Jennifer Wood

Update: Microsoft has released security updates that fully protect customers using all supported versions of SharePoint affected by CVE-2025-53770 and CVE-2025-53771.

Microsoft Patches ‘ToolShell’ Zero-Days Exploited to Hack SharePoint Servers securityweek.com/microsoft-patc…

No patch but here’s the suggested mitigations from MSFT: Config Antimalware Scan Interface integration in SharePoint & deploy DefenderAV on all SharePoint servers and/or consider disconnecting server from the internet until a security update is available. forbes.com/sites/daveywin…

Skunk Works® and @NASA are pushing the boundaries of quiet supersonic flight. X-59 taxi tests have officially begun!🦨🤫✈️

Full show is live! WATCH youtu.be/0hp08EbzdA4?si… LISTEN episodes.fm/1414525622

British Man Suspected of Being the Hacker IntelBroker Arrested, Charged securityweek.com/british-man-su…

Critical Cisco ISE Vulnerabilities Allow Remote Code Execution securityweek.com/critical-cisco…

Code Execution Vulnerability Patched in GitHub Enterprise Server securityweek.com/code-execution…

Iran's APT42 (Charming Kitten) hacker team is now conducting targeted spearphishing attacks on high-profile Israeli national security journalists and cybersecurity researchers, according to Check Point. blog.checkpoint.com/security/educa…

After five incredible years at @LutaSecurity, I’ll be moving on at the end of the month and looking for a new senior communications leadership role within the cybersecurity industry. For more info about my background, please read: tinyurl.com/yeyw4xb6. Thanks!

The #LABScon25 call for papers closes next Monday! Get your abstracts in labscon.io/cfp/

We are 19 years old now, but we are always looking to improve and evolve here @DarkReading . Let us know how we are doing via this short survey. darkreading.com/threat-intelli…

GreyNoise Flags 9,000 ASUS Routers Backdoored Via Patched Vulnerability - securityweek.com/greynoise-flag…

The Czech government issues a blunt warning to China after APT31 hackers linked to intrusion at critical infrastructure network. securityweek.com/czech-governme…

Akamai, Microsoft Disagree on Severity of Unpatched ‘BadSuccessor’ Flaw - securityweek.com/akamai-microso…

Purported 1.2B Facebook record leak questioned scworld.com/brief/purporte…

Nice! New advisory on #APT28, with #YARA rules! Sadly though, the APT28_HEADLACE_SHORTCUT YARA rule FPs on clean files from Thunderbird, Firefox and MS Edge. Makes you wonder, don't people test their YARA rules for false positives before publishing?🧐

NIST’s proposed Likely Exploited Vulnerabilities equation is interesting, & similar predictive attempts were made by Microsoft over 16 years ago w the Exploitability Index. My concern is always an over reliance on data that may not apply to your org. My comments in the article

The #LABScon25 CFP is open. Here's everything you need to know: - Original content only - Talks are 20 minutes long + 5 minutes for Q&A - Workshops are 90 minutes long LABScon is primarily a threat intelligence and vulnerability research conference but we keep an open-mind…

Are the unpatched bugs piling up within your organization? @LutaSecurity can help fix your broken vuln management & improve your security ROI. Contact us today! #DontLetTheBugsPileUp #FixYourBrokenProcess lutasecurity.com/solutions