.png)
3 months ago
1
Schneier on Security ARTICLE
Another Supply Chain Vulnerability
Schneier on Security
ProPublica is reporting : Microsoft is using engineers in China to help maintain the Defense Department’s computer systems—with minimal supervision by U.S. personnel—leaving some of the nation’s most sensitive data vulnerable to hacking from its leading cyber adversary, a ProPublica investigation has found. The arrangement, which was critical to Microsoft winning the federal government’s cloud computing business a decade ago, relies on U.S. citizens with security clearances to oversee the work a
Microsoft China
Over 1,000 CrushFTP servers exposed to ongoing hijack attacks
BleepingComputer
Over 1,000 CrushFTP servers exposed to ongoing hijack attacks Sergiu Gatlan July 21, 2025 07:34 AM 0 Over 1,000 CrushFTP instances currently exposed online are vulnerable to hijack attacks that exploit a critical security bug, providing admin access to the web interface. The security vulnerability (CVE-2025-54309) is due to mishandled AS2 validation and impacts all CrushFTP versions below 10.8.5 and 11.3.4_23. The vendortagged the flaw as actively exploitedin the wild on July 19th, noting that a
Zero-Day Microsoft RCE Ransomware Phishing CVE-2025-54309 +2 more
CoinDCX Hack Leads to $44.2 Million Loss Developing +1
Cluster: X - Twitter
CoinDCX Hack Leads to $44.2 Million Loss Major Indian cryptocurrency exchange CoinDCX has confirmed a significant security breach that resulted in approximately $44 million in losses, though company executives maintain that customer funds remain completely secure and unaffected by the incident. CoinDCX co-founder Sumit Gupta publicly confirmedreportsof the cyberattack, which occurred on Saturday, July 19, 2025. The hackers successfully gained unauthorized access to one of the company’s...
CISA Microsoft RCE AWS Azure Google +4 more
Livewire Vulnerability Exposes Millions of Laravel Apps to Remote Code Execution Attacks
Cluster: CVE-2025-54068 - RCE - Remote Code Execution
A critical security vulnerability in Laravel’s Livewire framework has been discovered that could expose millions of web applications to remote code execution (RCE) attacks. The flaw, designated as CVE-2025-54068, affects Livewire v3 versions from 3.0.0-beta.1 through 3.6.3, with a CVSS v4 score indicating high severity across confidentiality, integrity, and availability metrics. The vulnerability originates from […]
CISA Microsoft RCE Remote Code Execution Windows AWS +4 more
Cybersecurity News ARTICLE
Livewire Vulnerability Exposes Millions of Laravel Apps to Remote Code Execution Attacks
Cybersecurity News
A critical security vulnerability in Laravel’s Livewire framework has been discovered that could expose millions of web applications to remote code execution (RCE) attacks. The flaw, designated as CVE-2025-54068, affects Livewire v3 versions from 3.0.0-beta.1 through 3.6.3, with a CVSS v4 score indicating high severity across confidentiality, integrity, and availability metrics. The vulnerability originates from […]
Remote Code Execution RCE Remote Code Execution CVE-2025-54068
Microsoft SharePoint zero-day breach hits on-prem servers
CSO Online
Enterprise IT teams face an immediate crisis as Microsoft warned Saturday of active cyberattacks exploiting a previously unknown vulnerability in SharePoint Server, with security researchers confirming dozens of servers compromised globally since attacks began July 18. “Microsoft is aware of active attacks targeting on-premises SharePoint Server customers by exploiting vulnerabilities partially addressed by the July Security Update,” the company said in a statement issued Saturday. “These vulner
Zero-day Exploit CISA Zero-Day Microsoft Microsoft 365 CVE-2025-49706 +2 more
Cybersecurity News ARTICLE
New KAWA4096’s Ransomware Leverages Windows Management Instrumentation to Delete Shadow Copies
Cybersecurity News
A sophisticated new ransomware strain named KAWA4096 has emerged in the cybersecurity landscape, showcasing advanced evasion techniques and borrowing design elements from established threat actors. Named after the Japanese word for “river,” this malicious software first surfaced in June 2025 and has already claimed at least 11 victims across multiple regions, with the United States […]
Ransomware United States Windows
Microsoft releases emergency patches for SharePoint RCE flaws exploited in attacks
BleepingComputer
Microsoft releases emergency patches for SharePoint RCE flaws exploited in attacks Lawrence Abrams July 21, 2025 12:41 AM 0 Microsoft has released emergency SharePoint security updates for two zero-day vulnerabilities tracked as CVE-2025-53770 and CVE-2025-53771 that have compromised services worldwide in "ToolShell" attacks. In May, during theBerlin Pwn2Own hacking contest, researchers exploited a zero-day vulnerability chain called "ToolShell," which enabled them to achieve remote code executi
Zero-Day RCE Windows Remote Code Execution Microsoft Remote Code Execution +2 more
CISA Issues Alert on Microsoft SharePoint 0-Day RCE Exploited in Attacks Developing +8
Cluster: CVE-2025-53770 - CVE-2025-49706 - Zero-Day
CISA Issues Alert on Microsoft SharePoint 0-Day RCE Exploited in Attacks The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent security alert regarding a critical zero-day vulnerability inMicrosoft SharePoint Serverthat is being actively exploited in cyberattacks. The vulnerability, tracked as CVE-2025-53770, represents a significant threat to organizations running on-premises SharePoint installations. The flaw stems from a deserialization of untrusted data...
