ToolShell: a story of five vulnerabilities in Microsoft SharePoint

On July 19–20, 2025, various security companies and national CERTs published alerts about active exploitation of on-premise SharePoint servers. According to the reports, observed attacks did not require authentication, allowed attackers to gain full control over the infected servers, and Read More …

Disrupting active exploitation of on-premises SharePoint vulnerabilities

Expanded analysis and threat intelligence from Microsoft continued monitoring of exploitation activity by Storm-2603 leading to the deployment of Warlock ransomware. Based on new information, we have updated the Attribution, Indicators of compromise, extended and clarified Mitigation and protection guidance Read More …

Hundreds of organizations breached by SharePoint mass-hacks

Security researchers say hackers have breached at least 400 organizations by exploiting a zero-day vulnerability in Microsoft SharePoint, signaling a sharp rise in the number of detected compromises since the bug was discovered last week. Eye Security, a Dutch cybersecurity Read More …

Microsoft releases urgent SharePoint security flaw patches

Microsoft has released an urgent patch to fix a zero-day vulnerability affecting on-premises SharePoint servers. The vulnerability is already being exploited in the wild, which is why users are urged to apply the patch immediately and secure their assets. Three Read More …

Multiple Brother Devices: Multiple Vulnerabilities (FIXED)

Rapid7 conducted a zero-day research project into multifunction printers (MFP) from Brother Industries, Ltd. This research resulted in the discovery of 8 new vulnerabilities. Some or all of these vulnerabilities have been identified as affecting 689 models across Brother’s range Read More …

Canadian Centre for Cyber Security/FBI: People’s Republic of China cyber threat activity

The Canadian Centre for Cyber Security (Cyber Centre) and the United States’ Federal Bureau of Investigation (FBI) are warning Canadians of the threat posed by People’s Republic of China (PRC) state-sponsored cyber threat actor tracked in industry reporting as Salt Read More …

CVE-2025-4365/CVE Unassigned: NetScaler Console/SDX Authenticated Arbitrary File Read/Write (FIXED)

During root cause analysis for the NetScaler Console vulnerability, CVE-2024-6235, Rapid7 discovered two high severity authenticated arbitrary file read and write vulnerabilities which were disclosed to the vendor in accordance with our disclosure policy. An Arbitrary File Read vulnerability (CVE-2025-4365) Read More …

Pre-Auth RCE Alert: Critical SSH Flaw in Erlang/OTP (CVE-2025-32433)

The SonicWall Capture Labs threat research team became aware of a pre-authentication vulnerability in Erlang/OTP (Open Telegram Platform) SSH server implementation, assessed its impact, and developed mitigation measures. Erlang/OTP is a known toolkit used to build scalable, fault-tolerant systems such Read More …

Critical Langflow Vulnerability (CVE-2025-3248) Actively Exploited to Deliver Flodrix Botnet

This blog details research and analysis of an active campaign that exploits a critical unauthenticated remote code execution (RCE) vulnerability, CVE-2025-3248, that has been identified in Langflow versions prior to 1.3.0. Langflow is a Python-powered visual framework for building AI Read More …

Apple fixes new iPhone zero-day bug used in Paragon spyware hacks

Researchers revealed on Thursday that two European journalists had their iPhones hacked with spyware made by Paragon. Apple says it has fixed the bug that was used to hack their phones. The Citizen Lab wrote in its report, shared with Read More …