Proofpoint, from yesterday: Attackers Unleash TeamFiltration: Account Takeover Campaign (UNK_SneakyStrike) Leverages Popular Pentesting Tool https://www.proofpoint.com/us/blog/threat-insight/attackers-unleash-teamfiltration-account-takeover-campaign #cybersecurity #infosec

Une #cyberattaque bloque complètement une usine de 600 salariés en #France, au #chômage technique depuis jeudi

Une cyberattaque survenue mercredi soir paralyse complètement l'entreprise de menuiseries #Wibaie dans le Maine-et-Loire. Six cents employés sont contraints de rester chez eux, et l'usine demeure totalement à l'arrêt.

https://www.clubic.com/actualite-572604-une-cyberattaque-bloque-completement-une-usine-de-600-salaries-en-france-au-chomage-technique-depuis-jeudi.html

Louis Vuitton reports coordinated data breaches across multiple countries

Louis Vuitton suffered coordinated cyberattacks across Turkey, South Korea, and the UK in June and July 2025, exposing customer data for at least 142,995 individuals in Turkey alone. The Turkish operation identified the compromise of a third-party service provider's administrator account as the entry point. Тhe UK and Korean operations reported unauthorized third-party access without specific attack vector details.

****
#cybersecurity #infosec #incident #databreach
https://beyondmachines.net/event_details/louis-vuitton-reports-coordinated-data-breaches-across-multiple-countries-e-f-3-v-z/gD2P6Ple2L

Critical remote code execution flaw in mcp-remote exposes AI Systems to compromise

JFrog Security Research discovered a critical vulnerability (CVE-2025-6514) in the widely-used mcp-remote project that allows attackers to execute arbitrary operating system commands through OAuth authentication manipulation.

**If you use the mcp-remote npm package for connecting local LLM hosts to remote MCP servers, plan an urgent update to version 0.1.16. The flaw allows malicious MCP servers can push back commands to your computer and hack you. Also, make sure to only connect to trusted MCP servers using HTTPS connections.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-remote-code-execution-flaw-in-mcp-remote-exposes-ai-systems-to-compromise-g-r-q-n-e/gD2P6Ple2L

Latest issue of my curated #cybersecurity and #infosec list of resources for week #28/2025 is out!

It includes the following and much more:

Teenagers arrested in connection with cyber attacks on M&S and the Co-op;

#AI voice clones have hit the White House AGAIN;

Exploit for #CitrixBleed2 Released;

Trend where European authorities are detaining individuals on behalf of the U.S. for cybercrime-related accusations;

eSIMs can be cloned to spy on mobile communications;

Chinese hackers suspected in #breach of powerful Washington DC law firm;

Millions of cars exposed through Bluetooth Flaw;

Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end

https://infosec-mashup.santolaria.net/p/infosec-mashup-28-2025

SureForms WordPress Plugin flaw enables unauthenticated file deletion, potential site takeover

A vulnerabilityin the SureForms WordPress plugin (CVE-2025-6691) allows unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can force sites into setup mode and enable complete website takeover. Patches are available in multiple updated versions.

**If you have the SureForms WordPress plugin installed, immediately check your version and update to the latest patched release (1.7.4 or appropriate version for your branch). Don't delay this one, because you can't really hide the form, and updating the plugin is nearly trivial.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/sureforms-wordpress-plugin-flaw-enables-unauthenticated-file-deletion-potential-site-takeover-e-k-3-m-q/gD2P6Ple2L

macOS as a "safe" platform with no malware and security issues? I'm probably preaching to the choir but if that ever was a false truth, no more than ever. Took a look at the malware landscape for macOS.

As can be expected:

1. Credential Stealers rule.
2. Crypocurrency and North Korea
3. "ClickFix" modus works on macOS as well.

It's one thing to see all these individual articles published, but it's a whole other thing to see them brought together and attempting to tease out... what does it mean? Where are we heading? What's the trajectory?

