Microsoft Warns of Active Exploitation of SharePoint via ToolShell Zero-Day

Executive Summary Microsoft has identified widespread, active exploitation of a new SharePoint remote code execution (RCE) vulnerability chain, designated ToolShell, tracked as CVE-2025-53770. This zero-day exploit, demonstrated publicly on X just days prior, allows unauthenticated attackers to compromise on-premises SharePoint servers globally, extracting cryptographic secrets and enabling full remote control. Microsoft, and CISA, has confirmed the active exploitation and…

Read More

Recent Compromises of Network-Separated Environments in South Korea Highlight Potential Security Gaps

Executive Summary Recent major cyber incidents several South Korean entities highlight a critical concern within network-separated, or air-gapped, environments. Despite the inherent security assumptions often associated with these isolated setups, these breaches demonstrate a dangerous decline in caution and a false sense of security. This has led to successful compromises, highlighting that even seemingly air-gapped…

Read More

Citrix Releases Emergency Patches for Actively Exploited CVE-2025-6543 in NetScaler ADC

Executive Summary Citrix has released urgent security updates for a critical memory overflow vulnerability, CVE-2025-6543, affecting its NetScaler ADC and Gateway products. This flaw, which can lead to unintended control flow and denial-of-service, is reportedly actively being exploited in the wild. Organizations using affected versions, especially those configured as Gateways or AAA virtual servers, are strongly advised to update…

Read More

Sainsbury’s Rewards Program Targeted by Malicious Actor for Monetary Gain

Executive Summary Users of the UK grocery/retail chain Sainsbury’s Nectar loyalty program are being warned about a surge in points theft, with one customer recently reporting the loss of two years’ worth of saved points. This follows an earlier investigation that revealed £63,000 GBP worth of Nectar points were stolen from readers over a year, prompting Nectar to implement…

Read More

Yes24 Ransomware Outage Causes Multiple Concert Cancelations and Business Impact in South Korea

Summary Yes24, a major South Korean ticketing platform and online book retailer, has been heavily impacted by a ransomware attack, causing a four-day service outage and significant disruption to the country’s entertainment industry. The attack, which began on Monday, has forced the postponement or cancellation of numerous K-pop concerts, fan meetings, and musical performances. South…

Read More