3,500 Websites Hijacked to Secretly Mine Crypto Using Stealth JavaScript and WebSocket Tactics The Hacker [email protected] (The Hacker News)
July 20, 2025

A new attack campaign has compromised more than 3,500 websites worldwide with JavaScript cryptocurrency miners, marking the return of browser-based cryptojacking attacks once popularized by the likes of CoinHive.  Although the …


ISC Stormcast For Monday, July 21st, 2025 https://isc.sans.edu/podcastdetail/9534, (Mon, Jul 21st) SANS Internet Storm Center, InfoCON: green
July 20, 2025

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.  ​Read More


Critical Sharepoint 0-Day Vulnerablity Exploited CVE-2025-53770 (ToolShell), (Sun, Jul 20th) SANS Internet Storm Center, InfoCON: green
July 20, 2025

Microsoft announced yesterday that a newly discovered critical remote code execution vulnerability in SharePoint is being exploited. There is no patch available. As a workaround, Microsoft suggests using Microsoft Defender …


EncryptHub Targets Web3 Developers Using Fake AI Platforms to Deploy Fickle Stealer Malware The Hacker [email protected] (The Hacker News)
July 20, 2025

The financially motivated threat actor known as EncryptHub (aka LARVA-208 and Water Gamayun) has been attributed to a new campaign that's targeting Web3 developers to infect them with information stealer …


CISA Adds One Known Exploited Vulnerability, CVE-2025-53770 “ToolShell,” to Catalog AlertsCISA
July 20, 2025

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. See CISA’s Alert Microsoft Releases Guidance on Exploitation of SharePoint Vulnerability (CVE-2025-53770) for …


Microsoft Releases Guidance on Exploitation of SharePoint Vulnerability (CVE-2025-53770) AlertsCISA
July 20, 2025

CISA is aware of active exploitation of a new remote code execution (RCE) vulnerability enabling unauthorized access to on-premise SharePoint servers. While the scope and impact continue to be assessed, the …


Critical Unpatched SharePoint Zero-Day Actively Exploited, Breaches 75+ Global Organizations The Hacker [email protected] (The Hacker News)
July 20, 2025

A critical security vulnerability in Microsoft SharePoint Server has been weaponized as part of an "active, large-scale" exploitation campaign. The zero-day flaw, tracked as CVE-2025-53770 (CVSS score: 9.8), has been described …


Malware Injected into 6 npm Packages After Maintainer Tokens Stolen in Phishing Attack The Hacker [email protected] (The Hacker News)
July 20, 2025

Cybersecurity researchers have alerted to a supply chain attack that has targeted popular npm packages via a phishing campaign designed to steal the project maintainers' npm tokens. The captured tokens were …


Hackers Exploit Critical CrushFTP Flaw to Gain Admin Access on Unpatched Servers The Hacker [email protected] (The Hacker News)
July 20, 2025

A newly disclosed critical security flaw in CrushFTP has come under active exploitation in the wild. Assigned the CVE identifier CVE-2025-54309, the vulnerability carries a CVSS score of 9.0. "CrushFTP 10 …


‘PoisonSeed’ Attacker Skates Around FIDO Keys darkreadingAlexander Culafi
July 18, 2025

Researchers discovered a novel phishing attack that serves the victim a QR code as part of supposed multifactor authentication (MFA), in order to get around FIDO-based protections. Researchers discovered a novel …