Tag: Exploitation

Source URL: https://blog.talosintelligence.com/cisco-talos-at-black-hat-2025-briefings-booth-talks-and-what-to-expect/ Source: Cisco Talos Blog Title: Cisco Talos at Black Hat 2025: Briefings, booth talks and what to expect Feedly Summary: Cisco Talos is back at Black Hat with new research, threat detection overviews and opportunities to connect with our team. Whether you’re interested in what we’re seeing in the threat landscape, detection…

Microsoft Security Blog: Sploitlight: Analyzing a Spotlight-based macOS TCC vulnerability

Jul 28, 2025

—

by

Source URL: https://www.microsoft.com/en-us/security/blog/2025/07/28/sploitlight-analyzing-a-spotlight-based-macos-tcc-vulnerability/ Source: Microsoft Security Blog Title: Sploitlight: Analyzing a Spotlight-based macOS TCC vulnerability Feedly Summary: Microsoft Threat Intelligence has discovered a macOS vulnerability, tracked as CVE-2025-31199, that could allow attackers to steal private data of files normally protected by Transparency, Consent, and Control (TCC), including the ability to extract and leak sensitive information…

Schneier on Security: Microsoft SharePoint Zero-Day

Jul 28, 2025

—

by

Source URL: https://www.schneier.com/blog/archives/2025/07/microsoft-sharepoint-zero-day.html Source: Schneier on Security Title: Microsoft SharePoint Zero-Day Feedly Summary: Chinese hackers are exploiting a high-severity vulnerability in Microsoft SharePoint to steal data worldwide: The vulnerability, tracked as CVE-2025-53770, carries a severity rating of 9.8 out of a possible 10. It gives unauthenticated remote access to SharePoint Servers exposed to the Internet.…

Slashdot: Did a Vendor’s Leak Help Attackers Exploit Microsoft’s SharePoint Servers?

Jul 27, 2025

—

by

Source URL: https://it.slashdot.org/story/25/07/27/0337218/did-a-vendors-leak-help-attackers-exploit-microsofts-sharepoint-servers?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Did a Vendor’s Leak Help Attackers Exploit Microsoft’s SharePoint Servers? Feedly Summary: AI Summary and Description: Yes Summary: The text discusses a serious security concern regarding zero-day exploits targeting Microsoft’s SharePoint servers, emphasizing potential leaks of vulnerability information and the impact of generative AI tools like Google Gemini in…

The Register: No login? No problem: Cisco ISE flaw gave root access before fix arrived, say researchers

—

by

Source URL: https://www.theregister.com/2025/07/24/no_login_no_problem_cisco_flaw/ Source: The Register Title: No login? No problem: Cisco ISE flaw gave root access before fix arrived, say researchers Feedly Summary: Shadowserver claims miscreants were already poking at a critical hole in early July, long before Switchzilla patched it Threat actors have actively exploited a newly patched vulnerability in Cisco’s Identity Services…

The Register: Microsoft: SharePoint attacks now officially include ransomware infections

—

by

Source URL: https://www.theregister.com/2025/07/24/microsoft_sharepoint_ransomware/ Source: The Register Title: Microsoft: SharePoint attacks now officially include ransomware infections Feedly Summary: Let the games begin Ransomware has officially entered the Microsoft SharePoint exploitation ring.… AI Summary and Description: Yes Summary: The text briefly mentions the emergence of ransomware targeting Microsoft SharePoint, highlighting a concerning trend in the security landscape.…

Wired: A Premium Luggage Service’s Web Bugs Exposed the Travel Plans of Every User—Including Diplomats

—

by

Source URL: https://www.wired.com/story/luggage-service-web-bugs-exposed-travel-plans-users-diplomats-airportr/ Source: Wired Title: A Premium Luggage Service’s Web Bugs Exposed the Travel Plans of Every User—Including Diplomats Feedly Summary: Security flaws in Airportr, a door-to-door luggage checking service used by 10 airlines, let hackers access user data and even gain privileges that would have let them redirect or steal luggage. AI Summary…

Cisco Talos Blog: Bloomberg Comdb2 null pointer dereference and denial-of-service vulnerabilities

—

by

Source URL: https://blog.talosintelligence.com/bloomberg-comdb2-null-pointer-dereference-and-denial-of-service-vulnerabilities/ Source: Cisco Talos Blog Title: Bloomberg Comdb2 null pointer dereference and denial-of-service vulnerabilities Feedly Summary: Cisco Talos’ Vulnerability Discovery & Research team recently disclosed five vulnerabilities in Bloomberg Comdb2. Comdb2 is an open source, high-availability database developed by Bloomberg. It supports features such as clustering, transactions, snapshots, and isolation. The implementation of the…

The Register: Microsoft SharePoint victim count hits 400+ orgs in ongoing attacks

Jul 23, 2025

—

by