Today's cybersecurity headlines are brought to you by ThreatPerspective
| Follow @EthHackingNews |
| Follow @EthHackingNews |
Microsoft has announced an extension of security update programs for certain end-of-life Microsoft products, including Exchange Server 2016 and 2019, and Skype for Business 2015 and 2019. The Extended Security Update (ESU) program will provide customers with additional security updates beyond their standard support lifecycle, but only if they sign up for the service and pay the associated cost.
Published: Thu Jul 17 04:09:08 2025 by llama3.2 3B Q4_K_M
Cisco has disclosed a critical security vulnerability impacting its Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC). The vulnerability, tracked as CVE-2025-20337, allows an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system with elevated privileges. This is not the first time that Kentaro Kawane of GMO Cybersecurity has discovered a critical flaw in Cisco devices, making it essential for users to keep their systems updated and monitor for potential threats.
Published: Thu Jul 17 04:15:36 2025 by llama3.2 3B Q4_K_M
A new variant of malware has been discovered that targets SonicWall devices, potentially allowing attackers to steal sensitive data, execute ransomware, or extort money from organizations. The malware, dubbed UNC6148, is highly sophisticated and employs a range of evasive techniques to evade detection. This article provides an in-depth analysis of the malware's tactics and techniques and offers insights into how organizations can protect themselves against this threat.
Published: Thu Jul 17 04:24:30 2025 by llama3.2 3B Q4_K_M
Chinese hackers have been targeting Taiwan's semiconductor sector with spear-phishing campaigns using malicious software such as Cobalt Strike and custom backdoors like Voldemort. The attacks are attributed to three Chinese state-sponsored threat actors - UNK_FistBump, UNK_DropPitch, and UNK_SparkyCarp. The campaigns resulted in the delivery of malware to organizations involved in semiconductor design, manufacturing, and supply chain management.
Published: Thu Jul 17 05:36:06 2025 by llama3.2 3B Q4_K_M
In July 2025, BigONE exchange fell victim to a third-party attack that resulted in the theft of $27 million worth of assets. To understand this incident, it is crucial to explore what happened, why it matters, and how users can protect themselves from similar attacks. Learn more about the impact of the breach, the role played by ByBit, and how individual responsibility fits into the bigger picture.
Published: Thu Jul 17 12:11:46 2025 by llama3.2 3B Q4_K_M
Chinese hackers have breached a U.S. Army National Guard network for nine months, stealing sensitive network configuration files and administrator credentials that could be used to compromise other government networks. The breach highlights the ongoing threat posed by state-sponsored hacking entities like Salt Typhoon, which has a history of targeting telecommunications providers and governments worldwide.
Published: Thu Jul 17 12:18:46 2025 by llama3.2 3B Q4_K_M
Cisco's Identity Services Engine (ISE) has been found to be vulnerable to a severe bug that allows for pre-auth command execution. This bug has a maximum severity rating and could allow unauthenticated attackers to execute arbitrary code or gain root privileges on vulnerable devices. Customers are urged to patch their systems immediately.
Published: Thu Jul 17 12:26:35 2025 by llama3.2 3B Q4_K_M
Hackers have been using domain name system (DNS) records to hide malware and exploit chatbots by embedding attacker-devised text into documents or files being analyzed. This technique allows malicious scripts to fetch binary files without downloading from suspicious sites, making it challenging for defenses to detect. Researchers at DomainTools have discovered this tactic, which is largely out of the reach of most security tools.
Published: Thu Jul 17 12:46:44 2025 by llama3.2 3B Q4_K_M
Hackers have exploited a high-severity path traversal vulnerability (CVE-2021-41773) in Apache HTTP Server to deliver a cryptocurrency miner called Linuxsys. The attack campaign also targets Microsoft Exchange Server using a now-patched remote code execution bug, deploying a bespoke backdoor dubbed GhostContainer. This exploitation highlights the importance of staying vigilant and up-to-date with the latest security patches for widely used software applications.
Published: Thu Jul 17 13:00:27 2025 by llama3.2 3B Q4_K_M
Europol has disrupted the infrastructure of the pro-Russian hacktivist group NoName057(16), which has been linked to a string of DDoS attacks against Ukraine and its allies. The joint operation, codenamed Operation Eastwood, was carried out in collaboration with authorities from multiple countries.
Published: Thu Jul 17 13:08:09 2025 by llama3.2 3B Q4_K_M
The modern-day threat landscape requires enterprise security teams to think and act beyond traditional cybersecurity measures. To stay ahead of adversaries, organizations must adopt more comprehensive and effective security strategies that address emerging threats and sophisticated attack actors. This includes understanding the intersection of Continuous Threat Exposure Management (CTEM), Vulnerability Management (VM), and Attack Surface Management (ASM) and leveraging various technologies to deliver improved security outcomes.
Published: Thu Jul 17 13:16:24 2025 by llama3.2 3B Q4_K_M
Breaking news: The Stormous ransomware gang has stolen sensitive information from 600,000 patients at North Country HealthCare, a nonprofit health provider based in northern Arizona. The attack has sparked widespread concern among healthcare professionals and security experts, highlighting the need for robust cybersecurity measures to protect patient data.
Published: Thu Jul 17 13:24:36 2025 by llama3.2 3B Q4_K_M
United Natural Foods, Inc., a leading natural and organic food company, expects a $350-$400M revenue impact from a June cyberattack that disrupted its systems and caused product shortages at Whole Foods stores nationwide. The incident highlights the growing threat posed by ransomware attacks on critical infrastructure such as food distribution networks.
Published: Thu Jul 17 13:32:36 2025 by llama3.2 3B Q4_K_M
Cisco has addressed a critical vulnerability (CVE-2025-20337) in its Identity Services Engine, allowing an attacker to execute arbitrary code on the underlying operating system with root privileges. The patch is essential for mitigating this high-severity flaw.
Published: Thu Jul 17 13:39:05 2025 by llama3.2 3B Q4_K_M
Malicious actors have been leveraging a novel malware family, dubbed LameHug, to execute sophisticated attacks on compromised Windows systems. This malware uses an AI-powered tool to generate custom commands for its operations, making it more challenging to detect and respond to. The implications of this threat are significant, highlighting the growing importance of staying vigilant against AI-powered cyberattacks.
Published: Thu Jul 17 15:06:00 2025 by llama3.2 3B Q4_K_M
Cisco has disclosed a new critical vulnerability affecting its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC). The bug could allow an unauthenticated, remote attacker to run arbitrary code on the operating system with root-level privileges. Cisco has released a patch for both flaws, along with another critical-rated bug tracked as CVE-2025-20282 disclosed in June.
Published: Thu Jul 17 15:18:53 2025 by llama3.2 3B Q4_K_M
Threat actors are leveraging public GitHub repositories to host malicious payloads and distribute them via malware-as-a-service (MaaS) operations. This latest development serves as a stark reminder of the ever-evolving nature of cyber threats and the importance of vigilance in the face of such dangers.
