Tag Microsoft

Hackers Exploit PDFs to Impersonate Microsoft, DocuSign, and Others in Callback Phishing Schemes

Cybersecurity experts have raised alarms about phishing campaigns that mimic well-known brands, deceiving victims into calling phone numbers managed by cybercriminals. According to Cisco Talos researcher Omid Mirzaei, “A notable percentage of email threats featuring PDF payloads persuade victims to dial adversary-controlled numbers, showcasing a prevalent social engineering tactic referred to as Telephone-Oriented Attack Delivery (TOAD) or callback phishing.” An analysis of phishing emails with PDF attachments from May 5 to June 5, 2025, found that Microsoft and DocuSign were the most frequently impersonated brands. Other notable targets in TOAD emails included NortonLifeLock, PayPal, and Geek Squad. This surge in activity forms part of broader phishing efforts that leverage the trust associated with popular brands to provoke harmful actions. Typically, these messages include PDF attachments…

Hackers Target Users with PDF-Based Callback Phishing Impersonating Microsoft and DocuSign July 2, 2025 Recent findings from cybersecurity experts highlight an alarming trend in phishing attacks that exploit the trust associated with reputable brands such as Microsoft and DocuSign. These campaigns leverage PDF attachments to manipulate unsuspecting victims into calling…

Read More

Hackers Exploit PDFs to Impersonate Microsoft, DocuSign, and Others in Callback Phishing Schemes

Cybersecurity experts have raised alarms about phishing campaigns that mimic well-known brands, deceiving victims into calling phone numbers managed by cybercriminals. According to Cisco Talos researcher Omid Mirzaei, “A notable percentage of email threats featuring PDF payloads persuade victims to dial adversary-controlled numbers, showcasing a prevalent social engineering tactic referred to as Telephone-Oriented Attack Delivery (TOAD) or callback phishing.” An analysis of phishing emails with PDF attachments from May 5 to June 5, 2025, found that Microsoft and DocuSign were the most frequently impersonated brands. Other notable targets in TOAD emails included NortonLifeLock, PayPal, and Geek Squad. This surge in activity forms part of broader phishing efforts that leverage the trust associated with popular brands to provoke harmful actions. Typically, these messages include PDF attachments…

Hackers Expose Allianz Life Data Stolen in Salesforce Breach

In a significant cybersecurity breach, Allianz Life, a major US insurance firm, has had 2.8 million sensitive records exposed following a data leak linked to ongoing Salesforce attacks. These stolen records contain critical information pertaining to both business partners and customers, highlighting a troubling trend in the escalating sophistication of…

Read MoreHackers Expose Allianz Life Data Stolen in Salesforce Breach

CERT-UA Discovers Malicious RDP Files in Recent Attack on Ukrainian Entities

Oct 26, 2024
Cyber Attack / Threat Intelligence

The Computer Emergency Response Team of Ukraine (CERT-UA) has revealed a new malicious email campaign targeting government agencies, businesses, and military organizations. CERT-UA noted, “The emails leverage the allure of integrating popular services like Amazon or Microsoft while promoting a zero-trust architecture.” These messages include attachments that are Remote Desktop Protocol (‘.rdp’) configuration files. When executed, these RDP files connect to a remote server, allowing threat actors to access compromised systems, steal data, and deploy additional malware for subsequent attacks. The preparation for this infrastructure is believed to have started as early as August 2024, and the agency warns that the campaign may extend beyond Ukraine to other countries. CERT-UA has linked the campaign to a threat actor identified as UAC-0215. Amazon Web Services (AWS) also issued a related advisory…

CERT-UA Uncovers Malicious RDP Files Targeting Ukrainian Entities October 26, 2024 Cyber Attack / Threat Intelligence The Computer Emergency Response Team of Ukraine (CERT-UA) has reported a newly identified malicious email campaign directed at various governmental agencies, private enterprises, and military organizations within the country. This campaign seeks to exploit…

