by Syndicated News Feed | Jul 21, 2025 | IT Security
Four new samples of Android spyware linked to the Iranian Ministry of Intelligence and Security (MOIS) that collects WhatsApp data, records audio and video, and hunts for files by name, surfaced shortly after the Iran-Israel conflict began. Lookout security...
by Syndicated News Feed | Jul 21, 2025 | IT Security
Microsoft has released emergency SharePoint security updates for two zero-day vulnerabilities tracked as CVE-2025-53770 and CVE-2025-53771 that have compromised services worldwide in “ToolShell” attacks. In May, during the Berlin Pwn2Own hacking contest,...
by Syndicated News Feed | Jul 20, 2025 | IT Security
Infosec In Brief Microsoft has warned users of SharePoint Server that three on-prem versions of the product include a zero-day flaw that is under attack – and that its own failure to completely fix past problems is the cause. In a July 19 security note, the software...
by Syndicated News Feed | Jul 20, 2025 | IT Security
A critical zero-day vulnerability in Microsoft SharePoint, tracked as CVE-2025-53770, has been actively exploited since at least July 18th, with no patch available and at least 85 servers already compromised worldwide. In May, Viettel Cyber Security researchers...
by Syndicated News Feed | Jul 20, 2025 | IT Security
The UK government is warning that Russia’s APT28 (also known as Fancy Bear or Forest Blizzard) has been deploying previously unknown malware to harvest Microsoft email credentials and steal access to compromised accounts. Both the UK and the US have previously...
by Syndicated News Feed | Jul 19, 2025 | IT Security
A PoisonSeed phishing campaign is bypassing FIDO2 security key protections by abusing the cross-device sign-in feature in WebAuthn to trick users into approving login authentication requests from fake company portals. The PoisonSeed threat actors are known to employ...
by Syndicated News Feed | Jul 19, 2025 | IT Security
Popular JavaScript libraries were hijacked this week and turned into malware droppers, in a supply chain attack achieved via targeted phishing and credential theft. The npm package eslint-config-prettier, downloaded over 30 million times weekly, was compromised after...
by Syndicated News Feed | Jul 19, 2025 | IT Security
GPT-5 might be just a few days or weeks away, as we’ve spotted references to a new model called gpt-5-reasoning-alpha-2025-07-13. As spotted on X, OpenAI is testing a model called “gpt-5-reasoning-alpha-2025-07-13.” This model was finalised on the...
by Syndicated News Feed | Jul 19, 2025 | IT Security
Interview Scattered Spider and Iranian government-backed cyber units have more in common than a recent uptick in hacking activity, according to Ariel Parnes, a former colonel in the Israeli Defense Forces’ cyber unit 8200. Both the financially motivated crew and...
by Syndicated News Feed | Jul 18, 2025 | IT Security
CrushFTP is warning that threat actors are actively exploiting a zero-day vulnerability tracked as CVE-2025-54309, which allows attackers to gain administrative access via the web interface on vulnerable servers. CrushFTP is an enterprise file transfer server used by...
