Aggregator

Microsoft has observed two named Chinese nation-state actors, Linen Typhoon and Violet Typhoon, exploiting vulnerabilities targeting internet-facing SharePoint servers. In addition, we have observed another China-based threat actor, tracked as Storm-2603, exploiting these vulnerabilities. Microsoft has released new comprehensive security updates for all supported versions of SharePoint Server (Subscription Edition, 2019, and 2016) that protect customers against these new vulnerabilities. Customers should apply these updates immediately to ensure they are protected.

The post Disrupting active exploitation of on-premises SharePoint vulnerabilities appeared first on Microsoft Security Blog.

The cybersecurity requirements follow an extended timeline over the next two years, and are meant to secure US shipping ports from disruption by malicious actors.

In Q2 2025, we observed Internet disruptions around the world resulting from government-directed shutdowns, power outages, cable damage, a cyberattack, and technical problems.

Mexican organizations are still being targeted by threat actors to deliver a modified version of AllaKore RAT and SystemBC as part of a long-running campaign.  The activity has been attributed by Arctic Wolf Labs to a financially motivated hacking group called Greedy Sponge. It's believed to be active since early 2021, indiscriminately targeting a wide range of sectors, such as retail,

Учёные поймали редчайший трёхпротонный взрыв.

The UK government said a public consultation showed widespread support on a payment ban for public sector and CNI organizations

Britain's Home Office wants public feedback on several anti-ransomware proposals, including a requirement for all victims to report attacks to law enforcement.

Аппаратура умирала на глазах… и всё же смогла показать нам то, чего не видел никто.

Cisco has issued an urgent security advisory warning that a set of critical remote code execution (RCE) vulnerabilities affecting its Identity Services Engine (ISE) and Passive Identity Connector (ISE-PIC) products are being actively exploited in the wild. The flaws, tracked as CVE-2025-20281, CVE-2025-20282, and CVE-2025-20337, carry the highest possible severity rating, with a CVSS base […]

The post Cisco Alerts on ISE RCE Vulnerability Actively Exploited appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Authorities said they raided the Budapest residence of a man believed to be "Hano," the suspect in a series of cyberattacks on independent media outlets.

Seemplicity today added artificial intelligence (AI) capabilities to its platform for managing cybersecurity remediations that promise to make teams more efficient.

The post Seemplicity Leverages AI to Optimize Cybersecurity Remediation Efforts appeared first on Security Boulevard.

Despite being a rebrand of several ransomware families, GLOBAL GROUP innovated with the use of an AI chatbot in the negotiation process

CISA, in partnership with the Federal Bureau of Investigation (FBI), the Department of Health and Human Services, and the Multi-State Information Sharing and Analysis Center issued a joint Cybersecurity Advisory to help protect businesses and critical infrastructure organizations in North America and Europe against Interlock ransomware.  

This advisory highlights known Interlock ransomware indicators of compromise and tactics, techniques, and procedures identified through recent FBI investigations.  

Actions organizations can take today to mitigate Interlock ransomware threat activity include:  

• Preventing initial access by implementing domain name system filtering and web access firewalls and training users to spot social engineering attempts.  

• Mitigating known vulnerabilities by ensuring operating systems, software, and firmware are patched and up to date.  

• Segmenting networks to restrict lateral movement from initial infected devices and other devices in the same organization.  

• Implementing identity, credential, and access management policies across the organization and then requiring multifactor authentication for all services to the extent possible.  

The #StopRansomware Interlock joint Cybersecurity Advisory is part of an ongoing effort to publish guidance for network defenders that detail various ransomware variants and ransomware threat actors. Visit stopransomware.gov to see all #StopRansomware advisories and to learn more about other ransomware threats and no-cost resources. 

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

• CVE-2025-54309 CrushFTP Unprotected Alternate Channel Vulnerability
• CVE-2025-6558 Google Chromium ANGLE and GPU Improper Input Validation Vulnerability
• CVE-2025-2776 SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability
• CVE-2025-2775 SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

CISA released nine Industrial Control Systems (ICS) advisories on July 22, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-25-203-01 DuraComm DP-10iN-100-MU
• ICSA-25-203-02 Lantronix Provisioning Manager
• ICSA-25-203-03 Schneider Electric EcoStruxure
• ICSA-25-203-04 Schneider Electric EcoStruxure Power Operation
• ICSA-25-203-05 Schneider Electric System Monitor Application
• ICSA-25-203-06 Schneider Electric EcoStruxture IT Data Center Expert
   
• ICSA-25-175-03 Schneider Electric Modicon Controllers (Update A)
• ICSA-25-175-04 Schneider Electric EVLink WallBox (Update A)
• ICSA-25-014-02 Schneider Electric Vijeo Designer (Update A)

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

• CVE-2025-49704 Microsoft SharePoint Code Injection Vulnerability
• CVE-2025-49706 Microsoft SharePoint Improper Authentication Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria. 

Cisco Systems has issued a critical security advisory warning of multiple remote code execution vulnerabilities in its Identity Services Engine (ISE) that are being actively exploited by attackers in the wild. The vulnerabilities, carrying the maximum CVSS severity score of 10.0, allow unauthenticated remote attackers to execute arbitrary commands with root privileges on affected systems. […]

The post Cisco Warns of Identity Services Engine RCE Vulnerability Exploited in the Wild appeared first on Cyber Security News.