Network Security

The Good | Authorities Dismantle XSS.is Cybercrime Forum & Release Free Phobos/8Base Decryptor After a 12-year long run, XSS[.]is (formerly DaMaGeLaB) faced major disruptions this week with the arrest of its suspected administrator as part of a joint operation led by French and Ukrainian authorities. The Russian-speaking cybercrime forum had been active since 2013 with

A new, critical zero-day vulnerability dubbed “ToolShell” (CVE-2025-53770) poses a significant threat to on-premises SharePoint Server deployments. This vulnerability enables unauthenticated remote code execution (RCE), posing a significant risk to organizations worldwide. SentinelOne has detected exploitation in the wild, elevating the active threat posed by this new attack and the importance of organizations taking mitigative

Recently, SentinelOne published two reports highlighting each side of the cloud security challenge: The Cloud Security Survey Report presents insights from 400 cybersecurity managers and practitioners covering current cloud security operations, responsibilities, perceptions of technologies, and future investment plans. The Cloud Security Risk Report details five emerging risk themes for 2025 with in-depth examples of attacks

On July 19th, Microsoft confirmed that a 0-day vulnerability impacting on-premises Microsoft SharePoint Servers, dubbed “ToolShell” (by researcher Khoa Dinh @_l0gg), was being actively exploited in the wild. This flaw has since been assigned the identifier CVE‑2025‑53770, along with an accompanying bypass tracked as CVE‑2025‑53771. These two new CVEs are being used alongside the previously

The Good | Cybercriminals Face Disruptions Across Ransom, DDoS & Extortion Campaigns Cameron John Wagenius, a 21-year-old former U.S. Army soldier, has pleaded guilty to attacking and extorting at least ten U.S. telecom and tech companies, including AT&T and Verizon. Operating under aliases like “kiberphant0m” and “’cyb3rph4nt0m”, he used tools like SSH Brute and SIM-swapping

The speed and innovation of our cloud and AI age is undeniable. However, opportunity comes paired with responsibility and risk. The duality of the cloud security challenge is that these two opposing forces are markedly different. To keep cloud environments safe and secure, we need to introspectively examine how we can improve our internal people,

Cyber threats and attacks like ransomware continue to increase in volume and complexity with the endpoint typically being the most sought after and valued target. With the rapid expansion and adoption of AI, it is more critical than ever to ensure the endpoint is adequately secured by a platform capable of not just keeping pace,

Katz Stealer is a feature-rich infostealer marketed and operated as Malware-as-a-Service (MaaS). It was launched in early 2025 and quickly garnered attention within the infostealer landscape. The stealer includes robust credential and data discovery with theft capabilities as well as modern evasion and anti-analysis features. It is used to exfiltrate a broad range of personal