Month: August 2025

Unmasking the SVG Threat: How Hackers Use Vector Graphics for Phishing Attacks

by

Introduction In the ever-evolving cybersecurity landscape, attackers constantly seek new ways to bypass traditional defences. One of the latest and most insidious methods involves using Scalable Vector Graphics (SVG)—a file format typically associated with clean, scalable images for websites and applications. But beneath their seemingly harmless appearance, SVGs can harbour threatening scripts capable of executing […]

The post Unmasking the SVG Threat: How Hackers Use Vector Graphics for Phishing Attacks appeared first on Blogs on Information Technology, Network & Cybersecurity | Seqrite.

The best budget robot vacuums

by
Today’s robot vacuums are becoming a bit like cars: with all the features, upgrades, and fancy trimmings available these days, it’s easy to forget that they can just be simple machines that get us from point A to point B. Yes, some bots blow hot air on their bums (mop pads), deftly navigate dog poop, […]

Microsoft Releases Guidance on High-Severity Vulnerability (CVE-2025-53786) in Hybrid Exchange Deployments

by

Note: This Alert may be updated to reflect new guidance issued by CISA or other parties. 

CISA is aware of the newly disclosed high-severity vulnerability, CVE-2025-53786, that allows a cyber threat actor with administrative access to an on-premise Microsoft Exchange server to escalate privileges by exploiting vulnerable hybrid-joined configurations. This vulnerability, if not addressed, could impact the identity integrity of an organization’s Exchange Online service. 

While Microsoft has stated there is no observed exploitation as of the time of this alert’s publication, CISA strongly urges organizations to implement Microsoft’s Exchange Server Hybrid Deployment Elevation of Privilege Vulnerability guidance outlined below, or risk leaving the organization vulnerable to a hybrid cloud and on-premises total domain compromise.  

  1. If using Exchange hybrid, review Microsoft’s guidance Exchange Server Security Changes for Hybrid Deployments to determine if your Microsoft hybrid deployments are potentially affected and available for a Cumulative Update (CU). 
  1. Install Microsoft’s April 2025 Exchange Server Hotfix Updates on the on-premise Exchange server and follow Microsoft’s configuration instructions Deploy dedicated Exchange hybrid app.  
  1. For organizations using Exchange hybrid (or have previously configured Exchange hybrid but no longer use it), review Microsoft’s Service Principal Clean-Up Mode for guidance on resetting the service principal’s keyCredentials.  
  1. Upon completion, run the Microsoft Exchange Health Checker to determine if further steps are required.  

CISA highly recommends entities disconnect public-facing versions of Exchange Server or SharePoint Server that have reached their end-of-life (EOL) or end-of-service from the internet. For example, SharePoint Server 2013 and earlier versions are EOL and should be discontinued if still in use.   

Organizations should review Microsoft’s blog Dedicated Hybrid App: temporary enforcements for additional guidance as it becomes available. 

Disclaimer:   

The information in this report is being provided “as is” for informational purposes only. CISA does not endorse any commercial entity, product, company, or service, including any entities, products, or services linked within this document. Any reference to specific commercial entities, products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply endorsement, recommendation, or favoring by CISA.  

The best earbuds we’ve tested for 2025

by
It’s hard to buy a bad pair of wireless earbuds these days, and with constant discounts and deals wherever you look, now is as good a time as any to splurge on the pair you’ve been eyeing. The market has come a long way since the early era of true wireless earbuds when we had […]

Sonos confirms tariffs will increase its prices this year

by
Tom Conrad took over as CEO of Sonos in January as it continues to recover from last year’s disastrous mobile app update, and now the company has issued its first quarterly earnings report after he dropped the interim tag from his title. Beyond the numbers, with $344.8 million in revenue and a net loss of […]

Researchers Uncover ECScape Flaw in Amazon ECS Enabling Cross-Task Credential Theft

by
Cybersecurity researchers have demonstrated an “end-to-end privilege escalation chain” in Amazon Elastic Container Service (ECS) that could be exploited by an attacker to conduct lateral movement, access sensitive data, and seize control of the cloud environment.
The attack technique has been codenamed ECScape by Sweet Security researcher Naor Haziz, who presented the findings today at the