Threat in Computer Security

News

Hackers Hit Zero-Day Flaw in Microsoft's SharePoint

Mass Exploitation: Hackers Hit Zero-Day Flaw in Microsoft's SharePoint

The newly discovered flaw in Microsoft's SharePoint software has allowed hackers to target dozens of companies and organizations. Only a partial fix has been issued.

Tom's Guide on MSN · 1d

Microsoft releases emergency security updates to fix SharePoint zero-day flaws — everything you need to know

M icrosoft has released two emergency patches to address zero-day vulnerabilities that have been found in SharePoint RCE. Actively exploited in attacks, the two flaws (tracked as CVE-2025-53770 and CVE-2025-53771) are both “ToolShell” attacks that compromise services and that build on flaws that were fixed as part of July’s Patch Tuesday updates.

U.S. News & World Report · 1h

Microsoft Knew of SharePoint Server Exploit but Failed to Effectively Patch It

A security patch released by Microsoft last month failed to fully fix a critical flaw in U.S. tech giant's SharePoint server software that had been identified in May, opening the door to a sweeping global cyber espionage operation.

Threat actors downgrade FIDO2 MFA auth in PoisonSeed phishing attack

A PoisonSeed phishing campaign is bypassing FIDO2 security key protections by abusing the cross-device sign-in feature in ...

Nextgov1d

Threat intel firms on alert for government systems impacted by Microsoft SharePoint vulnerability

Governments, schools, healthcare providers and large enterprise firms are at risk, one cyber threat intelligence chief said.

SDxCentral14h

Palo Alto warns patches 'insufficient' for Microsoft SharePoint threat

Michael Sikorski, CTO and head of threat Intelligence for Unit 42 at Palo Alto Networks, told SDxCentral that “on-prem SharePoint deployments – particularly within government, schools, and healthcare, ...

North Korean XORIndex malware hidden in 67 malicious npm packages

North Korean threat actors planted 67 malicious packages in the Node Package Manager (npm) online repository to deliver a new ...

13d

The Quantum Threat To Encryption: How Businesses Can Future-Proof

When quantum computers become powerful enough to break current encryption protocols, long-term data security and ...

CSO Online6d

Salt Typhoon hacked the US National Guard for 9 months, and accessed networks in every state

Chinese hackers stole network diagrams, credentials, and personnel data in a breach that poses a threat to critical ...

SecurityWeek7d

DDoS Attacks Blocked by Cloudflare in 2025 Already Surpass 2024 Total

Cloudflare has published its quarterly DDoS threat report for Q2 2025 and the company says it has blocked millions of attacks ...

A year after cyber attack, Columbus could invest $23M in cybersecurity upgrades

Almost a year after foreign hackers infiltrated Columbus' computer systems and leaked stolen data, the city could invest $23 ...

CSO Online3d

Threat actors scanning for apps incorporating vulnerable Spring Boot tool

GreyNoise said over 2,000 IP addresses have scanned for Spring Boot Actuator endpoints in the past 90 days. Of them, 1,582 ...

Results that may be inaccessible to you are currently showing.

Hide inaccessible results