TECHZONE™
前往频道在 Telegram
TECHZONE CYBERNEWS && UPDATES Wᴇʟᴄᴏᴍᴇ Tᴏ TECHZONE™ ✔️Infosec Facts ✔️Cheatsheets ✔️Free Courses ✔️Open source tools ✔️Tech news
显示更多593
订阅者
无数据24 小时
-27 天
-830 天
帖子存档
593
ToolShell: An all-you-can-eat buffet for threat actors
https://www.welivesecurity.com/en/eset-research/toolshell-an-all-you-can-eat-buffet-for-threat-actors/
ESET Research has been monitoring attacks involving the recently discovered ToolShell zero-day vulnerabilities
593
Rogue CAPTCHAs: Look out for phony verification pages spreading malware
https://www.welivesecurity.com/en/cybersecurity/rogue-captchas-look-out-phony-verification-pages-spreading-malware/
Before rushing to prove that you're not a robot, be wary of deceptive human verification pages as an increasingly popular vector for delivering malware
593
Critical Mitel Flaw Lets Hackers Bypass Login, Gain Full Access to MiVoice MX-ONE Systems
https://thehackernews.com/2025/07/critical-mitel-flaw-lets-hackers-bypass.html
Mitel has released security updates to address a critical security flaw in MiVoice MX-ONE that could allow an attacker to bypass authentication protections.
"An authentication bypass vulnerability has been identified in the Provisioning Manager component of Mitel MiVoice MX-ONE, which, if successfully exploited, could allow an unauthenticated attacker to conduct an authentication bypass attack
593
Fire Ant Exploits VMware Flaws to Compromise ESXi Hosts and vCenter Environments
https://thehackernews.com/2025/07/fire-ant-exploits-vmware-flaw-to.html
Virtualization and networking infrastructure have been targeted by a threat actor codenamed Fire Ant as part of a prolonged cyber espionage campaign.
The activity, observed this year, is primarily designed Now to infiltrate organizations' VMware ESXi and vCenter environments as well as network appliances, Sygnia said in a new report published today.
"The threat actor leveraged combinations of
593
CastleLoader Malware Infects 469 Devices Using Fake GitHub Repos and ClickFix Phishing
https://thehackernews.com/2025/07/castleloader-malware-infects-469.html
Cybersecurity researchers have shed light on a new versatile malware loader called CastleLoader that has been put to use in campaigns distributing various information stealers and remote access trojans (RATs).
The activity employs Cloudflare-themed ClickFix phishing attacks and fake GitHub repositories opened under the names of legitimate applications, Swiss cybersecurity company PRODAFT said in
593
Sophos and SonicWall Patch Critical RCE Flaws Affecting Firewalls and SMA 100 Devices
https://thehackernews.com/2025/07/sophos-and-sonicwall-patch-critical-rce.html
Sophos and SonicWall have alerted users of critical security flaws in Sophos Firewall and Secure Mobile Access (SMA) 100 Series appliances that could be exploited to achieve remote code execution.
The two vulnerabilities impacting Sophos Firewall are listed below -
CVE-2025-6704 (CVSS score: 9.8) - An arbitrary file writing vulnerability in the Secure PDF eXchange (SPX) feature can lead
593
Watch This Webinar to Uncover Hidden Flaws in Login, AI, and Digital Trust — and Fix Them
https://thehackernews.com/2025/07/watch-this-webinar-to-uncover-hidden.html
Is Managing Customer Logins and Data Giving You Headaches? You're Not Alone!
Today, we all expect super-fast, secure, and personalized online experiences. But let's be honest, we're also more careful about how our data is used. If something feels off, trust can vanish in an instant. Add to that the lightning-fast changes AI is bringing to everything from how we log in to spotting online fraud,
593
Pentests once a year? Nope. It’s time to build an offensive SOC
https://thehackernews.com/2025/07/pentests-once-year-nope-its-time-to.html
You wouldn’t run your blue team once a year, so why accept this substandard schedule for your offensive side?
Your cybersecurity teams are under intense pressure to be proactive and to find your network’s weaknesses before adversaries do. But in many organizations, offensive security is still treated as a one-time event: an annual pentest, a quarterly red team engagement, maybe an audit sprint
593
China-Based APTs Deploy Fake Dalai Lama Apps to Spy on Tibetan Community
https://thehackernews.com/2025/07/china-based-apts-deploy-fake-dalai-lama.html
The Tibetan community has been targeted by a China-nexus cyber espionage group as part of two campaigns conducted last month ahead of the Dalai Lama's 90th birthday on July 6, 2025.
The multi-stage attacks have been codenamed Operation GhostChat and Operation PhantomPrayers by Zscaler ThreatLabz.
"The attackers compromised a legitimate website, redirecting users via a malicious link and
593
Storm-2603 Exploits SharePoint Flaws to Deploy Warlock Ransomware on Unpatched Systems
https://thehackernews.com/2025/07/storm-2603-exploits-sharepoint-flaws-to.html
Microsoft has revealed that one of the threat actors behind the active exploitation of SharePoint flaws is deploying Warlock ransomware on targeted systems.
