Stealth backdoor found in WordPress mu-Plugins folder
Stealth backdoor found in WordPress mu-Plugins folder Pierluigi Paganini July 24, 2025 A new stealth backdoor has been discovered in the WordPress mu-plugins folder, granting…
Month: July 2025
Andrew Storms on Trust, AI, and Why CISOs Need to Be Optimists — API Security
Andrew Storms, VP of Security at Replicated, has spent three decades on the frontlines of cybersecurity. From building Unix systems in the early ‘90s to…
SonicWall urges admins to patch critical RCE flaw in SMA 100 devices
SonicWall urges customers to patch SMA 100 series appliances against a critical authenticated arbitrary file upload vulnerability that can let attackers gain remote code execution.…
Researchers Exploit Cursor Background Agents to Take Over Amazon EC2 Instance
Security researchers have successfully exploited vulnerabilities in Cursor’s Background Agents to gain unauthorized access to an Amazon EC2 instance, demonstrating critical risks associated with SaaS…
Storm-2603 Exploits SharePoint Flaws to Deploy Warlock Ransomware on Unpatched Systems
Jul 24, 2025Ravie LakshmananVulnerability / Ransomware Microsoft has revealed that one of the threat actors behind the active exploitation of SharePoint flaws is deploying Warlock…
Google chief says cloud spend is paying off
As Google Cloud posts a big increase for the company’s second quarter, Sundar Pichai, the CEO of parent company Alphabet, has acknowledged the need to address…
AI-Driven Wi-Fi Biometrics WhoFi Tracks Humans Behind Walls with 95.5% Accuracy
Researchers have introduced WhoFi, an AI-powered deep learning pipeline that leverages Wi-Fi Channel State Information (CSI) for person re-identification (Re-ID), achieving a remarkable 95.5% Rank-1…
National Nuclear Security Administration Systems Breached in SharePoint Cyberattack
A recent global cyberattack campaign, exploiting critical vulnerabilities in Microsoft’s on-premise SharePoint software, has impacted several US government agencies, including the National Institutes of Health…
Sonicwall fixes critical flaw in SMA appliances, urges customers to check for compromise (CVE-2025-40599)
Sonicwall is asking customers running specific Secure Mobile Access (SMA) 100 Series devices to patch a newly uncovered vulnerability (CVE-2025-40599) as soon as possible. “While…
Monzo’s £21m fine highlights banks’ cyber security failures
Monzo’s recent £21m fine over customer verification failures highlights the cyber security and privacy shortcomings of popular personal finance apps and the importance of good…
SharePoint servers also targeted in ransomware attacks
A Chinese hacking group is deploying Warlock ransomware on Microsoft SharePoint servers vulnerable to widespread attacks targeting the recently patched ToolShell zero-day exploit chain. Tracked…
Chinese Hackers Launch Targeted Campaign to Infect Windows Systems with Ghost RAT and PhantomNet Malware
Zscaler ThreatLabz, in collaboration with TibCERT, has uncovered two linked attack campaigns dubbed Operation GhostChat and Operation PhantomPrayers, attributed with high confidence to a China-nexus…