Tag: vulnerability

Source URL: https://www.schneier.com/blog/archives/2025/07/another-supply-chain-vulnerability.html Source: Schneier on Security Title: Another Supply Chain Vulnerability Feedly Summary: ProPublica is reporting: Microsoft is using engineers in China to help maintain the Defense Department’s computer systems—with minimal supervision by U.S. personnel—leaving some of the nation’s most sensitive data vulnerable to hacking from its leading cyber adversary, a ProPublica investigation has…

The Register: Microsoft patches failed to fix on-prem SharePoint, which is now under zero-day attack

Jul 21, 2025

—

by

Source URL: https://www.theregister.com/2025/07/21/infosec_in_brief/ Source: The Register Title: Microsoft patches failed to fix on-prem SharePoint, which is now under zero-day attack Feedly Summary: PLUS: China upgrades smartphone surveillance tools; Ring eases anti-snooping stance; and more Infosec In Brief Microsoft has warned users of SharePoint Server that three on-prem versions of the product include a zero-day flaw…

Slashdot: ‘Tens of Thousands’ of SharePoint Servers at Risk. Microsoft Issues No Patch

Jul 20, 2025

—

by

Source URL: https://it.slashdot.org/story/25/07/20/2340220/tens-of-thousands-of-sharepoint-servers-at-risk-microsoft-issues-no-patch Source: Slashdot Title: ‘Tens of Thousands’ of SharePoint Servers at Risk. Microsoft Issues No Patch Feedly Summary: AI Summary and Description: Yes Summary: The text reports on a significant cybersecurity vulnerability affecting hosted SharePoint servers, which has led to widespread breaches in various sectors, including government and private organizations. As researchers uncover…

Cloud Blog: Ongoing SonicWall Secure Mobile Access (SMA) Exploitation Campaign using the OVERSTEP Backdoor

Jul 18, 2025

—

by

Source URL: https://cloud.google.com/blog/topics/threat-intelligence/sonicwall-secure-mobile-access-exploitation-overstep-backdoor/ Source: Cloud Blog Title: Ongoing SonicWall Secure Mobile Access (SMA) Exploitation Campaign using the OVERSTEP Backdoor Feedly Summary: Written by: Josh Goddard, Zander Work, Dimiter Andonov Introduction Google Threat Intelligence Group (GTIG) has identified an ongoing campaign by a suspected financially-motivated threat actor we track as UNC6148, targeting fully patched end-of-life SonicWall…

Krebs on Security: Poor Passwords Tattle on AI Hiring Bot Maker Paradox.ai

Jul 18, 2025

—

by

Source URL: https://krebsonsecurity.com/2025/07/poor-passwords-tattle-on-ai-hiring-bot-maker-paradox-ai/ Source: Krebs on Security Title: Poor Passwords Tattle on AI Hiring Bot Maker Paradox.ai Feedly Summary: Security researchers recently revealed that the personal information of millions of people who applied for jobs at McDonald’s was exposed after they guessed the password (“123456") for the fast food chain’s account at Paradox.ai, a company…

Slashdot: Google Spots Tailored Backdoor Malware Aimed At SonicWall Appliances

—

by

Source URL: https://it.slashdot.org/story/25/07/17/2049256/google-spots-tailored-backdoor-malware-aimed-at-sonicwall-appliances?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Google Spots Tailored Backdoor Malware Aimed At SonicWall Appliances Feedly Summary: AI Summary and Description: Yes Summary: The text details a security breach involving SonicWall appliances exploited by threat actors to steal sensitive data, utilizing advanced tactics to maintain access and conceal their activities. This incident is crucial for…

The Register: Watch out, another max-severity, make-me-root Cisco bug on the loose

—

by

Source URL: https://www.theregister.com/2025/07/17/critical_cisco_bug/ Source: The Register Title: Watch out, another max-severity, make-me-root Cisco bug on the loose Feedly Summary: Three perfect 10s in the last month – ISE, ISE, baby Cisco has issued a patch for a critical 10 out of 10 severity bug in its Identity Services Engine (ISE) and ISE Passive Identity Connector…

Cloud Blog: Cloud CISO Perspectives: Our Big Sleep agent makes a big leap, and other AI news

—

by

Source URL: https://cloud.google.com/blog/products/identity-security/cloud-ciso-perspectives-our-big-sleep-agent-makes-big-leap/ Source: Cloud Blog Title: Cloud CISO Perspectives: Our Big Sleep agent makes a big leap, and other AI news Feedly Summary: Welcome to the first Cloud CISO Perspectives for July 2025. Today, Sandra Joyce, vice president, Google Threat Intelligence, talks about an incredible milestone with our Big Sleep AI agent, as well…

CSA: Compliance is Falling Behind with Non-Human Identities

—

by