The tech giant, in an update shared Wednesday, said the findings are based on an "expanded analysis and threat intelligence from our continued monitoring of exploitation activity by Storm-2603."
The threat actor attributed to the financially
593
Europol Arrests XSS Forum Admin in Kyiv After 12-Year Run Operating Cybercrime Marketplace
https://thehackernews.com/2025/07/europol-arrests-xss-forum-admin-in-kyiv.html
Europol on Monday announced the arrest of the suspected administrator of XSS.is (formerly DaMaGeLaB), a notorious Russian-speaking cybercrime platform.
The arrest, which took place in Kyiv, Ukraine, on July 222, 2025, was led by the French Police and Paris Prosecutor, in collaboration with Ukrainian authorities and Europol. The action is the result of an investigation that was launched by the
593
Hackers Deploy Stealth Backdoor in WordPress Mu-Plugins to Maintain Admin Access
https://thehackernews.com/2025/07/hackers-deploy-stealth-backdoor-in.html
Cybersecurity researchers have uncovered a new stealthy backdoor concealed within the "mu-plugins" directory in WordPress sites to grant threat actors persistent access and allow them to perform arbitrary actions.
Must-use plugins (aka mu-plugins) are special plugins that are automatically activated on all WordPress sites in the installation. They are located in the "wp-content/mu-plugins"
593
Threat Actor Mimo Targets Magento and Docker to Deploy Crypto Miners and Proxyware
https://thehackernews.com/2025/07/threat-actor-mimo-targets-magento-and.html
The threat actor behind the exploitation of vulnerable Craft Content Management System (CMS) instances has shifted its tactics to target Magento CMS and misconfigured Docker instances.
The activity has been attributed to a threat actor tracked as Mimo (aka Hezb), which has a long history of leveraging N-day security flaws in various web applications to deploy cryptocurrency miners.
"Although
593
New Coyote Malware Variant Exploits Windows UI Automation to Steal Banking Credentials
https://thehackernews.com/2025/07/new-coyote-malware-variant-exploits.html
The Windows banking trojan known as Coyote has become the first known malware strain to exploit the Windows accessibility framework called UI Automation (UIA) to harvest sensitive information.
"The new Coyote variant is targeting Brazilian users, and uses UIA to extract credentials linked to 75 banking institutes' web addresses and cryptocurrency exchanges," Akamai security researcher Tomer
593
Kerberoasting Detections: A New Approach to a Decade-Old Challenge
https://thehackernews.com/2025/07/kerberoasting-detections-new-approach.html
Security experts have been talking about Kerberoasting for over a decade, yet this attack continues to evade typical defense methods. Why? It’s because existing detections rely on brittle heuristics and static rules, which don’t hold up for detecting potential attack patterns in highly variable Kerberos traffic. They frequently generate false positives or miss “low-and-slow” attacks altogether.&
593
Google Launches OSS Rebuild to Expose Malicious Code in Widely Used Open-Source Packages
https://thehackernews.com/2025/07/google-launches-oss-rebuild-to-expose.html
Google has announced the launch of a new initiative called OSS Rebuild to bolster the security of the open-source package ecosystems and prevent software supply chain attacks.
"As supply chain attacks continue to target widely-used dependencies, OSS Rebuild gives security teams powerful data to avoid compromise without burden on upstream maintainers," Matthew Suozzo, Google Open Source Security
593
Why is your data worth so much? | Unlocked 403 cybersecurity podcast (S2E4)
https://www.welivesecurity.com/en/videos/why-is-your-data-worth-so-much-unlocked-403-cybersecurity-podcast-s2e4/
Behind every free online service, there's a price being paid. Learn why your digital footprint is so valuable, and why you might be the product.
593
CISA Orders Urgent Patching After Chinese Hackers Exploit SharePoint Flaws in Live Attacks
https://thehackernews.com/2025/07/cisa-orders-urgent-patching-after.html
The U.S. Cybersecurity and Infrastructure Security Agency (CISA), on July 22, 2025, added two Microsoft SharePoint flaws, CVE-2025-49704 and CVE-2025-49706, to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
To that end, Federal Civilian Executive Branch (FCEB) agencies are required to remediate identified vulnerabilities by July 23, 2025.
"CISA is
593
Microsoft Links Ongoing SharePoint Exploits to Three Chinese Hacker Groups
https://thehackernews.com/2025/07/microsoft-links-ongoing-sharepoint.html
Microsoft has formally tied the exploitation of security flaws in internet-facing SharePoint Server instances to two Chinese hacking groups called Linen Typhoon and Violet Typhoon as early as July 7, 2025, corroborating earlier reports.
The tech giant said it also observed a third China-based threat actor, which it tracks as Storm-2603, weaponizing the flaws as well to obtain initial access to
593
Cisco Confirms Active Exploits Targeting ISE Flaws Enabling Unauthenticated Root Access
https://thehackernews.com/2025/07/cisco-confirms-active-exploits.html
Cisco on Monday updated its advisory of a set of recently disclosed security flaws in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) to acknowledge active exploitation.
"In July 2025, the Cisco PSIRT [Product Security Incident Response Team], became aware of attempted exploitation of some of these vulnerabilities in the wild," the company said in an alert.
The