Published: Thu Jul 17 15:26:48 2025 by llama3.2 3B Q4_K_M
Ars Technica has uncovered a worrisome trend in the world of cybersecurity, as researchers from Cisco's Talos security team have identified a malware-as-a-service (MaaS) operator that leverages public GitHub accounts to distribute an assortment of malicious software to unsuspecting targets. The use of GitHub poses a significant challenge for organizations that rely on the platform for their software development needs.
Published: Thu Jul 17 20:52:13 2025 by llama3.2 3B Q4_K_M
Citrix Bleed 2 is a critical vulnerability that was actively exploited weeks before proof-of-concept (PoC) exploits were made public, despite Citrix's denial of attacks. The vulnerability, tracked as CVE-2025-5777, allows attackers to send malformed POST requests during login attempts, resulting in a memory overread vulnerability that can be exploited to leak sensitive data and hijack Citrix sessions.
Published: Thu Jul 17 21:06:08 2025 by llama3.2 3B Q4_K_M
VMware has recently fixed four zero-day vulnerabilities that were exploited during the 2025 Pwn2Own Berlin hacking contest, including three critical bugs in ESXi, Workstation, and Fusion, as well as an information disclosure bug in VMware Tools for Windows.
Published: Thu Jul 17 21:15:37 2025 by llama3.2 3B Q4_K_M
Abuse of Microsoft Teams voice calls for malicious purposes has been linked to the latest version of the Matanbuchus malware loader, which includes enhanced evasion, obfuscation, and post-compromise capabilities.
Published: Thu Jul 17 21:22:04 2025 by llama3.2 3B Q4_K_M
Google sues to disrupt BadBox 2.0 botnet infecting 10 million devices, a move aimed at combating the growing threat of this global malware operation.
Published: Thu Jul 17 21:30:42 2025 by llama3.2 3B Q4_K_M
Google has filed a lawsuit against 25 alleged operators of the notorious BadBox 2.0 botnet, which is estimated to be comprised of over 10 million infected devices worldwide. The lawsuit alleges that the defendants are responsible for developing and deploying the malware used to infect the devices, as well as carrying out various malicious activities through the botnet.
Published: Thu Jul 17 21:41:54 2025 by llama3.2 3B Q4_K_M
Broadcom has patched four critical VMware flaws disclosed during Pwn2Own Berlin 2025, earning researchers a total of $340,000 in rewards. The vulnerabilities, including CVE-2025-41236 and CVE-2025-41238, allowed attackers to execute code on the host and exploit administrative access. Broadcom is not aware of any attacks in the wild exploiting these vulnerabilities.
Published: Fri Jul 18 04:11:26 2025 by llama3.2 3B Q4_K_M
As the threat landscape continues to evolve, organizations need AI-powered SOC solutions that can keep up. In this article, we'll explore the five key features every AI-powered SOC platform needs in 2025.
Published: Fri Jul 18 05:21:44 2025 by llama3.2 3B Q4_K_M
Google has taken down the BADBOX 2.0 botnet, which compromised over 10 million Android devices, in an effort to protect its users from various forms of cybercrime. The malicious network was first detected in late 2022 and has since been associated with ad fraud and other digital crimes.
Published: Fri Jul 18 06:30:47 2025 by llama3.2 3B Q4_K_M
Critical NVIDIA Container Toolkit Flaw Exposes AI Cloud Services to Privilege Escalation Attacks
A recently discovered vulnerability in the NVIDIA Container Toolkit has left managed AI cloud services exposed to severe attacks, allowing attackers to execute arbitrary code with elevated privileges. The bug, codenamed NVIDIAScape, carries a CVSS score of 9.0 out of 10.0 and affects all versions of NVIDIA Container Toolkit up to and including 1.17.7. This alarming discovery highlights the importance of prioritizing AI security risks and implementing robust isolation barriers in multi-tenant environments.
Published: Fri Jul 18 06:37:56 2025 by llama3.2 3B Q4_K_M
As cyberattacks become more frequent and complex, IT teams are shifting their focus from simply backing up data to maintaining operations during an incident. Ransomware is one of the key drivers behind this shift, with attacks now targeting supply chains to disrupt multiple organizations at once. To build a resilience-first strategy, IT leaders must adopt immutable backups, automated recovery testing, and orchestrated recovery playbooks.
Published: Fri Jul 18 06:46:01 2025 by llama3.2 3B Q4_K_M
A new AI-powered malware strain has been identified as LameHug, which uses large language models to generate attack commands on compromised systems. The malware is linked to Russia's APT28 group and represents a significant threat to cybersecurity, particularly for organizations with networks vulnerable to such attacks.
Published: Fri Jul 18 06:53:46 2025 by llama3.2 3B Q4_K_M
The Computer Emergency Response Team (CERT-UA) has discovered a malware campaign called LAMEHUG, which is linked to APT28, a Russian state-sponsored hacking group. The malware was found to be using large language models for phishing attacks and has been attributed with medium confidence to the APT28 group.
Published: Fri Jul 18 08:02:07 2025 by llama3.2 3B Q4_K_M
A massive data breach at a prominent dermatology practice has exposed sensitive information of 1.9 million individuals, emphasizing the need for robust cybersecurity measures in healthcare organizations.
Published: Fri Jul 18 08:08:55 2025 by llama3.2 3B Q4_K_M
The WeTransfer AI Controversy: A Delicate Balance Between Innovation and User Trust
In response to its addition of language about machine learning to its Terms of Service, WeTransfer faced widespread outrage among users who felt their privacy and intellectual property were being compromised. The incident highlights the challenges faced by companies seeking to incorporate AI into their services while maintaining trust with their users. As the technology continues to evolve, it is likely that we will see more instances of ToS changes sparking controversy over issues such as data protection and intellectual property.
Published: Fri Jul 18 09:19:29 2025 by llama3.2 3B Q4_K_M
Hackers are targeting TeleMessage SGNL app due to the presence of CVE-2025-48927 vulnerability which allows retrieval of usernames, passwords, and other sensitive data. The app has been involved in a recent discovery regarding its ability to maintain end-to-end encryption, with concerns raised about its handling of sensitive information.
Published: Fri Jul 18 10:38:30 2025 by llama3.2 3B Q4_K_M
In a major breakthrough, Japanese authorities have released a free Phobos and 8base ransomware decryptor that successfully recovers encrypted files without any malicious intent. As part of the effort to combat these devastating attacks, victims are advised to take advantage of this innovative tool as soon as possible.
Published: Fri Jul 18 11:47:58 2025 by llama3.2 3B Q4_K_M
Ring, a leading video doorbell company, has reinitiated its partnership with Axon, a technology firm specializing in law enforcement solutions. The new integration aims to enhance public safety by facilitating the sharing of video footage with law enforcement agencies.
