SharePoint ‘ToolShell’ vulnerabilities being exploited in the wild

Unprotected cloud data sends the wrong signal at a time when the emirate’s trying to attract investors and establish itself as a global financial center.

Virtualization and networking infrastructure have been targeted by a threat actor codenamed Fire Ant as part of a prolonged cyber espionage campaign. The activity, observed this year, is primarily designed Now to infiltrate organizations’ VMware ESXi and vCenter environments as well as network appliances, Sygnia said in a new report published today. “The threat actor…

While ushering in “great operational value” for organizations, private 5G networks add yet another layer to CISOs’ responsibilities.

Gainsight has disclosed that the recent suspicious activity targeting its applications has affected more customers than previously thought. The company said Salesforce initially provided a list of 3 impacted customers and that it has “expanded to a larger list” as of November 21, 2025. It did not reveal the exact number of customers who were…

A prompt-injection vulnerability in the AI assistant allows attackers to create messages that appear to be legitimate Google Security alerts but instead can be used to target users across various Google products with vishing and phishing.

Threat actors are actively exploiting a critical security flaw in “Alone – Charity Multipurpose Non-profit WordPress Theme” to take over susceptible sites. The vulnerability, tracked as CVE-2025-5394, carries a CVSS score of 9.8. Security researcher Thái An has been credited with discovering and reporting the bug. According to Wordfence, the shortcoming relates to an arbitrary…