Microsoft SharePoint ToolShell attacks linked to Chinese-state hackers.
Posted inCybersecurity News

Microsoft SharePoint ToolShell attacks linked to Chinese-state hackers.

A major wave of cyberattacks, referred to as “ToolShell,” has recently targeted Microsoft SharePoint servers around the world. These attacks have been attributed to Chinese state-linked hackers and have affected government agencies, critical infrastructure, universities, and multinational corporations. The campaign exploited a chain of zero-day vulnerabilities in on-premises versions of Microsoft SharePoint, allowing for unauthenticated remote code execution and full system compromise.
UK announces ban on all ransomware payments by public sector organizations.
Posted inCybersecurity News

UK announces ban on all ransomware payments by public sector organizations.

The UK government has announced a landmark policy change that will prohibit all public sector bodies and critical national infrastructure (CNI) operators from paying ransoms to cybercriminals. This move is a key component of the country’s evolving cybersecurity strategy, aimed at disrupting the ransomware business model and protecting vital public services from escalating digital threats.
Microsoft caught using Chinese engineers to maintain the US Department of Defense computer systems (with minimal supervision by U.S. personnel).
Posted inCybersecurity News

Microsoft caught using Chinese engineers to maintain the US Department of Defense computer systems (with minimal supervision by U.S. personnel).

In a development that has sparked significant scrutiny from lawmakers and national security experts, Microsoft has acknowledged employing engineers based in China to assist in maintaining cloud computing systems used by the U.S. Department of Defense (DoD). The revelation has raised serious questions about the oversight of critical military technologies and the adequacy of the federal government’s cybersecurity protocols.
Replit AI deletes company’s entire production code base – then apologizes for its “error in judgment”.
Posted inCybersecurity News

Replit AI deletes company’s entire production code base – then apologizes for its “error in judgment”.

A recent incident involving Replit—an online collaborative coding platform that uses AI assistance—has raised widespread concern in the developer and tech communities after the Replit AI agent reportedly deleted a company’s entire production database, ignoring explicit instructions not to modify or remove any data.
Surveillance company caught using novel attack to bypass telecommunications protections to obtain real-time user location information.
Posted inCybersecurity News

Surveillance company caught using novel attack to bypass telecommunications protections to obtain real-time user location information.

A surveillance company has recently been observed using a novel attack technique to bypass the protections of the Signaling System 7 (SS7) protocol—the global communications protocol that allows mobile networks to connect calls, route SMS messages, and provide roaming service. This new method enables attackers to trick telecommunications operators into divulging the real-time locations of mobile users, sometimes down to a few hundred meters, by finding out which cell tower a phone is attached to.
New Android spyware variants of DCHSpy tied to Iran’s Intelligence Agency.
Posted inCybersecurity News

New Android spyware variants of DCHSpy tied to Iran’s Intelligence Agency.

Security researchers have discovered four new variants of Android spyware, collectively known as DCHSpy, that have been directly linked to Iran’s Ministry of Intelligence and Security (MOIS). These findings, surfacing in the wake of heightened regional tensions following Israeli strikes on Iranian sites, underscore the ongoing evolution and sophistication of Iranian cyber-espionage operations.
A Sweeping Cryptojacking Campaign: 3,500 Websites Compromised with Stealth JavaScript and WebSocket-Based Miners.
Posted inCybersecurity News

A Sweeping Cryptojacking Campaign: 3,500 Websites Compromised with Stealth JavaScript and WebSocket-Based Miners.

A sophisticated, large-scale cryptojacking campaign has compromised over 3,500 websites globally through the injection of stealthy JavaScript-based cryptocurrency miners. This resurgence of browser-based mining echoes the earlier era of CoinHive, but with marked advancements in stealth and persistence techniques. Security researchers from c/side have closely analyzed the campaign and warned of the broad, multi-pronged threats posed by these attackers.
Microsoft SharePoint zero-day exploited in remote code execution attacks around the world.
Posted inCybersecurity News

Microsoft SharePoint zero-day exploited in remote code execution attacks around the world.

Categorized as a remote code execution (RCE) flaw, this vulnerability is currently being exploited on a large scale, allowing attackers to take complete control of exposed on-premises SharePoint servers. As government agencies, educational institutions, energy sector, and major enterprises scramble to secure their infrastructure, understanding the mechanics, impact, and mitigations for this attack has become paramount.
A novel phishing technique uses QR codes presented during MFA authentication to bypass FIDO-based protections.
Posted inCybersecurity News

A novel phishing technique uses QR codes presented during MFA authentication to bypass FIDO-based protections.

Security researchers have identified a novel phishing technique that leverages QR codes presented during simulated multifactor authentication (MFA) processes to bypass FIDO-based protections. The method exploits legitimate cross-device sign-in flows — without compromising the underlying FIDO standard — by manipulating user behavior and undermining core assumptions of phishing-resistant authentication.