Published: Fri Jul 18 12:56:29 2025 by llama3.2 3B Q4_K_M
Russian alcohol retailer WineLab has closed its stores following a devastating ransomware attack that has left thousands of customers reeling and the country's liquor industry in chaos. The attack, which occurred on July 14, 2025, saw hackers breach WineLab's IT systems, disrupting parts of the company's infrastructure and causing significant problems for customers who rely on the retailer's services.
Published: Fri Jul 18 14:06:53 2025 by llama3.2 3B Q4_K_M
The Honkers' journey offers a unique glimpse into China's cyber espionage apparatus, revealing a network of skilled operatives who have spent years honing their skills in the dark corners of the internet. Through Tan Dailin and other key figures, we can gain a deeper understanding of how China came to be at the forefront of global cyber espionage. Stay tuned for more updates on this developing story as we explore the implications of China's growing role in the world of cyber espionage.
Published: Fri Jul 18 14:18:02 2025 by llama3.2 3B Q4_K_M
Phishers have recently discovered a novel technique to exploit vulnerabilities in cross-device sign-ins and QR code processes to compromise the security of FIDO-protected accounts. A recent phishing campaign by the PoisonSeed attack group downgrades FIDO MFA by exploiting weaknesses in these processes, highlighting the need for organizations to review their authentication protocols.
Published: Fri Jul 18 15:43:36 2025 by llama3.2 3B Q4_K_M
The UK National Cyber Security Centre (NCSC) has formally attributed the "Authentic Antics" malware attacks to APT28, also known as Fancy Bear, a threat actor already linked to Russia's military intelligence service. This attribution is a significant step towards exposing the malicious activities of Russian intelligence agencies and bringing them to justice. The deployment of Authentic Antics reflects a growing sophistication for the Russian intelligence service, highlighting the ongoing threat posed by state-sponsored actors in the realm of cyber espionage.
Published: Fri Jul 18 15:50:08 2025 by llama3.2 3B Q4_K_M
A recent discovery by Lookout has shed light on a mobile forensics tool called Massistant, developed by Meiya Pico, which secretly extracts SMS, GPS data, images, audio, contacts, and phone services from confiscated devices. The implications are significant, particularly given China's history of mass surveillance on its citizens.
Published: Fri Jul 18 15:58:26 2025 by llama3.2 3B Q4_K_M
A new threat actor has been identified by Seqrite Labs as responsible for a series of high-profile attacks targeting multiple sectors in China, Hong Kong, and Pakistan. Dubbed UNG0002, this group uses sophisticated tactics, including spear-phishing and post-exploitation frameworks, to deliver their payload. The attack chains involved LNK files masquerading as resumes, INET RAT, and Blister DLL loader, highlighting the group's adaptability and technical proficiency. Organizations operating in these jurisdictions must take immediate action to protect themselves against this threat entity.
Published: Fri Jul 18 16:05:24 2025 by llama3.2 3B Q4_K_M
New Ivanti Zero-Days Exploited to Drop Malware and Launch Cobalt Strike Attacks: A recent security breach highlights the importance of vigilance in the face of emerging vulnerabilities. Threat actors exploited critical Ivanti Connect Secure (ICS) vulnerabilities to launch malicious attacks that utilized malware, DLL side-loading techniques, and in-memory Cobalt Strike. This incident underscores the need for proactive cybersecurity measures and regular vulnerability assessments to mitigate such risks effectively.
Published: Fri Jul 18 16:14:41 2025 by llama3.2 3B Q4_K_M
Recent reports suggest that three malicious Arch Linux packages infected with CHAOS RAT malware were uploaded to the AUR. The packages were removed by the Arch Linux team in a timely manner, but this incident serves as a reminder of the ongoing threat landscape and the importance of staying informed about emerging threats.
Published: Fri Jul 18 17:26:04 2025 by llama3.2 3B Q4_K_M
Recent discoveries have shed light on the malicious activities carried out by the UNC6148 group, a sophisticated threat actor that has been linked to various high-profile attacks across different industries. This article provides an in-depth analysis of the context data provided, focusing on the paths taken by UNC6148 to compromise a SonicWall SMA appliance and deploy the OVERSTEP backdoor.
Published: Fri Jul 18 17:37:18 2025 by llama3.2 3B Q4_K_M
Phobos and 8Base ransomware have emerged as major threats to individuals, businesses, and organizations worldwide. A recent joint effort by Japanese authorities has released a free decryptor for both malware variants, allowing victims to recover their files without paying ransom. This development highlights the ongoing efforts to combat cybercrime and provides critical support to those affected by these evolving threats.
Published: Fri Jul 18 17:49:45 2025 by llama3.2 3B Q4_K_M
CrushFTP Zero-Day Exploited in Coordinated Attack Campaigns to Gain Admin Access on Servers
A recent vulnerability in CrushFTP has been exploited by threat actors in coordinated attack campaigns, allowing them to gain administrative access to vulnerable servers. This alert highlights the importance of regular patching and cybersecurity best practices to prevent similar incidents.
Published: Fri Jul 18 19:07:31 2025 by llama3.2 3B Q4_K_M
New CrushFTP zero-day exploited in attacks to hijack servers - A severe vulnerability has been exposed in CrushFTP, allowing threat actors to gain administrative access via the web interface on vulnerable servers. Organizations are advised to prioritize patching and stay up-to-date on their security measures to minimize the risk of falling victim to this exploit.
Published: Fri Jul 18 22:19:31 2025 by llama3.2 3B Q4_K_M
The rise of social engineering tactics by Scattered Spider and Iranian state-sponsored actors poses a significant threat to organizations worldwide. As Ariel Parnes warns, these actors have mastered the art of psychological manipulation, leveraging social media and other tools to amplify their attacks. The increasing sophistication of social engineering tactics makes it essential for businesses and governments to remain vigilant and proactive in addressing this emerging threat.
Published: Sat Jul 19 03:37:10 2025 by llama3.2 3B Q4_K_M
A series of high-profile cybersecurity failures has exposed millions of individuals' personal data to hackers, with major corporations like McDonald's and government agencies such as the US National Guard falling victim. These incidents highlight the importance of robust cybersecurity measures in protecting sensitive information and underscore the ongoing threat posed by nation-state actors and malicious hackers.
Published: Sat Jul 19 05:53:30 2025 by llama3.2 3B Q4_K_M
Popular JavaScript libraries were hijacked via phishing to drop malware, leaving millions of users vulnerable. The attack involved compromised npm packages and a sophisticated postinstall script that ran on Windows machines.
Published: Sat Jul 19 08:05:41 2025 by llama3.2 3B Q4_K_M
A recent study has revealed that at least 750 US hospitals faced disruptions to their services during last year’s CrowdStrike outage. This devastating cyberattack sent shockwaves through the healthcare industry and left millions of patients potentially exposed to harm. Learn more about the impact of CrowdStrike's disaster on hospitals and their patients, and what it means for the future of healthcare cybersecurity.
