Top News

• Storm-2603 Exploits SharePoint Flaws to Deploy Warlock Ransomware on Unpatched Systems

"Microsoft has revealed that one of the threat actors behind the active exploitation of SharePoint flaws is deploying Warlock ransomware on targeted systems."

Link

TLP¹ : Green

• Fake Receipt Generators Fuel Rise in Online Fraud

"A new investigation into counterfeit receipt scams has uncovered a growing fraud ecosystem centered around tools like MaisonReceipts, which enable users to fabricate receipts from major retail brands with startling realism."

Link

TLP¹ : Green

• Ransomware Groups Weaponize RMM Tools to Infiltrate Networks and Exfiltrate Data

"Ransomware gangs have increasingly co-opted Remote Monitoring and Management (RMM) tools originally designed for IT operations to orchestrate sophisticated network intrusions, persistence, lateral movement, and data exfiltration."

Link

TLP¹ : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

• Suspected XSS Forum Admin Arrested in Ukraine

"A man suspected of administering the Russian-language cybercrime forum XSS was arrested in Ukraine on July 22."

Link

TLP¹ : Green

Breaches: Data Breaches and Hacks

• France: New Data Breach Could Affect 340,000 Jobseekers

"The French employment agency, France Travail, has suffered a data breach that could affect hundreds of thousands of jobseekers."

Link

TLP¹ : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits

• Sonicwall fixes critical flaw in SMA appliances, urges customers to check for compromise (CVE-2025-40599)

"Sonicwall is asking customers running specific Secure Mobile Access (SMA) 100 Series devices to patch a newly uncovered vulnerability (CVE-2025-40599) as soon as possible."

Link

TLP¹ : Green

• [Control systems] ABB security advisory (AV25-441)

"ABB has issued a security advisory addressing a high-severity vulnerability (CVE-2025-7705) in its Switch Actuator 4 DU and Switch actuator, door/light 4 DU products. The bug, categorized as "Active Debug Code," affects all versions of these devices."

Link

TLP¹ : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

• Prep for Microsoft Azure certifications at home for $30 in this course deal

"Whether you’re eyeing a new cloud career or looking to validate your Azure skills, you don’t need to shell out big bucks or sit in a classroom every weekend."

Link

TLP¹ : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

• Beyond Mimo’lette: Tracking Mimo's Expansion to Magento CMS and Docker

"Through investigations into a string of workload compromises involving ecommerce sites, the Datadog Security Research team discovered that the Mimo threat actor (also known as Mimo'lette), previously known for targeting the Craft content management system (CMS), has evolved its tactics to compromise the Magento ecommerce CMS platform through exploitation of an undetermined PFP-FPM vulnerability."

Link

TLP¹ : Green

¹Traffic Light Protocol (TLP) [1] for information sharing:

• Red:Not for disclosure, restricted to participants only.
• Amber: Limited disclosure, restricted to participants organizations.
• Green: Limited disclosure, restricted to the community.

[1]https://www.first.org/tlp