As a foundation for this analysis I used articles published through the Cyber Espresso.

https://cstromblad.com/posts/macos-malware-analysis-and-assessment/

Thank you to the following companies who freely publish all this great content:

Huntress: @huntress
Sentinel Labs: @SentinelLabs
Walmart Global Tech: @walmartglobaltech
CloudSek: @cloudsek
MoonLock: @moonlock_lab
Imperva: @imperva
Cyfirma: @cyfirmar

Multiple flaws in Schneider Electric EcoStruxure IT Data Center Expert, at least one critical

Schneider Electric reports multiple vulnerabilities in its EcoStruxure IT Data Center Expert platform, including a CVSS 10.0 flaw (CVE-2025-50121) that enables unauthenticated remote code execution. The company released version 9.0 to patch all vulnerabilities.

**If you have Schneider Electric EcoStruxure IT Data Center Expert, make sure it's isolated from the internet and accesible from trusted networks only. Then plan an update cycle to version 9.0 available through Schneider's Customer Care Center with proper testing.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/multiple-flaws-in-schneider-electric-ecostruxure-it-data-center-expert-at-least-one-critical-f-7-2-q-w/gD2P6Ple2L

I received an email earlier this week from EA asking if I wanted to be added to a public acknowledgement page they were creating for individuals who responsibly disclosed vulnerabilities to them.

For all the shit people give EA, of the 100+ companies I contacted in the last two years, they were the only company I would say had a decent incident response.

They fixed the issue within 12 hours after validating it as critical, and proactively provided me multiple updates over time.

When the IR was done on their side, they reached out again with some more information about the potential impact if the issue hadn't been solved quickly, and also offered me a reward.

I did not have to keep chasing anyone for updates, I wasn't asked for non-disclosure, or offered money in exchange for it, and people replied instead of ignoring me.

I wasn't blamed for their mistake, either, or reported to the authorities.

Unfortunately, at least one or multiple of the things mentioned above are present in most of my other incidents reported; it's a real shit show out there.

BIML in Brazil. Mind the Sec. September 2025.
#MLsec #ML #AI #security #infosec

https://berryvilleiml.com/2025/07/11/biml-in-brazil/

This is your regular reminder to shred paper documents when your organization is done with them.

You need a document retention and destruction policy, that way you keep what you want/need and destroy the rest.

I have seen so many nonprofits and groups of activists that have not explicitly thought through this. Your opposition can and will dig through your trash and recycling.

I've collated a minor fraction of the cool or interesting #indieweb and #infosec stuff that I've seen over the last week into today's edition (#4) of my #linklog - Scraps!

https://fyr.io/scrap/2025-07-11

Featuring a request for content for @xandra for the next edition of the Good Internet Magazine, a fresh RSS guide by @readbeanicecream (who is also down for more indieweb), plus we have some time travel by @bcshort @theadhocracy and the great @kedara_eu, and a bunch more cool stuff.

Just published a proof-of-concept exploit for CVE-2025-32463, a new Linux privilege escalation vulnerability affecting sudo discovered and disclosed by Stratascale about 2 weeks ago.

The PoC is available on GitHub. A full technical writeup will be published on my blog soon.

GitHub: https://github.com/morgenm/sudo-chroot-CVE-2025-32463

"I'm over 40, and I'm leaving "Al" behind!"

Der manuelle Download des WordPress-Plugins GravityForms war zwischen dem 10. und 11. Juli 2025 mit Malware verseucht, berichtet
https://patchstack.com/articles/critical-malware-found-in-gravityforms-official-plugin-site/
#wordpress #malware #gravityforms #infosec

Enjoying the idea that leaving my current job means I'm allowed to talk publicly about security again without going through annoying approvals. I could be doing all sorts of conference talks! The problem? I don't wanna.

Looking forwards to making it past the burnout stage of this job, seriously.

(moonlock.com) AMOS macOS Stealer Escalates Threat with Embedded Backdoor Capability

https://moonlock.com/amos-stealer-backdoor

#ThreatIntel #Cybersecurity #Infosec

(1/3)

New Open-Source Tool Spotlight

Microsandbox is a self-hosted platform enabling secure execution of untrusted code. Using microVMs, it combines hardware isolation with startup times under 200ms—ideal for testing AI-generated or user-submitted code. Its SDKs offer multi-language support, including Python and Node.js. #sandboxing #security

Project link on #GitHub https://github.com/microsandbox/microsandbox

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking