Microsoft SharePoint Zero-day Attack

Blog

Byadmblake July 25, 2025

FortiGuard Labs has detected and successfully blocked hundreds of exploitation attempts targeting a newly discovered zero-day vulnerability chain in on-premises Microsoft SharePoint servers. This active campaign is being exploited by multiple threat actors and poses a significant risk to a wide range of sectors including government, education, healthcare, and large enterprises.

Blog

Next-Gen Developers Are a Cybersecurity Powder Keg

AI coding tools promise productivity but deliver security problems, too. As developers embrace “vibe coding,” enterprises face mounting risks from insecure code generation that security teams can’t keep pace with.

Read More Next-Gen Developers Are a Cybersecurity Powder Keg
Blog

Earth Kurma Targets Southeast Asia With Rootkits and Cloud-Based Data Theft Tools

Government and telecommunications sectors in Southeast Asia have become the target of a “sophisticated” campaign undertaken by a new advanced persistent threat (APT) group called Earth Kurma since June 2024. The attacks, per Trend Micro, have leveraged custom malware, rootkits, and cloud storage services for data exfiltration. The Philippines, Vietnam, Thailand, and Malaysia are among…

Read More Earth Kurma Targets Southeast Asia With Rootkits and Cloud-Based Data Theft Tools
Blog

Wormable AirPlay Flaws Enable Zero-Click RCE on Apple Devices via Public Wi-Fi

Cybersecurity researchers have disclosed a series of now-patched security vulnerabilities in Apple’s AirPlay protocol that, if successfully exploited, could enable an attacker to take over susceptible devices supporting the proprietary wireless technology. The shortcomings have been collectively codenamed AirBorne by Israeli cybersecurity company Oligo. “These vulnerabilities can be chained by

Read More Wormable AirPlay Flaws Enable Zero-Click RCE on Apple Devices via Public Wi-Fi
Blog

Telefonica Breach Exposes Jira Tickets, Customer Data

The Hellcat ransomware group has stolen roughly 5,000 documents, potentially containing confidential information, from the telecom giant’s internal database.

Read More Telefonica Breach Exposes Jira Tickets, Customer Data
Blog

‘Darcula’ Phishing Kit Can Now Impersonate Any Brand

With Version 3, would-be phishers can cut and paste a big brand’s URL into a template and let automation do the rest.

Read More ‘Darcula’ Phishing Kit Can Now Impersonate Any Brand
Blog

Critical Bugs Left Unpatched in Versa’s Concerto Tool

Three zero-days allow an attacker to completely compromise the Concerto application and the host system running it. The vendor has yet to address the issues after being notified three months ago.

Read More Critical Bugs Left Unpatched in Versa’s Concerto Tool

Related