A sophisticated cyberattack campaign targeting Microsoft SharePoint servers has been discovered exploiting a newly weaponized vulnerability chain dubbed “ToolShell,” enabling attackers to gain complete remote control over vulnerable systems without authentication. Eye Security, a Dutch cybersecurity firm, identified the active…
Category: EN
Customer guidance for SharePoint vulnerability CVE-2025-53770
Summary Microsoft is aware of active attacks targeting on-premises SharePoint Server customers. The attacks are exploiting a variant of CVE-2025-49706. This vulnerability has been assigned CVE-2025-53770. SharePoint Online in Microsoft 365 is not impacted. A patch is currently not available for…
New EU AI Act Compliance Guide – Just Weeks Before August Deadline
The EU has released a guide for how large AI makers can comply with the AI Act’s newly instituted rules to prevent systemic risks. This article has been indexed from Security | TechRepublic Read the original article: New EU AI…
Microsoft says it will no longer use engineers in China for Department of Defense work
Following a Pro Publica report that Microsoft was using engineers in China to help maintain cloud computing systems for the U.S. Department of Defense, the company said it’s made changes to ensure this will no longer happen. This article has…
Fortinet FortiWeb flaw CVE-2025-25257 exploited hours after PoC release
Hackers exploited a Fortinet FortiWeb flaw the same day a PoC was published, compromising dozens of systems. Hackers began exploiting a critical Fortinet FortiWeb flaw, tracked as CVE-2025-25257 (CVSS score of 9.6), on the same day a proof-of-concept (PoC) exploit…
Linux Distribution Designed for Seamless Anonymous Browsing
Despite the fact that operating systems like Windows and macOS continue to dominate the global market, Linux has gained a steady following among users who value privacy and security as well as cybersecurity professionals, thanks to its foundational principles: transparency,…
Major Breach at Medical Billing Giant Results in The Data Leak of 5.4 Million Users
Episource, the medical billing behemoth, has warned millions of Americans that a hack earlier this year resulted in the theft of their private and medical data. According to a listing with the United States Department of Health and Human…
Episource Healthcare Data Breach Exposes Personal Data of 5.4 Million Americans
In early 2025, a cyberattack targeting healthcare technology provider Episource compromised the personal and medical data of over 5.4 million individuals in the United States. Though not widely known to the public, Episource plays a critical role in the…
Over 2 Million Users Affected: Browser Extensions Turned Into Silent Spying Tools
An alarming cyber threat has come to light involving common browser extensions used by millions across the world. According to a recent investigation by cybersecurity firm Koi Security, at least 18 browser add-ons, once considered safe were secretly turned into…
At Least 750 US Hospitals Faced Disruptions During Last Year’s CrowdStrike Outage, Study Finds
Of those, more than 200 appear to have had outages of services related to patient care following CrowdStrike’s disastrous crash, researchers have revealed. This article has been indexed from Security Latest Read the original article: At Least 750 US Hospitals…
These are our favorite cyber books on hacking, espionage, crypto, surveillance, and more
These are our favorite cybersecurity books, both by fiction authors, as well as journalists and researchers. This article has been indexed from Security News | TechCrunch Read the original article: These are our favorite cyber books on hacking, espionage, crypto,…
New Veeam Themed Phishing Attack Using Weaponized Wav File to Attack users
A sophisticated phishing campaign targeting organizations has emerged, exploiting the trusted reputation of Veeam Software through weaponized WAV audio files delivered via email. The attack represents an evolution in social engineering tactics, combining traditional phishing techniques with audio-based deception to…
Chinese Threat Actors Using 2,800 Malicious Domains to Deliver Windows-Specific Malware
A sophisticated Chinese threat actor campaign has emerged as one of the most persistent malware distribution operations targeting Chinese-speaking communities worldwide. Since June 2023, this ongoing campaign has established an extensive infrastructure comprising more than 2,800 malicious domains specifically designed…
Snake Keylogger Evades Windows Defender and Scheduled Tasks to Harvest Login Credentials
A sophisticated phishing campaign targeting Turkish defense and aerospace enterprises has emerged, delivering a highly evasive variant of the Snake Keylogger malware through fraudulent emails impersonating TUSAŞ (Turkish Aerospace Industries). The malicious campaign distributes files disguised as contractual documents, specifically…
The best Samsung TVs of 2025: Expert tested for streaming, gaming, and more
We’ve tested and researched the best TVs you can get from Samsung–from high-end OLED models to budget-friendly smart TVs–to help you find the right fit for your home. This article has been indexed from Latest news Read the original article:…
For privacy and security, think twice before granting AI access to your personal data
AI tools are increasingly asking for gross levels of access to your personal data under the guise of needing it to work. This article has been indexed from Security News | TechCrunch Read the original article: For privacy and security,…
China’s Salt Typhoon Hackers Breached the US National Guard for Nearly a Year
Plus: Secret IRS data-sharing with ICE, a 20-year-old hackable vulnerability in train brakes, and more. This article has been indexed from Security Latest Read the original article: China’s Salt Typhoon Hackers Breached the US National Guard for Nearly a Year
New QR Code Attack Via PDFs Evades Detection Systems and Harvest Credentials
A sophisticated phishing campaign dubbed “Scanception” has emerged as a significant threat to enterprise security, leveraging QR codes embedded in PDF attachments to bypass traditional email security measures and harvest user credentials. The attack represents a concerning evolution in social…
New CrushFTP 0-Day Vulnerability Exploited in the Wild to Gain Access to Servers
A critical zero-day flaw in the CrushFTP managed file-transfer platform was confirmed after vendor and threat-intelligence sources confirmed active exploitation beginning on 18 July 2025 at 09:00 CST. Tracked as CVE-2025-54309, the bug allows unauthenticated attackers to obtain full administrative…
I took a walk with Meta’s new Oakley smart glasses – they beat my Ray-Bans in every way
Meta’s new Oakley smart glasses feature eight hours of battery life, capture 3K video, and most importantly, look great. This article has been indexed from Latest news Read the original article: I took a walk with Meta’s new Oakley smart…