Latest Warnings – PossibleThreat Articles

Microsoft Fix Targets Attacks on SharePoint Zero-Day

July 25, 2025 0 Comments cisa, cve-2025-49704, cve-2025-49706, cve-2025-53770, cve-2025-53771, cybersecurity & infrastructure security agency, eye security, Latest Warnings, microsoft corp., rapid7, sharepoint server, The Coming Storm, Time to Patch

Credit to Author: BrianKrebs| Date: Mon, 21 Jul 2025 14:45:46 +0000

On Sunday, July 20, Microsoft Corp. issued an emergency security update for a vulnerability in SharePoint Server that is actively being exploited to compromise vulnerable organizations. The patch comes amid reports that malicious hackers have used the Sharepoint flaw to breach U.S. federal and state agencies, universities, and energy companies.

Independent Krebs

Microsoft Patch Tuesday, July 2025 Edition

July 25, 2025 0 Comments action1, adam barnett, Adobe, ben hopkins, cve-2025-47178, cve-2025-47981, cve-2025-49695, cve-2025-49696, cve-2025-49697, cve-2025-49702, cve-2025-49719, cve-2025-49740, Latest Warnings, microsoft configuration manager, microsoft defender smartscreen, microsoft patch tuesday july 2025 edition, mike walters, office, rapid7, security tools, sql server 2012, sql server 2016, Time to Patch

Credit to Author: BrianKrebs| Date: Wed, 09 Jul 2025 00:53:33 +0000

Microsoft today released updates to fix at least 137 security vulnerabilities in its Windows operating systems and supported software. None of the weaknesses addressed this month are known to be actively exploited, but 14 of the flaws earned Microsoft’s most-dire “critical” rating, meaning they could be exploited to seize control over vulnerable Windows PCs with little or no help from users.

Independent Krebs

Big Tech’s Mixed Response to U.S. Treasury Sanctions

July 25, 2025 0 Comments @nicelizhi, A Little Sunshine, facebook, funnull technology inc., github, gmail, hotmail, Latest Warnings, LinkedIn, liu "steve" lizhi, mark rasch, Ne'er-Do-Well News, nexamerchant, nice lizhi, Paypal, twitter, unit 221b, Web Fraud 2.0, xxl4, youtube, zach edwards

Credit to Author: BrianKrebs| Date: Thu, 03 Jul 2025 16:06:05 +0000

In May 2025, the U.S. government sanctioned a Chinese national for operating a cloud provider linked to the majority of virtual currency investment scam websites reported to the FBI. But more than a month later, the accused continues to openly operate accounts at a slew of American tech companies, including Facebook, Github, LinkedIn, PayPal and Twitter/X.

Independent Krebs

Senator Chides FBI for Weak Advice on Mobile Security

July 25, 2025 0 Comments A Little Sunshine, Apple, bill marczak, citizen lab, cve-2025-43200, emerita melissa hortman, federal bureau of investigation, Google, international computer science institute, john hoffman, kash patel, Latest Warnings, lockdown mode, lorenzo francheschi-bicchierai, nicholas weaver, security tools, sen. ron wyden, susie wiles, The Coming Storm, the wall street journal, Time to Patch

Credit to Author: BrianKrebs| Date: Mon, 30 Jun 2025 17:33:59 +0000

Agents with the Federal Bureau of Investigation (FBI) briefed Capitol Hill staff recently on hardening the security of their mobile devices, after a contacts list stolen from the personal phone of the White House Chief of Staff Susie Wiles was reportedly used to fuel a series of text messages and phone calls impersonating her to U.S. lawmakers. But in a letter this week to the FBI, one of the Senate’s most tech-savvy lawmakers says the feds aren’t doing enough to recommend more appropriate security protections that are already built into most consumer mobile devices.

Independent Krebs Security

Trump 2.0 Brings Cuts to Cyber, Consumer Protections

February 28, 2025 0 Comments A Little Sunshine, bruce schneier, bybit, christopher stanley, Coinbase, conservative political action conference, consumer financial protection bureau, cybersecurity and infrastructure security agency, davi ottenheimer, department of government efficiency, department of homeland security, Department of Justice, edward coristine, gavin kliger, global investigative journalism network, hunter labs, internal revenue service, jacob silverman, jacob williams, katie arrington, kleptocapture task force, kleptocracy asset recovery initiative, Latest Warnings, leland dudek, lizardstresser, michelle king, natalya martynova, national institute of standards and technology, national treasury employees union, office of management and budget, office of personnel management, organized crime and corruption reporting project, president donald trump, project 2025, rep. andy ogles, russia's war on ukraine, sean cairncross, social security administration, starlink, The Coming Storm, treasury department, u.s. agency for international development, u.s. foreign corrupt practices act, U.S. Securities and Exchange Commission, valery martynov, vladimir putin, volodymyr zelensky

Credit to Author: BrianKrebs| Date: Sun, 23 Feb 2025 23:02:14 +0000

One month into his second term, President Trump’s actions to shrink the government through mass layoffs, firings and withholding funds allocated by Congress have thrown federal cybersecurity and consumer protection programs into disarray. At the same time, agencies are battling an ongoing effort by the world’s richest man to wrest control over their networks and data.

