Aggregator

A sophisticated new malware campaign has emerged that weaponizes fake CAPTCHA verification pages to trick users into executing malicious PowerShell commands, marking a significant evolution in browser-based attack methodologies. The campaign, dubbed “ClickFix,” represents what cybersecurity experts are calling a next-generation mutation of traditional fake browser update scams that dominated the threat landscape throughout 2024. […]

The post CAPTCHAgeddon – New ClickFix Attack Leverages Fake Captcha to Deliver Malware Payload appeared first on Cyber Security News.

The National Cyber Security Centre stressed that Britain was underestimating the severity of the risk to critical infrastructure from cyberattacks and provided updated guidance for operators to protect themselves.

Один необдуманный шаг — и ваш ПК уже исполняет чужую команду.

无人机巨头，如何解决地面上的麻烦事？

Pandora, the world-renowned Danish jewelry retailer, recently suffered a major cybersecurity incident involving unauthorized access to customer information through a third-party vendor platform. The company confirmed the cyberattack was promptly identified and contained, with immediate security reinforcements implemented. Official communications sent to customers, particularly in Italy, revealed the breach involved unauthorized access to an external […]

The post Pandora Jewellery Hit by Cyberattack, Customer Data Compromised appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

On July 22, 2025, the European police agency Europol said a long-running investigation led by the French Police resulted in the arrest of a 38-year-old administrator of XSS, a Russian-language cybercrime forum with more than 50,000 members. The action has triggered an ongoing frenzy of speculation and panic among XSS denizens about the identity of the unnamed suspect, but the consensus is that he is a pivotal figure in the crime forum scene who goes by the hacker handle "Toha." Here's a deep dive on what's knowable about Toha, and a short stab at who got nabbed.

On July 22, 2025, the European police agency Europol said a long-running investigation led by the French Police resulted in the arrest of a 38-year-old administrator of XSS, a Russian-language cybercrime forum with more than 50,000 members. The action has triggered an ongoing frenzy of speculation and panic among XSS denizens about the identity of the unnamed suspect, but the consensus is that he is a pivotal figure in the crime forum scene who goes by the hacker handle "Toha." Here's a deep dive on what's knowable about Toha, and a short stab at who got nabbed.

GuidePoint Security uncovers a new Akira ransomware tactic targeting SonicWall VPNs. The group's use of drivers to disable defenses is a significant threat to businesses.

Austin, TX, USA, 6th August 2025, CyberNewsWire

CISA published a Malware Analysis Report (MAR) with analysis and associated detection signatures on files related to Microsoft SharePoint vulnerabilities:

• CVE-2025-49704 [CWE-94: Code Injection],
• CVE-2025-49706 [CWE-287: Improper Authentication],
• CVE-2025-53770 [CWE-502: Deserialization of Untrusted Data], and
• CVE-2025-53771 [CWE-287: Improper Authentication]

Cyber threat actors have chained CVE-2025-49704 and CVE-2025-49706 (in an exploit chain publicly known as “ToolShell”) to gain unauthorized access to on-premises SharePoint servers. CISA analyzed six files including two Dynamic Link-Library (.DLL), one cryptographic key stealer, and three web shells. Cyber threat actors could leverage this malware to steal cryptographic keys and execute a Base64-encoded PowerShell command to fingerprint host system and exfiltrate data.  

CISA added CVE-2025-49704 and CVE-2025-49706 to its Known Exploited Vulnerabilities Catalog on July 22, 2025, and CVE-2025-53770 on July 20, 2025.

CISA encourages organizations to use the indicators of compromise (IOCs) and detection signatures in this MAR to identify malware.

Downloadable copy of IOCs associated with this malware:

MAR-251132.c1.v1.CLEAR_stix2 (JSON, 84.95 KB )

Downloadable copies of the SIGMA rule associated with this malware:

CMA SIGMA 251132 1 (YAML, 4.22 KB ) CMA SIGMA 251132 2 (YAML, 2.86 KB ) CMA SIGMA 251132 (YAML, 5.55 KB )

For more information on the malware files and YARA rules for detection, see MAR-251132.c1.v1 Exploitation of SharePoint Vulnerabilities.

Disclaimer:  

The information in this report is being provided “as is” for informational purposes only. CISA does not endorse any commercial entity, product, company, or service, including any entities, products, or services linked within this document. Any reference to specific commercial entities, products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply endorsement, recommendation, or favoring by CISA. 

Update (08/12/2025): CISA has updated this alert to provide clarification on identifying Exchange Servers on an organization’s networks and provided further guidance on running the Microsoft Exchange Health Checker.

Update (08/07/2025): CISA issued Emergency Directive (ED) 25-02: Mitigate Microsoft Exchange Vulnerability in response to CVE-2025-53786.

