Latest news as of 2/17/2026, 5:55:39 PM
Bleeping Computer
Hewlett-Packard Enterprise (HPE) is warning of hardcoded credentials in Aruba Instant On Access Points that allow attackers to bypass normal device authentication and access the web interface. [...]
Bleeping Computer
A critical zero-day vulnerability in Microsoft SharePoint, tracked as CVE-2025-53770, has been actively exploited since at least July 18th, with no patch available and at least 85 servers already compromised worldwide. [...]
The Register
Fancy Bear can't keep its claws out of Outlook inboxes The UK government is warning that Russia's APT28 (also known as Fancy Bear or Forest Blizzard) has been deploying previously unknown malware to harvest Microsoft email credentials and steal access to compromised accounts.…
The Hacker News
Cybersecurity researchers have alerted to a supply chain attack that has targeted popular npm packages via a phishing campaign designed to steal the project maintainers' npm tokens. The captured tokens were then used to publish malicious versions of the packages directly to the registry without any source code commits or pull requests on their respective GitHub repositories. The list of affected
The Hacker News
A critical security vulnerability in Microsoft SharePoint Server has been weaponized as part of an "active, large-scale" exploitation campaign. The zero-day flaw, tracked as CVE-2025-53770 (CVSS score: 9.8), has been described as a variant of CVE-2025-49706 (CVSS score: 6.3), a spoofing bug in Microsoft SharePoint Server that was addressed by the tech giant as part of its July 2025 Patch Tuesday
The Hacker News
A newly disclosed critical security flaw in CrushFTP has come under active exploitation in the wild. Assigned the CVE identifier CVE-2025-54309, the vulnerability carries a CVSS score of 9.0. "CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS," according to
Bleeping Computer
A PoisonSeed phishing campaign is bypassing FIDO2 security key protections by abusing the cross-device sign-in feature in WebAuthn to trick users into approving login authentication requests from fake company portals. [...]
Bleeping Computer
Popular JavaScript libraries eslint-config-prettier and eslint-plugin-prettier were hijacked this week and turned into malware droppers, in a supply chain attack achieved via targeted phishing and credential theft. [...]
Bleeping Computer
GPT-5 might be just a few days or weeks away, as we've spotted references to a new model called gpt-5-reasoning-alpha-2025-07-13. [...]
The Register
Keep It Simple, Stupid Scattered Spider and Iranian government-backed cyber units have more in common than a recent uptick in hacking activity, according to Ariel Parnes, a former colonel in the Israeli Defense Forces' cyber unit 8200.… Interview