Cervantes is an open-source collaborative platform built for pentesters and red teams. It offers a centralized workspace to manage projects, clients, vulnerabilities, and reports, all in one place. By streamlining data organization and team coordination, it helps reduce the time…
Category: EN
CISA Alerts on Active Exploitation of Microsoft SharePoint Code Injection and Authentication Vulnerabilities
The Cybersecurity and Infrastructure Security Agency (CISA) has issued urgent alerts regarding the active exploitation of two critical Microsoft SharePoint vulnerabilities, with organizations facing a same-day deadline to implement protective measures. The alert, released yesterday, July 22, 2025, targets vulnerabilities…
Hackers Injected Malicious Firefox Packages in Arch Linux Repo
Cybersecurity researchers have identified a sophisticated supply chain attack targeting Arch Linux users through malicious packages designed to masquerade as Firefox browser variants. Three compromised packages containing Remote Access Trojan (RAT) malware were successfully uploaded to the Arch User Repository…
Chinese Hackers Exploit Active 0-Day Vulnerability in SharePoint Servers
Microsoft has confirmed that Chinese nation-state actors are actively exploiting zero-day vulnerabilities in on-premises SharePoint servers, prompting urgent security updates and immediate patching recommendations for organizations worldwide. Vulnerability Discovery and Active Exploitation On July 19, 2025, Microsoft Security Response Center…
Creams Cafe – 159,652 breached accounts
In May 2025, 160k records of customer data was allegedly obtained from Creams Cafe, "the UK’s favourite dessert parlour". The data included email and physical addresses, names and phone numbers. Creams Cafe did not respond to repeated attempts to disclose…
Ports are getting smarter and more hackable
A new policy brief from NATO’s Cooperative Cyber Defence Centre of Excellence (CCDCOE) warns that critical port infrastructure, responsible for 80 percent of global trade, is increasingly under attack by threat actors tied to Russia, Iran, and China. These ports…
Phishing simulations: What works and what doesn’t
Phishing is one of the oldest and most effective scams used by cybercriminals. No one is immune to them, not even internet security experts, as seen in the case of Troy Hunt, who recently fell for a phishing email. Before…
CISA Orders Urgent Patching After Chinese Hackers Exploit SharePoint Flaws in Live Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA), on July 22, 2025, added two Microsoft SharePoint flaws, CVE-2025-49704 and CVE-2025-49706, to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. To that end, Federal Civilian Executive Branch…
The fraud trends shaping 2025: Pressure builds on online retailers
Fraud is growing faster than revenue in eCommerce. That’s one of the first things PwC and Forter point out in their new report, and it’s a wake-up call for online retailers. Fraud is rising faster than ever Right now, eCommerce…
China warns citizens to beware backdoored devices, on land and under the sea
Suggests buying local tech to avoid infosec worries China’s Ministry of State Security has spent the week warning of backdoored devices on land and at sea.… This article has been indexed from The Register – Security Read the original article:…
I replaced my Galaxy S25 Ultra with the Samsung Z Fold 7 – and didn’t regret it
The Galaxy Z Fold 7 exceeded my expectations and stands out as one of the best book-style foldables I’ve used – even if its telephoto camera still leaves room for improvement. This article has been indexed from Latest news Read…
Chrome High-Severity Vulnerabilities Allow Attackers to Execute Arbitrary Code
Google has released an urgent security update for its Chrome browser, addressing three critical vulnerabilities that could enable attackers to execute arbitrary code on users’ systems. The Stable channel update to version 138.0.7204.168/.169 for Windows and Mac, and 138.0.7204.168 for…
ISC Stormcast For Wednesday, July 23rd, 2025 https://isc.sans.edu/podcastdetail/9538, (Wed, Jul 23rd)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Wednesday, July 23rd, 2025…
People don’t trust AI but they’re increasingly using it anyway
Generative AI tools like ChatGPT and Google’s AI Overviews are transforming the way people engage with the internet. But the credibility of those tools remains a big concern. This article has been indexed from Latest news Read the original article:…
Passkeys won’t be ready for primetime until Google and other companies fix this
This passwordless authentication method will continue to frustrate users and fail to gain traction until those employing passkeys address a glaring problem. This article has been indexed from Latest news Read the original article: Passkeys won’t be ready for primetime…
I replaced my Sonos Arc Ultra with this Samsung flagship soundbar – and it’s a worthy alternative
Samsung’s latest flagship soundbar, the HW-Q990F, arrives ready to dominate your home entertainment setup. This article has been indexed from Latest news Read the original article: I replaced my Sonos Arc Ultra with this Samsung flagship soundbar – and it’s…
I replaced my Microsoft account password with a passkey – and you should, too
You can make your Microsoft account far more secure if you ditch your password. But if you plan to do so, there’s a step you absolutely must not skip. This article has been indexed from Latest news Read the original…
Scavenger Malware Hijacks Popular npm Packages to Attack Developers
A sophisticated supply chain attack targeting JavaScript developers emerged on Friday, July 18th, 2025, when cybercriminals compromised multiple popular npm packages to distribute the newly identified “Scavenger” malware. The attack primarily focused on eslint-config-prettier, a widely-used code formatting package, along…
Researchers Unmasked Russia’s Most Secretive FSB’s Spy Network
A groundbreaking investigation has pulled back the curtain on one of Russia’s most clandestine intelligence operations, revealing unprecedented details about the Federal Security Service’s (FSB) 16th Center and its extensive signals intelligence network. The research, conducted by CheckFirst analysts over…
Anthropic researchers discover the weird AI problem: Why thinking longer makes models dumber
Anthropic research reveals AI models perform worse with extended reasoning time, challenging industry assumptions about test-time compute scaling in enterprise deployments. This article has been indexed from Security News | VentureBeat Read the original article: Anthropic researchers discover the weird…