CISA is aware of the newly disclosed high-severity vulnerability, CVE-2025-53786, that allows a cyber threat actor with administrative access to an on-premise Microsoft Exchange server to escalate privileges by exploiting vulnerable hybrid-joined configurations. This vulnerability, if not addressed, could impact the identity integrity of an organization’s Exchange Online service. 

While Microsoft has stated there is no observed exploitation as of the time of this alert’s publication, CISA strongly urges organizations to implement Microsoft’s Exchange Server Hybrid Deployment Elevation of Privilege Vulnerability guidance outlined below, or risk leaving the organization vulnerable to a hybrid cloud and on-premises total domain compromise.  

1. Organizations should first inventory all Exchange Servers on their networks (organizations should leverage existing visibility tools or publicly available tools, such as NMAP or PowerShell scripts, to accomplish this task).
2. If using Exchange hybrid, review Microsoft’s guidance Exchange Server Security Changes for Hybrid Deployments to determine if your Microsoft hybrid deployments are potentially affected and available for a Cumulative Update (CU).
3. Install Microsoft’s April 2025 Exchange Server Hotfix Updates on the on-premise Exchange server and follow Microsoft’s configuration instructions Deploy dedicated Exchange hybrid app.
4. For organizations using Exchange hybrid (or have previously configured Exchange hybrid but no longer use it), review Microsoft's Service Principal Clean-Up Mode for guidance on resetting the service principal’s keyCredentials.
5. Upon completion, run the Microsoft Exchange Health Checker with appropriate permissions to identify the CU level of each Exchange Server identified and to determine if further steps are required.

CISA highly recommends entities disconnect public-facing versions of Exchange Server or SharePoint Server that have reached their end-of-life (EOL) or end-of-service from the internet. For example, SharePoint Server 2013 and earlier versions are EOL and should be discontinued if still in use.   

Organizations should review Microsoft’s blog Dedicated Hybrid App: temporary enforcements, new HCW and possible hybrid functionality disruptions for additional guidance as it becomes available. 

Disclaimer:   

The information in this report is being provided “as is” for informational purposes only. CISA does not endorse any commercial entity, product, company, or service, including any entities, products, or services linked within this document. Any reference to specific commercial entities, products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply endorsement, recommendation, or favoring by CISA.  

The public meetings will include updates on NIST’s investigations into the impacts of Hurricane Maria and the partial collapse of the Champlain Towers South.

ControlVault3 firmware vulnerabilities impacting over 100 Dell laptop models can allow attackers to bypass Windows login and install malware that persists across system reinstalls. [...]

The company will integrate Prompt Security's platform, which detects AI tools used in browsers and on desktops, into its Singularity platform.

Rockwell Automation has disclosed three critical memory corruption vulnerabilities in its Arena Simulation software that could allow attackers to execute malicious code remotely. The vulnerabilities, discovered during routine internal testing, affect all versions of Arena Simulation 16.20.09 and earlier, potentially exposing industrial automation environments to significant security risks. Critical Security Flaws Identified The three vulnerabilities, […]

The post Rockwell Arena Simulation Flaws Allow Remote Execution of Malicious Code appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Вайб-кодинг или троян — выбор за пользователем.

Unauthenticated command injection vulnerabilities (CVE-2025-54948, CVE-2025-54987) affecting the on-premise version of Trend Micro’s Apex One endpoint security platform are being probed by attackers, the company has warned on Wednesday. Unfortunately for those organizations that use it, a patch is still in the works and is expected to be released around the middle of August 2025. But the company has provided a “fix tool” that mitigates the risk of exploitation in the short term – though … More →

The post Trend Micro Apex One flaws exploted in the wild (CVE-2025-54948, CVE-2025-54987) appeared first on Help Net Security.

Security researchers have identified a sophisticated new tactic employed by Akira ransomware operators, who are exploiting legitimate Windows drivers to evade antivirus and endpoint detection systems while targeting SonicWall VPN infrastructure. This development represents a significant escalation in the group’s technical capabilities and poses serious challenges for enterprise cybersecurity defenses. Campaign Overview and Timeline From […]

The post Akira Ransomware Uses Windows Drivers to Bypass AV/EDR in SonicWall Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A sophisticated evasion technique employed by Akira ransomware affiliates, exploiting legitimate Windows drivers to bypass antivirus and endpoint detection and response (EDR) systems during recent SonicWall VPN attack campaigns.  The attacks, which have escalated from late July through early August 2025, demonstrate the threat actors’ evolving tactics to maintain persistence and avoid detection in compromised […]

The post Akira Ransomware Uses Windows Drivers to Bypass AV/EDR in SonicWall Attacks appeared first on Cyber Security News.

A vulnerability was found in Emby MediaBrowser 4.9.0.35 and classified as problematic. This issue affects some unknown processing. The manipulation leads to unverified password change. The identification of this vulnerability is CVE-2025-46389. The attack may be initiated remotely. There is no exploit available.