Highlands Oncology Data Breach: Lawsuit Investigation Attorneys affiliated with ClassAction.org are currently investigating the potential for a class action lawsuit in response to the Highlands Oncology data breach. This inquiry focuses on gathering information from individuals who have received notifications indicating that their personal data was compromised. Overview of the…
Date: July 22, 2025
Category: Vulnerability / Threat Intelligence
Microsoft has officially connected the exploitation of vulnerabilities in internet-facing SharePoint Server instances to two Chinese hacker groups, Linen Typhoon and Violet Typhoon, as early as July 7, 2025, confirming earlier claims. Additionally, the company has identified a third threat actor from China, tracked as Storm-2603, also leveraging these vulnerabilities to gain initial access to target organizations. Microsoft stated in a report released today that, “Given the swift adoption of these exploits, we are highly confident that threat actors will continue to incorporate them into their attacks on unpatched on-premises SharePoint systems.” Below is a brief overview of the threat activity clusters:
Microsoft Links Ongoing SharePoint Exploits to Three Chinese Hacking Groups July 22, 2025 In a recent announcement, Microsoft has officially connected the exploitation of vulnerabilities in SharePoint Server instances to two Chinese cybercriminal organizations known as Linen Typhoon and Violet Typhoon. This confirmation reinforces prior reports regarding the ongoing attacks,…
Date: July 22, 2025
Category: Vulnerability / Threat Intelligence
Microsoft has officially connected the exploitation of vulnerabilities in internet-facing SharePoint Server instances to two Chinese hacker groups, Linen Typhoon and Violet Typhoon, as early as July 7, 2025, confirming earlier claims. Additionally, the company has identified a third threat actor from China, tracked as Storm-2603, also leveraging these vulnerabilities to gain initial access to target organizations. Microsoft stated in a report released today that, “Given the swift adoption of these exploits, we are highly confident that threat actors will continue to incorporate them into their attacks on unpatched on-premises SharePoint systems.” Below is a brief overview of the threat activity clusters:
CISA: No Broader Federal Impact from Treasury Cyber Incident; Investigation Continues
Jan 07, 2025
Critical Infrastructure / Cyber Attack
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced on Monday that there are no signs indicating the recent cyber attack on the Treasury Department has affected other federal agencies. CISA is collaborating closely with the Treasury Department and BeyondTrust to fully understand the breach and reduce its effects. CISA emphasized, “The security of federal systems and the data they safeguard is crucial to our national security. We are taking proactive measures to prevent any further repercussions and will provide updates as needed.” This statement follows the Treasury Department’s disclosure of being targeted in a “major cybersecurity incident” involving Chinese state-sponsored actors, which enabled remote access to certain computers and unclassified documents. The incident, revealed in early December 2024, stemmed from a breach in BeyondTrust’s systems, allowing adversaries to gain sensitive access.
CISA Reports No Broader Federal Impact from Treasury Cyber Attack; Investigation Continues On January 7, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) announced that the recent cyber breach affecting the Treasury Department does not appear to have compromised other federal agencies. This development follows a major cybersecurity incident, described…
CISA: No Broader Federal Impact from Treasury Cyber Incident; Investigation Continues
Jan 07, 2025
Critical Infrastructure / Cyber Attack
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced on Monday that there are no signs indicating the recent cyber attack on the Treasury Department has affected other federal agencies. CISA is collaborating closely with the Treasury Department and BeyondTrust to fully understand the breach and reduce its effects. CISA emphasized, “The security of federal systems and the data they safeguard is crucial to our national security. We are taking proactive measures to prevent any further repercussions and will provide updates as needed.” This statement follows the Treasury Department’s disclosure of being targeted in a “major cybersecurity incident” involving Chinese state-sponsored actors, which enabled remote access to certain computers and unclassified documents. The incident, revealed in early December 2024, stemmed from a breach in BeyondTrust’s systems, allowing adversaries to gain sensitive access.
AI search engine Perplexity is under scrutiny for allegedly utilizing stealth bots to circumvent website restrictions against web crawling. This claim, if verified, would breach established Internet practices that have been upheld for over thirty years, as articulated by cybersecurity and optimization firm Cloudflare. Cloudflare disclosed in a recent blog…
Cyberwarfare / Nation-State Attacks, Fraud Management & Cybercrime Xu Zewei, Suspected Silk Typhoon Hacker, Will Remain in Custody in Italy Akshaya Asokan (asokan_akshaya) • August 4, 2025 Xu Zewei’s arrival at Milan’s Malpensa Airport may now lead to significant legal consequences. (Image: Davide Olivati) A Milan court has denied a…
Alleged Aeroflot Data Breach Raises Concerns Over Cybersecurity Vulnerabilities Recent reports have surfaced regarding a significant data breach affecting Aeroflot, Russia’s flagship airline. This incident has raised alarms, particularly among cybersecurity professionals and business leaders, as it highlights ongoing vulnerabilities in data protection measures within the aviation industry. The breach…
CISA Alerts: Active Exploitation of SysAid Vulnerabilities Allows Remote File Access and SSRF
Jul 23, 2025
Vulnerability / Software Security
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two security flaws affecting SysAid IT support software to its Known Exploited Vulnerabilities (KEV) catalog due to evidence of active exploitation. The vulnerabilities are as follows:
CVE-2025-2775 (CVSS score: 9.3): This vulnerability involves improper restrictions on XML external entity (XXE) references in the Checkin processing functionality, enabling potential administrator account takeover and file read access.
