Security News

New ClickFix attack deploys Havoc C2 via Microsoft Sharepoint
2025-03-03 17:33

A newly uncovered ClickFix phishing campaign is tricking victims into executing malicious PowerShell commands that deploy the Havok post-exploitation framework for remote access to compromised...

Hackers Use ClickFix Trick to Deploy PowerShell-Based Havoc C2 via SharePoint Sites
2025-03-03 14:00

Cybersecurity researchers are calling attention to a new phishing campaign that employs the ClickFix technique to deliver an open-source command-and-control (C2) framework called Havoc. "The...

Darktrace: 96% of Phishing Attacks in 2024 Exploited Trusted Domains Including SharePoint & Zoom Docs
2025-02-19 14:00

The cyber security firm reported in its latest annual report that their researchers found more than 30.4 million phishing emails last year.

Microsoft SharePoint Connector Flaw Could've Enabled Credential Theft Across Power Platform
2025-02-04 04:29

Cybersecurity researchers have disclosed details of a now-patched vulnerability impacting the Microsoft SharePoint connector on Power Platform that, if successfully exploited, could allow threat...

Microsoft 365 outage impacts Exchange Online, Teams, Sharepoint
2024-11-25 15:55

Microsoft is working on fixing an ongoing and widespread Microsoft 365 outage that is impacting multiple services and features, including Exchange Online, Microsoft Teams, and SharePoint Online. [...]

Microsoft SharePoint RCE bug exploited to breach corporate network
2024-11-02 15:19

A recently disclosed Microsoft SharePoint remote code execution (RCE) vulnerability tracked as CVE-2024-38094 is being exploited to gain initial access to corporate networks. [...]

Exploited: Cisco, SharePoint, Chrome vulnerabilities
2024-10-25 10:25

Threat actors have been leveraging zero and n-day vulnerabilities in Cisco security appliances (CVE-2024-20481), Microsoft Sharepoint (CVE-2024-38094), and Google’s Chrome browser (CVE-2024-4947)....

Microsoft SharePoint RCE flaw exploits in the wild – you've had 3 months to patch
2024-10-23 19:30

Plus, a POC to make it extra easy for attackers A Microsoft SharePoint bug that can allow an attacker to remotely inject code into vulnerable versions is under active exploitation, according to...

CISA Warns of Active Exploitation of Microsoft SharePoint Vulnerability (CVE-2024-38094)
2024-10-23 12:54

A high-severity flaw impacting Microsoft SharePoint has been added to the Known Exploited Vulnerabilities (KEV) catalog by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) on...

New covert SharePoint data exfiltration techniques revealed
2024-04-10 15:01

Varonis Threat Labs researchers have uncovered two techniques attackers can use can use for covert data and file exfiltration from companies' SharePoint server. "These techniques can bypass the detection and enforcement policies of traditional tools, such as cloud access security brokers, data loss prevention, and SIEMs, by hiding downloads as less suspicious access and sync events," they noted.