Organizations continue to grapple with increasingly complex cyberthreats, as ransomware groups rapidly evolve their tactics. In a recent attack wave, the Warlock ransomware group exploited internet-exposed, unpatched on-premise Microsoft SharePoint servers, abusing newly discovered vulnerabilities to gain initial access to their target’s system.
Other groups such as Linen Typhoon and Violet Typhoon have also been observed exploiting these vulnerabilities against internet-facing SharePoint servers. More details on these vulnerabilities and how Trend mitigates their impact can be found in the relevant knowledge base entry.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Bogus Avast website fakes virus scan, installs Venom Stealer instead
March 27, 2026
A fake website impersonating Avast antivirus is tricking people into infecting their own computers. The site looks legitimate, runs what appears to be a virus scan, and claims your system is full of threats. But the results are fake: when you’re prompted to “fix” the problem, the download you’re given is actually Venom Stealer—a type of ...
- Commission investigates cyberattack targeting EU websites
March 27, 2026
The European Commission has announced that it is investigating a cyber attack that took place on Tuesday, targeting its cloud infrastructure hosting the ‘europa.eu’ websites and leading to a data leak. “Early findings of our ongoing investigation suggest that data have been taken from those websites,” it said in a statement on Friday evening, adding that ...
- Iranian hackers allegedly breached FBI Director Patel’s personal emails
March 27, 2026
Hackers breached FBI Director Kash Patel’s personal email, according to sources familiar with the situation. The majority of the emails were from prior to 2019, according to sources, and appear to be from before his tenure at the FBI. There were a few emails from 2022, sources told ABC News. “The FBI is aware of malicious ...
- Coruna: the framework used in Operation Triangulation
March 26, 2026
On March 4, 2026, Google and iVerify published reports about a highly sophisticated exploit kit targeting Apple iPhone devices. According to Google, the exploit kit was first discovered in targeted attacks conducted by a customer of an unnamed surveillance vendor. It was later used by other attackers in watering-hole attacks in Ukraine and in financially motivated ...
- Infiniti Stealer: A new macOS infostealer using ClickFix and Python/Nuitka
March 26, 2026
A previously undocumented macOS infostealer has surfaced during our routine threat hunting. Malwarebytes Labs researchers initially tracked it as NukeChain, but shortly before publication, the malware’s operator panel became publicly visible, revealing its real name: Infiniti Stealer. This malware is designed to steal sensitive data from Macs. It spreads through a fake CAPTCHA page that tricks ...
- Cloud Phones: The Invisible Threat
March 25, 2026
What began as a simple scheme to inflate social media metrics has evolved into a sophisticated threat that is quietly reshaping the economics of digital fraud. Over the past decade, fraud prevention teams have invested heavily in device fingerprinting and emulator detection and that investment paid off; classic emulators and bot activities became predictable, easy ...