by Syndicated News Feed | Jul 21, 2025 | IT Security
Microsoft has released emergency SharePoint security updates for two zero-day vulnerabilities tracked as CVE-2025-53770 and CVE-2025-53771 that have compromised services worldwide in “ToolShell” attacks. In May, during the Berlin Pwn2Own hacking contest,...
by Syndicated News Feed | Jul 20, 2025 | IT Security
Infosec In Brief Microsoft has warned users of SharePoint Server that three on-prem versions of the product include a zero-day flaw that is under attack – and that its own failure to completely fix past problems is the cause. In a July 19 security note, the software...
by Syndicated News Feed | Jul 20, 2025 | IT Security
A critical zero-day vulnerability in Microsoft SharePoint, tracked as CVE-2025-53770, has been actively exploited since at least July 18th, with no patch available and at least 85 servers already compromised worldwide. In May, Viettel Cyber Security researchers...
by Syndicated News Feed | Jul 20, 2025 | IT Security
The UK government is warning that Russia’s APT28 (also known as Fancy Bear or Forest Blizzard) has been deploying previously unknown malware to harvest Microsoft email credentials and steal access to compromised accounts. Both the UK and the US have previously...
by Syndicated News Feed | Jul 19, 2025 | IT Security
A PoisonSeed phishing campaign is bypassing FIDO2 security key protections by abusing the cross-device sign-in feature in WebAuthn to trick users into approving login authentication requests from fake company portals. The PoisonSeed threat actors are known to employ...
by Syndicated News Feed | Jul 19, 2025 | IT Security
Popular JavaScript libraries were hijacked this week and turned into malware droppers, in a supply chain attack achieved via targeted phishing and credential theft. The npm package eslint-config-prettier, downloaded over 30 million times weekly, was compromised after...
