Article Details

⚡ Weekly Recap: SharePoint 0-Day, Chrome Exploit, macOS Spyware, NVIDIA Toolkit RCE and More. Even in well-secured environments, attackers are getting in—not with flashy exploits, but by quietly taking advantage of weak settings, outdated encryption, and trusted tools left unprotected. These attacks don't depend on zero-days. They work by staying unnoticed—slipping through the cracks in what we monitor and what we assume is safe. What once looked suspicious now blends in, thanks to modular techniques and automation that copy normal behavior. The real concern? Control isn't just being challenged—it's being quietly taken. This week's updates highlight how default settings, blurred trust boundaries, and exposed infrastructure are turning everyday systems into entry points. ⚡ Threat of the Week Critical SharePoint Zero-Day Actively Exploited (Patch Released Today) — Microsoft has released fixes to address two security flaws in SharePoint Server that have come under active exploitation in the wild to breach dozens of organizations across the world. Details of exploitation emerged over the weekend, prompting Microsoft to issue an advisory for CVE-2025-53770 and CVE-2025-53771, which are now assessed to be patch bypasses for two other SharePoint flaws tracked as CVE-2025-49704 and CVE-2025-49706, an exploit chain dubbed ToolShell that could be leveraged to achieve remote code execution on on-premises SharePoint servers. The two vulnerabilities were addressed by Microsoft earlier this month as part of its Patch Tuesday update. It's currently not known who is behind the mass-exploitation activity. Secure your LLMs Against Real-World Threats LLMs are showing up everywhere — from customer support to code generation. But most security tools weren't built for the risks they bring. The LLM Security Best Practices Cheat Sheet is a practical guide to help you identify, mitigate, and prevent the most critical LLM security risks across your AI stack. 🔔 Top News ‎️‍🔥 Trending CVEs Hackers are quick to jump on newly discovered software flaws – sometimes within hours. Whether it's a missed update or a hidden bug, even one unpatched CVE can open the door to serious damage. Below are this week's high-risk vulnerabilities making waves. Review the list, patch fast, and stay a step ahead. This week's list includes — CVE-2025-53770, CVE-2025-53771 (Microsoft SharePoint Server), CVE-2025-37103 (HPE Instant On Access Points), CVE-2025-54309 (CrushFTP), CVE-2025-23266, CVE-2025-23267 (NVIDIA Container Toolkit), CVE-2025-20337 (Cisco Identity Services Engine and ISE Passive Identity Connector), CVE-2025-6558 (Google Chrome), CVE-2025-6965 (SQLite), CVE-2025-5333 (Broadcom Symantec Endpoint Management Suite), CVE-2025-6965 (SQLite), CVE-2025-48384 (Git CLI), CVE-2025-4919 (Mozilla Firefox), CVE-2025-53833 (LaRecipe), CVE-2025-53506 (Apache Tomcat), CVE-2025-41236 (Broadcom VMware ESXi, Workstation, and Fusion), CVE-2025-27210, CVE-2025-27209 (Node.js), CVE-2025-53906 (Vim), CVE-2025-50067 (Oracle Application Express), CVE-2025-30751 (Oracle Database), CVE-2025-6230, CVE-2025-6231, CVE-2025-6232 (Lenovo Vantage), CVE-2024-13972, CVE-2025-7433, CVE-2025-7472 (Sophos Intercept X for Windows), CVE-2025-27212 (Ubiquiti UniFi Access), CVE-2025-4657 (Lenovo Protection Driver), CVE-2025-2500 (Hitachi Energy Asset Suite), CVE-2025-6023, CVE-2025-6197 (Grafana), CVE-2025-40776, CVE-2025-40777 (BIND 9), CVE-2025-33043, CVE-2025-2884, CVE-2025-3052 (Gigabyte), and CVE-2025-31019 (Password Policy Manager plugin). 📰 Around the Cyber World 🎥 Cybersecurity Webinars 🔧 Cybersecurity Tools Disclaimer: These newly released tools are for educational use only and haven't been fully audited. Use at your own risk—review the code, test safely, and apply proper safeguards. 🔒 Tip of the Week Map Known Vulnerabilities Automatically Across Your Stack — Attackers often use Windows Scheduled Tasks to stay hidden on systems. Some go a step further by removing key registry values like SD (Security Descriptor) or Index, making their tasks invisible to common tools like Task Scheduler, schtasks, or even Autoruns. These hidden tasks still run in the background and can be used for persistence or malware delivery. To check for visible tasks, tools like Autoruns (by Sysinternals) and TaskSchedulerView (by NirSoft) are great starting points. They show active tasks and let you spot unusual ones. But hidden tasks require deeper digging. You can use PowerShell to scan the registry path HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree and look for tasks with missing SD values. For more advanced checks, use Sysmon to track changes in the TaskCache registry and ProcMon to monitor registry activity in real time. Look for suspicious task names, missing values, or tasks with an Index of 0. Also, set alerts for Event ID 4698, which logs new scheduled task creation. In short: use both visual tools and registry checks to uncover hidden scheduled tasks. Regular scans, baseline comparisons, and basic alerting can help catch threats early—before they do damage. Conclusion What's becoming clearer each week is that attacker sophistication isn't the exception—it's the baseline. AI-driven reconnaissance, credential abuse, and signal mimicry are no longer advanced—they're routine. And as coordination gaps persist across security teams, the boundary between low-level noise and high-impact intrusions continues to blur. The result isn't just a faster compromise—it's a deeper erosion of trust. If trust was once a strength, it's now a surface that attackers exploit.