Government agencies and private industry have been under siege over the past four days following the discovery that a critical vulnerability in SharePoint, the widely used document-sharing app made by Microsoft, is under mass exploitation. Since that revelation, the fallout and the ever-increasing scope of the attacks have been hard to keep track of. What follows are answers to some of the most common questions about the vulnerability, which collectively is being called ToolShell. READ MORE...
The US Nuclear Weapons Agency was one of the organization's breached yesterday after Microsoft's SharePoint document management software was hacked by unknown threat actors, according to sources. First reported by Bloomberg News, no sensitive or classified information is known to have been compromised in the attack on the agency, which is responsible for maintaining and designing the US nuclear weapons store. READ MORE...
Sonicwall is asking customers running specific Secure Mobile Access (SMA) 100 Series devices to patch a newly uncovered vulnerability (CVE-2025-40599) as soon as possible. "While there is currently no evidence that this vulnerability is being actively exploited in the wild," Sonicwall is advising organizations using SMA 210, 410 or 500v appliances to check whether they have been compromised in a recently disclosed ongoing campaign delivering the OVERSTEP backdoor to end-of-life SMA devices. READ MORE...
The popular NPM package 'is' has been compromised in a supply chain attack that injected backdoor malware, giving attackers full access to compromised devices. This occurred after maintainer accounts were hijacked via phishing, followed by unauthorized owner changes that went unnoticed for several hours, potentially compromising many developers who downloaded the new releases. The 'is' package is a lightweight JavaScript utility library that provides a wide variety of functions. READ MORE...
Cleaning products giant Clorox has filed a lawsuit against IT services provider Cognizant, accusing the company of making it easy for hackers to breach its systems in the 2023 cyberattack. Clorox is seeking $380 million from Cognizant, which includes $49 million in remedial costs - this amount was previously reported by Clorox - and hundreds of millions of dollars in losses caused by business interruption. READ MORE...
Fewer experts are analyzing data from a key critical infrastructure cybersecurity program due to contracting issues associated with the Trump administration, an expert told Congress on Tuesday. Under a contract with the Cybersecurity and Infrastructure Security Agency (CISA), a team from Lawrence Livermore National Laboratory has been reviewing data collected by CISA's CyberSentry network-monitoring sensors, which are free voluntary tools available to critical infrastructure organizations. READ MORE...
More than 400 organizations have been compromised in the Microsoft SharePoint attack, according to Eye Security, which initially sounded the alarm on the mass exploitation last Friday, even before Redmond confirmed the critical vulnerabilities. The Dutch security company on Wednesday reported four waves of attacks beginning July 17 and continuing the following two days, with "multiple waves" beginning July 21. READ MORE...
Kerberoasting is a common attack targeting Microsoft Active Directory, enabling attackers to compromise service accounts with low risk of detection. Because it manipulates legitimate accounts, it can be highly effective. However, robust password security can keep the criminals at bay. First, what is Kerberoasting? The name comes from 'Kerberos', the authentication protocol used in Active Directory, which verifies a user's identity or that of a computer requesting access to resources. READ MORE...
Apair of maximum-severity vulnerabilities affecting Cisco's network access security platform are under active exploitation, the enterprise networking and IT vendor warned in a security advisory Monday. The software defects in Cisco Identity Services Engine and Cisco ISE Passive Identity Connector - CVE-2025-20281 and CVE-2025-20337 - were disclosed and addressed by Cisco on June 25, followed by the disclosure of a third critical vulnerability in the same software, CVE-2025-20282, on July 16. READ MORE...