Microsoft has started releasing updates to fix the exploited SharePoint zero-days tracked as CVE-2025-53770 and CVE-2025-53771. The post Microsoft Patches ‘ToolShell’ Zero-Days Exploited to Hack SharePoint Servers appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
750,000 Impacted by Data Breach at The Alcohol & Drug Testing Service
The Alcohol & Drug Testing Service (TADTS) says personal information was stolen in a July 2024 ransomware attack. The post 750,000 Impacted by Data Breach at The Alcohol & Drug Testing Service appeared first on SecurityWeek. This article has been…
Cybersecurity Isn’t Just an IT Line Item — It’s a Business Imperative
Cybersecurity officers need to remember that the reality is, most attacks don’t begin with a dramatic break-in… they start with a login. The post Cybersecurity Isn’t Just an IT Line Item — It’s a Business Imperative appeared first on Security…
Co-op Boss Says All 6.5m Members Had Data Stolen
Co-op chief executive says data breach in April resulted in theft of personal data of all 6.5 million members This article has been indexed from Silicon UK Read the original article: Co-op Boss Says All 6.5m Members Had Data Stolen
US Lawmaker Dissents As Nvidia Set To Resume China AI Shipments
US lawmaker says original decision to ban Nvidia’s H20 exports was ‘right decision’ as administration gives go-ahead for sales to resume This article has been indexed from Silicon UK Read the original article: US Lawmaker Dissents As Nvidia Set To…
Livewire Flaw Puts Millions of Laravel Apps at Risk of RCE Attacks
A critical vulnerability discovered in Livewire, a popular full-stack framework for Laravel applications, exposes millions of web properties to unauthenticated remote command execution attacks. Tracked as CVE-2025-54068, the flaw resides in Livewire versions from 3.0.0-beta.1 up to 3.6.3 and stems…
SharePoint zero-day CVE-2025-53770 actively exploited in the wild
Microsoft warns of ongoing active exploitation of a SharePoint zero-day vulnerability, tracked as CVE-2025-53770. Microsoft warns of a SharePoint zero-day vulnerability, tracked as CVE-2025-53770 (CVSS score of 9.8), which is under active exploitation. Unfortunately, the flaw has yet to be…
Rumble in the jungle: APT41’s new target in Africa
Kaspersky experts analyze an incident that saw APT41 launch a targeted attack on government IT services in Africa. This article has been indexed from Securelist Read the original article: Rumble in the jungle: APT41’s new target in Africa
Exploring Netstalking: Hidden Internet Gems
Have you ever wondered what lies beyond the familiar websites you visit every day? Just how much “stuff” there is on the internet? (SPOILER: There’s… The post Exploring Netstalking: Hidden Internet Gems appeared first on Panda Security Mediacenter. This article…
A week in security (July 14 – July 20)
A list of topics we covered in the week of July 14 to July 20 of 2025 This article has been indexed from Malwarebytes Read the original article: A week in security (July 14 – July 20)
Exploited CrushFTP Zero-Day Provides Admin Access to Servers
Hackers are exploiting a zero-day vulnerability in CrushFTP to gain administrative privileges on vulnerable servers via HTTPS. The post Exploited CrushFTP Zero-Day Provides Admin Access to Servers appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
The Expiring Trust Model: CISOs Must Rethink PKI in the Era of Short-Lived Certificates and Machine Identity
The way we manage certificates must transform. For CISOs, this is not a future problem; the time to re-architect digital trust is now. The post The Expiring Trust Model: CISOs Must Rethink PKI in the Era of Short-Lived Certificates and…
IT Security News Hourly Summary 2025-07-21 09h : 8 posts
8 posts were published in the last hour 7:3 : 7-Zip Vulnerability Lets Malicious RAR5 Files Crash Systems 7:2 : I still prefer my Google Pixel 9 Pro over the expensive flagships – and it’s not even close 7:2 :…
Top Brass At Meta Settle Shareholder Lawsuit
Mark Zuckerberg, Sheryl Sandberg, other top figures at Meta settle lawsuit that demanded they personally repay $8bn in privacy fines This article has been indexed from Silicon UK Read the original article: Top Brass At Meta Settle Shareholder Lawsuit
CISA Issues Alert on Microsoft SharePoint 0-Day RCE Exploited in Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent security alert regarding a critical zero-day vulnerability in Microsoft SharePoint Server that is being actively exploited in cyberattacks. The vulnerability, tracked as CVE-2025-53770, represents a significant threat to organizations…
Alaska Airlines grounded itself due to mysterious IT problem
Now flying again, but not saying what went wrong UPDATED US carrier Alaska Airlines has grounded its fleet due to an unspecified IT issue.… This article has been indexed from The Register – Security Read the original article: Alaska Airlines…
PoC Exploit Released for Critical NVIDIA AI Container Toolkit Vulnerability
A critical container escape vulnerability has emerged in the NVIDIA Container Toolkit, threatening the security foundation of AI infrastructure worldwide. Dubbed “NVIDIAScape” and tracked as CVE-2025-23266, this flaw carries a maximum CVSS score of 9.0, representing one of the most…
New PoisonSeed Attack Let Attackers Trick Users into Scanning a QR Code with an MFA Authenticator
A sophisticated new attack technique compromises Fast IDentity Online (FIDO) key authentication by exploiting cross-device sign-in features. The PoisonSeed attack group has developed a method to downgrade FIDO key protections through adversary-in-the-middle (AitM) phishing campaigns that trick users into scanning…
Who’s Watching You? FBI IG Looks to Plug Holes in Ubiquitous Technical Surveillance
Security gaps, coupled with savvy cybercriminals, lend urgency to mitigating the potential for exploitation posed by surveillance tech. The post Who’s Watching You? FBI IG Looks to Plug Holes in Ubiquitous Technical Surveillance appeared first on Security Boulevard. This article…
Aruba password warning, SharePoint zero day, Russian vodka maker attacked
Hewlett Packard warns of hardcoded passwords in Aruba access points SharePoint zero-day exploited via RCE, no patch available Russian vodka producer suffers ransomware attack Huge thanks to our sponsor, Nudge Security Discover every SaaS account ever created by anyone in…
NPM Linter Packages Hijacked, Microsoft’s China Issue, and AI in Phishing Attacks: Cybersecurity Today:
In this episode of Cybersecurity Today, host David Shipley discusses several pressing cybersecurity issues. First, popular NPM Linter packages were hijacked via phishing to spread malware, affecting millions of downloads. Concurrently, Ukrainian CERT uncovers new phishing campaigns tied to APT28…
7-Zip Vulnerability Lets Malicious RAR5 Files Crash Systems
A critical denial-of-service vulnerability has been discovered in 7-Zip that allows attackers to crash systems using specially crafted RAR5 archive files. The vulnerability, tracked as CVE-2025-53816, affects the popular compression software’s RAR5 decoder and can lead to memory corruption and…
I still prefer my Google Pixel 9 Pro over the expensive flagships – and it’s not even close
Google’s Pixel 9 Pro is still the Android I keep coming back to for its combination of price, features, and performance. This article has been indexed from Latest news Read the original article: I still prefer my Google Pixel 9…
PoisonSeed Hackers Bypass FIDO Keys Using QR Phishing and Cross-Device Sign-In Abuse
Cybersecurity researchers have disclosed a novel attack technique that allows threat actors to bypass Fast IDentity Online (FIDO) key protections by deceiving users into approving authentication requests from spoofed company login portals. The activity, observed by Expel as part of…