Collaborate Disseminate
One of the groups that, in the past few weeks, has been exploiting vulnerabilities in on-prem SharePoint installation has been observed deploying Warlock ransomware, Microsoft shared on Wednesday. First attack spotted on July 7th On Saturday, Microsoft… Continue reading Storm-2603 spotted deploying ransomware on exploited SharePoint servers
Sonicwall is asking customers running specific Secure Mobile Access (SMA) 100 Series devices to patch a newly uncovered vulnerability (CVE-2025-40599) as soon as possible. “While there is currently no evidence that this vulnerability is being act… Continue reading Sonicwall fixes critical flaw in SMA appliances, urges customers to check for compromise (CVE-2025-40599)
With the latest Windows 11 update, Microsoft is saying goodbye to the infamous “Blue Screen of Death” and has enabled the quick machine recovery feature by default for Home users. “For nearly four decades, the blue screen shown during… Continue reading Microsoft rolls out Windows 11 “quick recovery” feature
One or more vulnerabilities affecting Cisco Identity Services Engine (ISE) are being exploited in the wild, Cisco has confirmed by updating the security advisory for the flaws. About the vulnerabilities The three vulnerabilities affect Cisco’s Id… Continue reading Maximum severity Cisco ISE vulnerabilities exploited by attackers
As Microsoft continues to update its customer guidance for protecting on-prem SharePoint servers against the latest in-the-wild attacks, more security firms have begun sharing details about the ones they have detected. Most intriguingly, Check Point Re… Continue reading Microsoft pins on-prem SharePoint attacks on Chinese threat actors
Unknown attackers have exploited a vulnerability (CVE-2025‑54309) in the CrushFTP enterprise file-transfer server solution to gain administrative access to vulnerable deployments. It’s currently unclear what the attackers are using this access fo… Continue reading Critical CrushFTP vulnerability exploited. Have you been targeted? (CVE-2025-54309)
Attackers are exploiting a zero-day variant (CVE-2025-53770) of a SharePoint remote code execution vulnerability (CVE-2025-49706) that Microsoft patched earlier this month, the company has confirmed on Saturday. CVE-2025-53770 is being leveraged to pla… Continue reading Microsoft SharePoint servers under attack via zero-day vulnerability with no patch (CVE-2025-53770)
Unknown intruders are targeting fully patched end-of-life SonicWall Secure Mobile Access (SMA) 100 series appliances and deploying a novel, persistent backdoor / rootkit, analysts with Google’s Threat Intelligence Group (GTIG) have warned. The an… Continue reading SonicWall SMA devices persistently infected with stealthy OVERSTEP backdoor and rootkit
For the fifth time this year, Google has patched a Chrome zero-day vulnerability (CVE-2025-6558) exploited by attackers in the wild. About CVE-2025-6558 CVE-2025-6558 is a high-severity vulnerability that stems from incorrect validation of untrusted in… Continue reading Update Google Chrome to fix actively exploited zero-day (CVE-2025-6558)
UEFI firmware running on 100+ Gigabyte motherboard models is affected by memory corruption vulnerabilities that may allow attackers to install persistent and difficult-to-detect bootkits (i.e., malware designed to infect the computer’s boot proce… Continue reading Vulnerable firmware for Gigabyte motherboards could allow bootkit installation