Manuel Bissey
@mbissey.bsky.social
#Cybersecurity and Risk Management Executive @Microsoft. Passionate about #Cyberdefense, #Technology and #Innovation. Views are my own.
Exploitation is imminent for a major React vulnerability — developers must patch quickly before attack chains go mainstream. Speed is now security. ⚛️⚡️ #Vulnerability #ZeroDayAlert
'Exploitation is imminent' of max-severity React bug
: Finish reading this, then patch
buff.ly
December 8, 2025 at 4:05 PM
Exploitation is imminent for a major React vulnerability — developers must patch quickly before attack chains go mainstream. Speed is now security. ⚛️⚡️ #Vulnerability #ZeroDayAlert
Critical RSC flaws in React and Next.js expose apps to data leaks and unauthorized access — modern frameworks need modern safeguards. Patch fast, code safer. ⚛️⚠️ #AppSec #WebFrameworkSecurity
Critical RSC Bugs in React and Next.js Allow Unauthenticated Remote Code Execution
Critical RSC flaws in React and Next.js enable unauthenticated remote code execution; users should update to patched versions now.
buff.ly
December 8, 2025 at 2:05 PM
Critical RSC flaws in React and Next.js expose apps to data leaks and unauthorized access — modern frameworks need modern safeguards. Patch fast, code safer. ⚛️⚠️ #AppSec #WebFrameworkSecurity
Healthcare staff data is being exposed at alarming rates — protecting patients starts with protecting those who care for them. 🩺🔓 #HealthDataSecurity #DataExposure
Data brokers are exposing medical professionals, and turning their personal lives into open files - Help Net Security
Healthcare staff face rising data exposure as personal details appear on people search sites, increasing safety risks across medical roles.
buff.ly
December 8, 2025 at 11:05 AM
Healthcare staff data is being exposed at alarming rates — protecting patients starts with protecting those who care for them. 🩺🔓 #HealthDataSecurity #DataExposure
Cloudflare goes down, taking sites offline with 500 errors — even the internet’s core can stumble. Redundancy and resilience matter at every layer. 🌐⚠️ #CloudReliability #Resilience #GCBR
Cloudflare down, websites offline with 500 Internal Server Error
Cloudflare is down, as websites are crashing with a 500 Internal Server Error. Cloudflare is investigating the reports.
buff.ly
December 8, 2025 at 9:05 AM
Cloudflare goes down, taking sites offline with 500 errors — even the internet’s core can stumble. Redundancy and resilience matter at every layer. 🌐⚠️ #CloudReliability #Resilience #GCBR
Arizona’s AG says Temu is stealing user data — a reminder that low prices can hide high privacy costs. Protecting consumers means scrutinizing every app’s motive. 🛍️🔍 #Privacy #AppSecurity
Arizona AG Sues Temu Over 'Stealing' User Data
The suit alleges the Chinese retailer's app secretly accesses and harvests users' sensitive information without their knowledge or consent.
buff.ly
December 8, 2025 at 7:39 AM
Arizona’s AG says Temu is stealing user data — a reminder that low prices can hide high privacy costs. Protecting consumers means scrutinizing every app’s motive. 🛍️🔍 #Privacy #AppSecurity
Interestingly, AI is now being used to police other AI — a recursive battle where models watch models. Oversight must evolve as fast as autonomy. 🤖🔍 #SecureAI #AIGovernance
An AI for an AI: Anthropic says AI agents require AI defense
: Automated software keeps getting better at pilfering cryptocurrency
buff.ly
December 5, 2025 at 4:04 PM
Interestingly, AI is now being used to police other AI — a recursive battle where models watch models. Oversight must evolve as fast as autonomy. 🤖🔍 #SecureAI #AIGovernance
ShadyPanda is hijacking popular browser extensions to spy on users — turning everyday tools into covert surveillance channels. Trust no add-on without validation. 🧩🕵️♂️ #ExtensionSecurity #MalwareCampaign
ShadyPanda Turns Popular Browser Extensions with 4.3 Million Installs Into Spyware
ShadyPanda abused browser extensions for seven years, turning 4.3M installs into a multi-phase surveillance and hijacking campaign.