CISA Cybersecurity and Infrastructure Security Agency Healthcare Microsoft Microsoft Security Palo Alto Networks +4 more
Rumble in the jungle: APT41’s new target in Africa
Kaspersky Securelist
Table of Contents Introduction Incident investigation and toolkit analysis Detection Privilege escalation and lateral movement C2 communication Cobalt Strike Agent Obtaining a command shell: reverse shell via an HTA file Data collection Pillager Checkout RawCopy Mimikatz Retrospective threat hunting Takeaways and lessons learned Appendix Rules Yara Sigma IOCs Files Domains and IPs MITRE ATT&CK Denis Kulik Daniil Pogorelov Introduction Some time ago, Kaspersky MDR analysts detected a targeted att
Windows Healthcare China Energy Microsoft Privilege Escalation +2 more
CISA Issues Alert on Microsoft SharePoint 0-Day RCE Exploited in Attacks
GB Hackers
CISA Issues Alert on Microsoft SharePoint 0-Day RCE Exploited in Attacks The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent security alert regarding a critical zero-day vulnerability inMicrosoft SharePoint Serverthat is being actively exploited in cyberattacks. The vulnerability, tracked as CVE-2025-53770, represents a significant threat to organizations running on-premises SharePoint installations. The flaw stems from a deserialization of untrusted data vulnerabili
Windows RCE Ransomware Cybersecurity and Infrastructure Security Agency CISA Zero-Day +2 more
SharePoint 0-Day RCE Flaw Actively Exploited for Full Server Takeover
GB Hackers
SharePoint 0-Day RCE Flaw Actively Exploited for Full Server Takeover A devastating new SharePoint vulnerability is being actively exploited in large-scale attacks worldwide, enabling attackers to gain complete control of on-premise servers without authentication. Security researchers at Eye Securitydiscoveredthe ongoing campaign on July 18, 2025, revealing a sophisticated exploit chain dubbed “ToolShell” that leverages previously demonstrated Pwn2Own vulnerabilities to achieve remote code execu
Remote Code Execution Windows RCE Microsoft Google Authentication Bypass +2 more
Surveillance Firm Exploits SS7 Flaw to Track User Locations
Cluster: RCE - DoS - Microsoft
Surveillance Firm Exploits SS7 Flaw to Track User Locations A sophisticated surveillance operation has been discovered exploiting critical vulnerabilities in the global telecommunications infrastructure to track mobile phone users’ locations without authorization, security researchers have revealed. The attack leverages weaknesses in the decades-old SS7 (Signaling System No. 7) protocol that underpins international cellular networks. New Attack Method Discovered Security experts atEnea’s...
CISA Microsoft RCE AWS Azure Google +4 more
Surveillance Firm Exploits SS7 Flaw to Track User Locations
GB Hackers
Surveillance Firm Exploits SS7 Flaw to Track User Locations A sophisticated surveillance operation has been discovered exploiting critical vulnerabilities in the global telecommunications infrastructure to track mobile phone users’ locations without authorization, security researchers have revealed. The attack leverages weaknesses in the decades-old SS7 (Signaling System No. 7) protocol that underpins international cellular networks. New Attack Method Discovered Security experts atEnea’s Threat
CISA Microsoft RCE Azure Google AWS +2 more
From hardcoded credentials to auth gone wrong: Old bugs continue to break modern systems
CSO Online
At a time when AI-powered cyber threats and sophisticated state-backed hacking groups dominate the headlines, the lack of elementary security continues to pose as the most consistent risk. A recent string of vulnerability disclosures highlights the vulnerability of “modern” infrastructure to the oldest tricks in the book. Cisco, for instance, was found shipping wireless controllers with hardcoded root credentials , providing attackers a direct path to privileged access. Anthropic’s internal deve
RCE Remote Code Execution Remote Code Execution Cisco Cross-Site Scripting XSS +2 more
7-Zip Vulnerability Lets Malicious RAR5 Files Crash Systems
Cluster: APT41 - CVE-2025-53816 - Memory Corruption
7-Zip Vulnerability Lets Malicious RAR5 Files Crash Systems A critical denial-of-service vulnerability has been discovered in 7-Zip that allows attackers to crash systems using specially crafted RAR5 archive files. The vulnerability, tracked asCVE-2025-53816, affects the popular compression software’s RAR5 decoder and can lead to memory corruption and system crashes when processing malicious archives. Technical Details of the Vulnerability Security researcher Jaroslav Lobačevskiidentifiedthe...