Independent Krebs Security

Experts Flag Security, Privacy Risks in DeepSeek AI App

February 6, 2025 0 Comments A Little Sunshine, andrew hoog, app transport security, Apple, Artificial intelligence, bytedance, china, deepseek, deepseek ai, iOS, Latest Warnings, nowsecure, The Coming Storm, volcengine

Credit to Author: BrianKrebs| Date: Thu, 06 Feb 2025 21:12:30 +0000

New mobile apps from the Chinese artificial intelligence (AI) company DeepSeek have remained among the top three “free” downloads for Apple and Google devices since their debut on Jan. 25, 2025. But experts caution that many of DeepSeek’s design choices — such as using hard-coded encryption keys, and sending unencrypted user and device data to Chinese companies — introduce a number of glaring security and privacy risks.

Independent Krebs Security

Chinese Innovations Spawn Wave of Toll Phishing Via SMS

January 16, 2025 0 Comments @chenlun, A Little Sunshine, csis security group, ezdrivema, FBI, ford merrill, IC3, imessage, Latest Warnings, lighthouse, massdot, north texas toll authority, rcs, secalliance, smishing, sms phishing, sunpass, the toll roads, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Thu, 16 Jan 2025 21:18:48 +0000

Residents across the United States are being inundated with text messages purporting to come from toll road operators like E-ZPass, warning that recipients face fines if a delinquent toll fee remains unpaid. Researchers say the surge in SMS spam coincides with new features added to a popular commercial phishing kit sold in China that makes it simple to set up convincing lures spoofing toll road operators in multiple U.S. states.

Independent Krebs Security

Microsoft: Happy 2025. Here’s 161 Security Updates

January 14, 2025 0 Comments adam barnett, bitlocker, bob hopkins, cve-2024-49142, cve-2025-21186, cve-2025-21210, cve-2025-21298, cve-2025-21311, cve-2025-21333, cve-2025-21334, cve-2025-21335, cve-2025-21366, cve-2025-21395, kev breen, Latest Warnings, microsoft access, microsoft patch tuesday january 2025, rapid7, satnam narang, The Coming Storm, Time to Patch, unpatched.ai, windows 11, windows hyper-v, windows ntlmv1

Credit to Author: BrianKrebs| Date: Tue, 14 Jan 2025 22:50:00 +0000

Microsoft today unleashed updates to plug a whopping 161 security vulnerabilities in Windows and related software, including three “zero-day” weaknesses that are already under active attack. Redmond’s inaugural Patch Tuesday of 2025 bundles more fixes than the company has shipped in one go since 2017.

Independent Krebs Security

A Day in the Life of a Prolific Voice Phishing Crew

January 7, 2025 0 Comments 800-275-2273, A Little Sunshine, allison nixon, aristotle, autodoxers, Coinbase, crypto chameleon, discord, domaintools, Latest Warnings, lookout, mark cuban, okta, perm, shark tank, star fraud, stotle, telegram, The Coming Storm, trezor, unit 221b, voice phishing, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Tue, 07 Jan 2025 23:41:53 +0000

Besieged by scammers seeking to phish user accounts over the telephone, Apple and Google frequently caution that they will never reach out unbidden to users this way. However, new details about the internal operations of a prolific voice phishing gang show the group routinely abuses legitimate services at Apple and Google to force a variety of outbound communications to their users, including emails, automated phone calls and system-level messages sent to all signed-in devices.

Independent Krebs Security

How to Lose a Fortune with Just One Bad Click

December 18, 2024 0 Comments (650) 203-0000, A Little Sunshine, Coinbase, daniel from google, gemini ai, Google Assistant, google docs, google forms, google photos, graham cluely, junseth, Latest Warnings, minecraft, Ne'er-Do-Well News, swancoin, trezor, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Wed, 18 Dec 2024 13:17:59 +0000

Adam Griffin is still in disbelief over how quickly he was robbed of nearly $500,000 in cryptocurrencies. A scammer called using a real Google phone number to warn his Gmail account was being hacked, sent email security alerts directly from google.com, and ultimately seized control over the account by convincing him to click “yes” to a Google prompt on his mobile device.

← Previous