Toggle light / dark theme

Ransomware gangs join attacks targeting Microsoft SharePoint servers

Ransomware gangs have recently joined ongoing attacks targeting a Microsoft SharePoint vulnerability chain, part of a broader exploitation campaign that has already led to the breach of at least 148 organizations worldwide.

Security researchers at Palo Alto Networks’ Unit 42 have discovered a 4L4MD4R ransomware variant, based on open-source Mauri870 code, while analyzing incidents involving this SharePoint exploit chain (dubbed “ToolShell”).

The ransomware was detected on July 27 after discovering a malware loader that downloads and executes the ransomware from theinnovationfactory[.]it (145.239.97[.]206).

Attackers exploit link-wrapping services to steal Microsoft 365 logins

A threat actor has been abusing link wrapping services from reputed technology companies to mask malicious links leading to Microsoft 365 phishing pages that collect login credentials.

The attacker exploited the URL security feature from cybersecurity company Proofpoint and cloud communications firm Intermedia in campaigns from June through July.

Some email security services include a link wrapping feature that rewrites the URLs in the message to a trusted domain and passes them through a scanning server designed to block malicious destinations.

Mozilla warns of phishing attacks targeting add-on developers

Mozilla has warned browser extension developers of an active phishing campaign targeting accounts on its official AMO (addons.mozilla.org) repository.

Mozilla’s add-on platform hosts over 60,000 browser extensions and more than 500,000 themes used by tens of millions of users worldwide.

According to Mozilla’s advisory, these phishing emails are impersonating the AMO team and claim that the targeted developer accounts require updates to maintain access to development features.

My advice to security leaders is that cybersecurity is a team sport and everyone needs to be involved

🎥Podcast Teaser: AI in the Wild Wild West: S4:E44🎙️ LIVE with Chuck Brooks Chuck Brooks.

From Presidential appointee to global cyber thought leader, Chuck Brooks shares insights on AI, quantum, and servant leadership. A blueprint for resilient leaders.

🎥 Watch the full episode of the Leadership & Success Podcast with Coach BZ and read the podcast highlights:

https://www.linkedin.com/posts/bobfabienzinga_cybersecurity-…ce=share&u


Chuck Brooks Cybersecurity is national security. In my latest Leadership & Success Podcast with Coach BZ Podcast (S4:E44), I sat down with Chuck Brooks — Thinkers360 Cybersecurity Ambassador, Georgetown University faculty, and one of LinkedIn’s Top 5 Tech People to Follow. We explored his remarkable journey from Presidential appointee to global cyber thought leader, highlighting the leadership principles that fueled his success.

Chuck shared powerful insights on the rise of ransomware, the looming threat of quantum computing, and how AI and agentic systems are transforming the cyber battlefield. He emphasized humility, continuous learning, and servant leadership — values equally vital in military command posts and Silicon Valley boardrooms. His call to action for leaders?

Experts Detect Multi-Layer Redirect Tactic Used to Steal Microsoft 365 Login Credentials

A third variation of these attacks impersonates Teams in emails, claiming that they have unread messages and that they can click on the “Reply in Teams” button embedded in the messages to redirect them to credential harvesting pages.

“By cloaking malicious destinations with legitimate urldefense[.]proofpoint[.]com and url[.]emailprotection URLs, these phishing campaigns’ abuse of trusted link wrapping services significantly increases the likelihood of a successful attack,” Cloudflare said.

When contacted by The Hacker News for comment, Proofpoint said it’s aware of threat actors abusing URL redirects and URL protection in ongoing phishing campaigns, and that it’s a technique the company has observed from multiple security service providers who provide similar email protection or URL rewrite solutions, such as Cisco and Sophos.

Hackers target Python devs in phishing attacks using fake PyPI site

The Python Software Foundation warned users this week that threat actors are trying to steal their credentials in phishing attacks using a fake Python Package Index (PyPI) website.

PyPI is a repository for Python packages, accessible at pypi.org, that offers a centralized platform for developers to distribute and install third-party software libraries. It hosts hundreds of thousands of packages and is the default source for Python’s package management tools.

“PyPI has not been hacked, but users are being targeted by a phishing attack that attempts to trick them into logging in to a fake PyPI site. Over the past few days, users who have published projects on PyPI with their email in package metadata may have received an email titled ‘[PyPI] Email verification’ from the email address [email protected],” the PyPI admin Mike Fiedler cautioned.

Microsoft to disable Excel workbook links to blocked file types

Microsoft has announced that it will start disabling external workbook links to blocked file types by default between October 2025 and July 2026.

After the rollout, Excel workbooks referencing blocked file types will display a #BLOCKED error or fail to refresh, eliminating security risks associated with accessing unsupported or high-risk file types, including, but not limited to, phishing attacks that utilize workbooks to redirect targets to malicious payloads.

This change is being introduced as a new FileBlockExternalLinks group policy, which expands File Block Settings to include external workbook links.

/* */