Published: Sat Jul 19 11:21:56 2025 by llama3.2 3B Q4_K_M
A critical vulnerability in Fortinet's web security solution has left many users vulnerable to attacks by malicious actors following hours after a proof-of-concept (PoC) exploit was published. The vulnerability, designated as CVE-2025-25257 and scored 9.6 on the Common Vulnerability Scoring System (CVSS), allows unauthenticated attackers to execute unauthorized SQL commands via crafted HTTP/HTTPS requests. This article provides an in-depth analysis of the Fortinet FortiWeb flaw and its implications for organizations that rely on this web security solution.
Published: Sat Jul 19 12:31:17 2025 by llama3.2 3B Q4_K_M
Threat actors have successfully bypassed the security features of FIDO2 MFA protocols using a sophisticated phishing campaign known as PoisonSeed, which exploits legitimate features within WebAuthn to trick users into approving login authentication requests from fake company portals. This poses a significant threat to online user accounts and highlights the ongoing need for proactive measures to mitigate risk.
Published: Sat Jul 19 13:50:46 2025 by llama3.2 3B Q4_K_M
A recently disclosed critical zero-day vulnerability in CrushFTP has been actively exploited by threat actors, leading to compromised administrative access on vulnerable servers. As organizations navigate this new challenge, they must prioritize robust security strategies, proactive monitoring, and expertise in threat intelligence to safeguard their systems and protect sensitive data.
Published: Sun Jul 20 04:15:50 2025 by llama3.2 3B Q4_K_M
Radiology Associates of Richmond data breach exposes personal and health information of over 1.4 million individuals
Published: Sun Jul 20 04:24:49 2025 by llama3.2 3B Q4_K_M
Critical Unpatched SharePoint Zero-Day Actively Exploited: A Global Threat Looms. The zero-day flaw, tracked as CVE-2025-53770 (CVSS score: 9.8), has been described as a variant of CVE-2025-49706 (CVSS score: 6.3). The vulnerability has been exploited through deserialization of untrusted data in on-premises Microsoft SharePoint Server.
Published: Sun Jul 20 05:34:46 2025 by llama3.2 3B Q4_K_M
Malware injected into popular npm packages after maintainer tokens stolen in phishing attack highlights the growing threat of supply chain attacks and the importance of cybersecurity measures for developers.
Published: Sun Jul 20 05:42:09 2025 by llama3.2 3B Q4_K_M
The UK government is reportedly backing down from its battle with Apple to obtain back door access to secure user data protected by the company’s iCloud encryption, as pressure from the US during trade talks forces them to reevaluate their stance. The move comes after the US expressed opposition to the UK's demand, which may violate the Cloud Act treaty between the two countries.
Published: Mon Jul 21 04:17:41 2025 by llama3.2 3B Q4_K_M
Microsoft has been hit with a new zero-day attack on its SharePoint Server 2019 and Subscription Edition, which is now under attack. The vulnerabilities were discovered by attackers who were able to bypass Microsoft's July fix for the issue.
Published: Mon Jul 21 05:24:33 2025 by llama3.2 3B Q4_K_M
Microsoft's SharePoint servers are under attack due to a major security flaw that leaves tens of thousands of on-premises servers at risk. The vulnerability allows hackers to access sensitive data, steal keys, and traverse breached networks. Microsoft has released patches for affected servers and urges organizations to disconnect them from the internet until official resolutions have been implemented.
Published: Mon Jul 21 05:32:02 2025 by llama3.2 3B Q4_K_M
The "Anime Nazi" has been linked to multiple high-profile hacks targeting universities, leaving a trail of digital breadcrumbs that point to their true identity. As investigators dig deeper into the case, it becomes clear that this enigmatic figure's actions are motivated by a deep-seated animosity towards certain groups and individuals.
Published: Mon Jul 21 11:49:57 2025 by llama3.2 3B Q4_K_M
French luxury fashion house Dior has sent notifications to U.S. customers informing them that their personal data was compromised in a recent cyberattack. The company's parent, LVMH, has previously disclosed similar incidents affecting customers in other countries.
Published: Mon Jul 21 16:11:59 2025 by llama3.2 3B Q4_K_M
Dell has confirmed that its Customer Solution Centers platform was breached by World Leaks extortion group. The breach highlights the ongoing struggle in the realm of cybersecurity and serves as a warning call to companies and consumers to stay vigilant.
Published: Mon Jul 21 16:19:32 2025 by llama3.2 3B Q4_K_M
Microsoft has released emergency patches for a critical zero-day vulnerability in its SharePoint platform after malicious actors exploited two previously unknown flaws to launch "ToolShell" attacks on SharePoint servers worldwide. These patches aim to prevent further exploitation of the CVE-2025-53770 and CVE-2025-53771 vulnerabilities and provide guidance on patch installation, key rotation, and threat analysis.
Published: Mon Jul 21 16:27:50 2025 by llama3.2 3B Q4_K_M
Microsoft SharePoint servers have been exploited using a zero-day vulnerability, allowing attackers to steal sensitive data and gain Remote Code Execution (RCE) privileges on the server. With no patch available yet, affected organizations must take immediate action to secure their systems.
Published: Mon Jul 21 16:47:26 2025 by llama3.2 3B Q4_K_M
A critical vulnerability in Microsoft's SharePoint Server has been exploited by malicious hackers, compromising U.S. federal and state agencies, universities, and energy companies. The vulnerability, known as CVE-2025-53770, allows attackers to gain unauthenticated remote access to systems, enabling them to steal sensitive information or use the server for further attacks. Organizations with SharePoint Server should take immediate action to patch their systems and implement robust security measures to protect against future attacks.
Published: Mon Jul 21 16:57:09 2025 by llama3.2 3B Q4_K_M
A global cybersecurity nightmare has unfolded as government-backed hackers exploit a previously undisclosed vulnerability in Microsoft's SharePoint Server, leaving hundreds of thousands of organizations potentially vulnerable to attack. As the situation continues to unfold, security experts are sounding the alarm on the potential for further exploitation and the need for immediate action.
Published: Mon Jul 21 17:06:41 2025 by llama3.2 3B Q4_K_M
Four new samples of Android spyware linked to Iran's intel agency have been discovered, highlighting ongoing efforts to combat digital espionage and cyber threats. The malware, known as DCHSpy, was found disguised as VPN apps and can collect WhatsApp data, record audio and video, and search for files by name. This discovery has significant implications for global security, particularly in the wake of recent tensions between Iran and Israel.
Published: Mon Jul 21 17:13:38 2025 by llama3.2 3B Q4_K_M
Alaska Airlines experienced an unexpected IT outage on July 20, which led to a system-wide ground stop for its flights. The incident highlights the ever-present risk of cyber threats facing modern aviation and underscores the need for ongoing vigilance against potential security breaches in critical infrastructure. As the situation evolves, it remains to be seen how this IT outage will shape the airline's future plans and strategies.
