"Sophos fixed two critical firewall vulnerabilities."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 25 July 2025, 1552 UTC.

Content and Source:  Email subscription via https://feedly.com.

 https://feedly.com/i/subscription/feed%2Fhttp%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2Ffeed

Please check subscription link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

Security Affairs

74K followers25 articles per week

#security#tech

15

Most popular

Sophos fixed two critical Sophos Firewall vulnerabilities

Execution (Enterprise TA0002)

•

by Pierluigi Paganini / 1d

Sophos addressed five Sophos Firewall vulnerabilities that could allow remote attackers to execute arbitrary code. Sophos has fixed five vulnerabilities (CVE-2025-6704, CVE-2025-7624, CVE-2025-7382, CVE-2024-13974, CVE-2024-13973) in Sophos Firewall that could allow an attacker to remotely execute arbitrary code. “Sophos has resolved five independent security vulnerabilities in Sophos Firewall. E

DSPM & AI Are Booming: $17.87B and $4.8T Markets by 2033

by Pierluigi Paganini / 1d

The DSPM market hit around $1.2 billion in 2024 and should grow to $4.5 billion by 2033 (≈16.5% CAGR). The AI sector is projected to swell from $189 billion in 2023 to $4.8 trillion by 2033. The tech realm is continually evolving. New tools are invented every day, and certain technologies are reaching market valuations that have never been seen before. This tectonic shift is notably influencing t

Stealth backdoor found in WordPress mu-Plugins folder

11 TTPs

•

by Pierluigi Paganini / 1d

•

Hidden malware in mu-plugins

A new stealth backdoor has been discovered in the WordPress mu-plugins folder, granting attackers persistent access and control over compromised sites. Sucuri researchers found a stealthy backdoor hidden in WordPress’s “mu-plugins” folder. These plugins auto-run and allow attackers to stay hidden in admin, and maintain persistence. “must-use plugins” are special WordPress plugins that cannot be d

Today

Koske, a new AI-Generated Linux malware appears in the threat landscape

9 TTPs

•

by Pierluigi Paganini / 5h

•

AI malware hides in panda images

Koske is a new Linux malware designed for cryptomining, likely developed with the help of artificial intelligence. Koske is a new Linux AI-generated malware that was developed for cryptomining activities. Aquasec researchers reported that the malicious code uses rootkits and polyglot image file abuse to evade detection. Attackers exploit a misconfigured server to drop backdoors and download two J

Yesterday

Mitel patches critical MiVoice MX-ONE Auth bypass flaw

Valid Accounts (Enterprise T1078)

•

by Pierluigi Paganini / 7h

Mitel addressed a critical MiVoice MX-ONE flaw that could allow an unauthenticated attacker to conduct an authentication bypass attack. A critical authentication bypass flaw (CVSS score of 9.4) in Mitel MiVoice MX-ONE allows attackers to exploit weak access controls and gain unauthorized access to user or admin accounts. “An authentication bypass vulnerability has been identified in the Provision

Coyote malware is first-ever malware abusing Windows UI Automation

17 TTPs

•

by Pierluigi Paganini / 18h

•

Coyote Trojan exploits UI Automation

New Coyote malware uses Windows UI Automation to steal banking credentials, targeting Brazilian users across 75 banks and crypto platforms. Coyote malware is now the first to exploit Microsoft’s UI Automation framework in the wild, validating prior warnings from Akamai researchers in December 2024. The UI Automation (UIA) framework is a Microsoft accessibility framework that enables automated acc

SonicWall fixed critical flaw in SMA 100 devices exploited in Overstep malware attacks

CVE-2025-40599 & 3 others

•

by Pierluigi Paganini / 1d

SonicWall addressed a critical vulnerability, tracked as CVE-2025-40599 (CVSS score of 9.1), in SMA 100 appliances SonicWall addressed a critical vulnerability, tracked as CVE-2025-40599 (CVSS score of 9.1), in SMA 100 appliances. Experts warn customers to check their installs for Indicators of Compromise (IoCs) associated with Overstep malware attacks. The issue is an authenticated arbitrary fil

Jul 23, 2025

U.S. CISA adds CrushFTP, Google Chromium, and SysAid flaws to its Known Exploited Vulnerabilities catalog

