Cybersecurity
ToolShell: An all-you-can-eat buffet for threat actors
ESET Research has been monitoring attacks involving the recently discovered ToolShell zero-day vulnerabilities 24 Jul 2025 • , 5 min. read On July 19th, 2025, Microsoft confirmed that a set of zero-day vulnerabilities in SharePoint Server called ToolShell is being exploited in the wild. ToolShell is comprised of CVE-2025-53770, a remote code execution vulnerability, and…
Silver Fox Exploits Microsoft-Signed WatchDog Driver to Deploy ValleyRAT Malware
The threat actor known as Silver Fox has been attributed to abuse of a previously unknown vulnerable driver associated with WatchDog Anti-malware as part of a Bring Your Own Vulnerable Driver (BYOVD) attack aimed at disarming security solutions installed on compromised hosts. The vulnerable driver in question is “amsdk.sys” (version 1.0.600), a 64-bit, validly signed…
The Ongoing Fallout from a Breach at AI Chatbot Maker Salesloft – Krebs on Security
The recent mass-theft of authentication tokens from Salesloft, whose AI chatbot is used by a broad swath of corporate America to convert customer interaction into Salesforce leads, has left many companies racing to invalidate the stolen credentials before hackers can exploit them. Now Google warns the breach goes far beyond access to Salesforce data, noting…
Angriffe auf npm-Lieferkette gefährden Entwicklungsumgebungen
Angriffe auf das NX-Build-System und React-Pakete zeigen, dass die Bedrohungen für Softwareentwicklung in Unternehmen immer größer werden. Garun .Prdt – shutterstock.com Ein ausgeklügelter Supply-Chain-Angriff hat das weit verbreitete Entwickler-Tool Nx-Build-System-Paket kompromittiert, das über den Node Package Manager (npm) installiert und verwendet wird. Dadurch wurden zahlreiche Anmeldedaten von Entwicklern offengelegt. Laut einem neuen Bericht des Sicherheitsunternehmens…
What is Network Security? Definition and Best Practices | TechTarget
Network security encompasses all the steps taken to protect the integrity of a computer network and the data within it. It involves a combination of tools, policies, protocols and practices designed to prevent unauthorized access, misuse, modification or denial of a network and its resources. Successful network security strategies use multiple security approaches to protect…
Week in review: 300k+ Plex Media Server instances still vulnerable to attack, exploited Git RCE flaw – Help Net Security
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: 300k+ Plex Media Server instances still vulnerable to attack via CVE-2025-34158Over 300,000 internet-facing Plex Media Server instances are still vulnerable to attack via CVE-2025-34158, a critical vulnerability for which Plex has issued a fix for earlier this month, Censys has…
The need for speed: Why organizations are turning to rapid, trustworthy MDR
How top-tier managed detection and response (MDR) can help organizations stay ahead of increasingly agile and determined adversaries 19 Aug 2025 • , 5 min. read How long does it take for threat actors to move from initial access to lateral movement? Days? Hours? Unfortunately, the answer for many organizations is increasingly “minutes.” In fact,…
Abandoned Sogou Zhuyin Update Server Hijacked, Weaponized in Taiwan Espionage Campaign
An abandoned update server associated with input method editor (IME) software Sogou Zhuyin was leveraged by threat actors as part of an espionage campaign to deliver several malware families, including C6DOOR and GTELAM, in attacks primarily targeting users across Eastern Asia. “Attackers employed sophisticated infection chains, such as hijacked software updates and fake cloud storage…
DSLRoot, Proxies, and the Threat of ‘Legal Botnets’ – Krebs on Security
The cybersecurity community on Reddit responded in disbelief this month when a self-described Air National Guard member with top secret security clearance began questioning the arrangement they’d made with company called DSLRoot, which was paying $250 a month to plug a pair of laptops into the Redditor’s high-speed Internet connection in the United States. This…
LLMs easily exploited using run-on sentences, bad grammar, image scaling
A series of vulnerabilities recently revealed by several research labs indicate that, despite rigorous training, high benchmark scoring, and claims that artificial general intelligence (AGI) is right around the corner, large language models (LLMs) are still quite naïve and easily confused in situations where human common sense and healthy suspicion would typically prevail. For example,…