Published: Mon Jul 21 17:24:31 2025 by llama3.2 3B Q4_K_M
Japan has identified an object beyond Pluto, challenging the Planet Nine theory and raising questions about the formation and evolution of our solar system. This groundbreaking discovery highlights the complexity and diversity of celestial bodies in the outer reaches of our cosmic neighborhood.
Published: Mon Jul 21 17:32:52 2025 by llama3.2 3B Q4_K_M
Microsoft has warned its customers of a zero-day flaw in its on-premises SharePoint Server product, which has already been exploited by attackers. The vulnerability allows unauthorized access to code over a network and highlights the need for greater vigilance among users in protecting their systems from potential attacks.
Published: Mon Jul 21 17:43:24 2025 by llama3.2 3B Q4_K_M
The UK government has uncovered a novel Microsoft snooping malware, dubbed Authentic Antics, which is believed to be linked to Russia's General Staff Main Intelligence Directorate (GRU) military unit 26165. This revelation highlights the sophistication of the cyber threat posed by GRU and underscores the need for increased vigilance and cooperation among Western nations to counter these threats.
Published: Mon Jul 21 17:51:39 2025 by llama3.2 3B Q4_K_M
Investigating the Alterations to Surveillance Footage: Uncovering the Truth Behind a Dubious Video
A recent investigation by Dhruv Mehrotra and Katie Drummond has shed light on the alterations made to surveillance footage, raising questions about the integrity of digital forensics and the potential for manipulation. This article will delve into the details of this controversy, examining the changes in aspect ratio, the implications for the public's understanding of reality, and the broader issues surrounding social media platforms and conspiracy theories.
Published: Mon Jul 21 18:01:37 2025 by llama3.2 3B Q4_K_M
Android spyware DCHSpy masquerades as VPN apps to spy on dissidents in the Middle East, with alleged ties to Iran's Ministry of Intelligence and Security. This new threat highlights the ongoing need for vigilance and awareness when it comes to mobile security.
Published: Mon Jul 21 18:09:04 2025 by llama3.2 3B Q4_K_M
A highly sophisticated espionage campaign has been attributed to APT41, with the attackers leveraging custom-built tools, living-off-the-land tactics, and a focus on targeting government IT services in Africa. Stay informed about the latest developments in cybersecurity as this threat continues to evolve.
Published: Mon Jul 21 18:21:03 2025 by llama3.2 3B Q4_K_M
The cybersecurity landscape is undergoing a significant transformation driven by the increasing adoption of artificial intelligence (AI) and machine learning (ML) technologies. As AI reshapes digital identity, users are growing increasingly concerned about how their data is being used and who is behind the screen. This article explores the evolving threat landscape and the strategies that organizations must adopt to protect themselves against AI-driven threats.
Published: Mon Jul 21 18:32:35 2025 by llama3.2 3B Q4_K_M
AI is transforming the field of cybersecurity by augmenting traditional security measures with advanced automation and collaboration capabilities. By combining AI-driven insights with human oversight and judgment, organizations can enhance their zero-trust architectures and bolster their defenses against a wide range of threats.
Published: Mon Jul 21 18:42:42 2025 by llama3.2 3B Q4_K_M
Cybersecurity researchers have discovered a novel attack technique employed by the threat actors known as PoisonSeed, which bypasses traditional FIDO security measures using sophisticated QR phishing and cross-device sign-in abuse. This discovery highlights the need for robust authentication protocols to protect user accounts from threats like this.
Published: Mon Jul 21 18:50:05 2025 by llama3.2 3B Q4_K_M
Microsoft has released critical security patches for two SharePoint vulnerabilities, with a focus on addressing the high-severity, ongoing threat of remote code execution (RCE) through deserialization of untrusted data in on-premises SharePoint Server customers. With at least 54 organizations already compromised and active exploitation reported, patching alone is deemed insufficient to fully evict the threat. Microsoft urges immediate action from affected organizations to safeguard against these critical vulnerabilities.
Published: Mon Jul 21 18:58:33 2025 by llama3.2 3B Q4_K_M
Two critical security flaws have been identified in Fortinet's FortiWeb application and Hewlett-Packard Enterprise's HPE Instant On Access Points devices. The vulnerabilities, CVE-2025-25257 and CVE-2025-37103 respectively, pose a significant risk to organizations that rely on these systems for protection against web-based attacks and unauthorized access to administrative controls. Organizations are advised to apply the latest patches as soon as possible to prevent potential exploitation.
Published: Mon Jul 21 19:06:21 2025 by llama3.2 3B Q4_K_M
Browser-Based Cryptojacking: A Growing Threat to Global Internet Security
More than 3,500 websites worldwide have been compromised by JavaScript cryptocurrency miners, marking the return of browser-based cryptojacking attacks. This malicious activity uses advanced techniques such as stealthy mining and WebSockets to evade detection and maximize its impact. As users unknowingly mine cryptocurrency while browsing compromised websites, their computers become covert crypto generation machines without their knowledge or consent. Stay informed about this growing threat and learn how to protect yourself against browser-based cryptojacking.
Published: Mon Jul 21 19:20:21 2025 by llama3.2 3B Q4_K_M
EncryptHub has targeted Web3 developers with fake AI platforms to deploy Fickle Stealer malware, marking a diversification of its monetization methods and highlighting the need for increased vigilance among developers.
Published: Mon Jul 21 19:28:13 2025 by llama3.2 3B Q4_K_M
A critical security vulnerability in Microsoft SharePoint Server has been exploited in large-scale attacks, affecting more than 75 companies worldwide. The CVE-2025-53770 zero-day flaw allows unauthorized attackers to execute code over a network after deserialization of untrusted data in on-premises Microsoft SharePoint Server. To protect against this threat, Microsoft is urging customers to configure Antimalware Scan Interface (AMSI) integration and deploy Defender AV on all SharePoint servers.
Published: Mon Jul 21 19:38:54 2025 by llama3.2 3B Q4_K_M
Malicious code has infiltrated popular npm packages via a phishing scam. Cybersecurity researchers at Socket have discovered that hackers impersonated the official npm account in an email message, prompting victims to click on a link that harvested their credentials. This attack highlights the vulnerability of the open-source software supply chain and serves as a warning to developers who use affected packages.
Published: Mon Jul 21 19:46:35 2025 by llama3.2 3B Q4_K_M
SharePoint Server users are facing a global crisis as attackers exploit a high-severity vulnerability (CVE-2025-53770) that allows hackers to gain unauthorized access to company networks and steal authentication tokens. Microsoft has confirmed the attacks and released emergency updates to patch the vulnerability, but organizations must take further steps to secure their systems against the ongoing threat.
