Search results for microsoft upgrade keys server 2025 | Breaking Cybersecurity News | The Hacker News

Microsoft has revealed that one of the threat actors behind the active exploitation of SharePoint flaws is deploying Warlock ransomware on targeted systems. The tech giant, in an update shared Wednesday, said the findings are based on an "expanded analysis and threat intelligence from our continued monitoring of exploitation activity by Storm-2603 ." The threat actor attributed to the financially motivated activity is a suspected China-based threat actor that's known to drop Warlock and LockBit ransomware in the past. The attack chains entail the exploitation of CVE-2025-49706, a spoofing vulnerability, and CVE-2025-49704, a remote code execution vulnerability, targeting unpatched on-premises SharePoint servers to deploy the spinstall0.aspx web shell payload. "This initial access is used to conduct command execution using the w3wp.exe process that supports SharePoint," Microsoft said. "Storm-2603 then initiates a series of discovery commands, incl...

Cyber threats didn't slow down last week—and attackers are getting smarter. We're seeing malware hidden in virtual machines, side-channel leaks exposing AI chats, and spyware quietly targeting Android devices in the wild. But that's just the surface. From sleeper logic bombs to a fresh alliance between major threat groups, this week's roundup highlights a clear shift: cybercrime is evolving fast, and the lines between technical stealth and strategic coordination are blurring. It's worth your time. Every story here is about real risks that your team needs to know about right now. Read the whole recap. ⚡ Threat of the Week Curly COMrades Abuses Hyper-V to Hide Malware in Linux VMs — Curly COMrades, a threat actor supporting Russia's geopolitical interests, has been observed abusing Microsoft's Hyper-V hypervisor in compromised Windows machines to create a hidden Alpine Linux-based virtual machine and deploy malicious payloads. This method allows the malware to run completel...

Cybersecurity today is less about single attacks and more about chains of small weaknesses that connect into big risks. One overlooked update, one misused account, or one hidden tool in the wrong hands can be enough to open the door. The news this week shows how attackers are mixing methods—combining stolen access, unpatched software, and clever tricks to move from small entry points to large consequences.  For defenders, the lesson is clear: the real danger often comes not from one major flaw, but from how different small flaws interact together. ⚡ Threat of the Week WhatsApp Patches Actively Exploited Flaw — WhatsApp addressed a security vulnerability in its messaging apps for Apple iOS and macOS that it said may have been exploited in the wild in conjunction with a recently disclosed Apple flaw in targeted zero-day attacks. The vulnerability, CVE-2025-55177 relates to a case of insufficient authorization of linked device synchronization messages. The Meta-owned company ...

The cyber world never hits pause, and staying alert matters more than ever. Every week brings new tricks, smarter attacks, and fresh lessons from the field. This recap cuts through the noise to share what really matters—key trends, warning signs, and stories shaping today's security landscape. Whether you're defending systems or just keeping up, these highlights help you spot what's coming before it lands on your screen. ⚡ Threat of the Week Oracle 0-Day Under Attack — Threat actors with ties to the Cl0p ransomware group have exploited a zero-day flaw in E-Business Suite to facilitate data theft attacks. The vulnerability, tracked as CVE-2025-61882 (CVSS score: 9.8), concerns an unspecified bug that could allow an unauthenticated attacker with network access via HTTP to compromise and take control of the Oracle Concurrent Processing component. In a post shared on LinkedIn, Charles Carmakal, CTO of Mandiant at Google Cloud, said "Cl0p exploited multiple vulnerabilities in Ora...

Everything feels secure—until one small thing slips through. Even strong systems can break if a simple check is missed or a trusted tool is misused. Most threats don't start with alarms—they sneak in through the little things we overlook. A tiny bug, a reused password, a quiet connection—that's all it takes. Staying safe isn't just about reacting fast. It's about catching these early signs before they blow up into real problems. That's why this week's updates matter. From stealthy tactics to unexpected entry points, the stories ahead reveal how quickly risk can spread—and what smart teams are doing to stay ahead. Dive in. ⚡ Threat of the Week U.S. Disrupts N. Korea IT Worker Scheme — Prosecutors said they uncovered the North Korean IT staff working at over 100 U.S. companies using fictitious or stolen identities and not only drawing salaries, but also stealing secret data and plundering virtual currency more than $900,000 in one incident targeting an unnamed blockchain company in ...

Not every risk looks like an attack. Some problems start as small glitches, strange logs, or quiet delays that don't seem urgent—until they are. What if your environment is already being tested, just not in ways you expected? Some of the most dangerous moves are hidden in plain sight. It's worth asking: what patterns are we missing, and what signals are we ignoring because they don't match old playbooks? This week's reports bring those quiet signals into focus—from attacks that bypassed MFA using trusted tools, to supply chain compromises hiding behind everyday interfaces. Here's what stood out across the cybersecurity landscape: ⚡ Threat of the Week Cloudflare Blocks Massive 7.3 Tbps DDoS Attack — Cloudflare said it autonomously blocked the largest distributed denial-of-service (DDoS) attack ever recorded, which hit a peak of 7.3 terabits per second (Tbps). The attack, the company said, targeted an unnamed hosting provider and delivered 37.4 terabytes in 45 seconds. It origi...

Welcome to this week's Threatsday Bulletin —your Thursday check-in on the latest twists and turns in cybersecurity and hacking. The digital threat landscape never stands still. One week it's a critical zero-day, the next it's a wave of phishing lures or a state-backed disinformation push. Each headline is a reminder that the rules keep changing and that defenders—whether you're protecting a global enterprise or your own personal data—need to keep moving just as fast. In this edition we unpack fresh exploits, high-profile arrests, and the newest tactics cybercriminals are testing right now. Grab a coffee, take five minutes, and get the key insights that help you stay a step ahead of the next breach. Firmware fights back SonicWall Releases SMA 100 Firmware Update to Remove Rootkit SonicWall has released a firmware update that it said will help customers remove rootkit malware deployed in attacks targeting SMA 100 series devices. "S...