Researchers Expose Vulnerabilities in AI-Driven Calendar Systems In a recent study, cybersecurity researchers have revealed alarming vulnerabilities in AI systems, particularly those managing calendar invites. By integrating malicious prompts directly into calendar titles, these researchers demonstrated a series of sophisticated…
In a significant cybersecurity incident, researcher Jeremiah Fowler has revealed a critical data breach involving IMDataCenter, a Florida-based data solutions company. The breach has resulted in the exposure of a vast database that contains sensitive personal information belonging to individual…
A federal judge has permitted a class-action lawsuit against Mr. Cooper, a prominent mortgage servicer currently being acquired by Rocket Companies, to proceed. The suit includes allegations of breach of contract and negligence stemming from a significant cyber attack in…
Severe Unpatched SharePoint Zero-Day Under Active Exploitation, Compromises Over 75 Company Servers
July 20, 2025
Zero-Day / Vulnerability
A serious security flaw in Microsoft SharePoint Server has been weaponized in an ongoing, large-scale exploitation campaign. The zero-day vulnerability, identified as CVE-2025-53770 (CVSS score: 9.8), is a variant of CVE-2025-49704 (CVSS score: 8.8), which was addressed by Microsoft in their July 2025 Patch Tuesday updates. Microsoft explained that “deserialization of untrusted data in on-premises Microsoft SharePoint Server enables unauthorized attackers to execute code over a network,” as detailed in an advisory released on July 19, 2025. The company is actively preparing a comprehensive update to mitigate this issue. Viettel Cyber Security is credited with discovering and reporting the flaw through Trend Micro’s Zero Day Initiative (ZDI). Additionally, Microsoft has acknowledged awareness of ongoing attacks related to this vulnerability.
Critical Unpatched SharePoint Zero-Day Under Active Exploitation, Compromises Over 75 Company Servers July 20, 2025 In an alarming development, a critical zero-day vulnerability in Microsoft SharePoint Server has been actively exploited in a large-scale attack campaign, leading to the breach…
Dec 16, 2024
Cyber Attacks / Cyber Espionage
The Security Service of Ukraine (SBU) has uncovered a new espionage initiative allegedly led by Russia’s Federal Security Service (FSB), involving the recruitment of Ukrainian minors for illicit activities disguised as “quest games.” Law enforcement officials detained two groups of FSB agents in a special operation in Kharkiv, which included only children aged 15 and 16. According to the SBU, “The minors undertook hostile missions involving reconnaissance, targeting adjustments, and arson.” To obscure their subversive roles, both factions operated independently. Under the FSB’s quest game framework, the children were provided with geographic coordinates and tasked with reaching specified locations, capturing photos and videos of targets, and offering a description of the surrounding environment. The findings from these reconnaissance missions…
Ukrainian Minors Targeted for Espionage Activities Linked to Russian Cyber Operations December 16, 2024 Cyber Attack / Cyber Espionage In a troubling development in the realm of cybersecurity, the Security Service of Ukraine (SBU) has unveiled a sophisticated espionage campaign…
KLM Airlines Reports Data Breach Affecting Customer Information KLM Airlines, officially known as KLM Royal Dutch Airlines and a key player in the French-Dutch aviation sector, has informed its customers about a recent data breach that compromised certain personal information.…
Cybercrime, Fraud Management & Cybercrime Voice Phishing Attacks Target Salesforce Users: A Persistent ShinyHunters Strategy Mathew J. Schwartz (euroinfosec) • August 6, 2025 Be cautious of voice phishing calls from the ShinyHunters cybercrime group. (Image: Shutterstock) In an alarming trend,…
The UK Ministry of Defence (MoD) has partnered with Australian firm Castlepoint Systems to enhance its data security protocols. This collaboration will focus on overseeing complex datasets using Castlepoint’s artificial intelligence (AI) technology to mitigate the risk of data breaches,…
Dec 16, 2024
Cyber Threats / Weekly Update
This week brought significant and concerning developments in cybersecurity. From subtle but impactful attacks on widely-used business tools to hidden vulnerabilities in common devices, there’s plenty that may have gone unnoticed. Cybercriminals are not only rehashing old tactics but also discovering new ones, targeting systems of all sizes. On a brighter note, law enforcement has made strides against dubious online markets, while major tech companies scramble to fix vulnerabilities before they escalate. If you’ve been too busy to stay informed, now’s the ideal time to catch up on what you might have missed.
Cleo Vulnerability Faces Active Exploitation
A severe vulnerability (CVE-2024-50623) in Cleo’s file transfer software—Harmony, VLTrader, and LexiCom—has come under active attack by cybercriminals, posing significant security threats to organizations globally. This flaw allows unauthorized remote code execution, heightening the urgency for organizations to address the issue.
THN Weekly Recap: Key Cybersecurity Threats, Tools, and Tips Published: December 16, 2024 The past week has revealed significant challenges in the cybersecurity landscape, highlighting the evolving tactics of cybercriminals. From subtle yet impactful attacks targeting widely-used business tools to…
Cybersecurity Spending, Government, Industry Specific $100M in State Cyber Grants Signals Reduced Federal Support Amid Increasing Demand Chris Riotta (@chrisriotta) • August 5, 2025 The Cybersecurity and Infrastructure Security Agency (CISA) has revealed a $100 million grant initiative designed to…
