New Shai-Hulud attack trojanizes 19 science-focused PyPI packages

Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud ...
Dark Reading

With Complex Cloud Integrations, Small Errors Lead to Major Compromises

Cybersecurity researchers create a five-step exploit chain using over-permissioned roles, secrets discovery, and NHIs to attack a popular low-code service.
GitHub

DotNetZip - Zip and Unzip in C#, VB, any .NET language

DotNetZip is a FAST, FREE class library and toolset for manipulating zip files. Use VB, C# or any .NET language to easily create, extract, or update zip files. DotNetZip is the best open-source ZIP ...
Indiatimes

Microsoft SharePoint hacked; Astronomer CEO and HR head resign; Realme and iQoo launch phones, AI talent war heats up and other top tech news of the week

Microsoft is working to fix a big cyberattack on SharePoint servers. Astronomer's CEO Andy Byron and HR head Kristin Cabot resigned after a 'Kiss Cam' incident. Microsoft is hiring AI experts from ...
WeLiveSecurity

SharePoint under fire: ToolShell attacks hit organizations worldwide

The ESET research team has released their findings about exploitation of CVE-2025-53770 and CVE‑2025‑53771, zero-day vulnerabilities in on-premises Microsoft SharePoint servers dubbed ToolShell.
kcra.com

What to know about a vulnerability being used by hackers on Microsoft SharePoint servers

Microsoft has issued an emergency fix to close off a vulnerability in Microsoft’s widely used SharePoint software that hackers have exploited to carry out widespread attacks on businesses and at least ...
pentestpartners.com

Bypass SharePoint Restricted View to exfiltrate data using Copilot AI and more…

As Red Teamers, we often find information in SharePoint that can be useful for us in later attacks. As part of this we regularly want to download copies of the file, or parts of their contents. In ...
The Hacker News

FIN7 Deploys Anubis Backdoor to Hijack Windows Systems via Compromised SharePoint Sites

The financially motivated threat actor known as FIN7 has been linked to a Python-based backdoor called Anubis (not to be confused with an Android banking trojan of the same name) that can grant them ...
The Hacker News

Hackers Use ClickFix Trick to Deploy PowerShell-Based Havoc C2 via SharePoint Sites

Cybersecurity researchers are calling attention to a new phishing campaign that employs the ClickFix technique to deliver an open-source command-and-control (C2) framework called Havoc. "The threat ...
CSOonline

Microsoft Teams vishing attacks trick employees into handing over remote access

A social engineering tactic that has been observed for several years has been seen once again exploiting employees by bombing them with spam email then posing as tech support on Teams. Attackers ...
VentureBeat

Anthropic’s agentic Computer Use is giving people ‘superpowers’

Want smarter insights in your inbox? Sign up for our weekly newsletters to get only what matters to enterprise AI, data, and security leaders. Subscribe Now It’s been only two days since Anthropic ...