SharePoint ‘ToolShell’ vulnerabilities being exploited in the wild

Blog

Byadmblake July 21, 2025

Sophos X-Ops sees exploitation across multiple customer estates

Blog

New Botnet Plants Persistent Backdoors in ASUS Routers

Thousands of ASUS routers have been infected and are believed to be part of a wide-ranging ORB network affecting devices from Linksys, D-Link, QNAP, and Araknis Network.

Read More New Botnet Plants Persistent Backdoors in ASUS Routers
Blog

CISA and NSA Issue Urgent Guidance to Secure WSUS and Microsoft Exchange Servers

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and National Security Agency (NSA), along with international partners from Australia and Canada, have released guidance to harden on-premise Microsoft Exchange Server instances from potential exploitation. “By restricting administrative access, implementing multi-factor authentication, enforcing strict transport security

Read More CISA and NSA Issue Urgent Guidance to Secure WSUS and Microsoft Exchange Servers
Blog

Watch This Webinar to Learn How to Eliminate Identity-Based Attacks—Before They Happen

In today’s digital world, security breaches are all too common. Despite the many security tools and training programs available, identity-based attacks—like phishing, adversary-in-the-middle, and MFA bypass—remain a major challenge. Instead of accepting these risks and pouring resources into fixing problems after they occur, why not prevent attacks from happening in the first place? Our upcoming

Read More Watch This Webinar to Learn How to Eliminate Identity-Based Attacks—Before They Happen
Blog

Why Video Game Anti-Cheat Systems Are a Cybersecurity Goldmine

Sam Collins and Marius Muench of the University of Birmingham, UK, join the Black Hat USA 2025 News Desk to explain how anti-cheat systems in video games provide valuable lessons on defending against threat actors’ techniques and strategies.

Read More Why Video Game Anti-Cheat Systems Are a Cybersecurity Goldmine
Blog

Veeam and IBM Release Patches for High-Risk Flaws in Backup and AIX Systems

Veeam has released security updates to address a critical security flaw impacting its Backup & Replication software that could lead to remote code execution. The vulnerability, tracked as CVE-2025-23120, carries a CVSS score of 9.9 out of 10.0. It affects 12.3.0.310 and all earlier version 12 builds. “A vulnerability allowing remote code execution (RCE) by…

Read More Veeam and IBM Release Patches for High-Risk Flaws in Backup and AIX Systems
Blog

DoJ Busts Up Another Multinational DPRK IT Worker Scam

A departmentwide initiative has now led to five major law enforcement actions, in an attempt to curb the increasingly common trend of North Korean hackers posing as IT job applicants.

Read More DoJ Busts Up Another Multinational DPRK IT Worker Scam

Related