Published: Mon Jul 21 21:06:09 2025 by llama3.2 3B Q4_K_M
Cursor's AI coding agent has been found to be vulnerable to exploitation by malicious actors, leaving experts warning about the dangers of relying on these systems without proper safeguards. The recent discovery highlights the need for a more comprehensive approach to AI security, one that prioritizes robust measures and caution over convenience.
Published: Mon Jul 21 21:14:09 2025 by llama3.2 3B Q4_K_M
New York City is teaming up with the crime-tracking app Citizen to send real-time public safety alerts based on users' specific locations. The city will also grant access to its portal to review footage shared by citizens. This new partnership aims to enhance public safety and foster cooperation between the city's agencies and citizens, utilizing cutting-edge technology to create a safer environment for all residents.
Published: Mon Jul 21 21:27:32 2025 by llama3.2 3B Q4_K_M
Clear Linux OS Project Shutdown by Intel - In a shocking move, Intel has announced the discontinuation of its Clear Linux OS project, prompting users to migrate to other actively maintained distributions for safety. The reasons behind this decision are complex and multifaceted, highlighting the challenges involved in maintaining open-source operating systems.
Published: Mon Jul 21 21:37:06 2025 by llama3.2 3B Q4_K_M
Dell Technologies has acknowledged a massive data breach that saw criminals gain unauthorized access to its IT environment and steal a significant amount of data. However, in a surprising turn of events, the company has downplayed the incident, claiming that the stolen data was primarily synthetic or "fake" data, which is publicly available datasets used solely for product demonstration purposes. The breach raises questions about the effectiveness of Dell's cybersecurity measures and whether the company is taking adequate steps to protect its customers' sensitive information.
Published: Mon Jul 21 21:46:15 2025 by llama3.2 3B Q4_K_M
Human analysis and scrutiny of code have emerged as a crucial factor in enhancing cyber security through open source software. By making code available for public review, developers can tap into the collective expertise of a community, thereby improving the overall security posture of their creations.
Published: Tue Jul 22 06:02:26 2025 by llama3.2 3B Q4_K_M
The exploitation of Ivanti Connect Secure vulnerabilities by attackers has resulted in the deployment of MDifyLoader malware, which executes In-Memory Cobalt Strike attacks. Understanding this incident can help organizations strengthen their defenses against such sophisticated threats.
Published: Tue Jul 22 06:15:17 2025 by llama3.2 3B Q4_K_M
Chinese hackers have launched a wave of attacks targeting Microsoft Sharepoint, exploiting zero-day vulnerabilities to breach dozens of organizations worldwide. The attacks, dubbed "ToolShell," have left many scrambling to patch their systems, as Microsoft releases emergency patches for impacted versions of Sharepoint.
Published: Tue Jul 22 07:27:28 2025 by llama3.2 3B Q4_K_M
To advance from a SOC manager role to that of a CISO, it is essential to develop strategic thinking, business acumen, and leadership skills. By focusing on cultivating these critical areas, SOC managers can position themselves for success in executive cybersecurity positions. Learn more about the path forward for SOC managers looking to make this career leap.
Published: Tue Jul 22 07:34:06 2025 by llama3.2 3B Q4_K_M
Microsoft has released an emergency patch to address a critical zero-day vulnerability in SharePoint Server 2016, which was discovered just weeks after Microsoft's July Patch Tuesday update. The patch was issued on July 21, following updates already available for SharePoint Server 2019 and SharePoint Server Subscription Edition. However, while it should address two zero-day vulnerabilities, CVE-2025-53770 and CVE-2025-53771, which allowed miscreants to access servers connected to the internet, it is possible that attackers may have already accessed data or systems.
Published: Tue Jul 22 09:44:25 2025 by llama3.2 3B Q4_K_M
In a groundbreaking initiative, Google's OSS Rebuild aims to enhance the security and integrity of open source ecosystems by detecting supply chain compromise through AI-powered build attestations. With its comprehensive suite of tools and technologies, OSS Rebuild empowers developers, enterprises, and security researchers to make open source ecosystems more secure and transparent.
Published: Tue Jul 22 10:17:57 2025 by llama3.2 3B Q4_K_M
Cisco has issued a warning that three recently patched critical RCE flaws in its Identity Services Engine (ISE) are now being actively exploited in attacks. Organizations with ISE deployments must upgrade to the latest software release as soon as possible to remediate these vulnerabilities.
Published: Tue Jul 22 10:56:28 2025 by llama3.2 3B Q4_K_M
The UK has announced plans to ban public sector and critical infrastructure organizations from paying ransoms after ransomware attacks, a move aimed at disrupting the lucrative business model of cybercriminals and protecting vital services such as healthcare and education.
Published: Tue Jul 22 11:06:10 2025 by llama3.2 3B Q4_K_M
A global cybersecurity crisis has been triggered by a recent wave of widespread attacks targeting Microsoft SharePoint zero-day vulnerabilities, with Chinese hacking groups linked as the primary perpetrators. Dozens of organizations worldwide have already been compromised, highlighting the growing threat posed by nation-state actors.
Published: Tue Jul 22 11:13:39 2025 by llama3.2 3B Q4_K_M
A former Silicon Valley engineer has pleaded guilty to stealing sensitive information from his employers, including crucial military technology. The case highlights the risks posed by China's talent programs and the need for greater regulation in the tech industry. Gong faces up to 10 years in prison and is expected to receive a plea bargain as the court process unfolds.
Published: Tue Jul 22 11:25:03 2025 by llama3.2 3B Q4_K_M
UK takes historic step to crack down on ransomware payments, banning public sector organizations and critical national infrastructure from making payments to attackers. The move is part of a broader effort to bolster the country's cybersecurity posture in response to growing threats of cybercrime.
Published: Tue Jul 22 11:46:35 2025 by llama3.2 3B Q4_K_M
Cisco has recently confirmed that a set of security flaws discovered in their Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) are currently active in the wild. These critical-rated bugs, which can be exploited remotely without authentication to execute arbitrary code on the underlying operating system as root, pose significant risks for defenders managing critical infrastructure or compliance-driven environments. To mitigate this threat, customers should upgrade to a fixed software release as soon as possible and review their system logs for suspicious activity.
Published: Tue Jul 22 11:55:57 2025 by llama3.2 3B Q4_K_M
Credential Theft and Remote Access Surge as AllaKore, PureRAT, and Hijack Loader Proliferate in a Wave of Financial Fraud. According to Arctic Wolf Labs, a financially motivated hacking group has been behind the recent surge in attacks targeting Mexican organizations.
Published: Tue Jul 22 12:06:35 2025 by llama3.2 3B Q4_K_M
ToolShell is a sophisticated attack chain that targets high-value SharePoint deployments, using a combination of previously patched vulnerabilities and custom webshells to gain persistence and access via cryptographic key theft. As enterprises continue to rely on cloud-based services like SharePoint, it's essential that they remain vigilant and take proactive measures to protect themselves against such threats.
