SharePoint ‘ToolShell’ vulnerabilities being exploited in the wild
Sophos X-Ops sees exploitation across multiple customer estates
Similar Posts
How To Automate Alert Triage With AI Agents and Confluence SOPs Using Tines
Bys sRun by the team at workflow orchestration and AI platform Tines, the Tines library features over 1,000 pre-built workflows shared by security practitioners from across the community – all free to import and deploy through the platform’s Community Edition. The workflow we are highlighting streamlines security alert handling by automatically identifying and executing the appropriate…
Iranian Hacker Pleads Guilty in $19 Million Robbinhood Ransomware Attack on Baltimore
Bys sAn Iranian national has pleaded guilty in the U.S. over his involvement in an international ransomware and extortion scheme involving the Robbinhood ransomware. Sina Gholinejad (aka Sina Ghaaf), 37, and his co-conspirators are said to have breached the computer networks of various organizations in the United States and encrypted files with Robbinhood ransomware to demand…
Fake AI Tools Used to Spread Noodlophile Malware, Targeting 62,000+ via Facebook Lures
Bys sThreat actors have been observed leveraging fake artificial intelligence (AI)-powered tools as a lure to entice users into downloading an information stealer malware dubbed Noodlophile. “Instead of relying on traditional phishing or cracked software sites, they build convincing AI-themed platforms – often advertised via legitimate-looking Facebook groups and viral social media campaigns,”
Moving Beyond Awareness: How Threat Hunting Builds Readiness
Bys sEvery October brings a familiar rhythm – pumpkin-spice everything in stores and cafés, alongside a wave of reminders, webinars, and checklists in my inbox. Halloween may be just around the corner, yet for those of us in cybersecurity, Security Awareness Month is the true seasonal milestone. Make no mistake, as a security professional, I love…
Microsoft OneDrive File Picker Flaw Grants Apps Full Cloud Access — Even When Uploading Just One File
Bys sCybersecurity researchers have discovered a security flaw in Microsoft’s OneDrive File Picker that, if successfully exploited, could allow websites to access a user’s entire cloud storage content, as opposed to just the files selected for upload via the tool. “This stems from overly broad OAuth scopes and misleading consent screens that fail to clearly explain…
Former General Manager for U.S. Defense Contractor Pleads Guilty to Selling Stolen Trade Secrets to Russian Broker
Bys sPeter Williams, 39, an Australian national, pleaded guilty in U.S. District Court today in connection with selling his employer’s trade secrets to a Russian cyber-tools broker, the Justice Department announced today. Williams pleaded to two counts of theft of trade secrets. The material, stolen over a three-year period from the U.S. defense contractor where he……