FISA

  Threat actors are actively exploiting a critical security flaw in " Alone – Charity Multipurpose Non-profit WordPress Theme " to take over susceptible sites.  The vulnerability, tracked as  CVE-2025-5394 , carries a CVSS score of 9.8. Security researcher Thái An has been credited with discovering and reporting the bug. According to Wordfence, the shortcoming relates to an arbitrary file upload affecting all versions of the plugin prior to and including 7.8.3. It has been addressed in version 7.8.5 released on June 16, 2025. CVE-2025-5394 is rooted in a plugin installation function named "alone_import_pack_install_plugin()" and stems from a missing capability check, thereby allowing unauthenticated users to deploy arbitrary plugins from remote sources via AJAX and achieve code execution.  "This vulnerability makes it possible for an unauthenticated attacker to upload arbitrary files to a vulnerable site and achieve remote code execution, which is typically lev...

 A sophisticated new ransomware threat has emerged from the cybercriminal underground, presenting a serious challenge to both enterprise and personal cybersecurity. Dubbed Anubis , this malware is not only capable of encrypting files but also stealing login credentials—targeting both Android and Windows platforms simultaneously. First identified in November 2024 , Anubis represents a concerning evolution in malware design. It merges the destructive power of traditional ransomware with the stealthy credential-theft techniques often associated with banking trojans. This dual-functionality approach has helped Anubis quickly gain traction among cybercriminals and establish itself as a significant threat in the wild. A Rising Threat Amid a Surge in Ransomware Activity Anubis has appeared during a global rise in ransomware incidents. Recent threat intelligence reveals a 25% increase in publicly listed ransomware victims and a 53% rise in leak sites operated by ransomware gangs. Th...

Source: Bitdenfender A recent critical vulnerability in Microsoft SharePoint has triggered widespread concern across security teams worldwide. The flaw, tracked as CVE-2025-53770, allows unauthenticated attackers to execute remote code through malicious ViewState payloads. The exploit has already been used in active attacks targeting institutions in energy, education, and government sectors. The breach campaign appears to have started in early July. Microsoft confirmed that threat actors were able to steal cryptographic machine keys and drop persistent web shells on vulnerable systems. Several Chinese-based groups, including Violet Typhoon and Storm-2603, are suspected to be involved in the exploitation [1]. Microsoft released emergency patches for supported SharePoint Server editions on July 20. However, the company urged organizations to go beyond simple patching. Machines may remain compromised unless full incident response actions are performed. This includes key rotation, forensic...

  With IT outages and disruptions escalating, IT teams are shifting their focus beyond simply backing up data to maintaining operations during an incident. One of the key drivers behind this shift is the growing threat of ransomware, which continues to evolve in both frequency and complexity. Ransomware-as-a-Service (RaaS) platforms have made it possible for even inexperienced threat actors with less or no technical expertise to launch large-scale, damaging attacks. And these attacks don't just encrypt data now. They exfiltrate sensitive information for double and triple extortion, alter or delete backups, and disable recovery infrastructure to block restoration efforts. This is especially critical for small and midsize businesses (SMBs), which are increasingly targeted due to their leaner defenses. For an SMB generating $10 million in annual revenue,  even a single day of downtime can cost $55,076 , without factoring in the long-term impact on customer trust and brand reputat...

 A critical vulnerability in Microsoft Entra ID has been uncovered, allowing attackers to escalate privileges to the Global Administrator role by abusing built-in first-party applications and federated domain configurations. The flaw affects organizations running hybrid Active Directory environments with federated domains , opening a stealthy path to full tenant compromise. Discovery and Impact The vulnerability, discovered by Datadog security researchers and reported to the Microsoft Security Response Center (MSRC) in January 2025 , enables privilege escalation through the misuse of the Office 365 Exchange Online service principal (Client ID: 00000002-0000-0ff1-ce00-000000000000 ). Attackers with Cloud Application Administrator , Application Administrator , or Application.ReadWrite.All permissions can hijack the Exchange Online service principal’s Domain.ReadWrite.All permission. This allows them to: Add a new federated domain to the tenant. Forge SAML tokens as any ...

A newly disclosed Android attack technique dubbed TapTrap is raising alarms in the cybersecurity community. First detailed by researchers from TU Wien and the University of Bayreuth, this method leverages invisible system UI animations to trick users into granting dangerous permissions, without ever realizing it [1]. TapTrap doesn’t rely on traditional overlays. Instead, it exploits how Android handles activity transitions. By launching a permission dialog with a nearly invisible animation (lasting just one millisecond), the system technically displays the request, but it’s visually imperceptible. While users think they’re tapping on something benign like a game or quiz, they’re actually interacting with an unseen permission prompt, unwittingly giving access to the camera, location, notifications, or even device admin controls [1], [2]. The threat works on modern Android versions, including 14 and 15, bypassing existing overlay protections. In testing, most users failed to detect anyth...

In June 2025, Albania once again found itself under a digital siege—this time, the Municipality of Tirana became the epicenter of a coordinated cyberattack that disrupted local government services, leaked sensitive data, and reignited tensions in an already volatile geopolitical landscape. But what really happened behind the screens? Who was responsible—and why? More importantly, what does this mean for the future of municipal cybersecurity? Let’s break it down.  What Exactly Happened? Timeline of the Incident June 20–21, 2025 : The official website and online services of the Tirana Municipality were taken offline. June 22 : Parents were unable to register their children for kindergartens or nurseries via the "E-Fëmijët" portal, which is part of the city's digital public service infrastructure. Following Days : Investigators uncovered traces of a malicious tool designed to wipe data and disable core systems . The Malware Used: Display10 Wiper According t...