🚨 ALERT: China-linked hackers are exploiting unpatched SharePoint servers to drop Warlock ransomware.

They’re using legit tools like PsExec, Mimikatz & IIS hijacking to stay hidden.

Even patching may not kick them out.

Full story → https://thehackernews.com/2025/07/storm-2603-exploits-sharepoint-flaws-to.html

🚨 Chinese hackers hijacked a Dalai Lama birthday tribute site to spy on Tibetans.

Victims downloaded a fake encrypted chat app—actually a backdoored version of Element laced with Gh0st RAT.

It stole IPs, keystrokes, and even webcam feeds.

Details → https://thehackernews.com/2025/07/china-based-apts-deploy-fake-dalai-lama.html

🚨 81% faster gap mitigation. 50% fewer critical vulns.

Annual pentests can’t keep up—your defenses change daily, and so do attackers.

It’s time to stop playing defense once a year. Build an Offensive SOC that hunts 24/7.

Learn How →

https://thehackernews.com/2025/07/pentests-once-year-nope-its-time-to.html

Manual IAM processes slow down IT and introduce risk.

In this upcoming webinar, join Black Rifle Coffee Company and Tines for practical advice on automating identity lifecycles, reducing tickets, and enforcing least privilege – fast.

Watch now: https://thn.news/black-rifle-coffee-iam-2

🔥 AI is rewriting the rules of customer identity — and users are pushing back.

From smoother logins to rising fraud threats, what used to work won’t cut it in 2025.

This free webinar breaks it all down → https://thehackernews.com/2025/07/watch-this-webinar-to-uncover-hidden.html

Don’t fall behind. Here’s what to expect ↓

🚨 Sophos & SonicWall just patched critical RCE flaws—some pre-auth, CVSS 9.8.

One bug affects devices even after patching (via upgrade path). Another was used to plant a backdoor.

Here’s what defenders need to know ↓ https://thehackernews.com/2025/07/sophos-and-sonicwall-patch-critical-rce.html

🚨 New malware CastleLoader is hijacking systems through fake GitHub repos and phishing sites—469 confirmed infections.

It spreads stealers and RATs, uses PowerShell, and mimics trusted dev tools.

It’s stealthy. It’s spreading.

Here’s how it works ↓ https://thehackernews.com/2025/07/castleloader-malware-infects-469.html

⚠️ A China-linked group breached VMware ESXi & vCenter in a stealthy, years-long cyberespionage campaign.

They killed logs, mimicked forensic tools—and stayed hidden for years.

Most orgs still can’t detect it.

Full report → https://thehackernews.com/2025/07/fire-ant-exploits-vmware-flaw-to.html

☠️ WARNING: A critical auth bypass flaw in Mitel MiVoice MX-ONE (CVSS 9.4) lets attackers hijack user and admin accounts—no login needed.

It affects versions still widely in use.

Details + fixes → https://thehackernews.com/2025/07/critical-mitel-flaw-lets-hackers-bypass.html

Patch now or risk full compromise.

🔐 AI logins are breaking trust—73% of users say one bad experience, and they’re gone.

Want to keep them?

Learn how top brands are using smart, secure CIAM to win loyalty in the AI era.

Webinar spots are limited → https://thehacker.news/ai-customer-identity

🔄 Update on LAMEHUG malware →

Russian hackers used ~270 Hugging Face tokens to run AI-powered attacks — sending prompts to a coding LLM to generate system-hacking commands.

The kicker? It’s likely a live test run, not the final form.

Cato says this is R&D in real time → https://thehackernews.com/2025/07/cert-ua-discovers-lamehug-malware.html

🔄 Update: SharePoint Attacks Escalate

ToolShell exploitation is now global—4,600+ compromise attempts across 300+ orgs, including government and critical infrastructure.

🛑 U.S. leads in targets (13.3%), followed by the UK, France, and Germany.

📌 Attackers are stealing ASP .NET machine keys to persist even after patching.

⚠️ Ivanti EPMM flaws also in use—this is expanding fast.

Here’s what’s unfolding → https://thehackernews.com/2025/07/storm-2603-exploits-sharepoint-flaws-to.html

🚨 Two new malware campaigns—Soco404 & Koske—are targeting cloud servers across Linux & Windows to deploy crypto miners.

→ Soco404 hides in fake 404 pages
→ Koske uses malicious panda JPEGs
→ Both run fileless, in-memory attacks

What makes them so dangerous? ↓ https://thehackernews.com/2025/07/soco404-and-koske-malware-target-cloud.html

🚨 1 in 12 employees is quietly using Chinese GenAI tools at work—often to upload sensitive data.

M&A docs, source code, customer records… all sent to platforms with opaque data policies.

It’s already happening.

Details + what to do about it ↓ https://thehackernews.com/2025/07/overcoming-risks-from-chinese-genai.html

🚨 Russian defense firms hit by stealth cyberattack!

Hackers deployed a new backdoor—EAGLET—to spy on aerospace targets via fake logistics docs tied to sanctioned rail firms.

Read → https://thehackernews.com/2025/07/cyber-espionage-campaign-hits-russian.html

🚨 Patchwork hacking group is targeting Turkish missile contractors.

DisguiPatchworkous LNK files to launch a stealthy 5-stage spyware chain—right as Türkiye deepens defense ties with Pakistan.

Full story → https://thehackernews.com/2025/07/patchwork-targets-turkish-defense-firms.html

⚡ U.S. sanctions hit a North Korean front company and 3 individuals running a fake IT worker scheme—used to infiltrate 300+ U.S. firms and fund Kim’s weapons program.

One U.S. woman helped run it all from a 90-laptop farm in Arizona.

Full story ↓ https://thehackernews.com/2025/07/us-sanctions-firm-behind-n-korean-it.html

🛑 In case you missed it — Over 4,600 attacks. 300+ orgs hit.

A China-linked threat group is exploiting SharePoint flaws to drop Warlock ransomware on unpatched systems.

Patch now. Details here → https://thehackernews.com/2025/07/storm-2603-exploits-sharepoint-flaws-to.html

🚨 Six flaws rated CVSS 9.8 in Honeywell’s Niagara Framework could let attackers hijack smart buildings—HVAC, lighting, even security.

One misconfig? They steal admin tokens, plant backdoors, and run root code.

Used worldwide. Patch now.

Details here ↓ https://thehackernews.com/2025/07/critical-flaws-in-niagara-framework.html

Scattered Spider is now hijacking VMware ESXi hypervisors—not with malware, but fake help desk calls.

They impersonate admins, reset passwords, and deploy ransomware directly from the hypervisor.

Google says it's fast, stealthy, and crippling.

Full story → https://thehackernews.com/2025/07/scattered-spider-hijacks-vmware-esxi-to.html