CVE-2025-2776 (CVSS score: 9.3): Similar to the first, this flaw also concerns improper restrictions on XXE references, but it affects the Server URL processing functionality, leading to possible administrator account takeover and file read access.
Both vulnerabilities were disclosed by watchTowr Labs researchers Sina Kheirkhah and Jake Knott in May, along with CVE-2025-2777 (CVSS score: 9.3), which pertains to a pre-authenticated XXE vulnerability within the /lshw endpoint. SysAid has since addressed these issues in their on-premises software.
CISA Alerts: Vulnerabilities in SysAid Software Under Active Attack On July 23, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) unveiled critical vulnerabilities affecting SysAid, a popular IT support software, highlighting their presence in the agency’s Known Exploited Vulnerabilities (KEV) catalog due to signs of active exploitation. The two…
CISA Alerts: Active Exploitation of SysAid Vulnerabilities Allows Remote File Access and SSRF
Jul 23, 2025
Vulnerability / Software Security
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two security flaws affecting SysAid IT support software to its Known Exploited Vulnerabilities (KEV) catalog due to evidence of active exploitation. The vulnerabilities are as follows:
CVE-2025-2775 (CVSS score: 9.3): This vulnerability involves improper restrictions on XML external entity (XXE) references in the Checkin processing functionality, enabling potential administrator account takeover and file read access.
CVE-2025-2776 (CVSS score: 9.3): Similar to the first, this flaw also concerns improper restrictions on XXE references, but it affects the Server URL processing functionality, leading to possible administrator account takeover and file read access.
Both vulnerabilities were disclosed by watchTowr Labs researchers Sina Kheirkhah and Jake Knott in May, along with CVE-2025-2777 (CVSS score: 9.3), which pertains to a pre-authenticated XXE vulnerability within the /lshw endpoint. SysAid has since addressed these issues in their on-premises software.
Top 5 Malware Threats to Watch Out for in 2025
January 8, 2025
Malware Analysis / Threat Intelligence
The year 2024 witnessed significant cyberattacks, impacting major companies like Dell and TicketMaster with data breaches and infrastructure disruptions. As we move into 2025, this trend is expected to persist. To safeguard against potential malware attacks, organizations must familiarize themselves with the evolving cyber threats. Here are five prevalent malware families you should start preparing to combat now.
Lumma
Lumma is a widely available malware designed to steal sensitive information. Since its emergence on the Dark Web in 2022, it has become a serious threat. This malware effectively collects and exfiltrates data from targeted applications, including login credentials, financial details, and personal information. Regularly updated to enhance its capabilities, Lumma can log extensive information from compromised systems, such as browsing history and cryptocurrency wallet data, and can also facilitate the installation of additional malicious software on infected devices. In 2024, Lumma was distributed through various channels…
Preparing for the Future: Top Malware Threats to Watch in 2025 January 8, 2025 Cybersecurity Insights / Threat Landscape As we step into 2025, the cybersecurity landscape continues to evolve, reflecting a persistent trend of high-profile incidents that plagued organizations throughout 2024. Major corporations, including industry giants like Dell and…
Top 5 Malware Threats to Watch Out for in 2025
January 8, 2025
Malware Analysis / Threat Intelligence
The year 2024 witnessed significant cyberattacks, impacting major companies like Dell and TicketMaster with data breaches and infrastructure disruptions. As we move into 2025, this trend is expected to persist. To safeguard against potential malware attacks, organizations must familiarize themselves with the evolving cyber threats. Here are five prevalent malware families you should start preparing to combat now.
Lumma
Lumma is a widely available malware designed to steal sensitive information. Since its emergence on the Dark Web in 2022, it has become a serious threat. This malware effectively collects and exfiltrates data from targeted applications, including login credentials, financial details, and personal information. Regularly updated to enhance its capabilities, Lumma can log extensive information from compromised systems, such as browsing history and cryptocurrency wallet data, and can also facilitate the installation of additional malicious software on infected devices. In 2024, Lumma was distributed through various channels…
I’m sorry, but I can’t assist with that. Source
