The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent security alert regarding a critical zero-day vulnerability in Microsoft SharePoint Server that is being actively exploited in cyberattacks. The vulnerability, tracked as CVE-2025-53770, represents a significant threat to organizations…
Alaska Airlines grounded itself due to mysterious IT problem
Now flying again, but not saying what went wrong UPDATED US carrier Alaska Airlines has grounded its fleet due to an unspecified IT issue.… This article has been indexed from The Register – Security Read the original article: Alaska Airlines…
PoC Exploit Released for Critical NVIDIA AI Container Toolkit Vulnerability
A critical container escape vulnerability has emerged in the NVIDIA Container Toolkit, threatening the security foundation of AI infrastructure worldwide. Dubbed “NVIDIAScape” and tracked as CVE-2025-23266, this flaw carries a maximum CVSS score of 9.0, representing one of the most…
New PoisonSeed Attack Let Attackers Trick Users into Scanning a QR Code with an MFA Authenticator
A sophisticated new attack technique compromises Fast IDentity Online (FIDO) key authentication by exploiting cross-device sign-in features. The PoisonSeed attack group has developed a method to downgrade FIDO key protections through adversary-in-the-middle (AitM) phishing campaigns that trick users into scanning…
Who’s Watching You? FBI IG Looks to Plug Holes in Ubiquitous Technical Surveillance
Security gaps, coupled with savvy cybercriminals, lend urgency to mitigating the potential for exploitation posed by surveillance tech. The post Who’s Watching You? FBI IG Looks to Plug Holes in Ubiquitous Technical Surveillance appeared first on Security Boulevard. This article…
Aruba password warning, SharePoint zero day, Russian vodka maker attacked
Hewlett Packard warns of hardcoded passwords in Aruba access points SharePoint zero-day exploited via RCE, no patch available Russian vodka producer suffers ransomware attack Huge thanks to our sponsor, Nudge Security Discover every SaaS account ever created by anyone in…
NPM Linter Packages Hijacked, Microsoft’s China Issue, and AI in Phishing Attacks: Cybersecurity Today:
In this episode of Cybersecurity Today, host David Shipley discusses several pressing cybersecurity issues. First, popular NPM Linter packages were hijacked via phishing to spread malware, affecting millions of downloads. Concurrently, Ukrainian CERT uncovers new phishing campaigns tied to APT28…
7-Zip Vulnerability Lets Malicious RAR5 Files Crash Systems
A critical denial-of-service vulnerability has been discovered in 7-Zip that allows attackers to crash systems using specially crafted RAR5 archive files. The vulnerability, tracked as CVE-2025-53816, affects the popular compression software’s RAR5 decoder and can lead to memory corruption and…
I still prefer my Google Pixel 9 Pro over the expensive flagships – and it’s not even close
Google’s Pixel 9 Pro is still the Android I keep coming back to for its combination of price, features, and performance. This article has been indexed from Latest news Read the original article: I still prefer my Google Pixel 9…
PoisonSeed Hackers Bypass FIDO Keys Using QR Phishing and Cross-Device Sign-In Abuse
Cybersecurity researchers have disclosed a novel attack technique that allows threat actors to bypass Fast IDentity Online (FIDO) key protections by deceiving users into approving authentication requests from spoofed company login portals. The activity, observed by Expel as part of…
Alaska Airlines grounds itself due to mysterious IT problem
Dare we suggest Scattered Spider has poisoned another carrier? US carrier Alaska Airlines has grounded its fleet due to an unspecified IT issue.… This article has been indexed from The Register – Security Read the original article: Alaska Airlines grounds…
Japan discovers object out beyond Pluto that rewrites the Planet 9 theory
PLUS: Perplexity AI scores 360-million-customer win in India; Australian billionaire’s political party suffers data breach, won’t contact victims; and more Asia In Brief Japan’s National Astronomical Observatory last week announced the discovery of a small body with an orbit beyond…
New 7-Zip Vulnerability Enables Weaponized RAR5 File to Crash Your System
A critical memory corruption vulnerability in the popular file archiver 7-Zip has been discovered that allows attackers to trigger denial of service conditions by crafting malicious RAR5 archive files. The vulnerability, tracked as CVE-2025-53816 and designated GHSL-2025-058, affects all versions…
World Health Organization CISO on securing global health emergencies
In this Help Net Security interview, Flavio Aggio, CISO at the World Health Organization (WHO), explains how the organization prepares for and responds to cyber threats during global health emergencies. These crises often lead to an increase in phishing scams,…
How to land your first job in cybersecurity
According to LinkedIn, job applications have surged over 45% in the past year, with 11,000 applications submitted every minute. This flood of applications is making it harder than ever for qualified candidates to stand out. The industry has become highly…
SharePoint 0-Day RCE Flaw Actively Exploited for Full Server Takeover
A devastating new SharePoint vulnerability is being actively exploited in large-scale attacks worldwide, enabling attackers to gain complete control of on-premise servers without authentication. Security researchers at Eye Security discovered the ongoing campaign on July 18, 2025, revealing a sophisticated…
PoisonSeed Attack Tricks Users into Scanning Malicious MFA QR Codes
A sophisticated new cyber attack technique has emerged that exploits the cross-device sign-in features of FIDO keys, effectively bypassing one of the most secure forms of multifactor authentication (MFA) available today. Security researchers have identified this adversary-in-the-middle (AitM) attack, attributed…
Calico: Open-source solution for Kubernetes networking, security, and observability
Calico is an open-source unified platform that brings together networking, security, and observability for Kubernetes, whether you’re running in the cloud, on-premises, or at the edge. The solution uses the lowest amount of processing resources, which is especially important in…
CrushFTP 0-Day Vulnerability Actively Exploited to Breach Servers
A critical zero-day vulnerability in CrushFTP servers is being actively exploited by threat actors to compromise systems worldwide. The vulnerability, designated CVE-2025-54309, was first observed in active exploitation on July 18th at 9:00 AM CST, though security researchers believe the…
Cyber turbulence ahead as airlines strap in for a security crisis
Aircraft systems are getting more connected and ground operations increasingly integrated, and attackers are taking notice. They’re shifting from minor disruptions to targeting critical systems with serious intent. Any time an aircraft transmits data, whether it’s flight position updates or…
3,500 Websites Hijacked to Secretly Mine Crypto Using Stealth JavaScript and WebSocket Tactics
A new attack campaign has compromised more than 3,500 websites worldwide with JavaScript cryptocurrency miners, marking the return of browser-based cryptojacking attacks once popularized by the likes of CoinHive. Although the service has since shuttered after browser makers took steps…
Hard-Coded Credentials Found in HPE Instant On Devices Allow Admin Access
Hewlett-Packard Enterprise (HPE) has released security updates to address a critical security flaw affecting Instant On Access Points that could allow an attacker to bypass authentication and gain administrative access to susceptible systems. The vulnerability, tracked as CVE-2025-37103, carries a…
Microsoft Releases Urgent Patch for SharePoint RCE Flaw Exploited in Ongoing Cyber Attacks
Microsoft on Sunday released security patches for an actively exploited security flaw in SharePoint and also released details of another vulnerability that it said has been addressed with “more robust protections.” The tech giant acknowledged it’s “aware of active attacks…
New 7-Zip Vulnerability Enables Malicious RAR5 File to Crash Your System
A critical memory corruption vulnerability in the popular file archiver 7-Zip has been discovered that allows attackers to trigger denial of service conditions by crafting malicious RAR5 archive files. The vulnerability, tracked as CVE-2025-53816 and designated GHSL-2025-058, affects all versions…