity-magazine.com/news/airport...

EXCLUSIVE - Why Three Vendors Pulled Out of ‘Cybersecurity Olympics’

Microsoft, SentinelOne and Palo Alto Networks have decided not to take part in the 2025 edition of MITRE’s EDR test.

I spoke with MITRE CTO to understand what motivated these moves.

www.infosecurity-magazine.com/news/cyber-v...

Cyberattack on K Club before Irish Open The five-star resort was hit by a ransomware attack, with leaked data including financial records, IT documentation and administrative information

Hackers calling themselves SafePay. carried out a ransomware attack on the five-star K Club resort in Co Kildare as it prepared to host some of the world’s top golfers at the Irish Open this past weekend.
www.thetimes.com/world/irelan...

Cybersecurity firm Netskope eyes up to $6.5 billion valuation in US IPO Netskope is seeking a valuation of up to $6.5 billion in its initial public offering in the United States, the cloud-based cybersecurity firm said on Monday, signaling investors' appetite for new listings.

Cybersecurity firm Netskope eyes up to $6.5 billion valuation in US IPO
www.reuters.com/business/cyb...

Do Security Blogs Enable Vibe-Coded Cybercrime? Security companies routinely publish detailed analyses of security incidents, making attacker tactics, techniques, and procedures (TTPs) widely known and visible. These reports often provide comprehen...

Hackers are using security reports to translate technical problems into “partial malicious code” as part of the “vibe coding” trend.
www.trendmicro.com/vinfo/us/sec...

US: CISA 2015 Safe Harbor at Risk as September 2025 Deadline Nears The deadline for the reauthorization of the US Cybersecurity Information Sharing Act is September 30

📰 Read the full article here: www.infosecurity-magazine.com/news-feature...

𝐂𝐈𝐒𝐀 2015 𝐒𝐚𝐟𝐞 𝐇𝐚𝐫𝐛𝐨𝐫 𝐚𝐭 𝐑𝐢𝐬𝐤 𝐚𝐬 𝐒𝐞𝐩𝐭𝐞𝐦𝐛𝐞𝐫 30 𝐃𝐞𝐚𝐝𝐥𝐢𝐧𝐞 𝐍𝐞𝐚𝐫𝐬

⌛As the expiration date for the Cybersecurity Information Sharing Act of 2015 looms in the US, I spoke to experts about the provisions the Act offers and the debates surrounding the renewal and the consequences of non-renewal.

𝐕𝐨𝐭𝐫𝐞 𝐕𝐏𝐍 𝐞𝐬𝐭-𝐢𝐥 𝐮𝐧 𝐜𝐡𝐞𝐯𝐚𝐥 𝐝𝐞 𝐓𝐫𝐨𝐢𝐞 𝐜𝐡𝐢𝐧𝐨𝐢𝐬 ? 🇨🇳

D’après 3 études, des dizaines d’applis VPN (Google Play Store/Apple App Store) sont liées entre elles… et certaines appartiennent à Qihoo 360, proche de l’armée chinoise.

🔗 Nouvelle édition de Coupe-Circuit : open.substack.com/pub/coupecir...

Security Advisory: Please Lock Down Your Administrator Access The Sangoma FreePBX Security Team is aware of a potential exploit affecting some systems with the administrator control panel exposed to the public internet, and we are working on a fix, with expected...

🔎 Security advisory: community.freepbx.org/t/security-a...
💾 Download JSON: cveawg.mitre.org/api/cve/CVE-2

The critical flaw, tracked as CVE-2025-57819, affects FreePBX versions 15, 16 and 17. When exploited, it can allow unauthenticated access to FreePBX Administrator leading to arbitrary database manipulation and remote code execution.

🔧 Fix? FreePBX 15.0.66, 16.0.89 and 17.0.3.

🔎 VulnWatch Friday: CVE-2025-57819 🔓

The Sangoma FreePBX Security Team has warned of a vulnerability being exploited in the wild.

FreePBX is an open-source graphical user interface (GUI) for managing Asterisk, the popular open-source Private Branch Exchange (PBX) and telephony platform.

Citrix Patches Three Zero Days as One Sees Active Exploitation Citrix customers are urged to patch their vulnerable NetScaler appliances, but “patching alone won’t cut it,” experts said

📰 My story on Infosecurity Magazine: www.infosecurity-magazine.com/news/citrix-...
🔎 Citrix's security advisory: support.citrix.com/support-home...

🧐 VulnWatch Wednesday: CVE-2025-7775 🔓

Citrix has released patches for three critical zero days in NetScaler ADC and Gateway, one of which was already being exploited by attackers.

According to Kevin Beaumont, exploit campaigns 🎯CVE-2025-7775 began before the patches were made available.

Public Exploit Released for Critical SAP NetWeaver Flaw A critical flaw in SAP NetWeaver AS Java is being widely exploited, allowing unauthenticated remote code execution

📰 Read our latest story on Infosecurity Magazine: www.infosecurity-magazine.com/news/sap-net...
💾 Download JSON: cveawg.mitre.org/api/cve/CVE-...

🧐 VulnWatch Wednesday: CVE-2025-31324 🔓

A critical vulnerability in SAP NetWeaver is now being widely exploited following the release of public exploit tooling.

🆕 The public availability of the full source code makes the exploit easy to use even for attackers with little technical expertise.

SpyVPN: The Google-Featured VPN That Secretly Captures Your Screen | Koi Blog FreeVPN.One, a Chrome-verified extension with over 100K installs, claimed to offer privacy but instead captured users’ screens. Our research exposes how it operated.

🔎 Read the full Koi Security report here: koi-security.webflow.io/blog/spyvpn-...