SharePoint ‘ToolShell’ vulnerabilities being exploited in the wild
Sophos X-Ops sees exploitation across multiple customer estates
Similar Posts
Two Men Sentenced to Prison for Aggravated Identity Theft and Computer Hacking Crimes
Bys sThere’s an update to a previously reported case. From the U.S. Attorney’s Office, Eastern District of New York, yesterday: Earlier today, in federal court in Brooklyn, United States District Judge Frederic Block sentenced Sagar Steven Singh, also known as “Weep,” to 27 months’ imprisonment for conspiracy to commit computer intrusion and aggravated identify theft. On…
From Exposure to Exploitation: How AI Collapses Your Response Window
Bys sWe’ve all seen this before: a developer deploys a new cloud workload and grants overly broad permissions just to keep the sprint moving. An engineer generates a “temporary” API key for testing and forgets to revoke it. In the past, these were minor operational risks, debts you’d eventually pay down during a slower cycle. In…
AI-Powered SaaS Security: Keeping Pace with an Expanding Attack Surface
Bys sOrganizations now use an average of 112 SaaS applications—a number that keeps growing. In a 2024 study, 49% of 644 respondents who frequently used Microsoft 365 believed that they had less than 10 apps connected to the platform, despite the fact that aggregated data indicated over 1,000+ Microsoft 365 SaaS-to-SaaS connections on average per deployment….
Cloud-Native Security in 2025: Why Runtime Visibility Must Take Center Stage
Bys sThe security landscape for cloud-native applications is undergoing a profound transformation. Containers, Kubernetes, and serverless technologies are now the default for modern enterprises, accelerating delivery but also expanding the attack surface in ways traditional security models can’t keep up with. As adoption grows, so does complexity. Security teams are asked to monitor sprawling hybrid
Critical Apache Roller Vulnerability (CVSS 10.0) Enables Unauthorized Session Persistence
Bys sA critical security vulnerability has been disclosed in the Apache Roller open-source, Java-based blogging server software that could allow malicious actors to retain unauthorized access even after a password change. The flaw, assigned the CVE identifier CVE-2025-24859, carries a CVSS score of 10.0, indicating maximum severity. It affects all versions of Roller up to and…
Thousands of medical records found in auctioned storage unit
Bys sIt’s been a while since we’ve seen one of these types of reports, and yet….. Imani Williams reports: Thousands of medical records containing sensitive patient information were discovered in a Memphis storage unit that went up for auction after the owner failed to pay rent for three months. Jason Lederfine, who buys storage units as……