Search results for sharepoint link | Breaking Cybersecurity News | The Hacker News

Phishing works no matter how hard a company tries to protect its customers or employees. Security researchers have been warning of a new phishing attack that cybercriminals and email scammers are using in the wild to bypass the Advanced Threat Protection (ATP) mechanism implemented by widely used email services like Microsoft Office 365. Microsoft Office 365 is an all-in-solution for users that offers several different online services, including Exchange Online, SharePoint Online, Lync Online and other Office Web Apps, like Word, Excel, PowerPoint, Outlook and OneNote. On the top of these services, Microsoft also offers an artificial intelligence and machine learning powered security protection to help defend against potential phishing and other threats by going one level deep to scan the links in the email bodies to look for any blacklisted or suspicious domain. But as I said, phishers always find a way to bypass security protections in order to victimize users. Just ...

Collaboration sits at the essence of SaaS applications. The word, or some form of it, appears in the top two headlines on Google Workspace's homepage. It can be found six times on Microsoft 365's homepage, three times on Box, and once on Workday. Visit nearly any SaaS site, and odds are 'collaboration' will appear as part of the app's key selling point.  By sitting on the cloud, content within the applications is immediately shareable, making it easier than ever to work with others.  However, that shareability is a two-sided coin. On the flip side are often sensitive links sitting on public-facing websites that can be easily accessed. The exposure caused by leaked documents can cause tremendous harm, from competitors trying to gather corporate secrets to whistleblowers sharing internal information with reporters or legislators. As integral as collaboration is to SaaS, sharing links creates a high-risk situation, and real-life breaches, that can be mitigated through the righ...

V@N!$H3R found venerability in 5 biggest Windows IT professionals community Websites ! V@N!$H3R is an Indian Hacker, who is member of Group " Ethical Pen3trators ". There motto is ' Securing Indian Cyber Space '. They Found venerability in 5 biggest Windows IT professionals community Websites and next step will be to inform their webmaster about these bugs. 1.) Windows IT Pro - The leading independent community for IT pros Venerable Link :   https://www.windowsitpro.com/home/search.aspx?query=%3Chtml%3E%3Cbody%3E%3Cmarquee%3E%3Cfont+color%3Dred+size%3D5%3E--You+Have+been+Hacked+by+V@N!$H3R--%3C/marquee%3E%3C/font%3E%3Cbr%3E%3Cbr%3E%3CIMG%20SRC=%22https://www.boncherry.com/blog/wp-content/uploads/2010/12/happy-new-year-2011-odometer_design.jpg%22%3C/body%3E%3C/html%3E 2.) Paul Thurrott's SuperSite for Windows Venerable Link :   https://www.winsupersite.com/home/search.aspx?query=%3Chtml%3E%3Cbody%3E%3Cmarquee%3E%3Cfont+color%3Dred+size%3D5%3E-...

Cybersecurity researchers are calling attention to a new sophisticated tool called GoIssue that can be used to send phishing messages at scale targeting GitHub users. The program, first marketed by a threat actor named cyberdluffy (aka Cyber D' Luffy) on the Runion forum earlier this August, is advertised as a tool that allows criminal actors to extract email addresses from public GitHub profiles and send bulk emails directly to user inboxes. "Whether you're aiming to reach a specific audience or expand your outreach, GoIssue offers the precision and power you need," the threat actor claimed in their post. "GoIssue can send bulk emails to GitHub users, directly to their inboxes, targeting any recipient." SlashNext said the tool marks a "dangerous shift in targeted phishing" that could act as a gateway to source code theft, supply chain attacks, and corporate network breaches via compromised developer credentials. "Armed with this inform...

