Aggregator

145 Organizations Compromised by China-Linked Ransomware Hackers and Others
Nearly 150 different organizations' on-premises SharePoint servers have been exploited by attackers targeting the zero-day vulnerabilities now tracked as ToolShell, researchers warn. Early attacks have been attributed to China-linked groups, in some cases leading to Warlock ransomware infections.

Brazil-Targeting Malware Exploits Windows UIA to Evade Detection
A banking Trojan long confined to Brazil has become the first known malware to exploit Microsoft's UI Automation framework to extract credentials, signaling a new tactic that may evade conventional detection. Akamai's findings point to a growing trend of attackers using legitimate system features.

At Least 410,000 Patients Reported Affected, But Likely Even More Victims
Months after news first broke that a hacking incident compromised legacy patient data hosted by Cerner electronic health record servers that were set to migrate to parent company Oracle's cloud environment, data breach reports related to the hack are still slowly trickling in to regulators. What's taking so long?

New UK Law Requiring Age-Verification Measures on Porn Sites Causes VPN Use to Soar
Free virtual private network services are soaring to the top of the app charts in the United Kingdom after a new law went into effect Friday requiring platforms that contain adult content - including sites like X and Reddit - to confirm users' ages through "robust" verification measures.

This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.

Smart devices within a network are no longer mere assistants — they are potential adversaries. With every internet-connected thermostat or television, a new fissure emerges in the digital infrastructure. This truth is underscored by...

The post Your “Smart” Devices are Open Doors: Critical Flaws in Thermostats, Cameras, & Smart TVs Expose Networks to Attack appeared first on Penetration Testing Tools.

Threat Attack Daily - 29th of July 2025

The Scattered Spider group has intensified its assaults on corporate IT environments, concentrating its efforts on VMware ESXi hypervisors within U.S. companies across the retail, transportation, and insurance sectors. Rather than exploiting conventional software...

The post Scattered Spider Unleashes VMware ESXi Ransomware on US Retail, Transport & Insurance via Social Engineering appeared first on Penetration Testing Tools.

Ransomware Attack Update for the 29th of July 2025

Minnesota Gov. Tim Walz activated the state national guard to help respond to an ongoing cyberattack on the state's capital city.

The post Minnesota governor activates National Guard amid St. Paul cyberattack appeared first on CyberScoop.

Rekono combines other hacking tools and its results to execute complete pentesting processes against a target in an automated way. The findings obtained during the executions will be sent to the user via email...

The post rekono: Execute complete pentesting processes appeared first on Penetration Testing Tools.

Mayor Melvin Carter said during a press conference on Tuesday that the city is most concerned about the data it holds on government employees, arguing that the city does not carry much information on city residents.

Currently trending CVE - Hype Score: 8 - In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race huge_pmd_unshare() drops a reference on a page table that may have previously been shared across processes, potentially turning it into a normal page table ...

A vulnerability has been found in Smart Slider Plugin up to 3.5.1.28 on WordPress and classified as critical. This vulnerability affects unknown code. The manipulation of the argument sliderid leads to sql injection. This vulnerability was named CVE-2025-6348. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in Bacula-web up to 9.7.0. This affects an unknown part of the component HTTP GET Request Handler. The manipulation leads to sql injection. This vulnerability is uniquely identified as CVE-2025-45346. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Couchbase Sync Gateway up to 3.2.5. Affected by this issue is some unknown functionality of the file sgcollect_info_options.log. The manipulation leads to missing encryption of sensitive data. This vulnerability is handled as CVE-2025-52490. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in NanoMQ 0.21.10. Affected by this vulnerability is an unknown functionality of the component MQTT Wildcard Handler. The manipulation leads to improper access controls. This vulnerability is known as CVE-2024-42655. Access to the local network is required for this attack to succeed. There is no exploit available.

A vulnerability classified as critical has been found in Discourse up to 3.4.6/3.5.0.beta.7. Affected is an unknown function. The manipulation leads to session fixiation. This vulnerability is traded as CVE-2025-53102. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Enalean Tuleap Community Edition and Tuleap Enterprise Edition. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-53541. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Enalean Tuleap Community Edition and Tuleap Enterprise Edition. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to incorrect authorization. This vulnerability was named CVE-2025-53902. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.