buff.ly
December 5, 2025 at 2:05 PM
ShadyPanda is hijacking popular browser extensions to spy on users — turning everyday tools into covert surveillance channels. Trust no add-on without validation. 🧩🕵️♂️ #ExtensionSecurity #MalwareCampaign
M&A teams need tighter security checklists — unseen digital risks can derail deals faster than financials. Cyber due diligence is now non-negotiable. 📋🔐 #DealSecurity #RiskManagement
What security leaders should watch for when companies buy or sell a business - Help Net Security
Get key insights on data, identity, and AI risk during deals with this practical M&A security checklist for leaders.
buff.ly
December 5, 2025 at 11:33 AM
M&A teams need tighter security checklists — unseen digital risks can derail deals faster than financials. Cyber due diligence is now non-negotiable. 📋🔐 #DealSecurity #RiskManagement
CISA reports ongoing BrickStorm backdoor attacks — stealthy persistence aimed at long-term access. Monitoring and hardening must be continuous, not occasional. 🧱⚠️ #BackdoorThreats #ThreatIntelligence
CISA Warns of 'Ongoing' Brickstorm Backdoor Attacks
State-sponsored actors tied to China continue to target VMware vSphere environments at government and technology organizations.
buff.ly
December 5, 2025 at 11:05 AM
CISA reports ongoing BrickStorm backdoor attacks — stealthy persistence aimed at long-term access. Monitoring and hardening must be continuous, not occasional. 🧱⚠️ #BackdoorThreats #ThreatIntelligence
Cybercrime has gone full SaaS — criminals now rent tools, access, and infrastructure like a subscription. Lower barriers, higher impact. 🚨💻 #CybercrimeEconomy #ThreatInnovation
Cybercrime Goes SaaS: Renting Tools, Access, and Infrastructure
Cybercrime has fully shifted to a subscription model, with phishing kits, Telegram OTP bots, infostealer logs, and even RATs now rented like SaaS tools. Varonis explains how this "crime-as-a-service"…
buff.ly
December 5, 2025 at 7:39 AM
Cybercrime has gone full SaaS — criminals now rent tools, access, and infrastructure like a subscription. Lower barriers, higher impact. 🚨💻 #CybercrimeEconomy #ThreatInnovation
A malicious npm package factory is churning out contagious code — proving the software supply chain can be poisoned at the source. Developers must verify every dependency. 🧩⚠️ #NPMSecurity #SupplyChainRisk
DPRK Attackers Spawn Malicious Npm Package Factory
North Korean attackers have delivered more than 197 malicious packages as part of ongoing state-sponsored activity to compromise software developers.
buff.ly
December 3, 2025 at 2:05 PM
A malicious npm package factory is churning out contagious code — proving the software supply chain can be poisoned at the source. Developers must verify every dependency. 🧩⚠️ #NPMSecurity #SupplyChainRisk
Crisis management frameworks are evolving — faster playbooks, clearer escalation, and collaboration-first response are now essential. Preparedness beats panic. 📘⚡️ #IncidentResponse #CrisisManagement
CISOs are questioning what a crisis framework should look like - Help Net Security
CISOs face rising threats and need a crisis management framework that speeds investigations and strengthens response.
buff.ly
December 3, 2025 at 11:05 AM
Crisis management frameworks are evolving — faster playbooks, clearer escalation, and collaboration-first response are now essential. Preparedness beats panic. 📘⚡️ #IncidentResponse #CrisisManagement
ChatGPT suffers a global outage with conversations disappearing for users — a stark reminder of how dependent we’ve become on AI daily. Cloud smarts need cloud resilience. 🤖⚠️ #SecureAI #Resilience
ChatGPT is down worldwide, conversations dissapeared for users
OpenAI's AI-powered ChatGPT is down worldwide with users receiving errors when attempting to access chats, with no reasons currently given.
buff.ly
December 3, 2025 at 9:05 AM
ChatGPT suffers a global outage with conversations disappearing for users — a stark reminder of how dependent we’ve become on AI daily. Cloud smarts need cloud resilience. 🤖⚠️ #SecureAI #Resilience
Today’s briefing highlights rising ransomware, phishing kits, and AI-driven threats — the attack surface is expanding faster than defenses. Constant adaptation is the new baseline. ⚡🛡️ #ThreatLandscape #CyberDefense
European law enforcement shutters illegal cryptocurrency mixer.