An ongoing threat campaign dubbed VEILDrive has been observed taking advantage of legitimate services from Microsoft, including Teams, SharePoint, Quick Assist, and OneDrive, as part of its modus operandi. "Leveraging Microsoft SaaS services — including Teams, SharePoint, Quick Assist, and OneDrive — the attacker exploited the trusted infrastructures of previously compromised organizations to distribute spear-phishing attacks and store malware," Israeli cybersecurity company Hunters said in a new report. "This cloud-centric strategy allowed the threat actor to avoid detection by conventional monitoring systems." Hunters said it discovered the campaign in September 2024 after it responded to a cyber incident targeting a critical infrastructure organization in the United States. It did not disclose the name of the company, instead giving it the designation "Org C." The activity is believed to have commenced a month prior, with the attack culminating i...

Cybersecurity researchers have disclosed a new phishing campaign that has targeted European companies with an aim to harvest account credentials and take control of the victims' Microsoft Azure cloud infrastructure. The campaign has been codenamed HubPhish by Palo Alto Networks Unit 42 owing to the abuse of HubSpot tools in the attack chain. Targets include at least 20,000 automotive, chemical, and industrial compound manufacturing users in Europe. "The campaign's phishing attempts peaked in June 2024, with fake forms created using the HubSpot Free Form Builder service," security researchers Shachar Roitman, Ohad Benyamin Maimon, and William Gamazo said in a report shared with The Hacker News. The attacks involve sending phishing emails with Docusign-themed lures that urge recipients to view a document, which then redirects users to malicious HubSpot Free Form Builder links , from where they are led to a fake Office 365 Outlook Web App login page in order to ste...

The ClickFix social engineering tactic as an initial access vector using fake CAPTCHA verifications increased by 517% between the second half of 2024 and the first half of this year, according to data from ESET. "The list of threats that ClickFix attacks lead to is growing by the day, including infostealers, ransomware, remote access trojans, cryptominers, post-exploitation tools, and even custom malware from nation-state-aligned threat actors," Jiří Kropáč, Director of Threat Prevention Labs at ESET, said . ClickFix has become a widely popular and deceptive method that employs bogus error messages or CAPTCHA verification checks to entice victims into copying and pasting a malicious script into either the Windows Run dialog or the Apple macOS Terminal app, and running it. The Slovak cybersecurity company said the highest volume of ClickFix detections are concentrated around Japan, Peru, Poland, Spain, and Slovakia. The prevalence and effectiveness of this attack meth...

Threat actors are leveraging an artificial intelligence (AI) powered presentation platform named Gamma in phishing attacks to direct unsuspecting users to spoofed Microsoft login pages. "Attackers weaponize Gamma, a relatively new AI-based presentation tool, to deliver a link to a fraudulent Microsoft SharePoint login portal," Abnormal Security researchers Callie Hinman Baron and Piotr Wojtyla said in a Tuesday analysis. The attack chain commences with a phishing email, in some cases sent from legitimate, compromised email accounts, to entice message recipients into opening an embedded PDF document. In reality, the PDF attachment is nothing but a hyperlink that, when clicked, redirects the victim to a presentation hosted on Gamma that prompts them to click on a button to "Review Secure Documents." Doing so takes the user to an intermediate page that impersonates Microsoft and instructs them to complete a Cloudflare Turnstile verification step before accessing...

The threat actor linked to the exploitation of the recently disclosed security flaws in Microsoft SharePoint Server is using a bespoke command-and-control (C2) framework called AK47 C2 (also spelled ak47c2) in its operations. The framework includes at least two different types of clients, HTTP-based and Domain Name System ( DNS )-based, which have been dubbed AK47HTTP and AK47DNS, respectively, by Check Point Research. The activity has been attributed to Storm-2603 , which, according to Microsoft, is a suspected China-based threat actor that has leveraged the SharePoint flaws – CVE-2025-49706 and CVE-2025-49704 (aka ToolShell) – to deploy Warlock (aka X2anylock) ransomware. A previously unreported threat cluster, evidence gathered following an analysis of VirusTotal artifacts shows that the group may have been active since at least March 2025, deploying ransomware families like LockBit Black and Warlock together – something that's not observed commonly among established e-c...

