admin

admin

Severe Unpatched SharePoint Zero-Day Under Active Exploitation, Compromises Over 75 Company Servers

July 20, 2025
Zero-Day / Vulnerability

A serious security flaw in Microsoft SharePoint Server has been weaponized in an ongoing, large-scale exploitation campaign. The zero-day vulnerability, identified as CVE-2025-53770 (CVSS score: 9.8), is a variant of CVE-2025-49704 (CVSS score: 8.8), which was addressed by Microsoft in their July 2025 Patch Tuesday updates. Microsoft explained that “deserialization of untrusted data in on-premises Microsoft SharePoint Server enables unauthorized attackers to execute code over a network,” as detailed in an advisory released on July 19, 2025. The company is actively preparing a comprehensive update to mitigate this issue. Viettel Cyber Security is credited with discovering and reporting the flaw through Trend Micro’s Zero Day Initiative (ZDI). Additionally, Microsoft has acknowledged awareness of ongoing attacks related to this vulnerability.

Critical Unpatched SharePoint Zero-Day Under Active Exploitation, Compromises Over 75 Company Servers July 20, 2025 In an alarming development, a critical zero-day vulnerability in Microsoft SharePoint Server has been actively exploited in a large-scale attack campaign, leading to the breach…

Ukrainian Children Recruited for Cyber Operations and Reconnaissance in Russian Strikes

Dec 16, 2024
Cyber Attacks / Cyber Espionage

The Security Service of Ukraine (SBU) has uncovered a new espionage initiative allegedly led by Russia’s Federal Security Service (FSB), involving the recruitment of Ukrainian minors for illicit activities disguised as “quest games.” Law enforcement officials detained two groups of FSB agents in a special operation in Kharkiv, which included only children aged 15 and 16. According to the SBU, “The minors undertook hostile missions involving reconnaissance, targeting adjustments, and arson.” To obscure their subversive roles, both factions operated independently. Under the FSB’s quest game framework, the children were provided with geographic coordinates and tasked with reaching specified locations, capturing photos and videos of targets, and offering a description of the surrounding environment. The findings from these reconnaissance missions…

Ukrainian Minors Targeted for Espionage Activities Linked to Russian Cyber Operations December 16, 2024 Cyber Attack / Cyber Espionage In a troubling development in the realm of cybersecurity, the Security Service of Ukraine (SBU) has unveiled a sophisticated espionage campaign…

⚡ THN Weekly Update: Key Cybersecurity Threats, Tools, and Insights

Dec 16, 2024
Cyber Threats / Weekly Update

This week brought significant and concerning developments in cybersecurity. From subtle but impactful attacks on widely-used business tools to hidden vulnerabilities in common devices, there’s plenty that may have gone unnoticed. Cybercriminals are not only rehashing old tactics but also discovering new ones, targeting systems of all sizes. On a brighter note, law enforcement has made strides against dubious online markets, while major tech companies scramble to fix vulnerabilities before they escalate. If you’ve been too busy to stay informed, now’s the ideal time to catch up on what you might have missed.

⚡ Threat of the Week

Cleo Vulnerability Faces Active Exploitation
A severe vulnerability (CVE-2024-50623) in Cleo’s file transfer software—Harmony, VLTrader, and LexiCom—has come under active attack by cybercriminals, posing significant security threats to organizations globally. This flaw allows unauthorized remote code execution, heightening the urgency for organizations to address the issue.

THN Weekly Recap: Key Cybersecurity Threats, Tools, and Tips Published: December 16, 2024 The past week has revealed significant challenges in the cybersecurity landscape, highlighting the evolving tactics of cybercriminals. From subtle yet impactful attacks targeting widely-used business tools to…