Cybersecurity News | CyberSecured 24x7

29 Jul

CISA and Partners Release Updated Advisory on Scattered Spider Group

CISA, along with the Federal Bureau of Investigation, Canadian Centre for Cyber Security, Royal Canadian Mounted Police, the Australian Cyber Security Centre’s Australian Signals Directorate, and the Australian Federal Police and National Cyber Security Centre, released an updated joint Cybersecurity Advisory on Scattered Spider—a cybercriminal group targeting commercial facilities sectors and subsectors. This advisory provides updated tactics, techniques, and procedures (TTPs) obtained through FBI investigations conducted through June 2025. Scattered Spider threat actors have been…

29 Jul

CISA Releases Part One of Zero Trust Microsegmentation Guidance

Attacks, Insights, Malware

CISA released Microsegmentation in Zero Trust, Part One: Introduction and Planning as part of its ongoing efforts to support Federal Civilian Executive Branch (FCEB) agencies implementing zero trust architectures (ZTAs). This guidance provides a high-level overview of microsegmentation, focusing on its key concepts, associated challenges and potential benefits, and includes recommended actions to modernize network security and advance zero trust principles. Microsegmentation is a critical component of ZTA that reduces the attack surface, limits lateral…

26 Jul

SharePoint under fire: ToolShell attacks hit organizations worldwide

Information

The ToolShell bugs are being exploited by cybercriminals and APT groups alike, with the US on the receiving end of 13 percent of all attacks 25 Jul 2025 The ESET research team has released their findings about exploitation of CVE-2025-53770 and CVE‑2025‑53771, zero-day vulnerabilities in on-premises Microsoft SharePoint servers dubbed ToolShell. ESET’s data shows that attacks hit victims globally, with the US (13.3% of attacks) being the most-targeted country. What else is there to know…

25 Jul

Rogue CAPTCHAs: Look out for phony verification pages spreading malware

Information

Digital Security Before rushing to prove that you’re not a robot, be wary of deceptive human verification pages as an increasingly popular vector for delivering malware Phil Muncaster 24 Jul 2025 • , 4 min. read Bots have got a lot to answer for. They now make up over half of all internet traffic, and while some, such as Google’s web crawlers and fetchers, have legitimate purposes, nearly two-fifths are considered malicious. Their power can…

25 Jul

ToolShell: An all-you-can-eat buffet for threat actors

Information

ESET Research ESET Research has been monitoring attacks involving the recently discovered ToolShell zero-day vulnerabilities ESET Research 24 Jul 2025 • , 5 min. read On July 19th, 2025, Microsoft confirmed that a set of zero-day vulnerabilities in SharePoint Server called ToolShell is being exploited in the wild. ToolShell is comprised of CVE-2025-53770, a remote code execution vulnerability, and CVE‑2025‑53771, a server spoofing vulnerability. These attacks target on-premises Microsoft SharePoint servers, specifically those running SharePoint…

24 Jul

Phishers Target Aviation Execs to Scam Customers

Information, Insights

KrebsOnSecurity recently heard from a reader whose boss’s email account got phished and was used to trick one of the company’s customers into sending a large payment to scammers. An investigation into the attacker’s infrastructure points to a long-running Nigerian cybercrime ring that is actively targeting established companies in the transportation and aviation industries. Image: Shutterstock, Mr. Teerapon Tiuekhom. A reader who works in the transportation industry sent a tip about a recent successful phishing…

23 Jul

Why is your data worth so much? | Unlocked 403 cybersecurity podcast (S2E4)

Information

Behind every free online service, there’s a price being paid. Learn why your digital footprint is so valuable, and when you might actually be the product. 22 Jul 2025 Your digital footprint is more valuable than you think. It’s not just a trail of data left behind by your online activity – it’s a goldmine of sensitive data. In this episode of Unlocked 403, Becks sits down with ESET Global Security Advisor Jake Moore to…

22 Jul

Joint Advisory Issued on Protecting Against Interlock Ransomware

Attacks, Insights, Malware

CISA, in partnership with the Federal Bureau of Investigation (FBI), the Department of Health and Human Services, and the Multi-State Information Sharing and Analysis Center issued a joint Cybersecurity Advisory to help protect businesses and critical infrastructure organizations in North America and Europe against Interlock ransomware. This advisory highlights known Interlock ransomware indicators of compromise and tactics, techniques, and procedures identified through recent FBI investigations. Actions organizations can take today to mitigate Interlock ransomware threat…

21 Jul

Microsoft Fix Targets Attacks on SharePoint Zero-Day

Information, Insights

On Sunday, July 20, Microsoft Corp. issued an emergency security update for a vulnerability in SharePoint Server that is actively being exploited to compromise vulnerable organizations. The patch comes amid reports that malicious hackers have used the SharePoint flaw to breach U.S. federal and state agencies, universities, and energy companies. Image: Shutterstock, by Ascannio. In an advisory about the SharePoint security hole, a.k.a. CVE-2025-53770, Microsoft said it is aware of active attacks targeting on-premises SharePoint…

20 Jul

Microsoft Releases Guidance on Exploitation of SharePoint Vulnerability (CVE-2025-53770)

Attacks, Insights, Malware

CISA is aware of active exploitation of a new remote code execution (RCE) vulnerability enabling unauthorized access to on-premise SharePoint servers. While the scope and impact continue to be assessed, the new Common Vulnerabilities and Exposures (CVE), CVE-2025-53770, is a variant of the existing vulnerability CVE-2025-49706 and poses a risk to organizations. This exploitation activity, publicly reported as “ToolShell,” provides unauthenticated access to systems and enables malicious actors to fully access SharePoint content, including file systems and internal…

CyberSecurity Updates

CISA and Partners Release Updated Advisory on Scattered Spider Group

CISA Releases Part One of Zero Trust Microsegmentation Guidance

SharePoint under fire: ToolShell attacks hit organizations worldwide

Rogue CAPTCHAs: Look out for phony verification pages spreading malware

ToolShell: An all-you-can-eat buffet for threat actors

Phishers Target Aviation Execs to Scam Customers

Why is your data worth so much? | Unlocked 403 cybersecurity podcast (S2E4)

Joint Advisory Issued on Protecting Against Interlock Ransomware

Microsoft Fix Targets Attacks on SharePoint Zero-Day

Microsoft Releases Guidance on Exploitation of SharePoint Vulnerability (CVE-2025-53770)

Search

The 6 Stages of a Vulnerability Management Process

Get Cybersecurity Alerts

Read More

Categories

Site Navigation

Resources