In the last few months, multiple groups of attackers successfully compromised corporate email accounts of at least 156 high-ranking officers at various firms based in Germany, the UK, Netherlands, Hong Kong, and Singapore. Dubbed ' PerSwaysion ,' the newly spotted cyberattack campaign leveraged Microsoft file-sharing services—including Sway, SharePoint, and OneNote—to launch highly targeted phishing attacks. According to a report Group-IB Threat Intelligence team published today and shared with The Hacker News, PerSwaysion operations attacked executives of more than 150 companies around the world, primarily with businesses in finance, law, and real estate sectors. "Among these high-ranking officer victims, more than 20 Office365 accounts of executives, presidents, and managing directors appeared." So far successful and still ongoing, most PerSwaysion operations were orchestrated by scammers from Nigeria and South Africa who used a Vue.js JavaScript framewor...

This week, cyber attackers are moving quickly, and businesses need to stay alert. They're finding new weaknesses in popular software and coming up with clever ways to get around security. Even one unpatched flaw could let attackers in, leading to data theft or even taking control of your systems. The clock is ticking—if defenses aren't updated regularly, it could lead to serious damage. The message is clear: don't wait for an attack to happen. Take action now to protect your business. Here's a look at some of the biggest stories in cybersecurity this week: from new flaws in WinRAR and NVIDIA Triton to advanced attack techniques you should know about. Let's get into the details. ⚡ Threat of the Week Trend Micro Warns of Actively Exploited 0-Day — Trend Micro has released temporary mitigations to address critical security flaws in on-premise versions of Apex One Management Console that it said have been exploited in the wild. The vulnerabilities (CVE-2025-54948 and CVE-2025-54987),...

Threat actors are leveraging digital document publishing (DDP) sites hosted on platforms like FlipSnack, Issuu, Marq, Publuu, RelayTo, and Simplebooklet for carrying out phishing, credential harvesting, and session token theft, once again underscoring how threat actors are  repurposing legitimate services  for malicious ends. "Hosting phishing lures on DDP sites increases the likelihood of a successful phishing attack, since these sites often have a favorable reputation, are unlikely to appear on web filter blocklists, and may instill a false sense of security in users who recognize them as familiar or legitimate," Cisco Talos researcher Craig Jackson  said  last week. While adversaries have used popular cloud-based services such as Google Drive, OneDrive, Dropbox, SharePoint, DocuSign, and Oneflow to host phishing documents in the past, the latest development marks an escalation designed to evade email security controls. DDP services allow users to upload and s...

Security researchers are warning of "a trove of sensitive information" leaking through urlscan.io, a website scanner for suspicious and malicious URLs. "Sensitive URLs to shared documents, password reset pages, team invites, payment invoices and more are publicly listed and searchable," Positive Security co-founder, Fabian Bräunlein,  said  in a report published on November 2, 2022. The Berlin-based cybersecurity firm said it started an investigation in the aftermath of a  notification  sent by GitHub in February 2022 to an unknown number of users about sharing their usernames and private repository names (i.e.,  GitHub Pages URLs ) to urlscan.io for metadata analysis as part of an automated process. Urlscan.io, which has been described as a  sandbox for the web , is  integrated  into several security solutions  via its API . "With the type of integration of this API (for example via a security tool that scans every incoming email ...

Microsoft is warning of cyber attack campaigns that abuse legitimate file hosting services such as SharePoint, OneDrive, and Dropbox that are widely used in enterprise environments as a defense evasion tactic. The end goal of the campaigns are broad and varied, allowing threat actors to compromise identities and devices and conduct business email compromise ( BEC ) attacks, which ultimately result in financial fraud, data exfiltration, and lateral movement to other endpoints. The weaponization of legitimate internet services (LIS) is an increasingly popular risk vector adopted by adversaries to blend in with legitimate network traffic in a manner such that it often bypasses traditional security defenses and complicates attribution efforts. The approach is also called living-off-trusted-sites (LOTS), as it leverages the trust and familiarity of these services to sidestep email security guardrails and deliver malware. Microsoft said it has been observing a new trend in phishing c...