A list of topics we covered in the week of July 14 to July 20 of 2025 This article has been indexed from Malwarebytes Read the original article: A week in security (July 14 – July 20)
Tag: EN
Exploited CrushFTP Zero-Day Provides Admin Access to Servers
Hackers are exploiting a zero-day vulnerability in CrushFTP to gain administrative privileges on vulnerable servers via HTTPS. The post Exploited CrushFTP Zero-Day Provides Admin Access to Servers appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
The Expiring Trust Model: CISOs Must Rethink PKI in the Era of Short-Lived Certificates and Machine Identity
The way we manage certificates must transform. For CISOs, this is not a future problem; the time to re-architect digital trust is now. The post The Expiring Trust Model: CISOs Must Rethink PKI in the Era of Short-Lived Certificates and…
Top Brass At Meta Settle Shareholder Lawsuit
Mark Zuckerberg, Sheryl Sandberg, other top figures at Meta settle lawsuit that demanded they personally repay $8bn in privacy fines This article has been indexed from Silicon UK Read the original article: Top Brass At Meta Settle Shareholder Lawsuit
CISA Issues Alert on Microsoft SharePoint 0-Day RCE Exploited in Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent security alert regarding a critical zero-day vulnerability in Microsoft SharePoint Server that is being actively exploited in cyberattacks. The vulnerability, tracked as CVE-2025-53770, represents a significant threat to organizations…
Alaska Airlines grounded itself due to mysterious IT problem
Now flying again, but not saying what went wrong UPDATED US carrier Alaska Airlines has grounded its fleet due to an unspecified IT issue.… This article has been indexed from The Register – Security Read the original article: Alaska Airlines…
PoC Exploit Released for Critical NVIDIA AI Container Toolkit Vulnerability
A critical container escape vulnerability has emerged in the NVIDIA Container Toolkit, threatening the security foundation of AI infrastructure worldwide. Dubbed “NVIDIAScape” and tracked as CVE-2025-23266, this flaw carries a maximum CVSS score of 9.0, representing one of the most…
New PoisonSeed Attack Let Attackers Trick Users into Scanning a QR Code with an MFA Authenticator
A sophisticated new attack technique compromises Fast IDentity Online (FIDO) key authentication by exploiting cross-device sign-in features. The PoisonSeed attack group has developed a method to downgrade FIDO key protections through adversary-in-the-middle (AitM) phishing campaigns that trick users into scanning…
Who’s Watching You? FBI IG Looks to Plug Holes in Ubiquitous Technical Surveillance
Security gaps, coupled with savvy cybercriminals, lend urgency to mitigating the potential for exploitation posed by surveillance tech. The post Who’s Watching You? FBI IG Looks to Plug Holes in Ubiquitous Technical Surveillance appeared first on Security Boulevard. This article…
Aruba password warning, SharePoint zero day, Russian vodka maker attacked
Hewlett Packard warns of hardcoded passwords in Aruba access points SharePoint zero-day exploited via RCE, no patch available Russian vodka producer suffers ransomware attack Huge thanks to our sponsor, Nudge Security Discover every SaaS account ever created by anyone in…
NPM Linter Packages Hijacked, Microsoft’s China Issue, and AI in Phishing Attacks: Cybersecurity Today:
In this episode of Cybersecurity Today, host David Shipley discusses several pressing cybersecurity issues. First, popular NPM Linter packages were hijacked via phishing to spread malware, affecting millions of downloads. Concurrently, Ukrainian CERT uncovers new phishing campaigns tied to APT28…
7-Zip Vulnerability Lets Malicious RAR5 Files Crash Systems
A critical denial-of-service vulnerability has been discovered in 7-Zip that allows attackers to crash systems using specially crafted RAR5 archive files. The vulnerability, tracked as CVE-2025-53816, affects the popular compression software’s RAR5 decoder and can lead to memory corruption and…
I still prefer my Google Pixel 9 Pro over the expensive flagships – and it’s not even close
Google’s Pixel 9 Pro is still the Android I keep coming back to for its combination of price, features, and performance. This article has been indexed from Latest news Read the original article: I still prefer my Google Pixel 9…
PoisonSeed Hackers Bypass FIDO Keys Using QR Phishing and Cross-Device Sign-In Abuse
Cybersecurity researchers have disclosed a novel attack technique that allows threat actors to bypass Fast IDentity Online (FIDO) key protections by deceiving users into approving authentication requests from spoofed company login portals. The activity, observed by Expel as part of…
Alaska Airlines grounds itself due to mysterious IT problem
Dare we suggest Scattered Spider has poisoned another carrier? US carrier Alaska Airlines has grounded its fleet due to an unspecified IT issue.… This article has been indexed from The Register – Security Read the original article: Alaska Airlines grounds…
Japan discovers object out beyond Pluto that rewrites the Planet 9 theory
PLUS: Perplexity AI scores 360-million-customer win in India; Australian billionaire’s political party suffers data breach, won’t contact victims; and more Asia In Brief Japan’s National Astronomical Observatory last week announced the discovery of a small body with an orbit beyond…
New 7-Zip Vulnerability Enables Weaponized RAR5 File to Crash Your System
A critical memory corruption vulnerability in the popular file archiver 7-Zip has been discovered that allows attackers to trigger denial of service conditions by crafting malicious RAR5 archive files. The vulnerability, tracked as CVE-2025-53816 and designated GHSL-2025-058, affects all versions…
World Health Organization CISO on securing global health emergencies
In this Help Net Security interview, Flavio Aggio, CISO at the World Health Organization (WHO), explains how the organization prepares for and responds to cyber threats during global health emergencies. These crises often lead to an increase in phishing scams,…
How to land your first job in cybersecurity
According to LinkedIn, job applications have surged over 45% in the past year, with 11,000 applications submitted every minute. This flood of applications is making it harder than ever for qualified candidates to stand out. The industry has become highly…
SharePoint 0-Day RCE Flaw Actively Exploited for Full Server Takeover
A devastating new SharePoint vulnerability is being actively exploited in large-scale attacks worldwide, enabling attackers to gain complete control of on-premise servers without authentication. Security researchers at Eye Security discovered the ongoing campaign on July 18, 2025, revealing a sophisticated…