CISA Microsoft RCE Windows AWS Azure +4 more
CoinDCX Hack Leads to $44.2 Million Loss
GB Hackers
CoinDCX Hack Leads to $44.2 Million Loss Major Indian cryptocurrency exchange CoinDCX has confirmed a significant security breach that resulted in approximately $44 million in losses, though company executives maintain that customer funds remain completely secure and unaffected by the incident. CoinDCX co-founder Sumit Gupta publicly confirmedreportsof the cyberattack, which occurred on Saturday, July 19, 2025. The hackers successfully gained unauthorized access to one of the company’s internal
CISA Microsoft RCE Azure Google AWS +2 more
Livewire Flaw Puts Millions of Laravel Apps at Risk of RCE Attacks
GB Hackers
Livewire Flaw Puts Millions of Laravel Apps at Risk of RCE Attacks A critical vulnerability discovered in Livewire, a popular full-stack framework for Laravel applications, exposes millions of web properties to unauthenticated remote command execution attacks. Tracked asCVE-2025-54068, the flaw resides in Livewire versions from 3.0.0-beta.1 up to 3.6.3 and stems from the way certain component property updates are hydrated, allowing an attacker to inject and execute arbitrary commands on the serv
CISA Microsoft RCE Windows Azure AWS +2 more
Cybersecurity News ARTICLE
Microsoft Released Emergency Security Update to Patch Critical SharePoint 0-Day Vulnerability
Cybersecurity News
Microsoft has issued an urgent security advisory addressing critical zero-day vulnerabilities in on-premises SharePoint Server that attackers are actively exploiting. The vulnerabilities, assigned as CVE-2025-53770 and CVE-2025-53771, pose immediate risks to organizations running SharePoint infrastructure and require immediate remediation. Key Takeaways1. Active zero-day attacks targeting on-premises SharePoint servers via CVE-2025-53770 and CVE-2025-53771.2. Apply security updates […]
Microsoft Zero-Day CVE-2025-53770 CVE-2025-53771 SharePoint
Microsoft Releases Urgent Patch for SharePoint RCE Flaw Exploited in Ongoing Cyber Attacks
The Hacker News
Microsoft on Sundayreleasedsecurity patches for anactively exploited security flaw in SharePointand also released details of another vulnerability that it said has been addressed with "more robust protections." The tech giant acknowledged it's "aware of active attacks targeting on-premises SharePoint Server customers by exploiting vulnerabilities partially addressed by the July Security Update." CVE-2025-53770(CVSS score: 9.8), as the exploited Vulnerability is tracked, concerns a case of remote
Windows RCE Remote Code Execution Cybersecurity and Infrastructure Security Agency CISA Microsoft +2 more
Dell confirms breach of test lab platform by World Leaks extortion group
BleepingComputer
Dell confirms breach of test lab platform by World Leaks extortion group Lawrence Abrams July 21, 2025 07:00 AM 0 A newly rebranded extortion gang known as "World Leaks" breached one of Dell's product demonstration platforms earlier this month and is now trying to extort the company into paying a ransom. Dell acknowledged the incident to BleepingComputer, confirming that the threat actor had breached itsCustomer Solution Centersplatform, which is used to demonstrate Dell products and solutions t
Ransomware Data Exfiltration Dell Rootkit
HPE Warns of Aruba Hardcoded Credentials Allowing Attackers to Bypass Device Authentication
Cluster: CVE-2025-37103 - CVE-2025-37102 - Command Injection
A critical vulnerability in Hewlett Packard Enterprise (HPE) Aruba Networking Instant On Access Points could allow attackers to bypass device authentication mechanisms completely. The vulnerability, tracked as CVE-2025-37103, stems from hardcoded login credentials embedded within the devices’ software, presenting a severe security risk with a maximum CVSS score of 9.8. Key Takeaways1. HPE Aruba Access […]
Command Injection CVE-2025-37102 CVE-2025-37103 Hard-coded Credentials HPE
Japanese Police Release Free Decryption Tool for Phobos and 8Base Ransomware Victims
Cluster: Ransomware - X - Google
To fight against cybercrime, Japan’s National Police Agency (NPA) has released a free decryption tool for victims of the Phobos and 8Base ransomware variants. The decryptor, made publicly available in collaboration with international law enforcement agencies, aims to assist thousands of organizations worldwide that have suffered from ransomware attacks since 2019. The Japanese police revealed decryption utility along with an English-language user guide , offering relief to affected...
Energy Healthcare Ransomware Windows FBI Google +4 more
You're all caught up!
No more threats to display for the selected time period.
