🚨 CISA KEV 1[−]
20 Jul KEVCISA Adds One Known Exploited Vulnerability, CVE-2025-53770 “ToolShell,” to CatalogCISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. See CISA’s Alert Microsoft Releases Guidance on Exploitation of SharePoint Vulnerability (CVE-2025-53770) for more information and to apply the re…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 10[−]
20 JulHackers Exploit Critical CrushFTP Flaw to Gain Admin Access on Unpatched ServersA newly disclosed critical security flaw in CrushFTP has come under active exploitation in the wild. Assigned the CVE identifier CVE-2025-54309, the vulnerability carries a CVSS score of 9.0. "CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not us…THEHACKERNEWS.COM
20 Jul KEVCritical Unpatched SharePoint Zero-Day Actively Exploited, Breaches 75+ Global OrganizationsA critical security vulnerability in Microsoft SharePoint Server has been weaponized as part of an "active, large-scale" exploitation campaign. The zero-day flaw, tracked as CVE-2025-53770 (CVSS score: 9.8), has been described as a variant of CVE-2025-49706 (CVSS score: 6.3), a s…THEHACKERNEWS.COM
20 Jul KEVSharePoint Under Attack: Microsoft Warns of Zero-Day Exploited in the Wild – No Patch AvailableEnterprises running SharePoint servers should not wait for a fix for CVE-2025-53770 and should commence threat hunting to search for compromise immediately. The post SharePoint Under Attack: Microsoft Warns of Zero-Day Exploited in the Wild – No Patch Available appeared first on …SECURITYWEEK.COM
20 Jul KEVMicrosoft SharePoint zero-day exploited in RCE attacks, no patch availableA critical zero-day vulnerability in Microsoft SharePoint, tracked as CVE-2025-53770, has been actively exploited since at least July 18th, with no patch available and at least 85 servers already compromised worldwide. [...]BLEEPINGCOMPUTER.COM
20 JulMicrosoft Releases Guidance on Exploitation of SharePoint Vulnerability (CVE-2025-53770)CISA is aware of active exploitation of a new remote code execution (RCE) vulnerability enabling unauthorized access to on-premise SharePoint servers. While the scope and impact continue to be assessed, the new Common Vulnerabilities and Exposures (CVE), CVE-2025-53770…CISA.GOV
20 JulActive Global Attacks Targeting On-premises SharePoint Server (CVE-2025-53770)submitted by mhewitt to cybersecurity 1 points | 0 comments https://msrc.microsoft.com/blog/2025/07/customer-guidance-for-sharepoint-vulnerability-cve-2025-53770/ IOCs: 107.191.58[.]76 104.238.159[.]149 96.9.125[.]147 Unusual POSTs to /_layouts/15/ToolPane.aspx?DisplayMode=Edit s…INFOSEC.PUB
20 JulCritical Sharepoint 0-Day Vulnerablity Exploited CVE-2025-53770 (ToolShell), (Sun, Jul 20th)Microsoft announced yesterday that a newly discovered critical remote code execution vulnerability in SharePoint is being exploited. There is no patch available. As a workaround, Microsoft suggests using Microsoft Defender to detect any attacks. To use Defender, you must first co…ISC.SANS.EDU
20 JulCVE-2025-53770 Microsoft SharePoint Server Remote Code Execution VulnerabilityThe security update is avaialble for Microsoft SharePoint Server Subscription Edition. Microsoft strongly encourages customers running this version of SharePoint to install this update as soon as possible.MSRC.MICROSOFT.COM
20 JulCVE-2025-53771 Microsoft SharePoint Server Spoofing VulnerabilityImproper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.MSRC.MICROSOFT.COM
⚠️ VULNERABILITY DISCLOSURE 2[−]
20 JulMalware Injected into 6 npm Packages After Maintainer Tokens Stolen in Phishing AttackCybersecurity researchers have alerted to a supply chain attack that has targeted popular npm packages via a phishing campaign designed to steal the project maintainers' npm tokens. The captured tokens were then used to publish malicious versions of the packages directly to the r…THEHACKERNEWS.COM
20 JulA 0-day flaw in Microsoft SharePoint is being exploited in RCE attacks on servers globally; no patch exists and tens of thousands of servers are at risksubmitted by Pro to cybersecurity 1 points | 0 comments https://research.eye.security/sharepoint-under-siege/INFOSEC.PUB
🕵️ THREAT INTELLIGENCE 2[−]
20 JulWeekly Update 461Presently sponsored by: 1Password Extended Access Management: Secure every sign-in for every app on every device. The Stripe situation is frustrating: by mandating an email address on all invoices, we're providing a channel that sends customer queries directly through to us …TROYHUNT.COM
20 JulEncryptHub Targets Web3 Developers Using Fake AI Platforms to Deploy Fickle Stealer MalwareThe financially motivated threat actor known as EncryptHub (aka LARVA-208 and Water Gamayun) has been attributed to a new campaign that's targeting Web3 developers to infect them with information stealer malware. "LARVA-208 has evolved its tactics, using fake AI platforms (e.g., …THEHACKERNEWS.COM
📡 INFOSEC NEWS 1[−]
20 JulHPE warns of hardcoded passwords in Aruba access pointsHewlett-Packard Enterprise (HPE) is warning of hardcoded credentials in Aruba Instant On Access Points that allow attackers to bypass normal device authentication and access the web interface. [...]BLEEPINGCOMPUTER.COM