Author: Staff Writer

Fast Facts Critical Vulnerability: Over 1,000 CrushFTP instances are exposed online due to the critical vulnerability (CVE-2025-54309), allowing unauthorized admin access, affecting versions below 10.8.5 and 11.3.4_23. Active Exploitation: This flaw was flagged as actively exploited in the wild since July 19, with indications that attacks may have predated this date, putting unpatched servers at high risk. Mitigation Recommendations: CrushFTP advises regular patching, monitoring upload/download logs for unusual activities, enabling automatic updates, and IP whitelisting for enhanced security. Ongoing Risks: The vulnerability has made CrushFTP a target for ransomware gangs, with past incidents linking zero-day flaws to significant data theft…

Essential Insights Evolving Attack Methods: Attackers are increasingly infiltrating secure environments by exploiting weak configurations, outdated encryption, and trusted tools instead of relying on zero-day vulnerabilities, highlighting an urgent need for proactive cybersecurity measures. Critical Vulnerabilities Uncovered: Recent reports detail active exploitation of serious vulnerabilities, including critical flaws in Microsoft SharePoint, Google Chrome, and NVIDIA’s Container Toolkit, underscoring the importance of timely patching to prevent breaches. Emerging Threats from Advanced Techniques: Advanced malware campaigns, such as SLOW#TEMPEST and the exploitation of signed drivers to bypass security measures, indicate a shift towards more sophisticated strategies that challenge traditional detection methods. Rising…

Quick Takeaways Significant Data Breaches: Cierant Corporation and Zumpano Patricios have reported data breaches affecting over 200,000 individuals each, with Zumpano Patricios impacting nearly 280,000. Nature of Breaches: The breaches were highlighted by the US Department of Health and Human Services; Zumpano Patricios detected an IT intrusion on May 6, 2025, while Cierant was targeted by the Cl0p ransomware group exploiting vulnerabilities in Cleo file transfer products. Compromised Information: Both incidents involved the exfiltration of sensitive personal data, including names, Social Security numbers, and health-related information, affecting thousands within the healthcare sector. Undetermined Attack Motivations: It remains unclear if Zumpano…

Passwordless / SaaS Security With every credential breach that hits the news, CISOs and security professionals continually reach the same conclusion: passwords are insecure, and we should abandon them in favor of less risky authentication factors. But, secure or not, passwords are stubborn. The 2025 Verizon DBIR rated the likelihood of this being the year we finally eliminate passwords as being on par with “this being the year of the Linux desktop.” Any IT or security pro who has had to explain passkeys to their coworkers can tell you that 2025 isn’t going to be the year we do away…

Essential Insights Data Breach Notification: The Alcohol & Drug Testing Service (TADTS) is alerting approximately 750,000 individuals about compromised personal data following a data breach identified on July 9, 2024. Compromised Data: Stolen information includes names, Social Security numbers, financial details, health insurance information, and login credentials, impacting data related to employment screening tests. Security Response: TADTS has reset passwords, enhanced monitoring, improved detection protocols, and reported the attack to law enforcement but is not offering free identity theft protection to those affected. Ransomware Claim: The BianLian ransomware group claimed responsibility for the breach, reportedly stealing about 218 gigabytes of…

Over the past decade, cyber insurance has become an increasingly important aspect of business operations. It is no longer a luxury, but a necessity for organizations of all sizes and industries. But with the recent explosion of ransomware attacks and their devastating impact, insurance underwriters have come to understand the need for a major shift in standard security measures, particularly strengthening multi-factor authentication (MFA) and service account protection requirements. Join us for a must-attend webinar on the crucial topic of identity protection in the age of cyber insurance. Get first-hand insights on the latest best practices and insights from Don…

Top Highlights Exploited Vulnerabilities: Microsoft released patches for zero-day vulnerabilities CVE-2025-53770 and CVE-2025-53771, known as ‘ToolShell’, which allow unauthenticated remote code execution on vulnerable SharePoint servers, with exploitation starting on July 18. Scope of Attack: Over 9,000 instances of internet-exposed SharePoint, primarily in North America and Europe, are at risk, with attackers also exfiltrating cryptographic secrets to gain full system access. Response and Mitigations: Microsoft announced security updates for SharePoint Subscription Edition and 2019, while urging organizations to enable Antimalware Scan Interface (AMSI) integration and rotate compromised cryptographic keys, as these may already be at risk. Previous Vulnerabilities: The new…

Fast Facts Zero-Day Vulnerabilities Detected: Microsoft issued emergency updates for two critical zero-day vulnerabilities, CVE-2025-53770 and CVE-2025-53771, which have led to widespread "ToolShell" attacks affecting over 54 organizations globally. Patch Distribution: The urgent updates apply to Microsoft SharePoint Subscription Edition and SharePoint 2019; however, patches for SharePoint 2016 remain pending. Immediate Action Required: SharePoint administrators must install the relevant security updates and rotate machine keys to mitigate risks of exploitation. Monitoring for Exploitation: Admins should analyze logs for suspicious activities, particularly for the creation of specific files and unusual HTTP requests, to ensure thorough investigation of potential breaches. The Core…

Top Highlights Target Shift to Web3 Developers: The threat actor EncryptHub targets Web3 developers by using fake AI platforms to lure them with job offers, aiming to harvest sensitive data from cryptocurrency wallets and development credentials. Evolving Tactics: EncryptHub’s strategy has evolved from ransomware to deploying information stealer malware, exemplified by the Fickle Stealer, utilizing deceptive meeting links under the pretext of professional discussions. Exploiting Decentralization: Web3 developers, often freelancers with multiple project involvements, are seen as vulnerable targets, making traditional security measures less effective against these threats. Ransomware Landscape Expansion: New ransomware variants like KAWA4096 and Crux are emerging,…

Jul 15, 2025The Hacker NewsAutomation / Risk Management AI agents promise to automate everything from financial reconciliations to incident response. Yet every time an AI agent spins up a workflow, it has to authenticate somewhere; often with a high-privilege API key, OAuth token, or service account that defenders can’t easily see. These “invisible” non-human identities (NHIs) now outnumber human accounts in most cloud environments, and they have become one of the ripest targets for attackers. Astrix’s Field CTO Jonathan Sander put it bluntly in a recent Hacker News webinar: “One dangerous habit we’ve had for a long time is trusting…