Jennifer Wood

Today is the day…#LABScon2025 is live from Phoenix, AZ. Get ready for two days of unique research and excellent speakers.

Data breach at French telecom giant Bouygues affects millions of customers | TechCrunch This is the latest cyberattack to hit a French cellular carrier in recent weeks, following an attack on Orange Telecom in July.

New: French phone giant Bouygues confirmed a data breach affects the personal information of 6.4 million customers.

Bouygues disclosed the breach on a dedicated web page; however, the page is currently deliberately excluded from search engines using "noindex" code, making it more difficult to find.

Enjoying the #threebuddyproblem podcast live from BH /Vegas!

If all goes to plan, I’ll be in Vegas for #BlackHat this week. DM me if you would like to meet. See y’all soon and safe travels to all!

Update: Microsoft has released security updates that fully protect customers using all supported versions of SharePoint affected by CVE-2025-53770 and CVE-2025-53771. Customers should apply these updates immediately.

Full guidance and detection details: msft.it/6010sDzSE.

Microsoft Patches 'ToolShell' Zero-Days Exploited to Hack SharePoint Servers Microsoft has started releasing updates to fix the exploited SharePoint zero-days tracked as CVE-2025-53770 and CVE-2025-53771.

Microsoft Patches ‘ToolShell’ Zero-Days Exploited to Hack SharePoint Servers - www.securityweek.com/microsoft-pa...

A Startup is Selling Data Hacked from Peoples’ Computers to Debt Collectors Infostealer data can include passwords, email and billing addresses, and the embarrassing websites you use. Farnsworth Intelligence is selling to to divorce lawyers and other industries.

New from 404 Media: a startup is selling data hacked from peoples' computers to debt collectors, divorce lawyers, more. People already hacked, now being re-vicitmized by startup. I used the tool, found peoples' personal addresses.

“This is so gross and predatory.”

www.404media.co/a-startup-is...

Microsoft Confirms Ongoing Mass SharePoint Attack — No Patch Available Microsoft has confirmed that SharePoint Server is under mass attack and no patch is yet available — here’s what you need to know and how to mitigate the threat.

No patch but here’s the suggested mitigations from MSFT:
Configure Antimalware Scan Interface integration in SharePoint and deploy Defender AV on all SharePoint servers, and/or consider disconnecting your server from the internet until a security update is available.

www.forbes.com/sites/daveyw...

Home Office anti-encryption site pushes payday loan scheme : Company at center of findings blamed SEO on outsourcer

A website developed for the UK Home Office's 2022 "flop" anti-encryption campaign has seemingly been hijacked to push a payday loan scheme.
www.theregister.com/2025/06/25/h...

Iran's APT42 (Charming Kitten) hacker team is now conducting targeted spearphishing attacks on high-profile Israeli national security journalists and cybersecurity researchers, according to Check Point. blog.checkpoint.com/security/edu...

Dear friends, former colleagues, and extended network: | Jennifer (Jen) Wood Dear friends, former colleagues, and extended network: After nearly five incredible years at Luta Security, I’ll be moving on at the end of the month and looking for a new senior communications leade...

After five incredible years at
@lutasecurity.bsky.social I’ll be moving on at the end of the month and looking for a new senior communications leadership role within the cybersecurity industry. For more info about my background, please read: tinyurl.com/yeyw4xb6. Thanks!

Czech Government Condemns Chinese Hack on Critical Infrastructure The Czech government issues a blunt warning to China after APT31 hackers linked to intrusion at critical infrastructure network.

www.securityweek.com/czech-govern...

Billions of session cookies for sale sparks security warning : Law enforcement crackdowns are gathering pace but online marketplaces still teeming with valuable tokens

www.theregister.com/2025/05/29/b...

CISA extends MITRE-backed CVE contract hours before its lapse “Last night, CISA executed the option period on the contract to ensure there will be no lapse in critical CVE services,” an agency spokesperson said.

Phew…CISA extends MITRE-backed CVE contract hours before its lapse
www.nextgov.com/cybersecurit...

Uncle Sam abruptly turns off funding for CVE program. Yes, that CVE program : Because vulnerability management has nothing to do with national security, right?

Uncle Sam abruptly turns off funding for CVE program. Yes, that CVE program - by @jessicalyons.bsky.social at @theregister.com

www.theregister.com/AMP/2025/04/...

Bug Bounty Solutions | Luta Security Luta Security provides bug bounty program audits, offers end-to-end vulnerability case resolution management, creates new VDP and bug bounty programs, and performs security maturity assessments.

#Cryptocurrency Exchanges—Do you need a security assessment? Do you need an audit for your #bugbounty program? Hire LutaSecurity—the only company led by a co-author of the international standards on vuln disclosure & handling processes. @lutasecurity.bsky.social www.lutasecurity.com/bug-bounty-s...

Trump administration fires members of cybersecurity review board in “horribly shortsighted” decision | TechCrunch The Department of Homeland security told members of the Cyber Safety Review Board that their membership was terminated.

NEW: The Trump admin has fired members of the Cyber Safety Review Board, a committee that was lauded for its investigation into Microsoft hacks of 2023, and was working on the recent Salt Typhoon telco hacks.

One source called it a “horribly shortsighted” decision.

techcrunch.com/2025/01/22/t...

Back in DC. Not for political reasons. Still feels like home.

Who's ready to sign up for @lutasecurity.bsky.social's Long Spoons Workforce Platform?