CISA Warns: SysAid Flaws Under Active Attack Enable Remote File Access and SSRF
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has included two vulnerabilities in SysAid IT support software in its Known ...
Monday, August 4, 2025
Tag: the hacker news
CISA Orders Urgent Patching After Chinese Hackers Exploit SharePoint Flaws in Live Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two Microsoft SharePoint vulnerabilities, CVE-2025-49704 and CVE-2025-49706, to its Known ...
Microsoft Links Ongoing SharePoint Exploits to Three Chinese Hacker Groups
Microsoft has linked the exploitation of security vulnerabilities in SharePoint Server to two Chinese hacking groups, Linen Typhoon and Violet ...
PoisonSeed Hackers Bypass FIDO Keys Using QR Phishing and Cross-Device Sign-In Abuse
Cybersecurity researchers have identified a new attack method enabling threat actors to circumvent Fast IDentity Online (FIDO) protections by tricking ...
3,500 Websites Hijacked to Secretly Mine Crypto Using Stealth JavaScript and WebSocket Tactics
A new attack campaign has compromised over 3,500 websites globally with JavaScript cryptocurrency miners, reviving browser-based cryptojacking reminiscent of CoinHive. ...
EncryptHub Targets Web3 Developers Using Fake AI Platforms to Deploy Fickle Stealer Malware
The financially motivated threat actor known as EncryptHub (also referred to as LARVA-208 and Water Gamayun) has launched a new ...
Malware Injected into 6 npm Packages After Maintainer Tokens Stolen in Phishing Attack
Cybersecurity researchers have reported a supply chain attack targeting popular npm packages through a phishing campaign aimed at stealing maintainers' ...
Chinese Hackers Target Taiwan's Semiconductor Sector with Cobalt Strike, Custom Backdoors
The Taiwanese semiconductor industry is currently facing spear-phishing attacks from three Chinese state-sponsored threat actors, targeting various organizations involved in ...
Cisco Warns of Critical ISE Flaw Allowing Unauthenticated Attackers to Execute Root Code
Cisco has announced a critical security vulnerability, tracked as CVE-2025-20337, affecting its Identity Services Engine (ISE) and ISE Passive Identity ...
AI Agents Act Like Employees With Root Access—Here's How to Regain Control
The AI gold rush is prompting organizations to embrace generative AI, which is now seen as essential for accelerating software ...
News Summarized. Time Saved. Bite-sized news briefs for busy people. No fluff, just facts.