Value Delivery in Data Security by NHIs In a rapidly evolving digital landscape, healthcare organizations are increasingly turning to Network Health Information Exchanges (NHIs) to bolster their data security frameworks. Recent discussions have highlighted the critical role NHIs play in…
Date: May 28, 2025
Categories: Cryptojacking / Vulnerability
A financially motivated threat actor has been observed exploiting a recently disclosed remote code execution vulnerability in the Craft Content Management System (CMS). This flaw has been leveraged to deploy multiple payloads, including a cryptocurrency miner, a loader known as Mimo Loader, and residential proxyware. The vulnerability, identified as CVE-2025-32432, is a high-severity issue in Craft CMS that was patched in versions 3.9.15, 4.14.15, and 5.6.17. The security defect was first revealed in April 2025 by Orange Cyberdefense SensePost after it was linked to attacks that occurred earlier in February. According to a recent report from Sekoia, the attackers have weaponized CVE-2025-32432 to gain unauthorized access to targeted systems and deploy a web shell for persistent remote control. This web shell is utilized to download and execute a shell script (“4l4md4r.sh”) from a remote server using tools such as curl, wget, or the Python library urllib2.
Mimo Hackers Target Craft CMS Flaw to Deploy Cryptomining and Proxy Services On May 28, 2025, cybersecurity analysts reported an alarming trend in which financially motivated hackers have been exploiting a serious vulnerability in the Craft Content Management System (CMS)—designated…
April 19, 2023
Cyber Threat / SCADA
A subgroup of Iranian state-backed hackers, identified as Mint Sandstorm, has been implicated in a series of attacks against critical U.S. infrastructure from late 2021 to mid-2022. According to Microsoft’s Threat Intelligence team, this group demonstrates a high level of technical expertise, with the ability to create custom tools and rapidly exploit known vulnerabilities. Their operational focus aligns closely with Iran’s national interests, targeting seaports, energy firms, transit systems, and a major U.S. utility and gas company. These cyber activities are believed to be retaliatory, stemming from prior attacks on Iran’s maritime, railway, and gas station payment systems between May 2020 and late 2021. Iran has alleged that these earlier attacks were orchestrated by Israel and the U.S. to incite domestic unrest.
Iranian State-Sponsored Hackers Target U.S. Energy and Transportation Sectors April 19, 2023 Recent investigations have revealed a troubling pattern of cyberattacks linked to an Iranian government-backed group known as Mint Sandstorm. These attacks, which occurred intermittently from late 2021 to…
Artificial Intelligence & Machine Learning, Next-Generation Technologies & Secure Development Physical Security Firm Targets Insider Risks with Federal Growth and AI Automation Michael Novinson (@MichaelNovinson) • August 25, 2025 Manish Mehta, Chief Solutions and Innovation Officer at Ontic (Image: Ontic)…
April 24, 2025
Data Breach / Vulnerability
A significant security vulnerability has been identified in the Commvault Command Center, posing a risk for arbitrary code execution on compromised systems. This flaw, designated CVE-2025-34028, has a high CVSS score of 9.0 out of 10. Commvault indicated in an advisory released on April 17, 2025, that the vulnerability permits remote attackers to run arbitrary code without authentication, potentially leading to full system compromise. It affects the 11.38 Innovation Release, covering versions 11.38.0 to 11.38.19, and has been patched in versions 11.38.20 and 11.38.25. Sonny Macdonald, a researcher at watchTowr Labs who discovered and reported the issue on April 7, 2025, noted that it could be exploited for pre-authenticated remote code execution.
Critical Flaw in Commvault Command Center Exposes Systems to Remote Code Execution On April 17, 2025, Commvault alerted its users to a significant security vulnerability within the Command Center, designated as CVE-2025-34028. This flaw poses a severe risk, allowing remote…
Workday Breach Breakdown: A Growing Trend of Cybersecurity Incidents In a recent disturbing development, Workday, a leading provider of enterprise cloud applications for finance and human resources, has fallen victim to a significant data breach. This incident underscores the escalating…
Microsoft OneDrive File Picker Vulnerability Allows Full Access to Cloud Storage When Uploading a Single File
May 28, 2025
Data Privacy / Vulnerability
Cybersecurity researchers have identified a serious security flaw in Microsoft’s OneDrive File Picker. If exploited, this vulnerability could enable websites to gain access to a user’s entire cloud storage, rather than just the files intended for upload. According to the Oasis Research Team’s report to The Hacker News, the issue arises from overly broad OAuth scopes and unclear consent screens that do not adequately communicate the level of access being granted. This flaw poses significant risks, including potential customer data leaks and violations of compliance regulations. Affected applications may include ChatGPT, Slack, Trello, and ClickUp, all of which integrate with Microsoft’s cloud service. The core of the problem lies in the excessive permissions required by the OneDrive File Picker, which requests read access to the entire drive, even when only a single file is selected for upload, due to a lack of fine-grained permission controls.
Security Flaw in Microsoft OneDrive File Picker Exposes Users to Potential Data Breaches May 28, 2025 Recent findings from cybersecurity researchers at the Oasis Research Team have unveiled a serious vulnerability within Microsoft’s OneDrive File Picker. This flaw enables websites…
April 19, 2023
Network Security / Cyber Espionage
Cybersecurity and intelligence agencies from the U.S. and U.K. have issued a warning about Russian state-sponsored actors exploiting recently patched vulnerabilities in Cisco networking equipment for reconnaissance and malware deployment against specific targets. These intrusions occurred in 2021 and affected a limited number of entities across Europe, U.S. government agencies, and around 250 Ukrainian victims. The activity has been linked to the threat group APT28, also known as Fancy Bear, Forest Blizzard (formerly Strontium), FROZENLAKE, and Sofacy, which is connected to the Russian General Staff Main Intelligence Directorate (GRU). The National Cyber Security Centre (NCSC) noted that APT28 gained access to vulnerable routers using default and weak SNMP community strings, as well as by exploiting CVE-2017-6742, a remote code execution vulnerability with a CVSS score of 8.8.
U.S. and U.K. Governments Alert on Russian Cyber Actors Exploiting Cisco Vulnerabilities On April 19, 2023, cybersecurity and intelligence agencies from the United States and the United Kingdom issued a warning regarding the activities of Russian state-sponsored hackers. These actors…
Incident & Breach Response, Security Operations Nevada Faces Widespread IT Disruption, Leading to Service Suspension Chris Riotta (@chrisriotta) • August 25, 2025 Image: Alexander Lukatskiy/Shutterstock Nevada state agencies have suspended several in-person services as a result of a network security…
US Senator Ron Wyden has sharply criticized the federal judiciary for what he labels as “negligence and incompetence” following a cyberattack linked to Russian hackers. This incident has led to the exposure of sensitive court documents, underscoring vulnerabilities within the…
