CybersecKyle

@beardedtechguy@infosec.exchange
200 Followers
699 Following
2K Posts

Above-average tech nerd. Father. Husband. Millennial. Associate C|CISO

I work in #IT focusing on Managed Services, Cybersecurity, and more.

Interests:
#IT #RMM #SysAdmin #CyberSecurity #InfoSec #Privacy #Python #Apple #iOS #Tech

searchable

Bloghttps://weblog.kylereddoch.me
Socialshttps://profile.kylereddoch.me
GitHubhttps://github.com/kylereddoch
Signal@beardedtechguy.86
Ko-Fihttps://ko-fi.com/kylereddoch
CybersecKyle1d ago

beardedtechguy just liked 💙

🎶 'Tonight, Tonight' by Stephen Wilson Jr. on Last.fm. 🎶

https://www.last.fm/music/Stephen+Wilson+Jr./_/Tonight,+Tonight

#LastFM #Music

CybersecKyleDec 11

From yesterday: More than 10,000 Docker Hub container images expose data that should be protected, including live credentials to production systems, CI/CD databases, or LLM model keys.

Over 10,000 Docker Hub images found leaking credentials, auth keys https://www.bleepingcomputer.com/news/security/over-10-000-docker-hub-images-found-leaking-credentials-auth-keys/

#cybersecurity #docker

Over 10,000 Docker Hub images found leaking credentials, auth keys

More than 10,000 Docker Hub container images expose data that should be protected, including live credentials to production systems, CI/CD databases, or LLM model keys.

BleepingComputer
CybersecKyleDec 11

From yesterday:

React2Shell Exploitation Delivers Crypto Miners and New Malware Across Multiple Sectors https://thehackernews.com/2025/12/react2shell-exploitation-delivers.html

React2Shell Exploitation Delivers Crypto Miners and New Malware Across Multiple Sectors

Critical React Server Components flaw (CVE-2025-55182) fuels automated attacks dropping miners and multiple new Linux malware families.

The Hacker News
CybersecKyleDec 11

Another Chrome zero-day under attack: update now https://www.malwarebytes.com/blog/news/2025/12/another-chrome-zero-day-under-attack-update-now

#chrome #cybersecurity

Another Chrome zero-day under attack: update now

If we’re lucky, this update will close out 2025’s run of Chrome zero-days. This one is a V8 type-confusion issue already being exploited in the wild.

Malwarebytes
CybersecKyleDec 11

Hackers exploit unpatched Gogs zero-day to breach 700 servers https://www.bleepingcomputer.com/news/security/unpatched-gogs-zero-day-rce-flaw-actively-exploited-in-attacks/

#cybersecurity #zeroday

Hackers exploit unpatched Gogs zero-day to breach 700 servers

An unpatched zero-day vulnerability in Gogs, a popular self-hosted Git service, has enabled attackers to gain remote code execution on Internet-facing instances and compromise hundreds of servers.

BleepingComputer
CybersecKyleDec 9

⭐📰 New Starred Article! 📰⭐

Crowdsourced Penetration Testing: Understanding the Risks for Better Decision-Making

https://levelblue.com/blogs/security-essentials/crowdsourced-penetration-testing-understanding-the-risks-for-better-decision-making

Crowdsourced Penetration Testing: Understanding the Risks…

CPT vs. Bounties: CPT is a time-boxed, structured test for compliance reports with a fixed cost. Bug Bounty is ongoing, open-ended discovery paid per valid vulnerability found. Mitigate Key Risks: Watch for poor researcher vetting, potential data exposure/exfiltration by bad actors, and labor…

CybersecKyleDec 9

This is why you always check the url!

How phishers hide banking scams behind free Cloudflare Pages https://www.malwarebytes.com/blog/news/2025/12/how-phishers-hide-banking-scams-behind-free-cloudflare-pages

#cybersecurity #phishing #scams

How phishers hide banking scams behind free Cloudflare Pages

We found a campaign that hosts fake login pages on Cloudflare Pages and sends the stolen info straight to Telegram.

Malwarebytes
CybersecKyleDec 9
Cybersecurity strategies to prioritize now​​  https://www.microsoft.com/en-us/security/blog/2025/12/04/cybersecurity-strategies-to-prioritize-now/
Four Cybersecurity Strategies for CISOs to Prioritize Now | Microsoft Security Blog

Learn how to strengthen cyber hygiene, modernize security standards, leverage fingerprinting, and more to defend against today’s evolving threats.

Microsoft Security Blog
CybersecKyleDec 9
How to build forward-thinking cybersecurity teams for tomorrow https://www.microsoft.com/en-us/security/blog/2025/12/02/how-to-build-forward-thinking-cybersecurity-teams-for-tomorrow/
How to build forward-thinking cybersecurity teams for tomorrow | Microsoft Security Blog

To secure the future, we must future-proof our cybersecurity talent and develop teams that are agile, innovative, and perpetually learning.

Microsoft Security Blog
CybersecKyleDec 4

Dammit!

University of Phoenix discloses data breach after Oracle hack https://www.bleepingcomputer.com/news/security/university-of-phoenix-discloses-data-breach-after-oracle-hack/

University of Phoenix discloses data breach after Oracle hack

The University of Phoenix (UoPX) has joined a growing list of U.S. universities breached in a Clop data theft campaign targeting vulnerable Oracle E-Business Suite instances in August 2025.

BleepingComputer