The U.S. Cybersecurity and Infrastructure Security Agency (CISA), on July 22, 2025, added two Microsoft SharePoint flaws, CVE-2025-49704 and CVE-2025-49706, to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. To that end, Federal Civilian Executive Branch (FCEB) agencies are required to remediate identified vulnerabilities by July 23, 2025. “CISA is
Update 3/14 – Coverage section updated with available IPS signature.FortiGuard Labs is aware of a new proof of concept released over the weekend for CVE-2023-21716 (Microsoft Word Remote Code Execution Vulnerability).Patched in the February Microsoft Monthly Security Release, CVE-2023-21716 is a vulnerability within Microsoft Office’s wwlib which allows attackers to achieve remote code execution on…
China officially rolled out a voluntary Internet identity system to protect citizens’ online identities and personal information, but critics worry about privacy and surveillance.
Microsoft Sentinel Data Lake aims to provide inexpensive storage for large volumes of telemetry, while threat intelligence will be included with Defender XDR at no extra cost.
The acquisition gives the British cybersecurity solutions provider more insights into encrypted network traffic and additional decryption capabilities.
Hackers and cybercrime groups are part of a virtual feeding frenzy, after Microsoft’s recent disclosure of new vulnerabilities in on-premises editions of SharePoint Server.
Microsoft has formally tied the exploitation of security flaws in internet-facing SharePoint Server instances to two Chinese hacking groups called Linen Typhoon and Violet Typhoon as early as July 7, 2025, corroborating earlier reports. The tech giant said it also observed a third China-based threat actor, which it tracks as Storm-2603, weaponizing the flaws as…
The World Leaks group accessed and released data from the company’s Customer Solution Center, which is separated from customer and partner systems and stores primarily “synthetic” datasets used for demos and testing, Dell said.
To be truly resilient in the ever-growing threat landscape, organizations need to balance protection with preparation.
Cisco on Monday updated its advisory of a set of recently disclosed security flaws in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) to acknowledge active exploitation. “In July 2025, the Cisco PSIRT [Product Security Incident Response Team], became aware of attempted exploitation of some of these vulnerabilities in the wild,” the company…