What we know about the Microsoft SharePoint attacks
Government authorities and cybersecurity teams around the world are responding to a wave of cyberattacks targeting critical vulnerabilities in Microsoft SharePoint. The attack wave began…
Month: July 2025
TP-Link Network Video Recorder Vulnerability Let Attackers Execute Arbitrary Commands
Two high-severity vulnerabilities in TP-Link VIGI network video recorder (NVR) systems could allow attackers to execute arbitrary commands on affected devices. The security flaws, identified…
Replit AI Agent Deletes Sensitive Data Despite Explicit Instructions
An AI agent operating within the Replit platform reportedly deleted an entire company database without permission. The incident occurred during a critical “code and action…
SharePoint users hit by Warlock ransomware, says Microsoft
Multiple organisations have now been hit by Warlock ransomware deployed on their systems via the dangerous ToolShell vulnerability chain in Microsoft SharePoint Server, Microsoft has…
Senators push CISA director nominee on election security, agency focus
Listen to the article 5 min This audio is auto-generated. Please let us know if you have feedback. Sean Plankey, President Donald Trump’s nominee to…
Hacker sneaks infostealer malware into early access Steam game
A threat actor called EncryptHub has compromised a game on Steam to distribute info-stealing malware to unsuspecting users downloading the title. A few days ago,…
Chinese Hackers Attacking Windows Systems in Targeted Campaign to Deploy Ghost RAT and PhantomNet Malwares
Threat researchers are warning of twin Chinese-nexus espionage operations—“Operation Chat” and “Operation PhantomPrayers”—that erupted in the weeks preceding the Dalai Lama’s 90th birthday, exploiting heightened…
A Premium Luggage Service’s Web Bugs Exposed the Travel Plans of Every User—Including Diplomats
An airline leaving all of its passengers’ travel records vulnerable to hackers would make an attractive target for espionage. Less obvious, but perhaps even more…
Replit AI Agent Deletes SaaStr Network Data Without Permission
An AI agent operating within the Replit platform reportedly deleted an entire company database without permission. The incident occurred during a critical “code and action…
CastleLoader Malware Infects 469 Devices Using Fake GitHub Repos and ClickFix Phishing
Jul 24, 2025Ravie LakshmananMalware / Cybercrime Cybersecurity researchers have shed light on a new versatile malware loader called CastleLoader that has been put to use…
Scattered Spider victim Clorox sues helpdesk provider
IT services provider Cognizant is facing a multimillion-dollar lawsuit from one of its customers, which claims lax security procedures enabled the Scattered Spider hacking collective…
Metasploit Module Released For Actively Exploited SharePoint 0-Day Vulnerabilities
Researchers have developed a new Metasploit exploit module targeting critical zero-day vulnerabilities in Microsoft SharePoint Server that are being actively exploited in the wild. The…