A massive campaign to exploit a series of vulnerabilities in Microsoft SharePoint continues to gather pace, now involving ransomware groups. While analyzing the series of attacks, Palo Alto Networks (Unit 42) discovered the introduction of the 4L4MD4R ransomware, a variant based on the open source code of Mauri870. Its activity is directly related to a series of exploits called ToolShell. The first infection was detected on July 27, when a loader malware was detected that received and launched 4L4MD4R from the server theinnovationfactory[.]it at IP address 145.239.97[.]206. The reason for the detection was an unsuccessful exploit attempt involving PowerShell commands aimed at

Critical vulnerabilities have been discovered in NVIDIA’s Triton Inference Server, threatening the security of AI infrastructure on Windows and Linux. The open-source solution is designed for large-scale deployment and maintenance of machine learning models, and now, it appears, its Python backend can be used to take complete control of the server without authorization. Triton Inference Server is open-source inference software that simplifies AI inference. Triton Inference Server enables teams to deploy any AI model from a variety of deep learning and machine learning frameworks, including TensorRT, TensorFlow, PyTorch, ONNX, OpenVINO, Python, RAPIDS FIL, and others. Triton supports inference across the cloud, data

GPT-5 hasn’t even appeared yet, and internet users have started creating all kinds of memes to complain. Indeed, the rumors about GPT-5 haven’t stopped in recent days. First, some internet users found traces of the GPT-5-Auto and GPT-5-Reasoning templates in macOS’s ChatGPT application. Then they revealed that Microsoft Copilot and Cursor were also secretly linked to test GPT-5. On August 1, The Information published a lengthy article titled “Inside OpenAI’s Rocky Path to GPT-5”, revealing further classified information about GPT-5. GPT-5 has improved, but the performance leap isn’t as big as before. Last December, OpenAI presented the results of its Test-Time Scaling

The authors of the PoisonSeedphishing campaign have found a way to bypass FIDO (in this case, FIDO2 with WebAuthn) using the cross-device authentication mechanism implemented in WebAuthn. The attackers convince victims to approve login requests from fake corporate portals. Please note that the PoisonSeed campaign is based on phishing, the ultimate goal of which is financial fraud. In the past, attackers have hacked corporate accounts for email marketing purposes and sent users letters containing pre-set seed phrases for cryptocurrency wallets. In the new attacks identified by Expel experts, attackers are not exploiting a vulnerability in FIDO mechanisms, but are abusing a legitimate

Apple is developing its own AI engine for answering questions, similar to ChatGPT, according to Bloomberg. The project is managed by a new internal team called Answers, Knowledge and Information (AKI), led by Robbie Walker, who reports directly to the head of artificial intelligence, John Gianandrea. Apple job listings list AKI as developing technologies for products such as Siri, Spotlight, Safari, Messages, and Lookup. The company is seeking specialists in algorithm development and search engines, and the team’s work is described as creating “intuitive information services” for Apple’s iconic products. AKI is working on an “answer engine,” a simplified version of ChatGPT

Specialists at Solar 4RAYS of Solar Group have discovered a new hacker group, Proxy Trickster, dedicated to cryptocurrency mining and proxyjacking (interception of server control for conversion and sale). Over the course of a year, attackers targeted nearly 900 servers in 58 countries. In March 2025, specialists investigated a cybersecurity incident at an IT company and discovered the activity of a previously unknown group called Proxy Trickster. Hackers earn their main income from cryptocurrency mining and proxyjacking, which involves taking control of legitimate servers by exploiting known vulnerabilities, converting them into proxy servers, and then selling them on the darknet to other

Specialists at the Genians Security Center have discovered an improved version of the RoKRAT malware, associated with the North Korean APT37 group. The new version is distinguished by an unusual way of hiding the malicious code: within the body of ordinary JPEG images. This approach allows it to bypass traditional antivirus systems, since the malicious functionality is not written directly to disk, but is extracted into RAM. The initial infection begins with the launch of a malicious .LNK link contained in a ZIP archive. An example is an archive called “National Intelligence and Counterintelligence Manuscript.zip”. Its structure includes a large (over 50

Through BitLocker’s Component Object Model (COM) feature, attackers can deploy an innovative pivoting technique to execute malicious code on targeted systems. This approach, demonstrated via a test tool called BitLockMove, marks a significant advancement in lateral movement strategies, successfully evading standard detection methods by using authentic Windows elements. Typically enabled on workstations and laptops to prevent unauthorized access in the event of device theft or loss, BitLocker’s comprehensive protection has made it a tempting target for attackers seeking to abuse its underlying infrastructure. During his presentation, researcher Fabian Mosch explained that adding each application or feature to Windows results in a substantial

Mozilla has warned Firefox extension developers of a new phishing campaign aimed at compromising their accounts on the official AMO platform (addons.mozilla.org). This ecosystem includes over 60,000 add-ons and more than half a million themes, used daily by tens of millions of people worldwide. According to the published warning, attackers are sending emails on behalf of the AMO team, claiming that the developer account needs to be updated urgently to maintain access to the tools. In reality, these emails lead to fake sites designed to steal logins and passwords. The message typically contains a variation of the phrase “Your Mozilla add-ons account

Unfortunately, times are changing: what was once a temple of collaboration and cooperation is gradually transforming into an ecosystem increasingly oriented towards monetization. Another project, specifically KubeSphere, has suddenly stopped distributing its open source version, provoking a strong reaction from users. The team announced the immediate cessation of access to distributions and free technical support. However, the source code will remain available. The developers explained the decision as a desire to focus on “more professional, stable, and commercially mature” products. KubeSphere is described as a “distributed operating system for managing cloud applications” based on Kubernetes and certified by the CNCF. The project