3 TTPs

•

by Pierluigi Paganini / 1d

. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added CrushFTP, Google Chromium, and SysAid flaws to its Known Exploited Vulnerabilities (KEV) catalog . Below are the descriptions for these flaws: CVE-2025-54309 CrushFTP Unprotected Alternate Channel Vulnerability CVE-2025-6558 Google Chromium ANGLE and GPU Improper Input Validation Vulnerability CVE-2025-2776 SysAid On-Prem Im

U.S. CISA urges FCEB agencies to fix two Microsoft SharePoint flaws immediately and added them to its Known Exploited Vulnerabilities catalog

IoC > 3 IPs

•

by Pierluigi Paganini / 1d

•

16 TTPs

•

CVE-2025-49704 & 1 other

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds two Microsoft SharePoint flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two Microsoft SharePoint flaws to its Known Exploited Vulnerabilities (KEV) catalog . Below are the descriptions for these flaws: CVE-2025-49704 Microsoft SharePoint Code Injection Vu

French Authorities confirm XSS.is admin arrested in Ukraine

Cybercriminal forum administrator arrested Ukraine

•

by Pierluigi Paganini / 1d

French authorities announced the arrest in Ukraine of an alleged administrator of the long-running cybercrime forum XSS.is. A joint investigation conducted by French police, Ukrainian authorities, and Europol led to the arrest of the suspected administrator of the major Russian-speaking cybercrime forum xss.is. “The Paris prosecutor’s office announced on Wednesday, July 23, that an individual sus

Jul 22, 2025

Microsoft linked attacks on SharePoint flaws to China-nexus actors

13 TTPs

•

by Pierluigi Paganini / 2d

Microsoft linked SharePoint exploits to China-nexus groups Linen Typhoon, Violet Typhoon, and Storm-2603, active since July 7, 2025. Microsoft confirmed that China-linked groups Linen Typhoon, Violet Typhoon, and Storm-2603 exploited SharePoint flaws for initial access as early as July 7, 2025. “As of this writing, Microsoft has observed two named Chinese nation-state actors, Linen Typhoon and Vi

Cisco confirms active exploitation of ISE and ISE-PIC flaws

6 TTPs

•

by Pierluigi Paganini / 2d

Cisco warns of active exploits targeting Identity Services Engine (ISE) and ISE-PIC flaws, first observed in July 2025. Cisco confirmed attempted exploitation in the wild of recently disclosed ISE and ISE-PIC flaws ( CVE-2025-20281 , CVE-2025-20282 , CVE-2025-20337 ), updating its advisory after detecting attacks in July 2025. “Multiple vulnerabilities in Cisco Identity Services Engine (ISE) and

SharePoint under fire: new ToolShell attacks target enterprises

IoC > 3 IPs

•

by Pierluigi Paganini / 2d

•

20 TTPs

•

CVE-2025-53770

While SentinelOne did not attribute the attack to a specific threat actor, The Washington Post linked it to China-nexus acors. On July 19, Microsoft confirmed active exploitation of a zero-day vulnerability, tracked as CVE-2025-53770 in on-prem SharePoint Servers. The IT giant issued emergency patches for SharePoint Subscription Edition and 2019, with 2016 updates pending. Microsoft urges custome

CrushFTP zero-day actively exploited at least since July 18

4 TTPs

•

by Pierluigi Paganini / 3d

•

CVE-2025-54309

Hackers exploit CrushFTP zero-day, tracked as CVE-2025-54309, to gain admin access via HTTPS when DMZ proxy is off. Threat actors are exploiting a zero-day vulnerability, tracked as CVE-2025-54309 (CVSS score of 9.0), in the managed file transfer software CrushFTP to gain administrative privileges on vulnerable servers via HTTPS. CrushFTP warned of a zero-day that has been exploited since July 18

Jul 21, 2025

Hardcoded credentials found in HPE Aruba Instant On Wi-Fi devices

4 TTPs

•

by Pierluigi Paganini / 3d

Hardcoded credentials in HPE Aruba Instant On Wi-Fi devices, let attackers to bypass authentication and access the web interface. HPE disclosed hardcoded credentials in Aruba Instant On Wi-Fi devices that allow attackers to bypass login and access the web interface. The flaw tracked as CVE-2025-37103 (CVSS score of 9.8) impacts devices running firmware version 3.2.0.1 and below. Aruba Instant On

End of feed