Coupang breach affects nearly 34 million customers. Asahi continues recovery from ransomware attack.
buff.ly
December 3, 2025 at 7:39 AM
Today’s briefing highlights rising ransomware, phishing kits, and AI-driven threats — the attack surface is expanding faster than defenses. Constant adaptation is the new baseline. ⚡🛡️ #ThreatLandscape #CyberDefense
The future of the SOC is human + AI — collaboration that boosts speed, precision, and resilience. Augmented analysts will outpace automated attackers. 🤝🤖 #SOCEvolution #SecureAI
Charting the Future of SOC: Human and AI Collaboration for Better Security | Microsoft Community Hub
Co-authors: Sylvie Liu, Principal Product Manager Rajiv Bharadwaja, Principal Software Engineering Manager Abhishek Kumar, Principal Group Manager -...
buff.ly
December 2, 2025 at 4:04 PM
The future of the SOC is human + AI — collaboration that boosts speed, precision, and resilience. Augmented analysts will outpace automated attackers. 🤝🤖 #SOCEvolution #SecureAI
Coupang confirms a data breach exposing customer information — e-commerce speed means nothing without security at scale. Trust must ship with every order. 📦🔓 #EcommerceSecurity #DataProtection
South Korea's Coupang admits breach exposed 33.7M users
: Coupang confirms internationally routed intrusion compromised more than half of the country's population
buff.ly
December 2, 2025 at 2:05 PM
Coupang confirms a data breach exposing customer information — e-commerce speed means nothing without security at scale. Trust must ship with every order. 📦🔓 #EcommerceSecurity #DataProtection
Global offensive cyber operations are rising — blurring lines between espionage, disruption, and geopolitics. Nations now compete in code as much as on terrain. 🌍⚔️ #CyberConflict #ThreatIntelligence
Offensive cyber power is spreading fast and changing global security - Help Net Security
Global offensive cyber operations are spreading as more states adopt digital tools, raising geopolitical risks, pushing new efforts.
buff.ly
December 2, 2025 at 11:05 AM
Global offensive cyber operations are rising — blurring lines between espionage, disruption, and geopolitics. Nations now compete in code as much as on terrain. 🌍⚔️ #CyberConflict #ThreatIntelligence
ShadyPanda extensions racked up 43M installs — turning convenience into mass surveillance. Even “helpful” add-ons can hide hostile code. 🧩⚠️ #ExtensionSecurity #MalwareCampaign
ShadyPanda browser extensions amass 4.3M installs in malicious campaign
A long-running malware operation known as "ShadyPanda" has amassed over 4.3 million installations of seemingly legitimate Chrome and Edge browser extensions that evolved into malware.
buff.ly
December 2, 2025 at 9:05 AM
ShadyPanda extensions racked up 43M installs — turning convenience into mass surveillance. Even “helpful” add-ons can hide hostile code. 🧩⚠️ #ExtensionSecurity #MalwareCampaign
Microsoft will soon block unauthorized scripts in Windows — closing a long-abused path for malware and living-off-the-land attacks. Fewer blind spots, stronger baselines. 🛑💻 #EndpointSecurity #CyberDefense
Microsoft to Block Unauthorized Scripts in Entra ID Logins with 2026 CSP Update
Microsoft is tightening Entra ID security with CSP updates blocking unauthorized scripts by October 2026.
