Governance & Risk Management, Operational Technology (OT) Security Experts Advocate for Coordinated Autonomy Instead of Complete Integration Suparna Goswami (gsuparna) • August 4, 2025 Image: Shutterstock The divide between IT and OT teams can be likened to two groups speaking entirely different languages. While IT departments focus on data integrity…
Ransomware Attack on Arkansas Oncology Group Impacts Over 113,000 Patients In a significant data breach, the Arkansas Oncology Group reported a ransomware attack affecting approximately 113,500 individuals. This incident, as detailed by the HIPAA Journal, underscores the increasing threats posed by cybercriminals in the healthcare sector, which frequently stores sensitive…
Hackers Exploiting SharePoint Zero-Day Since July 7 to Steal Keys and Ensure Ongoing Access
July 22, 2025
Vulnerability / Threat Intelligence
A recently revealed critical vulnerability in Microsoft SharePoint has been actively exploited since July 7, 2025, according to Check Point Research. The cybersecurity firm detected initial attacks targeting a major unnamed Western government, with activities escalating on July 18 and 19 across government, telecommunications, and software sectors in North America and Western Europe. Check Point identified the exploitation efforts originating from three separate IP addresses—104.238.159[.]149, 107.191.58[.]76, and 96.9.125[.]147—one of which was previously associated with the exploitation of vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM) appliances (CVE-2025-4427 and CVE-2025-4428). “We are witnessing an urgent and active threat: a critical zero-day vulnerability in SharePoint on-premises is being exploited globally, endangering thousands of organizations,” stated Lotem Finkelstein, Director of Threat Intelligence at Check Point.
Hackers Exploit SharePoint Zero-Day Vulnerability Since July 7 to Hijack Credentials and Ensure Ongoing Access July 22, 2025 Vulnerability / Threat Intelligence A critical vulnerability in Microsoft SharePoint has come to light, and reports indicate that it has been under active exploitation since July 7, 2025. Findings from Check Point…
Hackers Exploiting SharePoint Zero-Day Since July 7 to Steal Keys and Ensure Ongoing Access
July 22, 2025
Vulnerability / Threat Intelligence
A recently revealed critical vulnerability in Microsoft SharePoint has been actively exploited since July 7, 2025, according to Check Point Research. The cybersecurity firm detected initial attacks targeting a major unnamed Western government, with activities escalating on July 18 and 19 across government, telecommunications, and software sectors in North America and Western Europe. Check Point identified the exploitation efforts originating from three separate IP addresses—104.238.159[.]149, 107.191.58[.]76, and 96.9.125[.]147—one of which was previously associated with the exploitation of vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM) appliances (CVE-2025-4427 and CVE-2025-4428). “We are witnessing an urgent and active threat: a critical zero-day vulnerability in SharePoint on-premises is being exploited globally, endangering thousands of organizations,” stated Lotem Finkelstein, Director of Threat Intelligence at Check Point.
Geo Focus: The United Kingdom, Geo-Specific, Government Dominic Trott of Orange Cyberdefense Discusses Challenges Facing Investors Amid Geopolitical Tensions Akshaya Asokan (asokan_akshaya) • August 4, 2025 Dominic Trott, Director of Strategy and Alliances, Orange Cyberdefense The United Kingdom has consistently supported startups and nurtured successful enterprises; however, cybersecurity startups in…
BELLINGHAM, Wash., Aug. 4, 2025 /PRNewswire/ — Edelson Lechtzin LLP, a law firm based in suburban Philadelphia, is conducting an investigation into data privacy concerns following a data breach involving Northwest Radiologists, Inc. and Mount Baker Imaging, collectively referred to as “Northwest Radiologists.” The organization detected unauthorized access to their…
On July 22, 2025, Cisco updated its advisory regarding several recently disclosed security vulnerabilities in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC), confirming that they are being actively exploited. Cisco’s Product Security Incident Response Team (PSIRT) reported awareness of attempts to exploit these vulnerabilities in real-world scenarios. However, the company did not specify which vulnerabilities are being targeted, the identity of the attacking entities, or the scale of these activities. Cisco ISE is crucial for network access control, determining which users and devices can access corporate networks and under what conditions. A breach at this level could allow attackers unrestricted access to internal systems, effectively bypassing authentication and logging controls and transforming a key policy engine into an unguarded entry point. The alert emphasizes that the identified vulnerabilities are classified as critical.
