FISA

Source: Bitdenfender A recent critical vulnerability in Microsoft SharePoint has triggered widespread concern across security teams worldwide. The flaw, tracked as CVE-2025-53770, allows unauthenticated attackers to execute remote code through malicious ViewState payloads. The exploit has already been used in active attacks targeting institutions in energy, education, and government sectors. The breach campaign appears to have started in early July. Microsoft confirmed that threat actors were able to steal cryptographic machine keys and drop persistent web shells on vulnerable systems. Several Chinese-based groups, including Violet Typhoon and Storm-2603, are suspected to be involved in the exploitation [1]. Microsoft released emergency patches for supported SharePoint Server editions on July 20. However, the company urged organizations to go beyond simple patching. Machines may remain compromised unless full incident response actions are performed. This includes key rotation, forensic...

  With IT outages and disruptions escalating, IT teams are shifting their focus beyond simply backing up data to maintaining operations during an incident. One of the key drivers behind this shift is the growing threat of ransomware, which continues to evolve in both frequency and complexity. Ransomware-as-a-Service (RaaS) platforms have made it possible for even inexperienced threat actors with less or no technical expertise to launch large-scale, damaging attacks. And these attacks don't just encrypt data now. They exfiltrate sensitive information for double and triple extortion, alter or delete backups, and disable recovery infrastructure to block restoration efforts. This is especially critical for small and midsize businesses (SMBs), which are increasingly targeted due to their leaner defenses. For an SMB generating $10 million in annual revenue,  even a single day of downtime can cost $55,076 , without factoring in the long-term impact on customer trust and brand reputat...

 A critical vulnerability in Microsoft Entra ID has been uncovered, allowing attackers to escalate privileges to the Global Administrator role by abusing built-in first-party applications and federated domain configurations. The flaw affects organizations running hybrid Active Directory environments with federated domains , opening a stealthy path to full tenant compromise. Discovery and Impact The vulnerability, discovered by Datadog security researchers and reported to the Microsoft Security Response Center (MSRC) in January 2025 , enables privilege escalation through the misuse of the Office 365 Exchange Online service principal (Client ID: 00000002-0000-0ff1-ce00-000000000000 ). Attackers with Cloud Application Administrator , Application Administrator , or Application.ReadWrite.All permissions can hijack the Exchange Online service principal’s Domain.ReadWrite.All permission. This allows them to: Add a new federated domain to the tenant. Forge SAML tokens as any ...

A newly disclosed Android attack technique dubbed TapTrap is raising alarms in the cybersecurity community. First detailed by researchers from TU Wien and the University of Bayreuth, this method leverages invisible system UI animations to trick users into granting dangerous permissions, without ever realizing it [1]. TapTrap doesn’t rely on traditional overlays. Instead, it exploits how Android handles activity transitions. By launching a permission dialog with a nearly invisible animation (lasting just one millisecond), the system technically displays the request, but it’s visually imperceptible. While users think they’re tapping on something benign like a game or quiz, they’re actually interacting with an unseen permission prompt, unwittingly giving access to the camera, location, notifications, or even device admin controls [1], [2]. The threat works on modern Android versions, including 14 and 15, bypassing existing overlay protections. In testing, most users failed to detect anyth...

In June 2025, Albania once again found itself under a digital siege—this time, the Municipality of Tirana became the epicenter of a coordinated cyberattack that disrupted local government services, leaked sensitive data, and reignited tensions in an already volatile geopolitical landscape. But what really happened behind the screens? Who was responsible—and why? More importantly, what does this mean for the future of municipal cybersecurity? Let’s break it down.  What Exactly Happened? Timeline of the Incident June 20–21, 2025 : The official website and online services of the Tirana Municipality were taken offline. June 22 : Parents were unable to register their children for kindergartens or nurseries via the "E-Fëmijët" portal, which is part of the city's digital public service infrastructure. Following Days : Investigators uncovered traces of a malicious tool designed to wipe data and disable core systems . The Malware Used: Display10 Wiper According t...

Source: Mashable Security researchers recently uncovered a massive archive of exposed credentials that includes over sixteen billion passwords [1]. This compilation is not the result of a single security breach. Instead, it brings together logs from years of malware infections that quietly harvested login data from millions of infected systems. The files were discovered on an open instance of a cloud hosting platform, making them briefly accessible to anyone who knew where to look. The leak includes credentials linked to well-known platforms such as Google, Microsoft, and Netflix. However, these companies were not breached. Rather, the data comes from users who had stored their passwords in browsers or files that were compromised by infostealer malware [1]. What makes this leak especially dangerous is the potential for automated attacks. Cybercriminals can use the data in credential stuffing campaigns, trying known username and password combinations across countless websites. Since man...