The Clear Linux OS team has announced the shutdown of the project, marking the end of its 10-year existence in the open-source ecosystem. Clear Linux is a Linux distribution developed and maintained by Intel, featuring aggressive optimizations for Intel...

comment Here we go again. Another major Microsoft attack, with this one seeing someone — most likely government-backed hackers — exploiting a zero-day bug in SharePoint Server that Redmond failed to fix. Late Saturday, Microsoft warned it was "aware of active...

ExpressVPN has fixed a flaw in its Windows client that caused Remote Desktop Protocol (RDP) traffic to bypass the virtual private network (VPN) tunnel, exposing the users' real IP addresses. One of the key premises of a VPN is masking a user's IP address,...

Four new samples of Android spyware linked to the Iranian Ministry of Intelligence and Security (MOIS) that collects WhatsApp data, records audio and video, and hunts for files by name, surfaced shortly after the Iran-Israel conflict began. Lookout security...

Microsoft has released emergency SharePoint security updates for two zero-day vulnerabilities tracked as CVE-2025-53770 and CVE-2025-53771 that have compromised services worldwide in "ToolShell" attacks. In May, during the Berlin Pwn2Own hacking contest,...

Infosec In Brief Microsoft has warned users of SharePoint Server that three on-prem versions of the product include a zero-day flaw that is under attack – and that its own failure to completely fix past problems is the cause. In a July 19 security note, the...

A critical zero-day vulnerability in Microsoft SharePoint, tracked as CVE-2025-53770, has been actively exploited since at least July 18th, with no patch available and at least 85 servers already compromised worldwide. In May, Viettel Cyber Security researchers...

The UK government is warning that Russia's APT28 (also known as Fancy Bear or Forest Blizzard) has been deploying previously unknown malware to harvest Microsoft email credentials and steal access to compromised accounts. Both the UK and the US have previously...

A PoisonSeed phishing campaign is bypassing FIDO2 security key protections by abusing the cross-device sign-in feature in WebAuthn to trick users into approving login authentication requests from fake company portals. The PoisonSeed threat actors are known to...

Popular JavaScript libraries were hijacked this week and turned into malware droppers, in a supply chain attack achieved via targeted phishing and credential theft. The npm package eslint-config-prettier, downloaded over 30 million times weekly, was compromised...