admin

admin

  • Joined: September 10, 2024
  • Articles: 4665

Hackers Exploiting SharePoint Zero-Day Since July 7 to Steal Keys and Ensure Ongoing Access

July 22, 2025
Vulnerability / Threat Intelligence

A recently revealed critical vulnerability in Microsoft SharePoint has been actively exploited since July 7, 2025, according to Check Point Research. The cybersecurity firm detected initial attacks targeting a major unnamed Western government, with activities escalating on July 18 and 19 across government, telecommunications, and software sectors in North America and Western Europe. Check Point identified the exploitation efforts originating from three separate IP addresses—104.238.159[.]149, 107.191.58[.]76, and 96.9.125[.]147—one of which was previously associated with the exploitation of vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM) appliances (CVE-2025-4427 and CVE-2025-4428). “We are witnessing an urgent and active threat: a critical zero-day vulnerability in SharePoint on-premises is being exploited globally, endangering thousands of organizations,” stated Lotem Finkelstein, Director of Threat Intelligence at Check Point.

Hackers Exploit SharePoint Zero-Day Vulnerability Since July 7 to Hijack Credentials and Ensure Ongoing Access July 22, 2025 Vulnerability / Threat Intelligence A critical vulnerability in Microsoft SharePoint has come to light, and reports indicate that it has been under…

Cisco Confirms Active Exploits Targeting Vulnerabilities in ISE, Leading to Unauthenticated Root Access

On July 22, 2025, Cisco updated its advisory regarding several recently disclosed security vulnerabilities in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC), confirming that they are being actively exploited. Cisco’s Product Security Incident Response Team (PSIRT) reported awareness of attempts to exploit these vulnerabilities in real-world scenarios. However, the company did not specify which vulnerabilities are being targeted, the identity of the attacking entities, or the scale of these activities. Cisco ISE is crucial for network access control, determining which users and devices can access corporate networks and under what conditions. A breach at this level could allow attackers unrestricted access to internal systems, effectively bypassing authentication and logging controls and transforming a key policy engine into an unguarded entry point. The alert emphasizes that the identified vulnerabilities are classified as critical.

Cisco Confirms Ongoing Exploitation of ISE Vulnerabilities Leading to Unauthenticated Root Access On July 22, 2025, Cisco updated its advisory regarding recently unveiled vulnerabilities in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC), admitting that active exploitation…

⚡ THN Weekly Update: Key Cybersecurity Threats, Tools, and Strategies [Jan 6]

Jan 06, 2025

Every action we take online—each tap, click, and swipe—shapes our digital experience, but it also opens up opportunities for unintended risks. Trusted extensions, helpful assistants, and even QR codes are becoming avenues for cybercriminals. The boundary between convenience and risk has never been more precarious. This week, we explore the hidden dangers, unexpected vulnerabilities, and the cunning tactics that hackers are employing to outmaneuver the systems we rely on. Join us as we delve into the realities behind the screens and learn how to stay one step ahead.

⚡ Threat of the Week
Dozens of Google Chrome Extensions Discovered Stealing Sensitive Data — The ongoing challenges of securing the software supply chain were highlighted once again when about thirty Chrome extensions were found covertly extracting sensitive information from approximately 2.6 million devices over several months in two interconnected campaigns. This alarming discovery came to light thanks to insights from data loss prevention service Cyberhaven.

THN Weekly Recap: Examining Recent Cybersecurity Threats and Essential Insights Published January 6, 2025 In our increasingly digital world, each online interaction—from simple taps to complex swipes—helps define our digital existence. However, these actions can inadvertently expose us to risks…

Chinese State-Sponsored Hackers Target Southeast Asian Telecoms

Critical Infrastructure Security, Cyberwarfare / Nation-State Attacks, Fraud Management & Cybercrime Threat Actor Maintains Long-Term Stealthy Access Prajeet Nair (@prajeetspeaks) • August 4, 2025 Image: Shutterstock A recent cybersecurity analysis reveals that Chinese nation-state hackers have infiltrated mobile telecommunications networks…

Highlands Oncology Group Data Breach Impacts 113,575 Individuals

Highlands Oncology Data Breach: Lawsuit Investigation Attorneys affiliated with ClassAction.org are currently investigating the potential for a class action lawsuit in response to the Highlands Oncology data breach. This inquiry focuses on gathering information from individuals who have received notifications…

Microsoft Links Ongoing SharePoint Exploits to Three Chinese Hacker Groups

Date: July 22, 2025
Category: Vulnerability / Threat Intelligence

Microsoft has officially connected the exploitation of vulnerabilities in internet-facing SharePoint Server instances to two Chinese hacker groups, Linen Typhoon and Violet Typhoon, as early as July 7, 2025, confirming earlier claims. Additionally, the company has identified a third threat actor from China, tracked as Storm-2603, also leveraging these vulnerabilities to gain initial access to target organizations. Microsoft stated in a report released today that, “Given the swift adoption of these exploits, we are highly confident that threat actors will continue to incorporate them into their attacks on unpatched on-premises SharePoint systems.” Below is a brief overview of the threat activity clusters:

  • Linen Typhoon (also known as APT27, Bronze Union, Emissary Panda, Iodine, Lucky Mouse, Red Phoenix, and UNC215), active since 2012 and previously linked to malware families including SysUpdate, HyperBro, and PlugX.
  • Violet Typhoon (aka …).

Microsoft Links Ongoing SharePoint Exploits to Three Chinese Hacking Groups July 22, 2025 In a recent announcement, Microsoft has officially connected the exploitation of vulnerabilities in SharePoint Server instances to two Chinese cybercriminal organizations known as Linen Typhoon and Violet…

CISA: No Broader Federal Impact from Treasury Cyber Incident; Investigation Continues

Jan 07, 2025
Critical Infrastructure / Cyber Attack

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced on Monday that there are no signs indicating the recent cyber attack on the Treasury Department has affected other federal agencies. CISA is collaborating closely with the Treasury Department and BeyondTrust to fully understand the breach and reduce its effects. CISA emphasized, “The security of federal systems and the data they safeguard is crucial to our national security. We are taking proactive measures to prevent any further repercussions and will provide updates as needed.” This statement follows the Treasury Department’s disclosure of being targeted in a “major cybersecurity incident” involving Chinese state-sponsored actors, which enabled remote access to certain computers and unclassified documents. The incident, revealed in early December 2024, stemmed from a breach in BeyondTrust’s systems, allowing adversaries to gain sensitive access.

CISA Reports No Broader Federal Impact from Treasury Cyber Attack; Investigation Continues On January 7, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) announced that the recent cyber breach affecting the Treasury Department does not appear to have compromised other…