CISA issues emergency directive to patch critical Microsoft Exchange vulnerability CVE-2025-53786 by Monday.
Posted inCybersecurity News

CISA issues emergency directive to patch critical Microsoft Exchange vulnerability CVE-2025-53786 by Monday.

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive requiring all Federal Civilian Executive Branch (FCEB) agencies to address a critical vulnerability in Microsoft Exchange hybrid environments, identified as CVE-2025-53786. This action is a direct response to the severe security threat posed by the flaw, with agencies mandated to complete mitigation steps by 9:00 AM EDT on Monday, August 11, 2025, and submit a comprehensive status report to CISA by 5:00 PM EDT the same day.
GhostContainer targets Microsoft Exchange servers of high-value targets across Asia.
Posted inCybersecurity News

GhostContainer targets Microsoft Exchange servers of high-value targets across Asia.

A newly identified threat, known as GhostContainer, has emerged as a significant cybersecurity risk, targeting Microsoft Exchange servers belonging to high-value organizations across Asia. Discovered by security researchers in mid-2025, GhostContainer demonstrates sophisticated techniques designed to evade detection, persist within victim environments, and facilitate long-term data compromise—raising serious concerns for governmental and high-tech sectors in the region.
A newly discovered campaign, active since at least 2021, targeted 70 Microsoft Exchange servers worldwide using sophisticated keylogger malware.
Posted inCybersecurity News

A newly discovered campaign, active since at least 2021, targeted 70 Microsoft Exchange servers worldwide using sophisticated keylogger malware.

A recent, significant cyberattack campaign has targeted over 70 Microsoft Exchange servers across 26 countries, with the aim of stealing user credentials using sophisticated keylogger malware. The attacks have been documented by cybersecurity researchers, particularly Positive Technologies, who identified two main types of keylogger code injected into the Outlook login pages of compromised servers.