SharePoint ‘ToolShell’ vulnerabilities being exploited in the wild
Sophos X-Ops sees exploitation across multiple customer estates
Similar Posts
Florida prison data breach exposes visitors’ contact information to inmates
Bys sMitch Perry reports: Dozens and perhaps hundreds of individuals who applied to visit inmates at Everglades Correctional Institution (ECI) in Miami-Dade County last weekend had their personal contact information shared with every inmate at that facility, according to five different individuals who have spoken to the Phoenix over the past four days. The Florida Department…
Researchers Disclose Google Gemini AI Flaws Allowing Prompt Injection and Cloud Exploits
Bys sCybersecurity researchers have disclosed three now-patched security vulnerabilities impacting Google’s Gemini artificial intelligence (AI) assistant that, if successfully exploited, could have exposed users to major privacy risks and data theft. “They made Gemini vulnerable to search-injection attacks on its Search Personalization Model; log-to-prompt injection attacks against Gemini Cloud
Critical Flaws in Niagara Framework Threaten Smart Buildings and Industrial Systems Worldwide
Bys sCybersecurity researchers have discovered over a dozen security vulnerabilities impacting Tridium’s Niagara Framework that could allow an attacker on the same network to compromise the system under certain circumstances. “These vulnerabilities are fully exploitable if a Niagara system is misconfigured, thereby disabling encryption on a specific network device,” Nozomi Networks Labs said in a
Charon Ransomware Hits Middle East Sectors Using APT-Level Evasion Tactics
Bys sCybersecurity researchers have discovered a new campaign that employs a previously undocumented ransomware family called Charon to target the Middle East’s public sector and aviation industry. The threat actor behind the activity, according to Trend Micro, exhibited tactics mirroring those of advanced persistent threat (APT) groups, such as DLL side-loading, process injection, and the ability
New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel
Bys sCybersecurity researchers have disclosed details of a now-patched security flaw in Google Chrome that could have permitted attackers to escalate privileges and gain access to local files on the system. The vulnerability, tracked as CVE-2026-0628 (CVSS score: 8.8), has been described as a case of insufficient policy enforcement in the WebView tag. It was patched…
FTC Finalizes Order with GoDaddy over Data Security Failures
Bys sThe Federal Trade Commission has finalized an order with GoDaddy settling allegations that the webhosting provider misled consumers by failing to implement data security protections, which led to several data breaches. The FTC alleged in January 2025 that despite claiming it provides “award-winning security,” GoDaddy failed to implement standard data security tools and practices to protect customers’…