China accuses U.S. intelligence agencies of exploiting Microsoft zero-day vulnerability in cyberattack against key Chinense military enterprises.
Posted inCybersecurity News

China accuses U.S. intelligence agencies of exploiting Microsoft zero-day vulnerability in cyberattack against key Chinense military enterprises.

Chinese authorities today publicly accused U.S. intelligence agencies of orchestrating cyberattacks against two of China’s key military enterprises. According to the Cyber Security Association of China, the attacks reportedly exploited a previously unknown "zero-day" vulnerability in Microsoft Exchange email server software.
Widespread PayPal and Venmo outage impacts millions across the U.S.
Posted inCybersecurity News

Widespread PayPal and Venmo outage impacts millions across the U.S.

On the morning of August 1, 2025, millions of users across the United States were affected by a significant service outage impacting both PayPal and Venmo. The disruption began around 8:45–9:00 a.m. Eastern Time and left users temporarily unable to send or receive funds through either platform—two of the most widely used digital payment services in the country.
Microsoft will disable external Excel workbook links to blocked file types by the end of the year.
Posted inCybersecurity News

Microsoft will disable external Excel workbook links to blocked file types by the end of the year.

Microsoft is strengthening security for Excel users with a significant upcoming change: between October 2025 and July 2026, the company will begin disabling external workbook links to blocked file types by default. This measure is part of Microsoft’s ongoing effort to harden Office applications against indirect and potentially malicious file access.
The common thread behind the Qantas, Allianz Life, and LVMH attacks – ShinyHunters.
Posted inCybersecurity News

The common thread behind the Qantas, Allianz Life, and LVMH attacks – ShinyHunters.

In 2025, a sophisticated wave of data breaches shook some of the world’s most recognized companies—Qantas, Allianz Life, and LVMH. Investigations reveal these incidents are connected by a common thread: the ShinyHunters cyber extortion group. These attacks have been notable not only for the caliber of targeted organizations but for their focus on Salesforce-connected customer relationship management (CRM) platforms. Importantly, the breaches did not stem from vulnerabilities in Salesforce’s own infrastructure; rather, they exploited weaknesses at the user and organizational level.
Microsoft’s DragonV2.1Neural approaches near instantaneous vocal generation, raising security concerns over AI-driven speech synthesis.
Posted inCybersecurity News

Microsoft’s DragonV2.1Neural approaches near instantaneous vocal generation, raising security concerns over AI-driven speech synthesis.

Microsoft’s DragonV2.1Neural represents a significant leap forward in zero-shot text-to-speech (TTS) technology, now powering the Azure AI Speech Service. By combining scalability, expressiveness, and multilingual proficiency, DragonV2.1Neural is redefining the standards in AI-driven speech synthesis—while also raising urgent ethical and security considerations.
Microsoft to pay big(ger) bucks for .Net bug bounty rewards. Up to $40k for critical vulnerabilities!
Posted inCybersecurity News

Microsoft to pay big(ger) bucks for .Net bug bounty rewards. Up to $40k for critical vulnerabilities!

Microsoft has significantly increased its bug bounty rewards for researchers who discover and responsibly disclose high-impact security vulnerabilities within the .NET and ASP.NET Core platforms. Under the latest update to its bug bounty program, the tech giant now offers rewards of up to $40,000 for the most severe vulnerabilities, such as those enabling remote code execution and privilege escalation.
It’s a malware evasion technique called “Shade BIOS” – and it’s going to rock your world.
Posted inCybersecurity News

It’s a malware evasion technique called “Shade BIOS” – and it’s going to rock your world.

At Black Hat USA 2025, Kazuki Matsuo, a security researcher at FFRI Security, is set to introduce the cybersecurity community to a groundbreaking new technique in attack stealth: “Shade BIOS.” This presentation promises to shed light on how the next wave of UEFI (Unified Extensible Firmware Interface) malware can evade even the most robust security mechanisms, setting a new bar in the ongoing arms race between attackers and defenders.
Storm-2603 Exploits SharePoint Flaws to Deliver Dual Ransomware via DNS-Controlled Backdoor
Posted inCybersecurity News

Storm-2603 Exploits SharePoint Flaws to Deliver Dual Ransomware via DNS-Controlled Backdoor

A sophisticated and likely China-based threat actor, tracked as Storm-2603, has emerged at the forefront of recent cyberattacks exploiting critical Microsoft SharePoint Server vulnerabilities. Leveraging flaws identified as CVE-2025-49706 and CVE-2025-49704 (collectively known as the ToolShell exploits), Storm-2603 has orchestrated a wave of attacks deploying both Warlock (a.k.a. X2anylock) and LockBit Black ransomware.