attacks
-
Blog
Microsoft fixes Power Pages zero-day bug exploited in attacks
Microsoft has issued a security bulletin for a high-severity elevation of privilege vulnerability in Power Pages, which hackers exploited as a zero-day in attacks. The flaw, tracked as CVE-2025-24989, is an improper access control problem impacting Power Pages, allowing unauthorized actors to elevate their privileges over a network and bypass user registration controls. Microsoft says it has addressed the risk at…
Read More » -
Blog
CISA flags Craft CMS code injection flaw as exploited in attacks
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) warns that a Craft CMS remote code execution flaw is being exploited in attacks. The flaw is tracked as CVE-2025-23209 and is a high severity (CVSS v3 score: 8.0) code injection (RCE) vulnerability impacting Craft CMS versions 4 and 5. Craft CMS is a content management system (CMS) used for building websites…
Read More » -
Blog
96% of Phishing Attacks in 2024 Exploited Trusted Domains
Threat actors are increasingly targeting trusted business platforms such as Dropbox, SharePoint, and QuickBooks in their phishing email campaigns and leveraging legitimate domains to bypass security measures, a new report released today has found. By embedding sender addresses or payload links within legitimate domains, attackers evade traditional detection methods and deceive unsuspecting users. According to Darktrace’s Annual Threat Report 2024,…
Read More » -
Blog
RansomHub claims two recent ransomware attacks on US government entities
Over the weekend, RansomHub added two US government entities to its data leak site — the City of Tarrant and Sault Ste. Marie Tribe of Chippewa Indians. In the case of Tarrant, it alleges to have stolen 28 GB of data, while a purported 119 GB has been stolen from the Sault Tribe. Both of these government organizations confirmed ransomware…
Read More » -
Blog
Hackers steal emails in device code phishing attacks
An active campaign from a threat actor potentially linked to Russia is targeting Microsoft 365 accounts of individuals at organizations of interest using device code phishing. The targets are in the government, NGO, IT services and technology, defense, telecommunications, health, and energy/oil and gas sectors in Europe, North America, Africa, and the Middle East. Microsoft Threat Intelligence Center tracks the threat actors behind the device code…
Read More » -
Blog
SonicWall firewall bug leveraged in attacks after PoC exploit release
Attackers are now targeting an authentication bypass vulnerability affecting SonicWall firewalls shortly after the release of proof-of-concept (PoC) exploit code. This security flaw (CVE-2024-53704), tagged by CISA as critical severity and found in the SSLVPN authentication mechanism, impacts SonicOS versions 7.1.x (up to 7.1.1-7058), 7.1.2-7019, and 8.0.0-8035, used by multiple models of Gen 6 and Gen 7 firewalls and SOHO…
Read More » -
Blog
whoAMI attacks give hackers code execution on Amazon EC2 instances
Security researchers discovered a name confusion attack that allows access to an Amazon Web Services account to anyone that publishes an Amazon Machine Image (AMI) with a specific name. Dubbed “whoAMI,” the attack was crafted by DataDog researchers in August 2024, who demonstrated that it’s possible for attackers to gain code execution within AWS accounts by exploiting how software projects retrieve…
Read More » -
Blog
Seashell Blizzard hacker group escalating attacks on critical infrastructure, Microsoft warns
A subgroup of the Russian state-sponsored hacking group, Seashell Blizzard, has been targeting critical infrastructure organizations and governments around the world for years, authorities have warned. The campaign, dubbed ‘BadPilot‘ by Microsoft’s Threat Intelligence Team, saw the group gain access to targets across a number of sensitive sectors, including energy, oil and gas, telecommunications, shipping, and arms manufacturing, as well…
Read More » -
Blog
Surge in attacks exploiting old ThinkPHP and ownCloud flaws
Increased hacker activity has been observed in attempts to compromise poorly maintained devices that are vulnerable to older security issues from 2022 and 2023. Threat monitoring platform GreyNoise is reporting spikes in actors leveraging CVE-2022-47945 and CVE-2023-49103 that affect ThinkPHP Framework and the open-source ownCloud solution for file sharing and syncing. Both vulnerabilities have critical severity and can be exploited to execute arbitrary…
Read More » -
Blog
London council claims it faces 20,000 cyber attacks per day
Hammersmith and Fulham Council has reportedly revealed it faces around 20,000 attempted cyber attacks every day. According to reports from The Standard, most of the attacks consist of phishing attempts, and the council said it has applied anti-phishing measures and tightened up firewalls to deal with the threat. Local authorities have become a popular target for cyber criminals in recent…
Read More »