Cisco Confirms Ongoing Exploitation of ISE Vulnerabilities Leading to Unauthenticated Root Access On July 22, 2025, Cisco updated its advisory regarding recently unveiled vulnerabilities in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC), admitting that active exploitation is occurring in live environments. The Cisco Product Security Incident…
On July 22, 2025, Cisco updated its advisory regarding several recently disclosed security vulnerabilities in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC), confirming that they are being actively exploited. Cisco’s Product Security Incident Response Team (PSIRT) reported awareness of attempts to exploit these vulnerabilities in real-world scenarios. However, the company did not specify which vulnerabilities are being targeted, the identity of the attacking entities, or the scale of these activities. Cisco ISE is crucial for network access control, determining which users and devices can access corporate networks and under what conditions. A breach at this level could allow attackers unrestricted access to internal systems, effectively bypassing authentication and logging controls and transforming a key policy engine into an unguarded entry point. The alert emphasizes that the identified vulnerabilities are classified as critical.
⚡ THN Weekly Update: Key Cybersecurity Threats, Tools, and Strategies [Jan 6]
Jan 06, 2025
Every action we take online—each tap, click, and swipe—shapes our digital experience, but it also opens up opportunities for unintended risks. Trusted extensions, helpful assistants, and even QR codes are becoming avenues for cybercriminals. The boundary between convenience and risk has never been more precarious. This week, we explore the hidden dangers, unexpected vulnerabilities, and the cunning tactics that hackers are employing to outmaneuver the systems we rely on. Join us as we delve into the realities behind the screens and learn how to stay one step ahead.
⚡ Threat of the Week
Dozens of Google Chrome Extensions Discovered Stealing Sensitive Data — The ongoing challenges of securing the software supply chain were highlighted once again when about thirty Chrome extensions were found covertly extracting sensitive information from approximately 2.6 million devices over several months in two interconnected campaigns. This alarming discovery came to light thanks to insights from data loss prevention service Cyberhaven.
THN Weekly Recap: Examining Recent Cybersecurity Threats and Essential Insights Published January 6, 2025 In our increasingly digital world, each online interaction—from simple taps to complex swipes—helps define our digital existence. However, these actions can inadvertently expose us to risks we did not intend to invite. Trusted browser extensions, virtual…
⚡ THN Weekly Update: Key Cybersecurity Threats, Tools, and Strategies [Jan 6]
Jan 06, 2025
Every action we take online—each tap, click, and swipe—shapes our digital experience, but it also opens up opportunities for unintended risks. Trusted extensions, helpful assistants, and even QR codes are becoming avenues for cybercriminals. The boundary between convenience and risk has never been more precarious. This week, we explore the hidden dangers, unexpected vulnerabilities, and the cunning tactics that hackers are employing to outmaneuver the systems we rely on. Join us as we delve into the realities behind the screens and learn how to stay one step ahead.
⚡ Threat of the Week
Dozens of Google Chrome Extensions Discovered Stealing Sensitive Data — The ongoing challenges of securing the software supply chain were highlighted once again when about thirty Chrome extensions were found covertly extracting sensitive information from approximately 2.6 million devices over several months in two interconnected campaigns. This alarming discovery came to light thanks to insights from data loss prevention service Cyberhaven.
Critical Infrastructure Security, Cyberwarfare / Nation-State Attacks, Fraud Management & Cybercrime Threat Actor Maintains Long-Term Stealthy Access Prajeet Nair (@prajeetspeaks) • August 4, 2025 Image: Shutterstock A recent cybersecurity analysis reveals that Chinese nation-state hackers have infiltrated mobile telecommunications networks across Southeast Asia, ostensibly to track the locations of individuals,…
Highlands Oncology Data Breach: Lawsuit Investigation Attorneys affiliated with ClassAction.org are currently investigating the potential for a class action lawsuit in response to the Highlands Oncology data breach. This inquiry focuses on gathering information from individuals who have received notifications indicating that their personal data was compromised. Overview of the…