buff.ly
December 2, 2025 at 7:39 AM
Microsoft will soon block unauthorized scripts in Windows — closing a long-abused path for malware and living-off-the-land attacks. Fewer blind spots, stronger baselines. 🛑💻 #EndpointSecurity #CyberDefense
CISA warns spyware gangs are expanding operations — targeting journalists, activists, and officials with increasingly stealthy tools. Surveillance is scaling. 🕵️♀️📱 #SpywareThreats #TargetedAttacks
CISA: Spyware crews breaking into Signal, WhatsApp accounts
: Attackers sidestep encryption with spoofed apps and zero-click exploits to compromise 'high-value' mobile users
buff.ly
December 1, 2025 at 4:05 PM
CISA warns spyware gangs are expanding operations — targeting journalists, activists, and officials with increasingly stealthy tools. Surveillance is scaling. 🕵️♀️📱 #SpywareThreats #TargetedAttacks
JackFix malware uses fake Windows update pop-ups to trick users into installing payloads — familiar screens are becoming the perfect disguise. Stay skeptical. 💻⚠️ #MalwareTactics #SocialEngineering
JackFix Uses Fake Windows Update Pop-Ups on Adult Sites to Deliver Multiple Stealers
Fake Windows update lures using ClickFix deliver multi-stage PowerShell malware via adult-site malvertising.
buff.ly
December 1, 2025 at 2:05 PM
JackFix malware uses fake Windows update pop-ups to trick users into installing payloads — familiar screens are becoming the perfect disguise. Stay skeptical. 💻⚠️ #MalwareTactics #SocialEngineering
Malware authors are now using LLMs to evade detection — adaptive code that learns your defenses is the next frontier. AI is rewriting the threat playbook. 🤖⚠️ #AIMalware #EvasionTactics
How Malware Authors Incorporate LLMs to Evade Detection
Cyberattackers integrate large language models (LLMs) into the malware, running prompts at runtime to evade detection and augment their code on demand.
buff.ly
December 1, 2025 at 11:05 AM
Malware authors are now using LLMs to evade detection — adaptive code that learns your defenses is the next frontier. AI is rewriting the threat playbook. 🤖⚠️ #AIMalware #EvasionTactics
Vulnerability management is shifting — fragmented tools and rising exposure windows demand unified visibility and faster remediation. Precision now beats volume. 📊⚡️ #VulnManagement #RiskPrioritization
Fragmented tooling slows vulnerability management - Help Net Security
A look at key vulnerability management trends, rising exposure volume, and how automation and prioritization are shaping security operations.
buff.ly
December 1, 2025 at 9:05 AM
Vulnerability management is shifting — fragmented tools and rising exposure windows demand unified visibility and faster remediation. Precision now beats volume. 📊⚡️ #VulnManagement #RiskPrioritization
Japanese beer giant Asahi reports a breach impacting 15M people — a sobering reminder that even iconic brands face growing data exposure risks. 🍺🔓 #DataBreach #ConsumerSecurity
Japanese beer giant Asahi says data breach hit 1.5 million people
Asahi Group Holdings, Japan's largest beer producer, has finished the investigation into the September cyberattack and found that the incident has impacted up to 1.9 million individuals.
buff.ly
December 1, 2025 at 7:39 AM
Japanese beer giant Asahi reports a breach impacting 15M people — a sobering reminder that even iconic brands face growing data exposure risks. 🍺🔓 #DataBreach #ConsumerSecurity
Attackers exploited years-old flaws in popular formatting tools to spread malware — even the simplest utilities can hide complex threats. 🧰⚠️ #SoftwareRisks #Malware
Years of JSONFormatter and CodeBeautify Leaks Expose Thousands of Passwords and API Keys
Researchers uncovered 5GB of leaked credentials from JSONFormatter and CodeBeautify, exposing sensitive data across critical sectors.
buff.ly
November 27, 2025 at 4:04 PM
Attackers exploited years-old flaws in popular formatting tools to spread malware — even the simplest utilities can hide complex threats. 🧰⚠️ #SoftwareRisks #Malware