Published: Tue Jul 22 12:14:48 2025 by llama3.2 3B Q4_K_M
A critical zero-day vulnerability has been discovered in CrushFTP, a managed file transfer software used by many organizations worldwide. This vulnerability can be exploited via HTTPS when the DMZ proxy is disabled, allowing remote attackers to gain administrative privileges on vulnerable servers. CrushFTP has urged its customers to update to a fixed version of the software as soon as possible and provided guidelines for identifying and mitigating this vulnerability.
Published: Tue Jul 22 12:22:19 2025 by llama3.2 3B Q4_K_M
Hardcoded login credentials in HPE Aruba Instant On Wi-Fi devices have been found to be vulnerable to attack, putting sensitive data at risk. Firmware version 3.2.1.0 or newer has addressed this issue, but devices running earlier firmware versions are still exposed. Researchers have also identified another vulnerability in the Instant On Command Line Interface.
Published: Tue Jul 22 12:29:06 2025 by llama3.2 3B Q4_K_M
MuddyWater, a highly sophisticated Iranian APT group, has been making waves in the cybersecurity landscape once again by deploying new variants of their Android spyware, DCHSpy. Amidst the ongoing conflict between Iran and Israel, MuddyWater is targeting English and Farsi-speaking users with anti-regime themes, spreading malicious payloads via fake VPN apps shared on Telegram. To stay ahead of these emerging threats, it's essential to remain vigilant and take necessary precautions to protect yourself from such attacks.
Published: Tue Jul 22 12:36:47 2025 by llama3.2 3B Q4_K_M
Microsoft has issued an urgent warning to its customers regarding a new zero-day vulnerability in their on-premises SharePoint servers, which is being exploited by attackers using the "ToolShell" campaign. The vulnerability, tracked as CVE-2025-53770, has been assigned a CVSS score of 9.8 and is related to the deserialization of untrusted data in on-premises Microsoft SharePoint Server. Microsoft urges its customers to patch the vulnerability as soon as possible, as it only affects on-premises servers and not SharePoint Online in Microsoft 365.
Published: Tue Jul 22 12:46:57 2025 by llama3.2 3B Q4_K_M
Microsoft has issued a warning about a newly discovered SharePoint zero-day vulnerability (CVE-2025-53770) that is being actively exploited in the wild. This vulnerability allows attackers to execute malicious code on vulnerable servers, highlighting the importance of staying up-to-date with security patches and configurations. Organizations using on-premises SharePoint servers should take immediate action to protect themselves from exploitation.
Published: Tue Jul 22 12:55:56 2025 by llama3.2 3B Q4_K_M
Singapore has issued a warning to its citizens and businesses of a potential cyber threat from a China-linked APT group known as UNC3886. The group is believed to be targeting the country's critical infrastructure, including routers and security devices, in an attempt to infiltrate and disrupt its systems. With a history of sophisticated cyberattacks against organizations in Asia and other regions, UNC3886 poses a significant threat to Singapore's national security and critical infrastructure.
Published: Tue Jul 22 13:03:05 2025 by llama3.2 3B Q4_K_M
U.S. CISA has added Fortinet's FortiWeb SQL injection vulnerability (CVE-2025-25257) to its Known Exploited Vulnerabilities catalog, warning organizations to apply patches immediately to prevent exploitation by malicious actors.
Published: Tue Jul 22 13:11:05 2025 by llama3.2 3B Q4_K_M
The world of open-source software has long been a bastion of collaboration and innovation, but a growing concern has emerged: the security vulnerability posed by unregulated package repositories. The Arch Linux AUR incident highlights the need for enhanced security measures to protect users from malware introduced into these repositories.
Published: Tue Jul 22 14:27:01 2025 by llama3.2 3B Q4_K_M
Microsoft has confirmed that at least 54 organizations have been breached in a series of attacks on its SharePoint server platform. The company believes that the attacks were carried out by hacking groups affiliated with the Chinese government, using a zero-day exploit to steal sensitive data and move across connected services. A patch update for impacted versions of SharePoint is now available, but Microsoft warns that threat actors will continue to use this exploit to attack unpatched server systems once it is widely known.
Published: Tue Jul 22 14:42:57 2025 by llama3.2 3B Q4_K_M
Coyote, a banking trojan, exploits Windows UIA framework to target Brazilian users and steal sensitive information from their devices. In a worrying development, the malware has added UIA abuse to its toolkit in recent months.
Published: Tue Jul 22 14:52:29 2025 by llama3.2 3B Q4_K_M
Interlock ransomware is a growing threat that targets businesses and critical infrastructure organizations through double extortion attacks. To defend against this threat, organizations must take proactive measures to protect their networks and systems from these novel tactics.
Published: Tue Jul 22 15:08:40 2025 by llama3.2 3B Q4_K_M
A major European healthcare network has disclosed a significant security breach that may have exposed sensitive customer, employee, and partner information. The AMEOS Group, a Zurich-based healthcare provider, announced the breach on its website, as required by the General Data Protection Regulation (GDPR). The incident highlights the importance of robust cybersecurity measures in the healthcare sector, where personal data is highly sensitive.
Published: Tue Jul 22 15:16:11 2025 by llama3.2 3B Q4_K_M
A growing threat to global security has been identified, with Chinese spies and IP thieves exploiting vulnerabilities in Microsoft SharePoint servers. Three groups, two linked to government backing, are attacking on-premises SharePoint servers via recently disclosed Microsoft bugs. Immediate action is urged to secure these systems against zero-day exploits.
Published: Tue Jul 22 15:25:21 2025 by llama3.2 3B Q4_K_M
Microsoft has formally linked ongoing SharePoint exploits to three Chinese hacker groups, including Linen Typhoon and Storm-2603. The tech giant warns that threat actors will continue to integrate these exploits into their attacks against unpatched on-premises SharePoint systems. To mitigate this risk, organizations are advised to apply the latest updates, rotate machine keys, restart IIS, and deploy Microsoft Defender for Endpoint.
Published: Tue Jul 22 15:35:10 2025 by llama3.2 3B Q4_K_M
Cisco has confirmed that its ISE and ISE-PIC solutions are under attack due to multiple critical vulnerabilities. Organizations relying on these products must act swiftly to patch the flaws and protect themselves against potential cyber threats.
Published: Tue Jul 22 15:47:26 2025 by llama3.2 3B Q4_K_M
Lumma infostealer malware, which was disrupted by law enforcement in May, has now regained trust within the cybercrime community and is once again facilitating infostealing operations on multiple platforms. The resurgence of Lumma highlights the ongoing challenges faced by law enforcement agencies in their efforts to combat cybercrime and underscores the importance of proactive cybersecurity measures and international cooperation.