Read More

CERT-UA Discovers Malicious RDP Files in Recent Attack on Ukrainian Entities

Oct 26, 2024
Cyber Attack / Threat Intelligence

The Computer Emergency Response Team of Ukraine (CERT-UA) has revealed a new malicious email campaign targeting government agencies, businesses, and military organizations. CERT-UA noted, “The emails leverage the allure of integrating popular services like Amazon or Microsoft while promoting a zero-trust architecture.” These messages include attachments that are Remote Desktop Protocol (‘.rdp’) configuration files. When executed, these RDP files connect to a remote server, allowing threat actors to access compromised systems, steal data, and deploy additional malware for subsequent attacks. The preparation for this infrastructure is believed to have started as early as August 2024, and the agency warns that the campaign may extend beyond Ukraine to other countries. CERT-UA has linked the campaign to a threat actor identified as UAC-0215. Amazon Web Services (AWS) also issued a related advisory…

Microsoft Addresses 130 Vulnerabilities, Including Critical Issues in SPNEGO and SQL Server

July 9, 2025
Endpoint Security / Vulnerability

In its first Patch Tuesday update of 2025, Microsoft has rolled out fixes for 130 vulnerabilities, marking a shift as no exploited security flaws were included in this batch. Notably, one flaw addressed had already been publicly disclosed. The update also tackles 10 additional non-Microsoft CVEs impacting Visual Studio, AMD, and the Chromium-based Edge browser. Among the patched vulnerabilities, 10 are classified as Critical, while the remainder are deemed Important. “This marks the end of an 11-month streak of fixing at least one zero-day exploitation,” noted Satnam Narang, Senior Staff Research Engineer at Tenable. The vulnerabilities include 53 related to privilege escalation, 42 for remote code execution, 17 for information disclosure, and 8 for security feature bypasses. Furthermore, the update builds on two other flaws previously fixed in the Edge browser since the last month’s Patch Tuesday.

Microsoft Addresses 130 Vulnerabilities, Highlighting Critical Flaws in SPNEGO and SQL Server On July 9, 2025, Microsoft released its Patch Tuesday updates, addressing a total of 130 vulnerabilities, including critical security flaws within the SPNEGO protocol and SQL Server. Notably, this month’s updates marked the first time in 2025 that…

Read More

Microsoft Addresses 130 Vulnerabilities, Including Critical Issues in SPNEGO and SQL Server

July 9, 2025
Endpoint Security / Vulnerability

In its first Patch Tuesday update of 2025, Microsoft has rolled out fixes for 130 vulnerabilities, marking a shift as no exploited security flaws were included in this batch. Notably, one flaw addressed had already been publicly disclosed. The update also tackles 10 additional non-Microsoft CVEs impacting Visual Studio, AMD, and the Chromium-based Edge browser. Among the patched vulnerabilities, 10 are classified as Critical, while the remainder are deemed Important. “This marks the end of an 11-month streak of fixing at least one zero-day exploitation,” noted Satnam Narang, Senior Staff Research Engineer at Tenable. The vulnerabilities include 53 related to privilege escalation, 42 for remote code execution, 17 for information disclosure, and 8 for security feature bypasses. Furthermore, the update builds on two other flaws previously fixed in the Edge browser since the last month’s Patch Tuesday.

AMD Alerts Users to New Transient Scheduler Vulnerabilities Affecting Various CPU Models

Date: July 10, 2025
Category: Vulnerability / Hardware Security

AMD has issued a warning regarding a fresh wave of vulnerabilities impacting a wide array of chipsets, posing risks of data exposure. These vulnerabilities, known as Transient Scheduler Attacks (TSA), exploit speculative execution timing under certain microarchitectural conditions, creating a potential side channel in the CPUs. “In some instances, attackers could leverage this timing data to extract information from different contexts, leading to data leaks,” AMD stated in its advisory. The vulnerabilities were identified through research conducted by Microsoft and ETH Zurich, which tested modern CPUs against speculative execution threats like Meltdown and Foreshadow by examining isolation among security domains, including virtual machines, kernels, and processes. Following responsible disclosure in June 2024, the vulnerabilities have been assigned the following CVE identifiers: CVE-2024-36350 (CVSS score: 5.6).

