Europol Sting Leaves Russian Cybercrime’s ‘NoName057(16)’ Group Fractured darkreadingKristina Beek
July 21, 2025

National authorities have issued seven arrest warrants in total relating to the cybercrime collective known as NoName057(16), which recruits followers to carry out DDoS attacks on perceived enemies of Russia. National …


Iran-Linked DCHSpy Android Malware Masquerades as VPN Apps to Spy on Dissidents The Hacker [email protected] (The Hacker News)
July 21, 2025

Cybersecurity researchers have unearthed new Android spyware artifacts that are likely affiliated with the Iranian Ministry of Intelligence and Security (MOIS) and have been distributed to targets by masquerading as …


China-Linked Hackers Launch Targeted Espionage Campaign on African IT Infrastructure The Hacker [email protected] (The Hacker News)
July 21, 2025

The China-linked cyber espionage group tracked as APT41 has been attributed to a new campaign targeting government IT services in the African region. "The attackers used hardcoded names of internal services, …


Microsoft Fix Targets Attacks on SharePoint Zero-Day Krebs on SecurityBrianKrebs
July 21, 2025

On Sunday, July 20, Microsoft Corp. issued an emergency security update for a vulnerability in SharePoint Server that is actively being exploited to compromise vulnerable organizations. The patch comes amid …


Containment as a Core Security Strategy darkreadingAriadne Conill
July 21, 2025

We cannot keep reacting to vulnerabilities as they emerge. We must assume the presence of unknown threats and reduce the blast radius that they can affect. We cannot keep reacting to …


⚡ Weekly Recap: SharePoint 0-Day, Chrome Exploit, macOS Spyware, NVIDIA Toolkit RCE and More The Hacker [email protected] (The Hacker News)
July 21, 2025

Even in well-secured environments, attackers are getting in—not with flashy exploits, but by quietly taking advantage of weak settings, outdated encryption, and trusted tools left unprotected. These attacks don’t depend on …


Assessing the Role of AI in Zero Trust The Hacker [email protected] (The Hacker News)
July 21, 2025

By 2025, Zero Trust has evolved from a conceptual framework into an essential pillar of modern security. No longer merely theoretical, it’s now a requirement that organizations must adopt. A …


Microsoft Rushes Emergency Patch for Actively Exploited SharePoint ‘ToolShell’ Bug darkreadingElizabeth Montalbano, Contributing Writer
July 21, 2025

Malicious actors already have already pounced on the zero-day vulnerability, tracked as CVE-2025-53770, to compromise US government agencies and other businesses in ongoing and widespread attacks. Malicious actors already have already …


How quickly do we patch? A quick look from the global viewpoint, (Mon, Jul 21st) SANS Internet Storm Center, InfoCON: green
July 21, 2025

Since the ongoing “ToolShell” exploitation campaign, in which threat actors attack on-premise Sharpoint servers using a chain of two recently published vulnerabilities[1,2,3], is still on top of the cyber security …


PoisonSeed Hackers Bypass FIDO Keys Using QR Phishing and Cross-Device Sign-In Abuse The Hacker [email protected] (The Hacker News)
July 20, 2025

Cybersecurity researchers have disclosed a novel attack technique that allows threat actors to bypass Fast IDentity Online (FIDO) key protections by deceiving users into approving authentication requests from spoofed company …