Published: Tue Jul 22 22:09:10 2025 by llama3.2 3B Q4_K_M
Microsoft has linked a recent wave of widespread SharePoint zero-day attacks to Chinese hackers. The attackers used an exploit chain dubbed "ToolShell" to breach organizations' systems, compromising internal configurations and file systems. Microsoft has shared indicators of compromise (IOCs) to help defenders identify compromised servers.
Published: Tue Jul 22 22:18:05 2025 by llama3.2 3B Q4_K_M
China has issued a warning to its citizens about the dangers of backdoored devices and supply chain attacks on software. The Ministry of State Security advises citizens to be cautious when purchasing foreign-made devices or software, as some may contain hidden backdoors that can be used by criminals for nefarious purposes. This comes as tensions between China and the West continue to escalate, with reports of Chinese spies using advanced surveillance tools to monitor online activities.
Published: Tue Jul 22 22:26:52 2025 by llama3.2 3B Q4_K_M
The recent expiration of funding for the CyberSentry program raises serious concerns about US critical infrastructure security. The program, which aimed to detect cyber threats in critical infrastructure networks, will now be unable to provide real-time monitoring, leaving owners and operators vulnerable to attacks.
Published: Tue Jul 22 22:37:37 2025 by llama3.2 3B Q4_K_M
A top-secret US nuclear agency has been breached by a zero-day exploit in Microsoft SharePoint software, with over 50 organizations affected. Despite no sensitive information being leaked, the incident highlights the need for robust cybersecurity measures.
Published: Wed Jul 23 03:49:03 2025 by llama3.2 3B Q4_K_M
Cyberpunk 2077 has finally arrived on Mac, but the experience is far from seamless. In this article, we'll delve into the world of PC gaming on Apple's M-series laptops, exploring the challenges and triumphs that come with playing a graphically intense game like Cyberpunk 2077.
Published: Wed Jul 23 07:05:25 2025 by llama3.2 3B Q4_K_M
Google Unveils Comprehensive Open-Source Security Initiative: OSS Rebuild
In a bid to bolster the security of open-source package ecosystems, Google has launched an ambitious initiative called OSS Rebuild. This project aims to provide build provenance for packages across various platforms, including Python, npm, and Crates.io, in order to prevent software supply chain attacks.
By empowering security teams with powerful data and providing them with the tools necessary to detect and respond to potential threats, OSS Rebuild plays a vital role in bolstering the security of open-source package ecosystems. With this comprehensive initiative, Google is taking a proactive stance towards addressing the pressing issue of software supply chain attacks.
Published: Wed Jul 23 07:22:03 2025 by llama3.2 3B Q4_K_M
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a high-priority alert, urging federal civilian executive branch agencies to remediate two critical vulnerabilities in Microsoft SharePoint that have been actively exploited by Chinese hackers. The alert comes after evidence of exploitation was added to the CISA's Known Exploited Vulnerabilities (KEV) catalog on July 22, 2025. The two vulnerabilities, CVE-2025-49704 and CVE-2025-49706, are a spoofing vulnerability and a remote code execution vulnerability collectively tracked as ToolShell. Experts warn that enabling Antimalware Scan Interface (AMSI) instead of patching is a bad idea, as it would allow attackers to bypass this mitigation step.
Published: Wed Jul 23 07:29:08 2025 by llama3.2 3B Q4_K_M
Recent revelations from CISA have highlighted two significant security flaws impacting SysAid IT support software.CVE-2025-2775 and CVE-2025-2776 pose a major threat to the security of SysAid's on-premise version 24.4.60 build 16, which must be updated by August 12, 2025. The vulnerabilities allow attackers to execute SSRF attacks and remote code execution, highlighting the ongoing need for proactive cybersecurity measures in this increasingly complex threat landscape.
Published: Wed Jul 23 07:38:22 2025 by llama3.2 3B Q4_K_M
A recent phishing campaign has infected seven npm packages with malware. The attack involved impersonating npm in email messages sent to project maintainers, tricking them into clicking on a typosquatted link that harvested their credentials. The malware allows the attackers to publish malicious versions of the packages directly onto the registry, bypassing detection and delivering from an external server a stealer component capable of gathering sensitive data from web browsers.
Published: Wed Jul 23 07:48:33 2025 by llama3.2 3B Q4_K_M
Global cybersecurity alert: China-nexus actors have exploited vulnerabilities in SharePoint versions 2016, 2019, and Subscription Edition, leaving enterprises vulnerable to attacks. Microsoft has linked the attacks to China-linked groups Linen Typhoon, Violet Typhoon, and Storm-2603, and urges immediate patching and mitigation to protect unpatched on-premises SharePoint environments.
Published: Wed Jul 23 07:54:52 2025 by llama3.2 3B Q4_K_M
Ukraine arrests suspected admin of XSS Russian hacking forum in major blow to global cybercrime community. The operation marks a significant victory for law enforcement agencies in their ongoing efforts to combat online illicit activities.
Published: Wed Jul 23 10:10:51 2025 by llama3.2 3B Q4_K_M
CISA warns of hackers exploiting SysAid vulnerabilities in attacks, urging all organizations to patch their systems immediately to prevent potential security breaches.
Published: Wed Jul 23 10:19:20 2025 by llama3.2 3B Q4_K_M
VMware is facing criticism for restricting access to security patches for perpetual license holders, leaving them vulnerable to attacks. The company's decision has sparked concerns among security experts and IT professionals, who argue that the restrictions are unjustified and will force customers into paying for subscriptions. As the situation unfolds, it remains to be seen whether Broadcom will reconsider its approach or if it will continue to prioritize revenue over customer needs.
Published: Wed Jul 23 22:15:00 2025 by llama3.2 3B Q4_K_M
Clorox is suing Cognizant for $380M after hackers exploited a vulnerability in the company's help desk to gain unauthorized access to its IT network.
Published: Wed Jul 23 22:30:50 2025 by llama3.2 3B Q4_K_M
In a shocking turn of events, the National Nuclear Security Administration (NNSA) has been breached by unknown threat actors who exploited a recently patched Microsoft SharePoint zero-day vulnerability chain known as ToolShell. This breach highlights the ongoing cat-and-mouse game between security professionals and malicious hackers, emphasizing the need for continuous vigilance and proactive security strategies to prevent such breaches from occurring in the first place.
Published: Wed Jul 23 22:39:52 2025 by llama3.2 3B Q4_K_M
The AI-Powered Shift: Google's Dominance Under Pressure as OpenAI Seeks to Revolutionize Search
As the tech world continues to evolve at a breakneck pace, one aspect of online behavior is undergoing a significant transformation. The rise of artificial intelligence (AI) is no longer a novelty, but a fundamental shift in how we interact with the web. At the epicenter of this revolution is Google, the undisputed king of search engines. However, with OpenAI's ChatGPT poised to challenge its dominance, the very fabric of online search is being rewritten.
Published: Wed Jul 23 22:47:25 2025 by llama3.2 3B Q4_K_M
| Follow @EthHackingNews |