AMD Issues Warning on Vulnerabilities Affecting a Wide Range of CPUs In a recent advisory, semiconductor giant AMD has highlighted a new set of vulnerabilities that may compromise the security of various chipsets, potentially allowing unauthorized access to sensitive information. These vulnerabilities, grouped under the term Transient Scheduler Attacks (TSA),…

Read More

AMD Alerts Users to New Transient Scheduler Vulnerabilities Affecting Various CPU Models

Date: July 10, 2025
Category: Vulnerability / Hardware Security

AMD has issued a warning regarding a fresh wave of vulnerabilities impacting a wide array of chipsets, posing risks of data exposure. These vulnerabilities, known as Transient Scheduler Attacks (TSA), exploit speculative execution timing under certain microarchitectural conditions, creating a potential side channel in the CPUs. “In some instances, attackers could leverage this timing data to extract information from different contexts, leading to data leaks,” AMD stated in its advisory. The vulnerabilities were identified through research conducted by Microsoft and ETH Zurich, which tested modern CPUs against speculative execution threats like Meltdown and Foreshadow by examining isolation among security domains, including virtual machines, kernels, and processes. Following responsible disclosure in June 2024, the vulnerabilities have been assigned the following CVE identifiers: CVE-2024-36350 (CVSS score: 5.6).

⚡ Weekly Overview — SharePoint Breach, Spyware Issues, IoT Exploits, DPRK Fraud, Crypto Threats, and More

📅 July 28, 2025

Some threats don’t breach the perimeter—they slip in through signed software, polished resumes, or approved vendors that remain hidden in plain sight. This week, the most significant dangers weren’t the ones making the most noise—they were the ones that looked the most legitimate. In a landscape where identity, trust, and tools are interconnected, the strongest attack vectors often appear entirely credible. Security teams now face the challenge of defending systems not only from intrusions but from the very essence of trust being weaponized.

Threat of the Week Microsoft SharePoint Breaches Linked to China — The repercussions of an attack wave targeting vulnerabilities in on-premises Microsoft SharePoint servers continue to intensify a week after the discovery of zero-day exploits, with over 400 organizations worldwide affected. These attacks have been connected to two notorious Chinese hacking groups, Linen Typhoon (APT27) and Violet Typhoon (APT31), along with a suspected China-based threat actor known as Storm-2603.

Weekly Recap — SharePoint Breach, Spyware, IoT Hijacks, DPRK Fraud, Crypto Drains, and More July 28, 2025 Cybersecurity threats are increasingly sneaking through the back door, penetrating defenses via seemingly legitimate vectors such as signed software, polished resumes, and authorized vendors that often remain unnoticed. This week underscored that the…

Read More

⚡ Weekly Overview — SharePoint Breach, Spyware Issues, IoT Exploits, DPRK Fraud, Crypto Threats, and More

📅 July 28, 2025

Some threats don’t breach the perimeter—they slip in through signed software, polished resumes, or approved vendors that remain hidden in plain sight. This week, the most significant dangers weren’t the ones making the most noise—they were the ones that looked the most legitimate. In a landscape where identity, trust, and tools are interconnected, the strongest attack vectors often appear entirely credible. Security teams now face the challenge of defending systems not only from intrusions but from the very essence of trust being weaponized.

Threat of the Week Microsoft SharePoint Breaches Linked to China — The repercussions of an attack wave targeting vulnerabilities in on-premises Microsoft SharePoint servers continue to intensify a week after the discovery of zero-day exploits, with over 400 organizations worldwide affected. These attacks have been connected to two notorious Chinese hacking groups, Linen Typhoon (APT27) and Violet Typhoon (APT31), along with a suspected China-based threat actor known as Storm-2603.

Microsoft Issues Warning About Vulnerability in Hybrid Exchange Deployments

Governance & Risk Management, Legacy Infrastructure Security CISA Issues Emergency Directive Mandating Federal Agencies Address Vulnerability Akshaya Asokan (asokan_akshaya), David Perera (@daveperera) • August 7, 2025 Image: Microsoft/Shutterstock/ISMG The Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive urging federal agencies to address a critical vulnerability affecting Microsoft…

Read MoreMicrosoft Issues Warning About Vulnerability in Hybrid Exchange Deployments

A Single Compromised Document Could Expose ‘Confidential’ Information Through ChatGPT

OpenAI’s Connectors Exposed: Researchers Uncover Vulnerability Recent developments in the realm of generative AI have caught the attention of cybersecurity experts, particularly regarding OpenAI’s ChatGPT. Unlike traditional chatbots, these AI models can connect with various data sources to provide tailored responses. ChatGPT, for instance, can access your Gmail, delve into…

Read MoreA Single Compromised Document Could Expose ‘Confidential’ Information Through ChatGPT