17 Jul, 2026

Progress confirms ShareFile zero-day flaw behind Storage Zone shutdown

Progress Software has confirmed that a high-severity zero-day vulnerability is behind the emergency shutdown of ShareFile Storage Zone Controllers last week and has released security updates to patch the flaw. Last week, Progress urged customers using ShareFile Storage Zone Controllers to immediately shut down their Windows servers after receiving a warning of a “credible external security threat.” At the […]

2 mins read

LastPass, Bitwarden users targeted with fake security alerts

LastPass is warning users about an ongoing phishing campaign that is using fake security notices to direct them to fraudulent websites. The phishing emails are crafted to resemble legitimate corporate communications, notifying recipients of updated security policies and directing them to a landing page that impersonates DocuSign and claiming to provide a document for review. […]

2 mins read

Microsoft Entra ID gets passkeys default authentication starting September

Microsoft has announced that passkeys will become the default authentication method for the Entra ID enterprise identity service starting September 2026. Passkeys will be enabled automatically for Entra ID users now using phone-based SMS and voice authentication, which will be retired in February 2027 across all tenants. However, users who are already signing into their […]

2 mins read

New phishing kits target Microsoft 365 accounts, evade MFA

Two new phishing kits, Jalisco and OmegaLord, have been discovered in attacks targeting Microsoft 365 accounts, using techniques that defeat multi-factor authentication (MFA). While Jalisco uses the device-code phishing method, OmegaLord masquerades as a PDF reader to collect account login credentials and associated phone numbers, which could help the attacker intercept or hijack MFA requests […]

3 mins read

SAP warns of critical flaws in NetWeaver and Commerce Cloud

SAP has addressed 16 vulnerabilities across multiple products as part of its July 2026 security updates, including three critical flaws in NetWeaver, Commerce Cloud, and AppRouter. The first critical issue patched this month is a memory corruption security issue (tracked as CVE-2026-44747) stemming from an out-of-bounds write weakness in the NetWeaver Application Server ABAP (AS ABAP), […]

2 mins read

Microsoft starts testing cleaner Windows Search without ads

Microsoft is now testing a cleaner and faster version of Windows Search that should prioritize relevant results over ads and promotional content. These changes are part of a broader effort to improve Windows search, announced by Windows president Pavan Davuluri in March and aimed at delivering a more consistent experience across the Start menu, taskbar, File Explorer, […]

3 mins read

US sanctions VPN, malware providers for enabling ransomware attacks

The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) sanctioned two individuals and one entity for enabling ransomware attacks against U.S. organizations. On Monday, OFAC designated First VPN Service (1VPNS), a virtual private network provider that sold services to ransomware groups, and its administrator, Dmytro Rashevskyi. Since it surfaced in 2014, 1VPNS has advertised on […]

3 mins read

Japan’s largest taxi operator shuts systems after cyberattack

Japan’s largest taxi operator, Nihon Kotsu, announced that its systems were compromised in a cyberattack, forcing the company to shut down part of its infrastructure. The incident occurred over the weekend, early Saturday morning, and impacted operations, including the company’s taxi dispatch system, which remains offline as of today. Nihon Kotsu is Japan’s largest taxi […]

2 mins read

Hackers backdoor Jscrambler npm package with infostealer malware

The Jscrambler client-side web security company disclosed that a threat actor published a malicious version of its npm package that has been downloaded almost 1,500 times. The malicious Jscrambler package spanned releases 8.14, 8.16, 8.17, and 8.20 and included information-stealing malware that executed during the ‘preinstall’ hook. “Today, we identified the unauthorized publication of a […]

2 mins read

New CrashStealer malware poses as Apple crash reporting tool

A new macOS information-stealing malware called CrashStealer pretends to be Apple’s crash-reporting tool to steal credentials, keychain data, and crypto wallets. Malware researchers started tracking the malware in May, when it appeared to still be in development, but observed it being used in attacks in early July. CrashStealer has a typical infostealer capability set that […]

3 mins read